@aws-mdaa/dataops-dms 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +15 -8
  2. package/SCHEMA.md +9219 -1456
  3. package/lib/config-schema.json +2826 -303
  4. package/lib/dms-config.d.ts +5 -6
  5. package/lib/dms-config.js +1 -1
  6. package/package.json +20 -21
package/lib/config-schema.json CHANGED
@@ -2,6 +2,208 @@
2
2
  "$schema": "http://json-schema.org/draft-07/schema#",
3
3
  "additionalProperties": false,
4
4
  "definitions": {
5
+ "AdditionalBlueprintAccount": {
6
+ "additionalProperties": false,
7
+ "properties": {
8
+ "account": {
9
+ "type": "string"
10
+ },
11
+ "authorizedDomainUnits": {
12
+ "items": {
13
+ "type": "string"
14
+ },
15
+ "type": "array"
16
+ },
17
+ "enabledRegions": {
18
+ "items": {
19
+ "type": "string"
20
+ },
21
+ "type": "array"
22
+ },
23
+ "parameters": {
24
+ "additionalProperties": {
25
+ "$ref": "#/definitions/MdaaSageMakerBluePrintParameterConfig"
26
+ },
27
+ "type": "object"
28
+ },
29
+ "provisioningRole": {
30
+ "$ref": "#/definitions/MdaaRoleRef"
31
+ }
32
+ },
33
+ "required": [
34
+ "account",
35
+ "provisioningRole"
36
+ ],
37
+ "type": "object"
38
+ },
39
+ "Architecture": {
40
+ "additionalProperties": false,
41
+ "description": "Architectures supported by AWS Lambda",
42
+ "properties": {
43
+ "dockerPlatform": {
44
+ "description": "The platform to use for this architecture when building with Docker.",
45
+ "type": "string"
46
+ },
47
+ "name": {
48
+ "description": "The name of the architecture as recognized by the AWS Lambda service APIs.",
49
+ "type": "string"
50
+ }
51
+ },
52
+ "required": [
53
+ "dockerPlatform",
54
+ "name"
55
+ ],
56
+ "type": "object"
57
+ },
58
+ "CfnAutoScalingReplacingUpdate": {
59
+ "additionalProperties": false,
60
+ "description": "Specifies whether an Auto Scaling group and the instances it contains are replaced during an update. During replacement,\nAWS CloudFormation retains the old group until it finishes creating the new one. If the update fails, AWS CloudFormation\ncan roll back to the old Auto Scaling group and delete the new Auto Scaling group.\n\nWhile AWS CloudFormation creates the new group, it doesn't detach or attach any instances. After successfully creating\nthe new Auto Scaling group, AWS CloudFormation deletes the old Auto Scaling group during the cleanup process.\n\nWhen you set the WillReplace parameter, remember to specify a matching CreationPolicy. If the minimum number of\ninstances (specified by the MinSuccessfulInstancesPercent property) don't signal success within the Timeout period\n(specified in the CreationPolicy policy), the replacement update fails and AWS CloudFormation rolls back to the old\nAuto Scaling group.",
61
+ "properties": {
62
+ "willReplace": {
63
+ "type": "boolean"
64
+ }
65
+ },
66
+ "type": "object"
67
+ },
68
+ "CfnAutoScalingRollingUpdate": {
69
+ "additionalProperties": false,
70
+ "description": "To specify how AWS CloudFormation handles rolling updates for an Auto Scaling group, use the AutoScalingRollingUpdate\npolicy. Rolling updates enable you to specify whether AWS CloudFormation updates instances that are in an Auto Scaling\ngroup in batches or all at once.",
71
+ "properties": {
72
+ "maxBatchSize": {
73
+ "description": "Specifies the maximum number of instances that AWS CloudFormation updates.",
74
+ "type": "number"
75
+ },
76
+ "minActiveInstancesPercent": {
77
+ "description": "Specifies the percentage of instances in an Auto Scaling group that must remain in service while AWS CloudFormation\nupdates old instances. You can specify a value from 0 to 100. AWS CloudFormation rounds to the nearest tenth of a percent.\nFor example, if you update five instances with a minimum active percentage of 50, three instances must remain in service.",
78
+ "type": "number"
79
+ },
80
+ "minInstancesInService": {
81
+ "description": "Specifies the minimum number of instances that must be in service within the Auto Scaling group while AWS\nCloudFormation updates old instances.",
82
+ "type": "number"
83
+ },
84
+ "minSuccessfulInstancesPercent": {
85
+ "description": "Specifies the percentage of instances in an Auto Scaling rolling update that must signal success for an update to succeed.\nYou can specify a value from 0 to 100. AWS CloudFormation rounds to the nearest tenth of a percent. For example, if you\nupdate five instances with a minimum successful percentage of 50, three instances must signal success.\n\nIf an instance doesn't send a signal within the time specified in the PauseTime property, AWS CloudFormation assumes\nthat the instance wasn't updated.\n\nIf you specify this property, you must also enable the WaitOnResourceSignals and PauseTime properties.",
86
+ "type": "number"
87
+ },
88
+ "pauseTime": {
89
+ "description": "The amount of time that AWS CloudFormation pauses after making a change to a batch of instances to give those instances\ntime to start software applications. For example, you might need to specify PauseTime when scaling up the number of\ninstances in an Auto Scaling group.\n\nIf you enable the WaitOnResourceSignals property, PauseTime is the amount of time that AWS CloudFormation should wait\nfor the Auto Scaling group to receive the required number of valid signals from added or replaced instances. If the\nPauseTime is exceeded before the Auto Scaling group receives the required number of signals, the update fails. For best\nresults, specify a time period that gives your applications sufficient time to get started. If the update needs to be\nrolled back, a short PauseTime can cause the rollback to fail.\n\nSpecify PauseTime in the ISO8601 duration format (in the format PT#H#M#S, where each # is the number of hours, minutes,\nand seconds, respectively). The maximum PauseTime is one hour (PT1H).",
90
+ "type": "string"
91
+ },
92
+ "suspendProcesses": {
93
+ "description": "Specifies the Auto Scaling processes to suspend during a stack update. Suspending processes prevents Auto Scaling from\ninterfering with a stack update. For example, you can suspend alarming so that Auto Scaling doesn't execute scaling\npolicies associated with an alarm. For valid values, see the ScalingProcesses.member.N parameter for the SuspendProcesses\naction in the Auto Scaling API Reference.",
94
+ "items": {
95
+ "type": "string"
96
+ },
97
+ "type": "array"
98
+ },
99
+ "waitOnResourceSignals": {
100
+ "description": "Specifies whether the Auto Scaling group waits on signals from new instances during an update. Use this property to\nensure that instances have completed installing and configuring applications before the Auto Scaling group update proceeds.\nAWS CloudFormation suspends the update of an Auto Scaling group after new EC2 instances are launched into the group.\nAWS CloudFormation must receive a signal from each new instance within the specified PauseTime before continuing the update.\nTo signal the Auto Scaling group, use the cfn-signal helper script or SignalResource API.\n\nTo have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check\nverification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling\nrolling updates sample template.",
101
+ "type": "boolean"
102
+ }
103
+ },
104
+ "type": "object"
105
+ },
106
+ "CfnAutoScalingScheduledAction": {
107
+ "additionalProperties": false,
108
+ "description": "With scheduled actions, the group size properties of an Auto Scaling group can change at any time. When you update a\nstack with an Auto Scaling group and scheduled action, AWS CloudFormation always sets the group size property values of\nyour Auto Scaling group to the values that are defined in the AWS::AutoScaling::AutoScalingGroup resource of your template,\neven if a scheduled action is in effect.\n\nIf you do not want AWS CloudFormation to change any of the group size property values when you have a scheduled action in\neffect, use the AutoScalingScheduledAction update policy to prevent AWS CloudFormation from changing the MinSize, MaxSize,\nor DesiredCapacity properties unless you have modified these values in your template.\\",
109
+ "properties": {
110
+ "ignoreUnmodifiedGroupSizeProperties": {
111
+ "type": "boolean"
112
+ }
113
+ },
114
+ "type": "object"
115
+ },
116
+ "CfnCodeDeployLambdaAliasUpdate": {
117
+ "additionalProperties": false,
118
+ "description": "To perform an AWS CodeDeploy deployment when the version changes on an AWS::Lambda::Alias resource,\nuse the CodeDeployLambdaAliasUpdate update policy.",
119
+ "properties": {
120
+ "afterAllowTrafficHook": {
121
+ "description": "The name of the Lambda function to run after traffic routing completes.",
122
+ "type": "string"
123
+ },
124
+ "applicationName": {
125
+ "description": "The name of the AWS CodeDeploy application.",
126
+ "type": "string"
127
+ },
128
+ "beforeAllowTrafficHook": {
129
+ "description": "The name of the Lambda function to run before traffic routing starts.",
130
+ "type": "string"
131
+ },
132
+ "deploymentGroupName": {
133
+ "description": "The name of the AWS CodeDeploy deployment group. This is where the traffic-shifting policy is set.",
134
+ "type": "string"
135
+ }
136
+ },
137
+ "required": [
138
+ "applicationName",
139
+ "deploymentGroupName"
140
+ ],
141
+ "type": "object"
142
+ },
143
+ "CfnCondition": {
144
+ "additionalProperties": false,
145
+ "description": "Represents a CloudFormation condition, for resources which must be conditionally created and\nthe determination must be made at deploy time.",
146
+ "properties": {
147
+ "_logicalIdLocked": {
148
+ "description": "If the logicalId is locked then it can no longer be overridden.\nThis is needed for cases where the logicalId is consumed prior to synthesis\n(i.e. Stack.exportValue)."
149
+ },
150
+ "_logicalIdOverride": {
151
+ "description": "An explicit logical ID provided by `overrideLogicalId`."
152
+ },
153
+ "creationStack": {
154
+ "items": {
155
+ "type": "string"
156
+ },
157
+ "type": "array"
158
+ },
159
+ "expression": {
160
+ "$ref": "#/definitions/ICfnConditionExpression",
161
+ "description": "The condition statement."
162
+ },
163
+ "logicalId": {
164
+ "description": "The logical ID for this CloudFormation stack element. The logical ID of the element\nis calculated from the path of the resource node in the construct tree.\n\nTo override this value, use `overrideLogicalId(newLogicalId)`.",
165
+ "type": "string"
166
+ },
167
+ "node": {
168
+ "$ref": "#/definitions/Node",
169
+ "description": "The tree node."
170
+ },
171
+ "stack": {
172
+ "$ref": "#/definitions/Stack",
173
+ "description": "The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly)."
174
+ },
175
+ "synthesizeLogicalId": {
176
+ "description": "Called during synthesize to render the logical ID of this element. If\n`overrideLogicalId` was it will be used, otherwise, we will allocate the\nlogical ID through the stack."
177
+ }
178
+ },
179
+ "required": [
180
+ "creationStack",
181
+ "logicalId",
182
+ "node",
183
+ "stack",
184
+ "synthesizeLogicalId"
185
+ ],
186
+ "type": "object"
187
+ },
188
+ "CfnCreationPolicy": {
189
+ "additionalProperties": false,
190
+ "description": "Associate the CreationPolicy attribute with a resource to prevent its status from reaching create complete until\nAWS CloudFormation receives a specified number of success signals or the timeout period is exceeded. To signal a\nresource, you can use the cfn-signal helper script or SignalResource API. AWS CloudFormation publishes valid signals\nto the stack events so that you track the number of signals sent.\n\nThe creation policy is invoked only when AWS CloudFormation creates the associated resource. Currently, the only\nAWS CloudFormation resources that support creation policies are AWS::AutoScaling::AutoScalingGroup, AWS::EC2::Instance,\nAWS::CloudFormation::WaitCondition and AWS::AppStream::Fleet.\n\nUse the CreationPolicy attribute when you want to wait on resource configuration actions before stack creation proceeds.\nFor example, if you install and configure software applications on an EC2 instance, you might want those applications to\nbe running before proceeding. In such cases, you can add a CreationPolicy attribute to the instance, and then send a success\nsignal to the instance after the applications are installed and configured. For a detailed example, see Deploying Applications\non Amazon EC2 with AWS CloudFormation.",
191
+ "properties": {
192
+ "autoScalingCreationPolicy": {
193
+ "$ref": "#/definitions/CfnResourceAutoScalingCreationPolicy",
194
+ "description": "For an Auto Scaling group replacement update, specifies how many instances must signal success for the\nupdate to succeed."
195
+ },
196
+ "resourceSignal": {
197
+ "$ref": "#/definitions/CfnResourceSignal",
198
+ "description": "When AWS CloudFormation creates the associated resource, configures the number of required success signals and\nthe length of time that AWS CloudFormation waits for those signals."
199
+ },
200
+ "startFleet": {
201
+ "description": "For an AppStream Fleet creation, specifies that the fleet is started after creation.",
202
+ "type": "boolean"
203
+ }
204
+ },
205
+ "type": "object"
206
+ },
5
207
  "CfnParameterProps": {
6
208
  "additionalProperties": false,
7
209
  "properties": {
@@ -65,33 +267,221 @@
65
267
  },
66
268
  "type": "object"
67
269
  },
270
+ "CfnResource": {
271
+ "additionalProperties": false,
272
+ "description": "Represents a CloudFormation resource.",
273
+ "properties": {
274
+ "_cfnProperties": {
275
+ "description": "AWS CloudFormation resource properties.\n\nThis object is returned via cfnProperties"
276
+ },
277
+ "_logicalIdLocked": {
278
+ "description": "If the logicalId is locked then it can no longer be overridden.\nThis is needed for cases where the logicalId is consumed prior to synthesis\n(i.e. Stack.exportValue)."
279
+ },
280
+ "_logicalIdOverride": {
281
+ "description": "An explicit logical ID provided by `overrideLogicalId`."
282
+ },
283
+ "cfnOptions": {
284
+ "$ref": "#/definitions/ICfnResourceOptions",
285
+ "description": "Options for this resource, such as condition, update policy etc."
286
+ },
287
+ "cfnProperties": {
288
+ "additionalProperties": {},
289
+ "type": "object"
290
+ },
291
+ "cfnResourceType": {
292
+ "description": "AWS resource type.",
293
+ "type": "string"
294
+ },
295
+ "creationStack": {
296
+ "items": {
297
+ "type": "string"
298
+ },
299
+ "type": "array"
300
+ },
301
+ "dependsOn": {
302
+ "description": "Logical IDs of dependencies.\n\nIs filled during prepare()."
303
+ },
304
+ "logicalId": {
305
+ "description": "The logical ID for this CloudFormation stack element. The logical ID of the element\nis calculated from the path of the resource node in the construct tree.\n\nTo override this value, use `overrideLogicalId(newLogicalId)`.",
306
+ "type": "string"
307
+ },
308
+ "node": {
309
+ "$ref": "#/definitions/Node",
310
+ "description": "The tree node."
311
+ },
312
+ "rawOverrides": {
313
+ "description": "An object to be merged on top of the entire resource definition."
314
+ },
315
+ "ref": {
316
+ "description": "Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.\n\nIf, by any chance, the intrinsic reference of a resource is not a string, you could\ncoerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.",
317
+ "type": "string"
318
+ },
319
+ "stack": {
320
+ "$ref": "#/definitions/Stack",
321
+ "description": "The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly)."
322
+ },
323
+ "synthesizeLogicalId": {
324
+ "description": "Called during synthesize to render the logical ID of this element. If\n`overrideLogicalId` was it will be used, otherwise, we will allocate the\nlogical ID through the stack."
325
+ },
326
+ "updatedProperites": {
327
+ "additionalProperties": {},
328
+ "description": "Deprecated",
329
+ "type": "object"
330
+ },
331
+ "updatedProperties": {
332
+ "additionalProperties": {},
333
+ "description": "Return properties modified after initiation\n\nResources that expose mutable properties should override this function to\ncollect and return the properties object for this resource.",
334
+ "type": "object"
335
+ }
336
+ },
337
+ "required": [
338
+ "_cfnProperties",
339
+ "cfnOptions",
340
+ "cfnProperties",
341
+ "cfnResourceType",
342
+ "creationStack",
343
+ "dependsOn",
344
+ "logicalId",
345
+ "node",
346
+ "rawOverrides",
347
+ "ref",
348
+ "stack",
349
+ "synthesizeLogicalId",
350
+ "updatedProperites",
351
+ "updatedProperties"
352
+ ],
353
+ "type": "object"
354
+ },
355
+ "CfnResourceAutoScalingCreationPolicy": {
356
+ "additionalProperties": false,
357
+ "description": "For an Auto Scaling group replacement update, specifies how many instances must signal success for the\nupdate to succeed.",
358
+ "properties": {
359
+ "minSuccessfulInstancesPercent": {
360
+ "description": "Specifies the percentage of instances in an Auto Scaling replacement update that must signal success for the\nupdate to succeed. You can specify a value from 0 to 100. AWS CloudFormation rounds to the nearest tenth of a percent.\nFor example, if you update five instances with a minimum successful percentage of 50, three instances must signal success.\nIf an instance doesn't send a signal within the time specified by the Timeout property, AWS CloudFormation assumes that the\ninstance wasn't created.",
361
+ "type": "number"
362
+ }
363
+ },
364
+ "type": "object"
365
+ },
366
+ "CfnResourceSignal": {
367
+ "additionalProperties": false,
368
+ "description": "When AWS CloudFormation creates the associated resource, configures the number of required success signals and\nthe length of time that AWS CloudFormation waits for those signals.",
369
+ "properties": {
370
+ "count": {
371
+ "description": "The number of success signals AWS CloudFormation must receive before it sets the resource status as CREATE_COMPLETE.\nIf the resource receives a failure signal or doesn't receive the specified number of signals before the timeout period\nexpires, the resource creation fails and AWS CloudFormation rolls the stack back.",
372
+ "type": "number"
373
+ },
374
+ "timeout": {
375
+ "description": "The length of time that AWS CloudFormation waits for the number of signals that was specified in the Count property.\nThe timeout period starts after AWS CloudFormation starts creating the resource, and the timeout expires no sooner\nthan the time you specify but can occur shortly thereafter. The maximum time that you can specify is 12 hours.",
376
+ "type": "string"
377
+ }
378
+ },
379
+ "type": "object"
380
+ },
381
+ "CfnUpdatePolicy": {
382
+ "additionalProperties": false,
383
+ "description": "Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup\nresource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a\nscheduled action is associated with the Auto Scaling group.",
384
+ "properties": {
385
+ "autoScalingReplacingUpdate": {
386
+ "$ref": "#/definitions/CfnAutoScalingReplacingUpdate",
387
+ "description": "Specifies whether an Auto Scaling group and the instances it contains are replaced during an update. During replacement,\nAWS CloudFormation retains the old group until it finishes creating the new one. If the update fails, AWS CloudFormation\ncan roll back to the old Auto Scaling group and delete the new Auto Scaling group."
388
+ },
389
+ "autoScalingRollingUpdate": {
390
+ "$ref": "#/definitions/CfnAutoScalingRollingUpdate",
391
+ "description": "To specify how AWS CloudFormation handles rolling updates for an Auto Scaling group, use the AutoScalingRollingUpdate\npolicy. Rolling updates enable you to specify whether AWS CloudFormation updates instances that are in an Auto Scaling\ngroup in batches or all at once."
392
+ },
393
+ "autoScalingScheduledAction": {
394
+ "$ref": "#/definitions/CfnAutoScalingScheduledAction",
395
+ "description": "To specify how AWS CloudFormation handles updates for the MinSize, MaxSize, and DesiredCapacity properties when\nthe AWS::AutoScaling::AutoScalingGroup resource has an associated scheduled action, use the AutoScalingScheduledAction\npolicy."
396
+ },
397
+ "codeDeployLambdaAliasUpdate": {
398
+ "$ref": "#/definitions/CfnCodeDeployLambdaAliasUpdate",
399
+ "description": "To perform an AWS CodeDeploy deployment when the version changes on an AWS::Lambda::Alias resource,\nuse the CodeDeployLambdaAliasUpdate update policy."
400
+ },
401
+ "enableVersionUpgrade": {
402
+ "description": "To upgrade an Amazon ES domain to a new version of Elasticsearch rather than replacing the entire\nAWS::Elasticsearch::Domain resource, use the EnableVersionUpgrade update policy.",
403
+ "type": "boolean"
404
+ },
405
+ "useOnlineResharding": {
406
+ "description": "To modify a replication group's shards by adding or removing shards, rather than replacing the entire\nAWS::ElastiCache::ReplicationGroup resource, use the UseOnlineResharding update policy.",
407
+ "type": "boolean"
408
+ }
409
+ },
410
+ "type": "object"
411
+ },
412
+ "Conditions": {
413
+ "additionalProperties": false,
414
+ "description": "Conditions for when an IAM Policy is in effect, specified in the following structure:\n\n`{ \"Operator\": { \"keyInRequestContext\": \"value\" } }`\n\nThe value can be either a single string value or an array of string values.\n\nFor more information, including which operators are supported, see [the IAM\ndocumentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html).",
415
+ "type": "object"
416
+ },
417
+ "Connections": {
418
+ "additionalProperties": false,
419
+ "description": "Manage the allowed network connections for constructs with Security Groups.\n\nSecurity Groups can be thought of as a firewall for network-connected\ndevices. This class makes it easy to allow network connections to and\nfrom security groups, and between security groups individually. When\nestablishing connectivity between security groups, it will automatically\nadd rules in both security groups\n\nThis object can manage one or more security groups.",
420
+ "properties": {
421
+ "_securityGroupRules": {
422
+ "description": "The rule that defines how to represent this peer in a security group"
423
+ },
424
+ "_securityGroups": {
425
+ "description": "Underlying securityGroup for this Connections object, if present\n\nMay be empty if this Connections object is not managing a SecurityGroup,\nbut simply representing a Connectable peer."
426
+ },
427
+ "connections": {
428
+ "$ref": "#/definitions/Connections",
429
+ "description": "The network connections associated with this resource."
430
+ },
431
+ "defaultPort": {
432
+ "$ref": "#/definitions/Port",
433
+ "description": "The default port configured for this connection peer, if available"
434
+ },
435
+ "remoteRule": {
436
+ "description": "When doing bidirectional grants between Security Groups in different stacks, put the rule on the other SG"
437
+ },
438
+ "securityGroups": {
439
+ "items": {
440
+ "$ref": "#/definitions/ISecurityGroup"
441
+ },
442
+ "type": "array"
443
+ },
444
+ "skip": {
445
+ "description": "When doing bidirectional grants between Connections, make sure we don't recursive infinitely"
446
+ }
447
+ },
448
+ "required": [
449
+ "_securityGroupRules",
450
+ "_securityGroups",
451
+ "connections",
452
+ "remoteRule",
453
+ "securityGroups",
454
+ "skip"
455
+ ],
456
+ "type": "object"
457
+ },
68
458
  "DMSProps": {
69
459
  "additionalProperties": false,
70
- "description": "Q-ENHANCED-INTERFACE\nDMSProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
460
+ "description": "Configuration for DMS deployment including endpoints, replication instances, and tasks.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
71
461
  "properties": {
72
462
  "createDmsLogRole": {
73
- "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to create DMS CloudWatch Logs service role enabling migration logging and monitoring capabilities. Controls whether MDAA will create the required CloudWatch Logs service role for DMS operation logging and monitoring.\n\nUse cases: Migration logging; DMS monitoring; CloudWatch integration; Log management; Migration troubleshooting\n\nAWS: AWS DMS CloudWatch Logs service role creation for migration logging and monitoring\n\nValidation: Must be boolean value if provided; optional for logging service role management",
463
+ "description": "Whether to create the DMS CloudWatch Logs service role.",
74
464
  "type": "boolean"
75
465
  },
76
466
  "createDmsVpcRole": {
77
- "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to create DMS VPC service role enabling VPC-based database migration operations. Controls whether MDAA will create the required VPC service role for DMS operations in VPC environments with private database connectivity.\n\nUse cases: VPC-based migrations; Private database connectivity; DMS VPC role creation; Network-isolated migrations\n\nAWS: AWS DMS VPC service role creation for VPC-based database migration operations\n\nValidation: Must be boolean value if provided; optional for VPC service role management",
467
+ "description": "Whether to create the DMS VPC service role.",
78
468
  "type": "boolean"
79
469
  },
80
470
  "dmsRoleArn": {
81
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Database Migration Service operations enabling custom role specification for DMS service access. Provides ability to specify a custom IAM role for DMS operations when default service roles are insufficient or when specific permissions are required.\n\nUse cases: Custom IAM role specification; Advanced permission management; Cross-account DMS access; Custom service roles\n\nAWS: IAM role ARN for AWS Database Migration Service operations and resource access\n\nValidation: Must be valid IAM role ARN format if provided; optional for custom role specification",
471
+ "description": "Custom IAM role ARN for DMS operations.",
82
472
  "type": "string"
83
473
  },
84
474
  "endpoints": {
85
475
  "$ref": "#/definitions/NamedEndpointProps",
86
- "description": "Q-ENHANCED-PROPERTY\nOptional named endpoints configuration for DMS source and target database connections enabling flexible database connectivity. Defines the database connection endpoints that DMS will use for source and target databases in migration operations.\n\nUse cases: Database connectivity; Source/target configuration; Connection management; Multi-database migrations\n\nAWS: AWS DMS endpoints for source and target database connection configuration\n\nValidation: Must be valid NamedEndpointProps if provided; optional for endpoint configuration"
476
+ "description": "Named endpoint configurations for source and target databases."
87
477
  },
88
478
  "replicationInstances": {
89
479
  "$ref": "#/definitions/NamedReplicationInstanceProps",
90
- "description": "Q-ENHANCED-PROPERTY\nOptional named replication instances configuration for DMS migration infrastructure enabling scalable database migration operations. Defines the compute resources that will perform the actual data migration tasks with appropriate sizing and configuration.\n\nUse cases: Migration infrastructure; Replication instance management; Migration scaling; Compute resource allocation\n\nAWS: AWS DMS replication instances for database migration compute infrastructure\n\nValidation: Must be valid NamedReplicationInstanceProps if provided; optional for replication instance configuration"
480
+ "description": "Named replication instance configurations."
91
481
  },
92
482
  "replicationTasks": {
93
483
  "$ref": "#/definitions/NamedReplicationTaskProps",
94
- "description": "Q-ENHANCED-PROPERTY\nOptional named replication tasks configuration for DMS migration job definitions enabling automated database migration workflows. Defines the specific migration tasks that will transfer data between source and target databases with appropriate settings and filters.\n\nUse cases: Migration task definition; Data transfer workflows; Migration automation; Task scheduling\n\nAWS: AWS DMS replication tasks for automated database migration job execution\n\nValidation: Must be valid NamedReplicationTaskProps if provided; optional for replication task configuration"
484
+ "description": "Named replication task configurations."
95
485
  }
96
486
  },
97
487
  "type": "object"
@@ -106,30 +496,27 @@
106
496
  },
107
497
  "DocDbSettingsProperty": {
108
498
  "additionalProperties": false,
109
- "description": "Q-ENHANCED-INTERFACE\nDocumentDB settings configuration interface for DMS providing document database migration and MongoDB-compatible capabilities. Defines DocumentDB-specific properties for Database Migration Service including document migration, MongoDB compatibility, and DocumentDB integration for document database migration workflows.\n\nUse cases: Document database migration; MongoDB-compatible migration; DocumentDB connectivity; Document data migration; MongoDB compatibility; DMS DocumentDB integration\n\nAWS: AWS DMS DocumentDB endpoint configuration with document database migration and MongoDB-compatible capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
499
+ "description": "Provides information that defines a DocumentDB endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about other available settings, see [Using extra connections attributes with Amazon DocumentDB as a source](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DocumentDB.html#CHAP_Source.DocumentDB.ECAs) and [Using Amazon DocumentDB as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DocumentDB.html) in the *AWS Database Migration Service User Guide* .",
110
500
  "properties": {
111
501
  "docsToInvestigate": {
112
- "description": "Q-ENHANCED-PROPERTY\nOptional number of documents to preview for determining document organization and schema inference in DocumentDB migration. Defines the sample size for document analysis when nesting level is set to \"one\" for table mode migration, enabling proper schema detection and data mapping.\n\nUse cases: Document schema inference; Migration planning; Table mode configuration; Document organization analysis\n\nAWS: DMS DocumentDB endpoint docsToInvestigate setting for document sampling and schema analysis\n\nValidation: Must be positive integer greater than 0 if provided; default is 1000; used for document organization analysis\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-docstoinvestigate",
502
+ "description": "Number of documents to preview for determining document organization and schema inference",
113
503
  "type": "number"
114
504
  },
115
505
  "extractDocId": {
116
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to extract document ID during DocumentDB migration enabling document identification and tracking. Specifies whether to extract the document ID when nesting level is set to \"none\" for document mode migration, enabling document-level tracking and identification.\n\nUse cases: Document identification; Document mode migration; Document tracking; ID extraction\n\nAWS: DMS DocumentDB endpoint extractDocId setting for document ID extraction configuration\n\nValidation: Must be boolean value if provided; default is false; used when nesting level is \"none\"\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-extractdocid",
117
506
  "type": "boolean"
118
507
  },
119
508
  "nestingLevel": {
120
- "description": "Q-ENHANCED-PROPERTY\nOptional nesting level specification for DocumentDB migration mode selection enabling document or table mode migration. Defines the migration approach with \"none\" for document mode preserving document structure or \"one\" for table mode flattening documents into relational format.\n\nUse cases: Migration mode selection; Document structure preservation; Table mode flattening; Migration strategy configuration\n\nAWS: DMS DocumentDB endpoint nestingLevel setting for migration mode configuration\n\nValidation: Must be \"none\" or \"one\" if provided; default is \"none\"; determines document vs table migration mode\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-nestinglevel",
509
+ "description": "Nesting level specification for DocumentDB migration mode selection enabling document or table mode migration",
121
510
  "type": "string"
122
511
  },
123
512
  "secretsManagerAccessRoleArn": {
124
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS to access Secrets Manager secret containing DocumentDB credentials enabling secure credential management. Defines the IAM role that DMS assumes to retrieve database credentials from Secrets Manager for DocumentDB endpoint connectivity with role-based security.\n\nUse cases: Secure credential access; IAM role-based security; Secrets Manager integration; DMS authentication\n\nAWS: DMS DocumentDB endpoint secretsManagerAccessRoleArn setting for IAM role-based credential access\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole and Secrets Manager access permissions\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-secretsmanageraccessrolearn",
125
513
  "type": "string"
126
514
  },
127
515
  "secretsManagerSecretArn": {
128
- "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing DocumentDB endpoint connection details enabling secure credential storage for document database connectivity. Defines the AWS Secrets Manager secret that stores database connection credentials including username, password, and connection parameters for DocumentDB endpoint access.\n\nUse cases: Secure credential storage; DocumentDB connectivity; Database authentication; Secrets management\n\nAWS: DMS DocumentDB endpoint secretsManagerSecretId setting for Secrets Manager secret reference\n\nValidation: Must be valid Secrets Manager secret ARN; required; secret must contain valid DocumentDB connection credentials\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-secretsmanagersecretid",
516
+ "description": "Secrets Manager secret ARN containing DocumentDB endpoint connection details enabling",
129
517
  "type": "string"
130
518
  },
131
519
  "secretsManagerSecretKMSArn": {
132
- "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Secrets Manager secret containing DocumentDB credentials enabling enhanced security for database connection details. Defines the KMS key used to encrypt the Secrets Manager secret that stores DocumentDB endpoint credentials for additional security layer.\n\nUse cases: Credential encryption; Enhanced security; KMS integration; Secrets Manager encryption\n\nAWS: DMS DocumentDB endpoint secretsManagerSecretKMSArn setting for KMS encryption of credentials\n\nValidation: Must be valid KMS key ARN if provided; enables encryption of Secrets Manager secret containing credentials",
133
520
  "type": "string"
134
521
  }
135
522
  },
@@ -138,71 +525,303 @@
138
525
  ],
139
526
  "type": "object"
140
527
  },
141
- "DynamoDbSettingsProperty": {
528
+ "DockerImage": {
142
529
  "additionalProperties": false,
143
- "description": "Q-ENHANCED-INTERFACE\nDynamoDB settings configuration interface for DMS providing NoSQL database migration and serverless database capabilities. Defines DynamoDB-specific properties for Database Migration Service including NoSQL migration, serverless database connectivity, and DynamoDB integration for serverless database migration workflows.\n\nUse cases: NoSQL database migration; Serverless database migration; DynamoDB connectivity; NoSQL data migration; Serverless data integration; DMS DynamoDB integration\n\nAWS: AWS DMS DynamoDB endpoint configuration with NoSQL database migration and serverless database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
530
+ "description": "A Docker image",
144
531
  "properties": {
145
- "serviceAccessRoleArn": {
146
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM service role ARN for DMS DynamoDB endpoint access enabling secure authentication and authorization for NoSQL database operations. Defines the IAM role that DMS assumes to access DynamoDB tables with required permissions for data migration and NoSQL operations.\n\nUse cases: DynamoDB access control; DMS service authentication; IAM role-based security; NoSQL database permissions\n\nAWS: DMS DynamoDB endpoint serviceAccessRoleArn setting for IAM role-based authentication\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole permission and DynamoDB access policies\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-dynamodbsettings.html#cfn-dms-endpoint-dynamodbsettings-serviceaccessrolearn",
532
+ "image": {
533
+ "description": "The Docker image",
147
534
  "type": "string"
148
535
  }
149
536
  },
537
+ "required": [
538
+ "image"
539
+ ],
150
540
  "type": "object"
151
541
  },
152
- "ElasticsearchSettingsProperty": {
542
+ "DomainConfig": {
153
543
  "additionalProperties": false,
154
- "description": "Q-ENHANCED-INTERFACE\nElasticsearch settings configuration interface for DMS providing search engine migration and search data capabilities. Defines Elasticsearch-specific properties for Database Migration Service including search data migration, index configuration, and Elasticsearch integration for search engine migration workflows.\n\nUse cases: Search engine migration; Search data migration; Elasticsearch connectivity; Search index migration; Search data integration; DMS Elasticsearch integration\n\nAWS: AWS DMS Elasticsearch endpoint configuration with search engine migration and search data capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
155
544
  "properties": {
156
- "endpointUri": {
157
- "description": "Q-ENHANCED-PROPERTY\nOptional OpenSearch cluster endpoint URI for DMS target connectivity enabling search engine data migration and indexing. Defines the connection endpoint for OpenSearch cluster where DMS will migrate and index data from source databases for search and analytics capabilities.\n\nUse cases: Search engine migration; Data indexing; OpenSearch connectivity; Search data integration\n\nAWS: DMS Elasticsearch endpoint endpointUri setting for OpenSearch cluster connectivity\n\nValidation: Must be valid HTTPS URI if provided; DMS uses HTTPS by default for secure search engine connectivity\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-endpointuri",
158
- "type": "string"
545
+ "blueprintIds": {
546
+ "additionalProperties": {
547
+ "type": "string"
548
+ },
549
+ "type": "object"
159
550
  },
160
- "errorRetryDuration": {
161
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum retry duration in seconds for failed DMS API requests to OpenSearch cluster enabling resilient search data migration. Defines the maximum time DMS will retry failed API requests to the OpenSearch cluster for improved reliability and fault tolerance during search data migration.\n\nUse cases: Search migration resilience; API retry configuration; OpenSearch connectivity reliability; Migration fault tolerance\n\nAWS: DMS Elasticsearch endpoint errorRetryDuration setting for API retry timing configuration\n\nValidation: Must be positive integer in seconds if provided; controls maximum retry duration for failed OpenSearch API requests\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-errorretryduration",
162
- "type": "number"
551
+ "configParamArns": {
552
+ "default": [],
553
+ "items": {
554
+ "type": "string"
555
+ },
556
+ "type": "array"
163
557
  },
164
- "fullLoadErrorPercentage": {
165
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum percentage of failed records before stopping full load operation enabling controlled search data migration quality. Defines the failure threshold for record writes to OpenSearch before DMS stops the full load operation to prevent data quality issues in search indexes.\n\nUse cases: Data quality control; Migration failure thresholds; Search index quality; Load operation control\n\nAWS: DMS Elasticsearch endpoint fullLoadErrorPercentage setting for data quality control\n\nValidation: Must be percentage value between 0-100 if provided; controls failure threshold for full load operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-fullloaderrorpercentage",
166
- "type": "number"
558
+ "customResourceRoleName": {
559
+ "type": "string"
167
560
  },
168
- "serviceAccessRoleArn": {
169
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM service role ARN for DMS OpenSearch endpoint access enabling secure authentication and authorization for search engine operations. Defines the IAM role that DMS assumes to access OpenSearch cluster with required permissions for indexing and search operations.\n\nUse cases: OpenSearch access control; DMS service authentication; IAM role-based security; Search engine permissions\n\nAWS: DMS Elasticsearch endpoint serviceAccessRoleArn setting for IAM role-based authentication\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole permission and OpenSearch access policies\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-serviceaccessrolearn",
561
+ "domainArn": {
170
562
  "type": "string"
171
- }
172
- },
173
- "type": "object"
174
- },
175
- "EndpointProps": {
176
- "additionalProperties": false,
177
- "description": "Q-ENHANCED-INTERFACE\nEndpointProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
178
- "properties": {
179
- "databaseName": {
180
- "description": "The optional name of the endpoint database. Required for certain endpoint types.",
563
+ },
564
+ "domainBucketArn": {
181
565
  "type": "string"
182
566
  },
183
- "docDbSettings": {
184
- "$ref": "#/definitions/DocDbSettingsProperty",
185
- "description": "Settings in JSON format for the source and target DocumentDB endpoint.\nFor more information about other available settings, see [Using extra connections attributes with Amazon DocumentDB as a source](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DocumentDB.html#CHAP_Source.DocumentDB.ECAs) and [Using Amazon DocumentDB as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DocumentDB.html) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-docdbsettings"
567
+ "domainBucketUsagePolicyName": {
568
+ "type": "string"
186
569
  },
187
- "dynamoDbSettings": {
188
- "$ref": "#/definitions/DynamoDbSettingsProperty",
189
- "description": "Settings in JSON format for the target Amazon DynamoDB endpoint.\nFor information about other available settings, see [Using object mapping to migrate data to DynamoDB](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DynamoDB.html#CHAP_Target.DynamoDB.ObjectMapping) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-dynamodbsettings"
570
+ "domainConfigCr": {
571
+ "$ref": "#/definitions/MdaaCustomResource"
190
572
  },
191
- "elasticsearchSettings": {
192
- "$ref": "#/definitions/ElasticsearchSettingsProperty",
193
- "description": "Settings in JSON format for the target OpenSearch endpoint.\nFor more information about the available settings, see [Extra connection attributes when using OpenSearch as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-elasticsearchsettings"
573
+ "domainId": {
574
+ "type": "string"
194
575
  },
195
- "endpointType": {
196
- "$ref": "#/definitions/MdaaEndpointType",
197
- "description": "The type of Endpoint (\"source\" or \"target\")"
576
+ "domainKmsKeyArn": {
577
+ "type": "string"
198
578
  },
199
- "engineName": {
200
- "$ref": "#/definitions/MdaaEndpointEngine",
201
- "description": "The name of the endpoint engine"
579
+ "domainKmsUsagePolicyName": {
580
+ "type": "string"
202
581
  },
203
- "ibmDb2Settings": {
204
- "$ref": "#/definitions/IbmDb2SettingsProperty",
205
- "description": "Settings in JSON format for the source IBM Db2 LUW endpoint.\nFor information about other available settings, see [Extra connection attributes when using Db2 LUW as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DB2.html#CHAP_Source.DB2.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-ibmdb2settings"
582
+ "domainName": {
583
+ "type": "string"
584
+ },
585
+ "domainUnitIds": {
586
+ "additionalProperties": {
587
+ "type": "string"
588
+ },
589
+ "type": "object"
590
+ },
591
+ "domainVersion": {
592
+ "type": "string"
593
+ },
594
+ "glueCatalogArns": {
595
+ "items": {
596
+ "type": "string"
597
+ },
598
+ "type": "array"
599
+ },
600
+ "glueCatalogKmsKeyArns": {
601
+ "items": {
602
+ "type": "string"
603
+ },
604
+ "type": "array"
605
+ },
606
+ "node": {
607
+ "$ref": "#/definitions/Node",
608
+ "description": "The tree node."
609
+ },
610
+ "projectIds": {
611
+ "additionalProperties": {
612
+ "type": "string"
613
+ },
614
+ "type": "object"
615
+ },
616
+ "props": {
617
+ "$ref": "#/definitions/DomainConfigProps"
618
+ },
619
+ "ssmParamBase": {
620
+ "type": "string"
621
+ }
622
+ },
623
+ "required": [
624
+ "blueprintIds",
625
+ "configParamArns",
626
+ "customResourceRoleName",
627
+ "domainArn",
628
+ "domainBucketArn",
629
+ "domainBucketUsagePolicyName",
630
+ "domainConfigCr",
631
+ "domainId",
632
+ "domainKmsKeyArn",
633
+ "domainKmsUsagePolicyName",
634
+ "domainName",
635
+ "domainUnitIds",
636
+ "domainVersion",
637
+ "glueCatalogArns",
638
+ "glueCatalogKmsKeyArns",
639
+ "node",
640
+ "projectIds",
641
+ "props",
642
+ "ssmParamBase"
643
+ ],
644
+ "type": "object"
645
+ },
646
+ "DomainConfigProps": {
647
+ "additionalProperties": false,
648
+ "properties": {
649
+ "blueprintIds": {
650
+ "additionalProperties": {
651
+ "type": "string"
652
+ },
653
+ "type": "object"
654
+ },
655
+ "createConfigParams": {
656
+ "type": "boolean"
657
+ },
658
+ "createOutputs": {
659
+ "description": "Flag controlling CloudFormation output and stack export creation for construct resources",
660
+ "type": "boolean"
661
+ },
662
+ "createParams": {
663
+ "description": "Flag controlling SSM parameter creation for construct resource references enabling",
664
+ "type": "boolean"
665
+ },
666
+ "customResourceRoleName": {
667
+ "type": "string"
668
+ },
669
+ "domainArn": {
670
+ "description": "DataZone domain ARN for AWS resource identification and IAM policy integration enabling",
671
+ "type": "string"
672
+ },
673
+ "domainBucketArn": {
674
+ "type": "string"
675
+ },
676
+ "domainBucketUsagePolicyName": {
677
+ "description": "Domain Bucket usage policy name",
678
+ "type": "string"
679
+ },
680
+ "domainId": {
681
+ "description": "DataZone domain ID for unique domain identification within AWS enabling cross-service",
682
+ "type": "string"
683
+ },
684
+ "domainKmsKeyArn": {
685
+ "description": "KMS key ARN for domain encryption ensuring data protection compliance and secure domain operations",
686
+ "type": "string"
687
+ },
688
+ "domainKmsUsagePolicyName": {
689
+ "description": "Domain KMS usage policy name for key access management enabling controlled encryption key",
690
+ "type": "string"
691
+ },
692
+ "domainName": {
693
+ "description": "DataZone domain name for domain identification and management enabling unique domain naming",
694
+ "type": "string"
695
+ },
696
+ "domainUnitIds": {
697
+ "additionalProperties": {
698
+ "type": "string"
699
+ },
700
+ "description": "Map of domain unit names to identifiers for hierarchical domain organization enabling",
701
+ "type": "object"
702
+ },
703
+ "domainVersion": {
704
+ "description": "Domain version for domain lifecycle management and versioning control enabling domain evolution tracking",
705
+ "type": "string"
706
+ },
707
+ "glueCatalogArns": {
708
+ "description": "Array of Glue catalog ARNs for catalog integration enabling data catalog connectivity with DataZone",
709
+ "items": {
710
+ "type": "string"
711
+ },
712
+ "type": "array"
713
+ },
714
+ "glueCatalogKmsKeyArns": {
715
+ "description": "Array of Glue catalog KMS key ARNs for catalog encryption enabling secure catalog integration with DataZone",
716
+ "items": {
717
+ "type": "string"
718
+ },
719
+ "type": "array"
720
+ },
721
+ "naming": {
722
+ "$ref": "#/definitions/IMdaaResourceNaming",
723
+ "description": "MDAA naming implementation for consistent resource naming across all MDAA constructs"
724
+ },
725
+ "projectIds": {
726
+ "additionalProperties": {
727
+ "type": "string"
728
+ },
729
+ "type": "object"
730
+ },
731
+ "refresh": {
732
+ "type": "boolean"
733
+ },
734
+ "ssmParamBase": {
735
+ "description": "SSM parameter base path for domain configuration storage enabling centralized configuration management",
736
+ "type": "string"
737
+ }
738
+ },
739
+ "required": [
740
+ "naming",
741
+ "ssmParamBase"
742
+ ],
743
+ "type": "object"
744
+ },
745
+ "Duration": {
746
+ "additionalProperties": false,
747
+ "description": "Represents a length of time.\n\nThe amount can be specified either as a literal value (e.g: `10`) which\ncannot be negative, or as an unresolved number token.\n\nWhen the amount is passed as a token, unit conversion is not possible.",
748
+ "properties": {
749
+ "amount": {},
750
+ "components": {
751
+ "description": "Return the duration in a set of whole numbered time components, ordered from largest to smallest\n\nOnly components != 0 will be returned.\n\nCan combine millis and seconds together for the benefit of toIsoString,\nmakes the logic in there simpler."
752
+ },
753
+ "unit": {}
754
+ },
755
+ "required": [
756
+ "amount",
757
+ "components",
758
+ "unit"
759
+ ],
760
+ "type": "object"
761
+ },
762
+ "DynamoDbSettingsProperty": {
763
+ "additionalProperties": false,
764
+ "description": "Provides information, including the Amazon Resource Name (ARN) of the IAM role used to define an Amazon DynamoDB target endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information also includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Using object mapping to migrate data to DynamoDB](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DynamoDB.html#CHAP_Target.DynamoDB.ObjectMapping) in the *AWS Database Migration Service User Guide* .",
765
+ "properties": {
766
+ "serviceAccessRoleArn": {
767
+ "description": "IAM service role ARN for DMS DynamoDB endpoint access enabling secure authentication and",
768
+ "type": "string"
769
+ }
770
+ },
771
+ "type": "object"
772
+ },
773
+ "ElasticsearchSettingsProperty": {
774
+ "additionalProperties": false,
775
+ "description": "Provides information that defines an OpenSearch endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about the available settings, see [Extra connection attributes when using OpenSearch as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration) in the *AWS Database Migration Service User Guide* .",
776
+ "properties": {
777
+ "endpointUri": {
778
+ "description": "OpenSearch cluster endpoint URI for DMS target connectivity enabling search engine data migration and indexing",
779
+ "type": "string"
780
+ },
781
+ "errorRetryDuration": {
782
+ "type": "number"
783
+ },
784
+ "fullLoadErrorPercentage": {
785
+ "description": "Maximum percentage of failed records before stopping full load operation enabling",
786
+ "type": "number"
787
+ },
788
+ "serviceAccessRoleArn": {
789
+ "type": "string"
790
+ }
791
+ },
792
+ "type": "object"
793
+ },
794
+ "EndpointProps": {
795
+ "additionalProperties": false,
796
+ "description": "Configuration for a DMS endpoint defining database connection settings.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
797
+ "properties": {
798
+ "databaseName": {
799
+ "description": "The optional name of the endpoint database. Required for certain endpoint types.",
800
+ "type": "string"
801
+ },
802
+ "docDbSettings": {
803
+ "$ref": "#/definitions/DocDbSettingsProperty",
804
+ "description": "Settings in JSON format for the source and target DocumentDB endpoint.\nFor more information about other available settings, see [Using extra connections attributes with Amazon DocumentDB as a source](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DocumentDB.html#CHAP_Source.DocumentDB.ECAs) and [Using Amazon DocumentDB as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DocumentDB.html) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-docdbsettings"
805
+ },
806
+ "dynamoDbSettings": {
807
+ "$ref": "#/definitions/DynamoDbSettingsProperty",
808
+ "description": "Settings in JSON format for the target Amazon DynamoDB endpoint.\nFor information about other available settings, see [Using object mapping to migrate data to DynamoDB](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DynamoDB.html#CHAP_Target.DynamoDB.ObjectMapping) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-dynamodbsettings"
809
+ },
810
+ "elasticsearchSettings": {
811
+ "$ref": "#/definitions/ElasticsearchSettingsProperty",
812
+ "description": "Settings in JSON format for the target OpenSearch endpoint.\nFor more information about the available settings, see [Extra connection attributes when using OpenSearch as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-elasticsearchsettings"
813
+ },
814
+ "endpointType": {
815
+ "$ref": "#/definitions/MdaaEndpointType",
816
+ "description": "The type of Endpoint (\"source\" or \"target\")"
817
+ },
818
+ "engineName": {
819
+ "$ref": "#/definitions/MdaaEndpointEngine",
820
+ "description": "The name of the endpoint engine"
821
+ },
822
+ "ibmDb2Settings": {
823
+ "$ref": "#/definitions/IbmDb2SettingsProperty",
824
+ "description": "Settings in JSON format for the source IBM Db2 LUW endpoint.\nFor information about other available settings, see [Extra connection attributes when using Db2 LUW as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DB2.html#CHAP_Source.DB2.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-ibmdb2settings"
206
825
  },
207
826
  "kinesisSettings": {
208
827
  "$ref": "#/definitions/KinesisSettingsProperty",
@@ -240,27 +859,760 @@
240
859
  "$ref": "#/definitions/S3SettingsProperty",
241
860
  "description": "Settings in JSON format for the source and target Amazon S3 endpoint.\nFor more information about other available settings, see [Extra connection attributes when using Amazon S3 as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.S3.html#CHAP_Source.S3.Configuring) and [Extra connection attributes when using Amazon S3 as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html#CHAP_Target.S3.Configuring) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-s3settings"
242
861
  },
243
- "sybaseSettings": {
244
- "$ref": "#/definitions/SybaseSettingsProperty",
245
- "description": "Settings in JSON format for the source and target SAP ASE endpoint.\nFor information about other available settings, see [Extra connection attributes when using SAP ASE as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SAP.html#CHAP_Source.SAP.ConnectionAttrib) and [Extra connection attributes when using SAP ASE as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.SAP.html#CHAP_Target.SAP.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-sybasesettings"
862
+ "sybaseSettings": {
863
+ "$ref": "#/definitions/SybaseSettingsProperty",
864
+ "description": "Settings in JSON format for the source and target SAP ASE endpoint.\nFor information about other available settings, see [Extra connection attributes when using SAP ASE as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SAP.html#CHAP_Source.SAP.ConnectionAttrib) and [Extra connection attributes when using SAP ASE as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.SAP.html#CHAP_Target.SAP.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-sybasesettings"
865
+ }
866
+ },
867
+ "required": [
868
+ "endpointType",
869
+ "engineName"
870
+ ],
871
+ "type": "object"
872
+ },
873
+ "FunctionReference": {
874
+ "additionalProperties": false,
875
+ "description": "A reference to a Function resource.",
876
+ "properties": {
877
+ "functionArn": {
878
+ "description": "The ARN of the Function resource.",
879
+ "type": "string"
880
+ },
881
+ "functionName": {
882
+ "description": "The FunctionName of the Function resource.",
883
+ "type": "string"
884
+ }
885
+ },
886
+ "required": [
887
+ "functionArn",
888
+ "functionName"
889
+ ],
890
+ "type": "object"
891
+ },
892
+ "ICfnConditionExpression": {
893
+ "additionalProperties": false,
894
+ "description": "Represents a CloudFormation element that can be used within a Condition.\n\nYou can use intrinsic functions, such as ``Fn.conditionIf``,\n``Fn.conditionEquals``, and ``Fn.conditionNot``, to conditionally create\nstack resources. These conditions are evaluated based on input parameters\nthat you declare when you create or update a stack. After you define all your\nconditions, you can associate them with resources or resource properties in\nthe Resources and Outputs sections of a template.\n\nYou define all conditions in the Conditions section of a template except for\n``Fn.conditionIf`` conditions. You can use the ``Fn.conditionIf`` condition\nin the metadata attribute, update policy attribute, and property values in\nthe Resources section and Outputs sections of a template.\n\nYou might use conditions when you want to reuse a template that can create\nresources in different contexts, such as a test environment versus a\nproduction environment. In your template, you can add an EnvironmentType\ninput parameter, which accepts either prod or test as inputs. For the\nproduction environment, you might include Amazon EC2 instances with certain\ncapabilities; however, for the test environment, you want to use less\ncapabilities to save costs. With conditions, you can define which resources\nare created and how they're configured for each environment type.\n\nYou can use `toString` when you wish to embed a condition expression\nin a property value that accepts a `string`. For example:\n\n```ts\nnew sqs.Queue(this, 'MyQueue', {\n queueName: Fn.conditionIf('Condition', 'Hello', 'World').toString()\n});\n```",
895
+ "properties": {
896
+ "creationStack": {
897
+ "description": "The creation stack of this resolvable which will be appended to errors\nthrown during resolution.\n\nThis may return an array with a single informational element indicating how\nto get this property populated, if it was skipped for performance reasons.",
898
+ "items": {
899
+ "type": "string"
900
+ },
901
+ "type": "array"
902
+ },
903
+ "typeHint": {
904
+ "description": "The type that this token will likely resolve to.",
905
+ "enum": [
906
+ "number",
907
+ "string",
908
+ "string-list"
909
+ ],
910
+ "type": "string"
911
+ }
912
+ },
913
+ "required": [
914
+ "creationStack"
915
+ ],
916
+ "type": "object"
917
+ },
918
+ "ICfnResourceOptions": {
919
+ "additionalProperties": false,
920
+ "properties": {
921
+ "condition": {
922
+ "$ref": "#/definitions/CfnCondition",
923
+ "description": "A condition to associate with this resource. This means that only if the condition evaluates to 'true' when the stack\nis deployed, the resource will be included. This is provided to allow CDK projects to produce legacy templates, but normally\nthere is no need to use it in CDK projects."
924
+ },
925
+ "creationPolicy": {
926
+ "$ref": "#/definitions/CfnCreationPolicy",
927
+ "description": "Associate the CreationPolicy attribute with a resource to prevent its status from reaching create complete until\nAWS CloudFormation receives a specified number of success signals or the timeout period is exceeded. To signal a\nresource, you can use the cfn-signal helper script or SignalResource API. AWS CloudFormation publishes valid signals\nto the stack events so that you track the number of signals sent."
928
+ },
929
+ "deletionPolicy": {
930
+ "description": "With the DeletionPolicy attribute you can preserve or (in some cases) backup a resource when its stack is deleted.\nYou specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy\nattribute, AWS CloudFormation deletes the resource by default. Note that this capability also applies to update operations\nthat lead to resources being removed.",
931
+ "enum": [
932
+ "Delete",
933
+ "Retain",
934
+ "RetainExceptOnCreate",
935
+ "Snapshot"
936
+ ],
937
+ "type": "string"
938
+ },
939
+ "description": {
940
+ "description": "The description of this resource.\nUsed for informational purposes only, is not processed in any way\n(and stays with the CloudFormation template, is not passed to the underlying resource,\neven if it does have a 'description' property).",
941
+ "type": "string"
942
+ },
943
+ "metadata": {
944
+ "additionalProperties": {},
945
+ "description": "Metadata associated with the CloudFormation resource. This is not the same as the construct metadata which can be added\nusing construct.addMetadata(), but would not appear in the CloudFormation template automatically.",
946
+ "type": "object"
947
+ },
948
+ "updatePolicy": {
949
+ "$ref": "#/definitions/CfnUpdatePolicy",
950
+ "description": "Use the UpdatePolicy attribute to specify how AWS CloudFormation handles updates to the AWS::AutoScaling::AutoScalingGroup\nresource. AWS CloudFormation invokes one of three update policies depending on the type of change you make or whether a\nscheduled action is associated with the Auto Scaling group."
951
+ },
952
+ "updateReplacePolicy": {
953
+ "description": "Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource\nwhen it is replaced during a stack update operation.",
954
+ "enum": [
955
+ "Delete",
956
+ "Retain",
957
+ "RetainExceptOnCreate",
958
+ "Snapshot"
959
+ ],
960
+ "type": "string"
961
+ },
962
+ "version": {
963
+ "description": "The version of this resource.\nUsed only for custom CloudFormation resources.",
964
+ "type": "string"
965
+ }
966
+ },
967
+ "type": "object"
968
+ },
969
+ "IConstruct": {
970
+ "additionalProperties": false,
971
+ "description": "Represents a construct.",
972
+ "properties": {
973
+ "node": {
974
+ "$ref": "#/definitions/Node",
975
+ "description": "The tree node."
976
+ }
977
+ },
978
+ "required": [
979
+ "node"
980
+ ],
981
+ "type": "object"
982
+ },
983
+ "IFunction": {
984
+ "additionalProperties": false,
985
+ "properties": {
986
+ "architecture": {
987
+ "$ref": "#/definitions/Architecture",
988
+ "description": "The system architectures compatible with this lambda function."
989
+ },
990
+ "connections": {
991
+ "$ref": "#/definitions/Connections",
992
+ "description": "The network connections associated with this resource."
993
+ },
994
+ "env": {
995
+ "$ref": "#/definitions/ResourceEnvironment",
996
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
997
+ },
998
+ "functionArn": {
999
+ "description": "The ARN of the function.",
1000
+ "type": "string"
1001
+ },
1002
+ "functionName": {
1003
+ "description": "The name of the function.",
1004
+ "type": "string"
1005
+ },
1006
+ "functionRef": {
1007
+ "$ref": "#/definitions/FunctionReference",
1008
+ "description": "A reference to a Function resource."
1009
+ },
1010
+ "grantPrincipal": {
1011
+ "$ref": "#/definitions/IPrincipal",
1012
+ "description": "The principal to grant permissions to"
1013
+ },
1014
+ "isBoundToVpc": {
1015
+ "description": "Whether or not this Lambda function was bound to a VPC\n\nIf this is is `false`, trying to access the `connections` object will fail.",
1016
+ "type": "boolean"
1017
+ },
1018
+ "latestVersion": {
1019
+ "$ref": "#/definitions/IVersion",
1020
+ "description": "The `$LATEST` version of this function.\n\nNote that this is reference to a non-specific AWS Lambda version, which\nmeans the function this version refers to can return different results in\ndifferent invocations.\n\nTo obtain a reference to an explicit version which references the current\nfunction configuration, use `lambdaFunction.currentVersion` instead."
1021
+ },
1022
+ "node": {
1023
+ "$ref": "#/definitions/Node",
1024
+ "description": "The tree node."
1025
+ },
1026
+ "permissionsNode": {
1027
+ "$ref": "#/definitions/Node",
1028
+ "description": "The construct node where permissions are attached."
1029
+ },
1030
+ "resourceArnsForGrantInvoke": {
1031
+ "description": "The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().\n\nThis property is for cdk modules to consume only. You should not need to use this property.\nInstead, use grantInvoke() directly.",
1032
+ "items": {
1033
+ "type": "string"
1034
+ },
1035
+ "type": "array"
1036
+ },
1037
+ "role": {
1038
+ "$ref": "#/definitions/IRole",
1039
+ "description": "The IAM role associated with this function."
1040
+ },
1041
+ "stack": {
1042
+ "$ref": "#/definitions/Stack",
1043
+ "description": "The stack in which this resource is defined."
1044
+ }
1045
+ },
1046
+ "required": [
1047
+ "architecture",
1048
+ "connections",
1049
+ "env",
1050
+ "functionArn",
1051
+ "functionName",
1052
+ "functionRef",
1053
+ "grantPrincipal",
1054
+ "isBoundToVpc",
1055
+ "latestVersion",
1056
+ "node",
1057
+ "permissionsNode",
1058
+ "resourceArnsForGrantInvoke",
1059
+ "stack"
1060
+ ],
1061
+ "type": "object"
1062
+ },
1063
+ "IKey": {
1064
+ "additionalProperties": false,
1065
+ "description": "A KMS Key, either managed by this CDK app, or imported.\n\nThis interface does double duty: it represents an actual KMS keys, but it\nalso represents things that can behave like KMS keys, like a key alias.",
1066
+ "properties": {
1067
+ "env": {
1068
+ "$ref": "#/definitions/ResourceEnvironment",
1069
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1070
+ },
1071
+ "keyArn": {
1072
+ "description": "The ARN of the key.",
1073
+ "type": "string"
1074
+ },
1075
+ "keyId": {
1076
+ "description": "The ID of the key\n(the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).",
1077
+ "type": "string"
1078
+ },
1079
+ "keyRef": {
1080
+ "$ref": "#/definitions/KeyReference",
1081
+ "description": "A reference to a Key resource."
1082
+ },
1083
+ "node": {
1084
+ "$ref": "#/definitions/Node",
1085
+ "description": "The tree node."
1086
+ },
1087
+ "stack": {
1088
+ "$ref": "#/definitions/Stack",
1089
+ "description": "The stack in which this resource is defined."
1090
+ }
1091
+ },
1092
+ "required": [
1093
+ "env",
1094
+ "keyArn",
1095
+ "keyId",
1096
+ "keyRef",
1097
+ "node",
1098
+ "stack"
1099
+ ],
1100
+ "type": "object"
1101
+ },
1102
+ "ILayerVersion": {
1103
+ "additionalProperties": false,
1104
+ "properties": {
1105
+ "compatibleRuntimes": {
1106
+ "default": "- All supported runtimes. Setting this to Runtime.ALL is equivalent to leaving it undefined.",
1107
+ "description": "The runtimes compatible with this Layer.",
1108
+ "items": {
1109
+ "$ref": "#/definitions/Runtime"
1110
+ },
1111
+ "type": "array"
1112
+ },
1113
+ "env": {
1114
+ "$ref": "#/definitions/ResourceEnvironment",
1115
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1116
+ },
1117
+ "layerVersionArn": {
1118
+ "description": "The ARN of the Lambda Layer version that this Layer defines.",
1119
+ "type": "string"
1120
+ },
1121
+ "layerVersionRef": {
1122
+ "$ref": "#/definitions/LayerVersionReference",
1123
+ "description": "A reference to a LayerVersion resource."
1124
+ },
1125
+ "node": {
1126
+ "$ref": "#/definitions/Node",
1127
+ "description": "The tree node."
1128
+ },
1129
+ "stack": {
1130
+ "$ref": "#/definitions/Stack",
1131
+ "description": "The stack in which this resource is defined."
1132
+ }
1133
+ },
1134
+ "required": [
1135
+ "env",
1136
+ "layerVersionArn",
1137
+ "layerVersionRef",
1138
+ "node",
1139
+ "stack"
1140
+ ],
1141
+ "type": "object"
1142
+ },
1143
+ "ILogGroup": {
1144
+ "additionalProperties": false,
1145
+ "properties": {
1146
+ "env": {
1147
+ "$ref": "#/definitions/ResourceEnvironment",
1148
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1149
+ },
1150
+ "logGroupArn": {
1151
+ "description": "The ARN of this log group, with ':*' appended",
1152
+ "type": "string"
1153
+ },
1154
+ "logGroupName": {
1155
+ "description": "The name of this log group",
1156
+ "type": "string"
1157
+ },
1158
+ "node": {
1159
+ "$ref": "#/definitions/Node",
1160
+ "description": "The tree node."
1161
+ },
1162
+ "stack": {
1163
+ "$ref": "#/definitions/Stack",
1164
+ "description": "The stack in which this resource is defined."
1165
+ }
1166
+ },
1167
+ "required": [
1168
+ "env",
1169
+ "logGroupArn",
1170
+ "logGroupName",
1171
+ "node",
1172
+ "stack"
1173
+ ],
1174
+ "type": "object"
1175
+ },
1176
+ "IMdaaResourceNaming": {
1177
+ "additionalProperties": false,
1178
+ "properties": {
1179
+ "props": {
1180
+ "$ref": "#/definitions/MdaaResourceNamingConfig",
1181
+ "description": "Configuration properties containing organizational context and CDK node access for the naming implementation"
1182
+ }
1183
+ },
1184
+ "required": [
1185
+ "props"
1186
+ ],
1187
+ "type": "object"
1188
+ },
1189
+ "IPrincipal": {
1190
+ "additionalProperties": false,
1191
+ "description": "Represents a logical IAM principal.\n\nAn IPrincipal describes a logical entity that can perform AWS API calls\nagainst sets of resources, optionally under certain conditions.\n\nExamples of simple principals are IAM objects that you create, such\nas Users or Roles.\n\nAn example of a more complex principals is a `ServicePrincipal` (such as\n`new ServicePrincipal(\"sns.amazonaws.com\")`, which represents the Simple\nNotifications Service).\n\nA single logical Principal may also map to a set of physical principals.\nFor example, `new OrganizationPrincipal('o-12345abcde')` represents all\nidentities that are part of the given AWS Organization.",
1192
+ "properties": {
1193
+ "assumeRoleAction": {
1194
+ "description": "When this Principal is used in an AssumeRole policy, the action to use.",
1195
+ "type": "string"
1196
+ },
1197
+ "grantPrincipal": {
1198
+ "$ref": "#/definitions/IPrincipal",
1199
+ "description": "The principal to grant permissions to"
1200
+ },
1201
+ "policyFragment": {
1202
+ "$ref": "#/definitions/PrincipalPolicyFragment",
1203
+ "description": "Return the policy fragment that identifies this principal in a Policy."
1204
+ },
1205
+ "principalAccount": {
1206
+ "description": "The AWS account ID of this principal.\nCan be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
1207
+ "type": "string"
1208
+ }
1209
+ },
1210
+ "required": [
1211
+ "assumeRoleAction",
1212
+ "grantPrincipal",
1213
+ "policyFragment"
1214
+ ],
1215
+ "type": "object"
1216
+ },
1217
+ "IQueue": {
1218
+ "additionalProperties": false,
1219
+ "description": "Represents an SQS queue",
1220
+ "properties": {
1221
+ "encryptionMasterKey": {
1222
+ "$ref": "#/definitions/IKey",
1223
+ "description": "If this queue is server-side encrypted, this is the KMS encryption key."
1224
+ },
1225
+ "encryptionType": {
1226
+ "description": "Whether the contents of the queue are encrypted, and by what type of key.",
1227
+ "enum": [
1228
+ "KMS",
1229
+ "KMS_MANAGED",
1230
+ "NONE",
1231
+ "SQS_MANAGED"
1232
+ ],
1233
+ "type": "string"
1234
+ },
1235
+ "env": {
1236
+ "$ref": "#/definitions/ResourceEnvironment",
1237
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1238
+ },
1239
+ "fifo": {
1240
+ "description": "Whether this queue is an Amazon SQS FIFO queue. If false, this is a standard queue.",
1241
+ "type": "boolean"
1242
+ },
1243
+ "node": {
1244
+ "$ref": "#/definitions/Node",
1245
+ "description": "The tree node."
1246
+ },
1247
+ "queueArn": {
1248
+ "description": "The ARN of this queue",
1249
+ "type": "string"
1250
+ },
1251
+ "queueName": {
1252
+ "description": "The name of this queue",
1253
+ "type": "string"
1254
+ },
1255
+ "queueUrl": {
1256
+ "description": "The URL of this queue",
1257
+ "type": "string"
1258
+ },
1259
+ "stack": {
1260
+ "$ref": "#/definitions/Stack",
1261
+ "description": "The stack in which this resource is defined."
1262
+ }
1263
+ },
1264
+ "required": [
1265
+ "env",
1266
+ "fifo",
1267
+ "node",
1268
+ "queueArn",
1269
+ "queueName",
1270
+ "queueUrl",
1271
+ "stack"
1272
+ ],
1273
+ "type": "object"
1274
+ },
1275
+ "IResolvable": {
1276
+ "additionalProperties": false,
1277
+ "description": "Interface for values that can be resolvable later\n\nTokens are special objects that participate in synthesis.",
1278
+ "properties": {
1279
+ "creationStack": {
1280
+ "description": "The creation stack of this resolvable which will be appended to errors\nthrown during resolution.\n\nThis may return an array with a single informational element indicating how\nto get this property populated, if it was skipped for performance reasons.",
1281
+ "items": {
1282
+ "type": "string"
1283
+ },
1284
+ "type": "array"
1285
+ },
1286
+ "typeHint": {
1287
+ "description": "The type that this token will likely resolve to.",
1288
+ "enum": [
1289
+ "number",
1290
+ "string",
1291
+ "string-list"
1292
+ ],
1293
+ "type": "string"
1294
+ }
1295
+ },
1296
+ "required": [
1297
+ "creationStack"
1298
+ ],
1299
+ "type": "object"
1300
+ },
1301
+ "IRole": {
1302
+ "additionalProperties": false,
1303
+ "description": "A Role object",
1304
+ "properties": {
1305
+ "assumeRoleAction": {
1306
+ "description": "When this Principal is used in an AssumeRole policy, the action to use.",
1307
+ "type": "string"
1308
+ },
1309
+ "env": {
1310
+ "$ref": "#/definitions/ResourceEnvironment",
1311
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1312
+ },
1313
+ "grantPrincipal": {
1314
+ "$ref": "#/definitions/IPrincipal",
1315
+ "description": "The principal to grant permissions to"
1316
+ },
1317
+ "node": {
1318
+ "$ref": "#/definitions/Node",
1319
+ "description": "The tree node."
1320
+ },
1321
+ "policyFragment": {
1322
+ "$ref": "#/definitions/PrincipalPolicyFragment",
1323
+ "description": "Return the policy fragment that identifies this principal in a Policy."
1324
+ },
1325
+ "principalAccount": {
1326
+ "description": "The AWS account ID of this principal.\nCan be undefined when the account is not known\n(for example, for service principals).\nCan be a Token - in that case,\nit's assumed to be AWS::AccountId.",
1327
+ "type": "string"
1328
+ },
1329
+ "roleArn": {
1330
+ "description": "Returns the ARN of this role.",
1331
+ "type": "string"
1332
+ },
1333
+ "roleName": {
1334
+ "description": "Returns the name of this role.",
1335
+ "type": "string"
1336
+ },
1337
+ "roleRef": {
1338
+ "$ref": "#/definitions/RoleReference",
1339
+ "description": "A reference to a Role resource."
1340
+ },
1341
+ "stack": {
1342
+ "$ref": "#/definitions/Stack",
1343
+ "description": "The stack in which this resource is defined."
1344
+ }
1345
+ },
1346
+ "required": [
1347
+ "assumeRoleAction",
1348
+ "env",
1349
+ "grantPrincipal",
1350
+ "node",
1351
+ "policyFragment",
1352
+ "roleArn",
1353
+ "roleName",
1354
+ "roleRef",
1355
+ "stack"
1356
+ ],
1357
+ "type": "object"
1358
+ },
1359
+ "ISecurityGroup": {
1360
+ "additionalProperties": false,
1361
+ "description": "Interface for security group-like objects",
1362
+ "properties": {
1363
+ "allowAllOutbound": {
1364
+ "description": "Whether the SecurityGroup has been configured to allow all outbound traffic",
1365
+ "type": "boolean"
1366
+ },
1367
+ "canInlineRule": {
1368
+ "description": "Whether the rule can be inlined into a SecurityGroup or not",
1369
+ "type": "boolean"
1370
+ },
1371
+ "connections": {
1372
+ "$ref": "#/definitions/Connections",
1373
+ "description": "The network connections associated with this resource."
1374
+ },
1375
+ "env": {
1376
+ "$ref": "#/definitions/ResourceEnvironment",
1377
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1378
+ },
1379
+ "node": {
1380
+ "$ref": "#/definitions/Node",
1381
+ "description": "The tree node."
1382
+ },
1383
+ "securityGroupId": {
1384
+ "description": "ID for the current security group",
1385
+ "type": "string"
1386
+ },
1387
+ "securityGroupRef": {
1388
+ "$ref": "#/definitions/SecurityGroupReference",
1389
+ "description": "A reference to a SecurityGroup resource."
1390
+ },
1391
+ "stack": {
1392
+ "$ref": "#/definitions/Stack",
1393
+ "description": "The stack in which this resource is defined."
1394
+ },
1395
+ "uniqueId": {
1396
+ "description": "A unique identifier for this connection peer",
1397
+ "type": "string"
1398
+ }
1399
+ },
1400
+ "required": [
1401
+ "allowAllOutbound",
1402
+ "canInlineRule",
1403
+ "connections",
1404
+ "env",
1405
+ "node",
1406
+ "securityGroupId",
1407
+ "securityGroupRef",
1408
+ "stack",
1409
+ "uniqueId"
1410
+ ],
1411
+ "type": "object"
1412
+ },
1413
+ "IStackSynthesizer": {
1414
+ "additionalProperties": false,
1415
+ "description": "Encodes information how a certain Stack should be deployed",
1416
+ "properties": {
1417
+ "bootstrapQualifier": {
1418
+ "default": "- no qualifier",
1419
+ "description": "The qualifier used to bootstrap this stack",
1420
+ "type": "string"
1421
+ },
1422
+ "lookupRole": {
1423
+ "default": "- no role",
1424
+ "description": "The role used to lookup for this stack",
1425
+ "type": "string"
1426
+ }
1427
+ },
1428
+ "type": "object"
1429
+ },
1430
+ "ITemplateOptions": {
1431
+ "additionalProperties": false,
1432
+ "description": "CloudFormation template options for a stack.",
1433
+ "properties": {
1434
+ "description": {
1435
+ "description": "Gets or sets the description of this stack.\nIf provided, it will be included in the CloudFormation template's \"Description\" attribute.",
1436
+ "type": "string"
1437
+ },
1438
+ "metadata": {
1439
+ "additionalProperties": {},
1440
+ "description": "Metadata associated with the CloudFormation template.",
1441
+ "type": "object"
1442
+ },
1443
+ "templateFormatVersion": {
1444
+ "description": "Gets or sets the AWSTemplateFormatVersion field of the CloudFormation template.",
1445
+ "type": "string"
1446
+ },
1447
+ "transforms": {
1448
+ "description": "Gets or sets the top-level template transform(s) for this stack (e.g. `[\"AWS::Serverless-2016-10-31\"]`).",
1449
+ "items": {
1450
+ "type": "string"
1451
+ },
1452
+ "type": "array"
1453
+ }
1454
+ },
1455
+ "type": "object"
1456
+ },
1457
+ "ITopic": {
1458
+ "additionalProperties": false,
1459
+ "description": "Represents an SNS topic",
1460
+ "properties": {
1461
+ "contentBasedDeduplication": {
1462
+ "description": "Enables content-based deduplication for FIFO topics.",
1463
+ "type": "boolean"
1464
+ },
1465
+ "env": {
1466
+ "$ref": "#/definitions/ResourceEnvironment",
1467
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1468
+ },
1469
+ "fifo": {
1470
+ "description": "Whether this topic is an Amazon SNS FIFO queue. If false, this is a standard topic.",
1471
+ "type": "boolean"
1472
+ },
1473
+ "masterKey": {
1474
+ "$ref": "#/definitions/IKey",
1475
+ "default": "None",
1476
+ "description": "A KMS Key, either managed by this CDK app, or imported.\n\nThis property applies only to server-side encryption."
1477
+ },
1478
+ "node": {
1479
+ "$ref": "#/definitions/Node",
1480
+ "description": "The tree node."
1481
+ },
1482
+ "stack": {
1483
+ "$ref": "#/definitions/Stack",
1484
+ "description": "The stack in which this resource is defined."
1485
+ },
1486
+ "topicArn": {
1487
+ "description": "The ARN of the topic",
1488
+ "type": "string"
1489
+ },
1490
+ "topicName": {
1491
+ "description": "The name of the topic",
1492
+ "type": "string"
1493
+ }
1494
+ },
1495
+ "required": [
1496
+ "contentBasedDeduplication",
1497
+ "env",
1498
+ "fifo",
1499
+ "node",
1500
+ "stack",
1501
+ "topicArn",
1502
+ "topicName"
1503
+ ],
1504
+ "type": "object"
1505
+ },
1506
+ "IVersion": {
1507
+ "additionalProperties": false,
1508
+ "properties": {
1509
+ "architecture": {
1510
+ "$ref": "#/definitions/Architecture",
1511
+ "description": "The system architectures compatible with this lambda function."
1512
+ },
1513
+ "connections": {
1514
+ "$ref": "#/definitions/Connections",
1515
+ "description": "The network connections associated with this resource."
1516
+ },
1517
+ "edgeArn": {
1518
+ "description": "The ARN of the version for Lambda@Edge.",
1519
+ "type": "string"
1520
+ },
1521
+ "env": {
1522
+ "$ref": "#/definitions/ResourceEnvironment",
1523
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1524
+ },
1525
+ "functionArn": {
1526
+ "description": "The ARN of the function.",
1527
+ "type": "string"
1528
+ },
1529
+ "functionName": {
1530
+ "description": "The name of the function.",
1531
+ "type": "string"
1532
+ },
1533
+ "functionRef": {
1534
+ "$ref": "#/definitions/FunctionReference",
1535
+ "description": "A reference to a Function resource."
1536
+ },
1537
+ "grantPrincipal": {
1538
+ "$ref": "#/definitions/IPrincipal",
1539
+ "description": "The principal to grant permissions to"
1540
+ },
1541
+ "isBoundToVpc": {
1542
+ "description": "Whether or not this Lambda function was bound to a VPC\n\nIf this is is `false`, trying to access the `connections` object will fail.",
1543
+ "type": "boolean"
1544
+ },
1545
+ "lambda": {
1546
+ "$ref": "#/definitions/IFunction",
1547
+ "description": "The underlying AWS Lambda function."
1548
+ },
1549
+ "latestVersion": {
1550
+ "$ref": "#/definitions/IVersion",
1551
+ "description": "The `$LATEST` version of this function.\n\nNote that this is reference to a non-specific AWS Lambda version, which\nmeans the function this version refers to can return different results in\ndifferent invocations.\n\nTo obtain a reference to an explicit version which references the current\nfunction configuration, use `lambdaFunction.currentVersion` instead."
1552
+ },
1553
+ "node": {
1554
+ "$ref": "#/definitions/Node",
1555
+ "description": "The tree node."
1556
+ },
1557
+ "permissionsNode": {
1558
+ "$ref": "#/definitions/Node",
1559
+ "description": "The construct node where permissions are attached."
1560
+ },
1561
+ "resourceArnsForGrantInvoke": {
1562
+ "description": "The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().\n\nThis property is for cdk modules to consume only. You should not need to use this property.\nInstead, use grantInvoke() directly.",
1563
+ "items": {
1564
+ "type": "string"
1565
+ },
1566
+ "type": "array"
1567
+ },
1568
+ "role": {
1569
+ "$ref": "#/definitions/IRole",
1570
+ "description": "The IAM role associated with this function."
1571
+ },
1572
+ "stack": {
1573
+ "$ref": "#/definitions/Stack",
1574
+ "description": "The stack in which this resource is defined."
1575
+ },
1576
+ "version": {
1577
+ "description": "The most recently deployed version of this function.",
1578
+ "type": "string"
1579
+ },
1580
+ "versionRef": {
1581
+ "$ref": "#/definitions/VersionReference",
1582
+ "description": "A reference to a Version resource."
246
1583
  }
247
1584
  },
248
1585
  "required": [
249
- "endpointType",
250
- "engineName"
1586
+ "architecture",
1587
+ "connections",
1588
+ "edgeArn",
1589
+ "env",
1590
+ "functionArn",
1591
+ "functionName",
1592
+ "functionRef",
1593
+ "grantPrincipal",
1594
+ "isBoundToVpc",
1595
+ "lambda",
1596
+ "latestVersion",
1597
+ "node",
1598
+ "permissionsNode",
1599
+ "resourceArnsForGrantInvoke",
1600
+ "stack",
1601
+ "version",
1602
+ "versionRef"
251
1603
  ],
252
1604
  "type": "object"
253
1605
  },
254
1606
  "IbmDb2SettingsProperty": {
255
1607
  "additionalProperties": false,
256
- "description": "Q-ENHANCED-INTERFACE\nIBM DB2 settings configuration interface for DMS providing mainframe database migration and enterprise database capabilities. Defines IBM DB2-specific properties for Database Migration Service including mainframe connectivity, enterprise features, and DB2 integration for enterprise database migration workflows.\n\nUse cases: Mainframe database migration; Enterprise database migration; IBM DB2 connectivity; Mainframe integration; Enterprise migration workflows; DMS DB2 integration\n\nAWS: AWS DMS IBM DB2 endpoint configuration with mainframe database migration and enterprise database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
1608
+ "description": "Provides information that defines an IBMDB2 endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about other available settings, see [Extra connection attributes when using Db2 LUW as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DB2.html#CHAP_Source.DB2.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
257
1609
  "properties": {
258
1610
  "currentLsn": {
259
- "description": "Q-ENHANCED-PROPERTY\nOptional log sequence number (LSN) for IBM DB2 change data capture (CDC) replication starting point enabling precise replication control. Specifies the exact LSN where ongoing replication should begin for CDC operations, providing fine-grained control over data synchronization starting points in mainframe database migration scenarios.\n\nUse cases: CDC replication control; Precise replication starting points; Mainframe data synchronization; Log-based replication; Data migration control\n\nAWS: AWS DMS IBM DB2 current LSN for CDC replication starting point control and log-based data synchronization\n\nValidation: Must be valid LSN string if provided; used for CDC replication; optional for replication starting point control",
1611
+ "description": "Log sequence number (LSN) for IBM DB2 change data capture (CDC) replication starting point",
260
1612
  "type": "string"
261
1613
  },
262
1614
  "maxKBytesPerRead": {
263
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum bytes per read operation for IBM DB2 data transfer performance optimization enabling throughput tuning. Defines the maximum number of kilobytes that will be read in a single operation during data migration, allowing performance optimization for mainframe database transfers with configurable read buffer sizes.\n\nUse cases: Performance optimization; Throughput tuning; Read buffer configuration; Migration performance; Mainframe data transfer optimization\n\nAWS: AWS DMS IBM DB2 maximum kilobytes per read for data transfer performance optimization and throughput control\n\nValidation: Must be positive number if provided; defaults to 64 KB; optional for performance tuning",
1615
+ "description": "Maximum bytes per read operation for IBM DB2 data transfer performance optimization enabling throughput tuning",
264
1616
  "type": "number"
265
1617
  },
266
1618
  "secretsManagerAccessRoleArn": {
@@ -285,48 +1637,67 @@
285
1637
  ],
286
1638
  "type": "object"
287
1639
  },
1640
+ "KeyReference": {
1641
+ "additionalProperties": false,
1642
+ "description": "A reference to a Key resource.",
1643
+ "properties": {
1644
+ "keyArn": {
1645
+ "description": "The ARN of the Key resource.",
1646
+ "type": "string"
1647
+ },
1648
+ "keyId": {
1649
+ "description": "The KeyId of the Key resource.",
1650
+ "type": "string"
1651
+ }
1652
+ },
1653
+ "required": [
1654
+ "keyArn",
1655
+ "keyId"
1656
+ ],
1657
+ "type": "object"
1658
+ },
288
1659
  "KinesisSettingsProperty": {
289
1660
  "additionalProperties": false,
290
- "description": "Q-ENHANCED-INTERFACE\nKinesis settings configuration interface for DMS providing streaming data integration and real-time migration capabilities. Defines Kinesis-specific properties for Database Migration Service including streaming configuration, data format settings, and Kinesis integration for real-time database streaming workflows.\n\nUse cases: Real-time database streaming; Streaming data integration; Kinesis data streams; Real-time migration; Database streaming workflows; DMS Kinesis integration\n\nAWS: AWS DMS Kinesis endpoint configuration with streaming data integration and real-time migration capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
1661
+ "description": "Provides information that describes an Amazon Kinesis Data Stream endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about other available settings, see [Using object mapping to migrate data to a Kinesis data stream](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Kinesis.html#CHAP_Target.Kinesis.ObjectMapping) in the *AWS Database Migration Service User Guide* .",
291
1662
  "properties": {
292
1663
  "includeControlDetails": {
293
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to show detailed control information for table and column changes in Kinesis message output for change tracking. Enables detailed control information including table definition, column definition, and table/column changes in Kinesis streaming output with default false for enhanced change visibility.\n\nUse cases: Change tracking; Control information; Table monitoring; Column changes; Detailed streaming\n\nAWS: AWS DMS Kinesis endpoint includeControlDetails for detailed control information in streaming output\n\nValidation: Must be boolean if provided; default false; enables detailed control information in Kinesis message output",
1664
+ "description": "Flag to show detailed control information for table and column changes in Kinesis message",
294
1665
  "type": "boolean"
295
1666
  },
296
1667
  "includeNullAndEmpty": {
297
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to include NULL and empty columns in records migrated to Kinesis endpoint for complete data representation. Enables inclusion of NULL and empty column values in Kinesis streaming output with default false, ensuring complete data representation in real-time streaming operations.\n\nUse cases: Complete data representation; NULL handling; Empty column inclusion; Data completeness; Streaming integrity\n\nAWS: AWS DMS Kinesis endpoint includeNullAndEmpty for NULL and empty column inclusion in streaming output\n\nValidation: Must be boolean if provided; default false; includes NULL and empty columns in Kinesis streaming records",
1668
+ "description": "Flag to include NULL and empty columns in records migrated to Kinesis endpoint for complete",
298
1669
  "type": "boolean"
299
1670
  },
300
1671
  "includePartitionValue": {
301
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to show partition value in Kinesis message output unless partition type is schema-table-type. Enables partition value visibility in Kinesis streaming output with default false, providing partition information for data organization and routing in streaming operations.\n\nUse cases: Partition visibility; Data organization; Streaming routing; Partition information; Message organization\n\nAWS: AWS DMS Kinesis endpoint includePartitionValue for partition value visibility in streaming output\n\nValidation: Must be boolean if provided; default false; shows partition value unless partition type is schema-table-type",
1672
+ "description": "Flag to show partition value in Kinesis message output unless partition type is schema-table-type",
302
1673
  "type": "boolean"
303
1674
  },
304
1675
  "includeTableAlterOperations": {
305
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to include DDL operations that change table structure in control data for schema change tracking. Enables inclusion of DDL operations like rename-table, drop-table, add-column, drop-column, and rename-column in control data with default false for schema evolution tracking.\n\nUse cases: Schema change tracking; DDL monitoring; Table structure changes; Schema evolution; Control data enhancement\n\nAWS: AWS DMS Kinesis endpoint includeTableAlterOperations for DDL operation inclusion in control data\n\nValidation: Must be boolean if provided; default false; includes DDL operations in control data for schema change tracking",
1676
+ "description": "Flag to include DDL operations that change table structure in control data for schema change tracking",
306
1677
  "type": "boolean"
307
1678
  },
308
1679
  "includeTransactionDetails": {
309
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to provide detailed transaction information from source database for transaction tracking. Enables detailed transaction information including commit timestamp, log position, transaction_id, previous transaction_id, and transaction_record_id with default false for enhanced transaction visibility in streaming.\n\nUse cases: Transaction tracking; Commit information; Transaction details; Log position tracking; Transaction lineage\n\nAWS: AWS DMS Kinesis endpoint includeTransactionDetails for detailed transaction information in streaming output\n\nValidation: Must be boolean if provided; default false; provides detailed transaction information from source database",
1680
+ "description": "Flag to provide detailed transaction information from source database for transaction tracking",
310
1681
  "type": "boolean"
311
1682
  },
312
1683
  "messageFormat": {
313
- "description": "Q-ENHANCED-PROPERTY\nOptional output format specification for records created on Kinesis endpoint for streaming data format control. Specifies message format with JSON (default) for formatted output or JSON_UNFORMATTED for single-line output without tabs, affecting streaming data structure and readability.\n\nUse cases: Message formatting; JSON structure; Output format; Streaming format; Data structure control\n\nAWS: AWS DMS Kinesis endpoint messageFormat for streaming record output format specification\n\nValidation: Must be 'JSON' or 'JSON_UNFORMATTED' if provided; default JSON; controls streaming message format and structure",
1684
+ "description": "Output format specification for records created on Kinesis endpoint for streaming data format control",
314
1685
  "type": "string"
315
1686
  },
316
1687
  "noHexPrefix": {
317
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to avoid adding '0x' prefix to raw data in hexadecimal format for cleaner data representation. Enables migration of RAW data type columns without '0x' prefix, particularly useful for LOB columns from Oracle sources to Kinesis targets for cleaner hexadecimal data representation.\n\nUse cases: Hexadecimal formatting; RAW data migration; LOB handling; Data format control; Oracle to Kinesis migration\n\nAWS: AWS DMS Kinesis endpoint noHexPrefix for hexadecimal data formatting control in streaming output\n\nValidation: Must be boolean if provided; removes '0x' prefix from hexadecimal RAW data in streaming output",
1688
+ "description": "Flag to avoid adding '0x' prefix to raw data in hexadecimal format for cleaner data representation",
318
1689
  "type": "boolean"
319
1690
  },
320
1691
  "partitionIncludeSchemaTable": {
321
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to prefix schema and table names to partition values for improved data distribution across Kinesis shards. Enables schema and table name prefixing when partition type is primary-key-type, improving data distribution and reducing throttling for tables with limited primary key ranges.\n\nUse cases: Data distribution; Shard optimization; Throttling prevention; Partition strategy; Performance optimization\n\nAWS: AWS DMS Kinesis endpoint partitionIncludeSchemaTable for partition value prefixing and shard distribution\n\nValidation: Must be boolean if provided; default false; improves data distribution when partition type is primary-key-type",
1692
+ "description": "Flag to prefix schema and table names to partition values for improved data distribution across Kinesis shards",
322
1693
  "type": "boolean"
323
1694
  },
324
1695
  "serviceAccessRoleArn": {
325
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS service access to Kinesis data stream for secure streaming operations. Specifies the IAM role enabling DMS to write to Kinesis data stream, requiring iam:PassRole action for secure streaming data integration and real-time data migration operations.\n\nUse cases: Service access; IAM role configuration; Kinesis permissions; Secure streaming; Data migration authorization\n\nAWS: AWS IAM role ARN for DMS service access to Kinesis data stream operations and streaming integration\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action; enables Kinesis data stream write operations",
1696
+ "description": "IAM role ARN for DMS service access to Kinesis data stream for secure streaming operations",
326
1697
  "type": "string"
327
1698
  },
328
1699
  "streamArn": {
329
- "description": "Q-ENHANCED-PROPERTY\nRequired Amazon Kinesis Data Streams endpoint ARN for DMS streaming destination configuration. Specifies the target Kinesis data stream where migrated database data will be streamed, serving as the primary destination for real-time database streaming workflows and data integration.\n\nUse cases: Streaming destination; Kinesis integration; Real-time migration; Data stream target; Database streaming endpoint\n\nAWS: Amazon Kinesis Data Streams ARN for DMS streaming destination and real-time data integration\n\nValidation: Must be valid Kinesis Data Streams ARN; required for Kinesis endpoint configuration and streaming destination",
1700
+ "description": "Amazon Kinesis Data Streams endpoint ARN for DMS streaming destination configuration",
330
1701
  "type": "string"
331
1702
  }
332
1703
  },
@@ -335,12 +1706,48 @@
335
1706
  ],
336
1707
  "type": "object"
337
1708
  },
1709
+ "LayerVersionReference": {
1710
+ "additionalProperties": false,
1711
+ "description": "A reference to a LayerVersion resource.",
1712
+ "properties": {
1713
+ "layerVersionArn": {
1714
+ "description": "The LayerVersionArn of the LayerVersion resource.",
1715
+ "type": "string"
1716
+ }
1717
+ },
1718
+ "required": [
1719
+ "layerVersionArn"
1720
+ ],
1721
+ "type": "object"
1722
+ },
1723
+ "LogRetention": {
1724
+ "additionalProperties": false,
1725
+ "description": "Creates a custom resource to control the retention policy of a CloudWatch Logs\nlog group. The log group is created if it doesn't already exist. The policy\nis removed when `retentionDays` is `undefined` or equal to `Infinity`.\nLog group can be created in the region that is different from stack region by\nspecifying `logGroupRegion`",
1726
+ "properties": {
1727
+ "ensureSingletonLogRetentionFunction": {
1728
+ "description": "Helper method to ensure that only one instance of LogRetentionFunction resources are in the stack mimicking the\nbehaviour of aws-cdk-lib/aws-lambda's SingletonFunction to prevent circular dependencies"
1729
+ },
1730
+ "logGroupArn": {
1731
+ "description": "The ARN of the LogGroup.",
1732
+ "type": "string"
1733
+ },
1734
+ "node": {
1735
+ "$ref": "#/definitions/Node",
1736
+ "description": "The tree node."
1737
+ }
1738
+ },
1739
+ "required": [
1740
+ "ensureSingletonLogRetentionFunction",
1741
+ "logGroupArn",
1742
+ "node"
1743
+ ],
1744
+ "type": "object"
1745
+ },
338
1746
  "MdaaCidrPeer": {
339
1747
  "additionalProperties": false,
340
- "description": "Q-ENHANCED-INTERFACE\nMdaaCidrPeer interface.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
341
1748
  "properties": {
342
1749
  "cidr": {
343
- "description": "Q-ENHANCED-PROPERTY\nRequired CIDR block specification for network access control in security group rules enabling IP range-based access control. Defines the IP address range that will be allowed or denied access through security group rules for network-level access control and security boundaries.\n\nUse cases: IP range access control; Network security boundaries; CIDR-based filtering; Network access management\n\nAWS: Amazon EC2 security group CIDR block for IP range-based network access control\n\nValidation: Must be valid CIDR notation (e.g., 10.0.0.0/16); required for CIDR-based security group rules",
1750
+ "description": "CIDR block specification for network access control in security group rules enabling IP",
344
1751
  "type": "string"
345
1752
  },
346
1753
  "description": {
@@ -359,7 +1766,7 @@
359
1766
  "type": "array"
360
1767
  },
361
1768
  "toPort": {
362
- "description": "Q-ENHANCED-PROPERTY\nThe ending port number for the security group rule defining the upper bound of the port range. Specifies the ending port for port range rules enabling flexible port range configuration for network access control and service-specific traffic management.\n\nUse cases: Port range configuration; Service port ranges; Flexible port access; Multi-port services; Port range restrictions\n\nAWS: AWS EC2 SecurityGroup rule ToPort property for port range specification\n\nValidation: Must be valid port number (1-65535); should be >= port (fromPort); optional number for port range rules",
1769
+ "description": "The ending port number for the security group rule defining the upper bound of the port range",
363
1770
  "type": "number"
364
1771
  }
365
1772
  },
@@ -369,6 +1776,49 @@
369
1776
  ],
370
1777
  "type": "object"
371
1778
  },
1779
+ "MdaaCustomResource": {
1780
+ "additionalProperties": false,
1781
+ "properties": {
1782
+ "_allowCrossEnvironment": {},
1783
+ "_physicalName": {},
1784
+ "env": {
1785
+ "$ref": "#/definitions/ResourceEnvironment",
1786
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1787
+ },
1788
+ "handlerFunction": {
1789
+ "$ref": "#/definitions/MdaaLambdaFunction"
1790
+ },
1791
+ "node": {
1792
+ "$ref": "#/definitions/Node",
1793
+ "description": "The tree node."
1794
+ },
1795
+ "physicalName": {
1796
+ "description": "Returns a string-encoded token that resolves to the physical name that\nshould be passed to the CloudFormation resource.\n\nThis value will resolve to one of the following:\n- a concrete value (e.g. `\"my-awesome-bucket\"`)\n- `undefined`, when a name should be generated by CloudFormation\n- a concrete name generated automatically during synthesis, in\n cross-environment scenarios.",
1797
+ "type": "string"
1798
+ },
1799
+ "ref": {
1800
+ "description": "The physical name of this custom resource.",
1801
+ "type": "string"
1802
+ },
1803
+ "resource": {},
1804
+ "stack": {
1805
+ "$ref": "#/definitions/Stack",
1806
+ "description": "The stack in which this resource is defined."
1807
+ }
1808
+ },
1809
+ "required": [
1810
+ "_allowCrossEnvironment",
1811
+ "_physicalName",
1812
+ "env",
1813
+ "handlerFunction",
1814
+ "node",
1815
+ "physicalName",
1816
+ "ref",
1817
+ "resource",
1818
+ "stack"
1819
+ ],
1820
+ "type": "object"
1821
+ },
372
1822
  "MdaaEndpointEngine": {
373
1823
  "enum": [
374
1824
  "aurora",
@@ -402,16 +1852,248 @@
402
1852
  ],
403
1853
  "type": "string"
404
1854
  },
1855
+ "MdaaLambdaFunction": {
1856
+ "additionalProperties": false,
1857
+ "description": "Construct for creating a compliant Lambda Function",
1858
+ "properties": {
1859
+ "_allowCrossEnvironment": {},
1860
+ "_architecture": {},
1861
+ "_connections": {
1862
+ "$ref": "#/definitions/Connections",
1863
+ "description": "Actual connections object for this Lambda\n\nMay be unset, in which case this Lambda is not configured use in a VPC."
1864
+ },
1865
+ "_currentVersion": {},
1866
+ "_functionUrlInvocationGrants": {
1867
+ "$ref": "#/definitions/Record%3Cstring%2CGrant%3E",
1868
+ "description": "Mapping of function URL invocation principals to grants. Used to de-dupe `grantInvokeUrl()` calls."
1869
+ },
1870
+ "_hasAddedArrayTokenStatements": {
1871
+ "description": "Track whether we've added statements with array token resources to the role's default policy"
1872
+ },
1873
+ "_hasAddedLiteralStatements": {
1874
+ "description": "Track whether we've added statements with literal resources to the role's default policy"
1875
+ },
1876
+ "_invocationGrants": {
1877
+ "$ref": "#/definitions/Record%3Cstring%2CGrant%3E",
1878
+ "description": "Mapping of invocation principals to grants. Used to de-dupe `grantInvoke()` calls."
1879
+ },
1880
+ "_latestVersion": {},
1881
+ "_layers": {
1882
+ "items": {
1883
+ "$ref": "#/definitions/ILayerVersion"
1884
+ },
1885
+ "type": "array"
1886
+ },
1887
+ "_logGroup": {},
1888
+ "_logRetention": {
1889
+ "$ref": "#/definitions/LogRetention",
1890
+ "description": "Creates a custom resource to control the retention policy of a CloudWatch Logs\nlog group. The log group is created if it doesn't already exist. The policy\nis removed when `retentionDays` is `undefined` or equal to `Infinity`.\nLog group can be created in the region that is different from stack region by\nspecifying `logGroupRegion`"
1891
+ },
1892
+ "_physicalName": {},
1893
+ "_policyCounter": {
1894
+ "description": "The number of permissions added to this function"
1895
+ },
1896
+ "_skipPermissions": {
1897
+ "description": "Whether the user decides to skip adding permissions.\nThe only use case is for cross-account, imported lambdas\nwhere the user commits to modifying the permisssions\non the imported lambda outside CDK.",
1898
+ "type": "boolean"
1899
+ },
1900
+ "_warnIfCurrentVersionCalled": {
1901
+ "description": "Flag to delay adding a warning message until current version is invoked.",
1902
+ "type": "boolean"
1903
+ },
1904
+ "architecture": {
1905
+ "$ref": "#/definitions/Architecture",
1906
+ "description": "The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64)."
1907
+ },
1908
+ "buildDeadLetterConfig": {},
1909
+ "buildDeadLetterQueue": {},
1910
+ "buildTracingConfig": {},
1911
+ "canCreatePermissions": {
1912
+ "const": true,
1913
+ "default": true,
1914
+ "description": "Whether the addPermission() call adds any permissions\n\nTrue for new Lambdas, false for version $LATEST and imported Lambdas\nfrom different accounts.",
1915
+ "type": "boolean"
1916
+ },
1917
+ "configureAdotInstrumentation": {
1918
+ "description": "Add an AWS Distro for OpenTelemetry Lambda layer."
1919
+ },
1920
+ "configureLambdaInsights": {
1921
+ "description": "Configured lambda insights on the function if specified. This is achieved by adding an imported layer which is added to the\nlist of lambda layers on synthesis.\n\nhttps://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Lambda-Insights-extension-versions.html"
1922
+ },
1923
+ "configureParamsAndSecretsExtension": {
1924
+ "description": "Add a Parameters and Secrets Extension Lambda layer."
1925
+ },
1926
+ "configureSnapStart": {},
1927
+ "configureVpc": {
1928
+ "description": "If configured, set up the VPC-related properties\n\nReturns the VpcConfig that should be added to the\nLambda creation properties."
1929
+ },
1930
+ "connections": {
1931
+ "$ref": "#/definitions/Connections",
1932
+ "description": "Access the Connections object\n\nWill fail if not a VPC-enabled Lambda Function"
1933
+ },
1934
+ "currentVersion": {
1935
+ "$ref": "#/definitions/Version",
1936
+ "description": "Returns a `lambda.Version` which represents the current version of this\nLambda function. A new version will be created every time the function's\nconfiguration changes.\n\nYou can specify options for this version using the `currentVersionOptions`\nprop when initializing the `lambda.Function`."
1937
+ },
1938
+ "currentVersionOptions": {},
1939
+ "deadLetterQueue": {
1940
+ "$ref": "#/definitions/IQueue",
1941
+ "description": "The DLQ (as queue) associated with this Lambda Function (this is an optional attribute)."
1942
+ },
1943
+ "deadLetterTopic": {
1944
+ "$ref": "#/definitions/ITopic",
1945
+ "description": "The DLQ (as topic) associated with this Lambda Function (this is an optional attribute)."
1946
+ },
1947
+ "env": {
1948
+ "$ref": "#/definitions/ResourceEnvironment",
1949
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
1950
+ },
1951
+ "environment": {
1952
+ "description": "Environment variables for this function"
1953
+ },
1954
+ "functionArn": {
1955
+ "description": "ARN of this function",
1956
+ "type": "string"
1957
+ },
1958
+ "functionName": {
1959
+ "description": "Name of this function",
1960
+ "type": "string"
1961
+ },
1962
+ "functionRef": {
1963
+ "$ref": "#/definitions/FunctionReference",
1964
+ "description": "A reference to a Function resource."
1965
+ },
1966
+ "getLoggingConfig": {
1967
+ "description": "Get Logging Config property for the function.\nThis method returns the function LoggingConfig Property if the property is set on the\nfunction and undefined if not."
1968
+ },
1969
+ "grant": {},
1970
+ "grantPrincipal": {
1971
+ "$ref": "#/definitions/IPrincipal",
1972
+ "description": "The principal this Lambda Function is running as"
1973
+ },
1974
+ "hashMixins": {},
1975
+ "isBoundToVpc": {
1976
+ "description": "Whether or not this Lambda function was bound to a VPC\n\nIf this is is `false`, trying to access the `connections` object will fail.",
1977
+ "type": "boolean"
1978
+ },
1979
+ "isPrincipalWithConditions": {},
1980
+ "isQueue": {},
1981
+ "latestVersion": {
1982
+ "$ref": "#/definitions/IVersion",
1983
+ "description": "The `$LATEST` version of this function.\n\nNote that this is reference to a non-specific AWS Lambda version, which\nmeans the function this version refers to can return different results in\ndifferent invocations.\n\nTo obtain a reference to an explicit version which references the current\nfunction configuration, use `lambdaFunction.currentVersion` instead."
1984
+ },
1985
+ "logGroup": {
1986
+ "$ref": "#/definitions/ILogGroup",
1987
+ "description": "The LogGroup where the Lambda function's logs are made available.\n\nIf either `logRetention` is set or this property is called, a CloudFormation custom resource is added to the stack that\npre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention\nperiod (never expire, by default).\n\nFurther, if the log group already exists and the `logRetention` is not set, the custom resource will reset the log retention\nto never expire even if it was configured with a different value."
1988
+ },
1989
+ "node": {
1990
+ "$ref": "#/definitions/Node",
1991
+ "description": "The tree node."
1992
+ },
1993
+ "parsePermissionPrincipal": {
1994
+ "description": "Translate IPrincipal to something we can pass to AWS::Lambda::Permissions\n\nDo some nasty things because `Permission` supports a subset of what the\nfull IAM principal language supports, and we may not be able to parse strings\noutright because they may be tokens.\n\nTry to recognize some specific Principal classes first, then try a generic\nfallback."
1995
+ },
1996
+ "permissionsNode": {
1997
+ "$ref": "#/definitions/Node",
1998
+ "description": "The construct node where permissions are attached."
1999
+ },
2000
+ "physicalName": {
2001
+ "description": "Returns a string-encoded token that resolves to the physical name that\nshould be passed to the CloudFormation resource.\n\nThis value will resolve to one of the following:\n- a concrete value (e.g. `\"my-awesome-bucket\"`)\n- `undefined`, when a name should be generated by CloudFormation\n- a concrete name generated automatically during synthesis, in\n cross-environment scenarios.",
2002
+ "type": "string"
2003
+ },
2004
+ "renderEnvironment": {},
2005
+ "renderLayers": {},
2006
+ "resourceArnsForGrantInvoke": {
2007
+ "description": "The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke()",
2008
+ "items": {
2009
+ "type": "string"
2010
+ },
2011
+ "type": "array"
2012
+ },
2013
+ "role": {
2014
+ "$ref": "#/definitions/IRole",
2015
+ "description": "Execution role associated with this function"
2016
+ },
2017
+ "runtime": {
2018
+ "$ref": "#/definitions/Runtime",
2019
+ "description": "The runtime configured for this lambda."
2020
+ },
2021
+ "stack": {
2022
+ "$ref": "#/definitions/Stack",
2023
+ "description": "The stack in which this resource is defined."
2024
+ },
2025
+ "statementHasArrayTokens": {
2026
+ "description": "Check if a policy statement contains array tokens that would cause CloudFormation\nresolution conflicts when mixed with literal arrays in the same policy document.\n\nArray tokens are created by CloudFormation intrinsic functions that return arrays,\nsuch as Fn::Split, Fn::GetAZs, etc. These cannot be safely merged with literal\nresource arrays due to CloudFormation's token resolution limitations.\n\nIndividual string tokens within literal arrays (e.g., `[\"arn:${token}:...\"]`) are\nsafe and do not cause conflicts, so they are not detected by this method."
2027
+ },
2028
+ "timeout": {
2029
+ "$ref": "#/definitions/Duration",
2030
+ "description": "The timeout configured for this lambda."
2031
+ },
2032
+ "validateConditionCombinations": {},
2033
+ "validateConditions": {},
2034
+ "validateProfiling": {}
2035
+ },
2036
+ "required": [
2037
+ "_allowCrossEnvironment",
2038
+ "_functionUrlInvocationGrants",
2039
+ "_hasAddedArrayTokenStatements",
2040
+ "_hasAddedLiteralStatements",
2041
+ "_invocationGrants",
2042
+ "_layers",
2043
+ "_physicalName",
2044
+ "_policyCounter",
2045
+ "_warnIfCurrentVersionCalled",
2046
+ "architecture",
2047
+ "buildDeadLetterConfig",
2048
+ "buildDeadLetterQueue",
2049
+ "buildTracingConfig",
2050
+ "canCreatePermissions",
2051
+ "configureAdotInstrumentation",
2052
+ "configureLambdaInsights",
2053
+ "configureParamsAndSecretsExtension",
2054
+ "configureSnapStart",
2055
+ "configureVpc",
2056
+ "connections",
2057
+ "currentVersion",
2058
+ "env",
2059
+ "environment",
2060
+ "functionArn",
2061
+ "functionName",
2062
+ "functionRef",
2063
+ "getLoggingConfig",
2064
+ "grant",
2065
+ "grantPrincipal",
2066
+ "hashMixins",
2067
+ "isBoundToVpc",
2068
+ "isPrincipalWithConditions",
2069
+ "isQueue",
2070
+ "latestVersion",
2071
+ "logGroup",
2072
+ "node",
2073
+ "parsePermissionPrincipal",
2074
+ "permissionsNode",
2075
+ "physicalName",
2076
+ "renderEnvironment",
2077
+ "renderLayers",
2078
+ "resourceArnsForGrantInvoke",
2079
+ "runtime",
2080
+ "stack",
2081
+ "statementHasArrayTokens",
2082
+ "validateConditionCombinations",
2083
+ "validateConditions",
2084
+ "validateProfiling"
2085
+ ],
2086
+ "type": "object"
2087
+ },
405
2088
  "MdaaNagSuppressionByPath": {
406
2089
  "additionalProperties": false,
407
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for suppressing specific CDK Nag security rules on individual CloudFormation resources identified by their resource path. Provides targeted rule suppression with mandatory justification for audit and compliance tracking.\n\nUse cases: Individual resource security exceptions; False positive rule suppressions; Documented compliance deviations\n\nAWS: Suppresses specific CDK Nag security rules for individual CloudFormation resources during deployment validation\n\nValidation: path must be valid CloudFormation resource path; suppressions array must contain valid rule IDs and justifications",
408
2090
  "properties": {
409
2091
  "path": {
410
- "description": "Q-ENHANCED-PROPERTY\nCloudFormation resource path identifying the specific resource for which CDK Nag rules should be suppressed. Uses CDK construct tree path format to precisely target individual resources within the deployment stack.\n\nUse cases: Specific resource targeting; Individual resource exceptions; Precise suppression scope control\n\nAWS: CloudFormation resource path for targeted CDK Nag rule suppression during validation\n\nValidation: Must be valid CDK construct tree path format (e.g., /StackName/ConstructName/ResourceName)",
2092
+ "description": "CloudFormation resource path identifying the specific resource for which CDK Nag rules should be suppressed",
411
2093
  "type": "string"
412
2094
  },
413
2095
  "suppressions": {
414
- "description": "Q-ENHANCED-PROPERTY\nArray of specific CDK Nag rule suppressions with rule IDs and mandatory justifications for audit compliance. Each suppression must include the rule identifier and business justification for the security exception.\n\nUse cases: Multiple rule suppressions per resource; Documented security exceptions; Audit trail maintenance\n\nAWS: CDK Nag rule ID suppression with justification tracking for compliance auditing\n\nValidation: Each suppression must have valid CDK Nag rule ID and non-empty reason string\n *",
2096
+ "description": "Array of specific CDK Nag rule suppressions with rule IDs and mandatory justifications for audit compliance",
415
2097
  "items": {
416
2098
  "additionalProperties": false,
417
2099
  "properties": {
@@ -439,10 +2121,9 @@
439
2121
  },
440
2122
  "MdaaNagSuppressionConfigs": {
441
2123
  "additionalProperties": false,
442
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for CDK Nag rule suppressions organized by CloudFormation resource paths. Enables selective suppression of security compliance rules for specific resources while maintaining overall compliance posture and audit trail.\n\nUse cases: False positive suppression; Approved security exceptions; Legacy resource compliance exemptions\n\nAWS: Suppresses CDK Nag security rule violations for specific CloudFormation resources during deployment validation\n\nValidation: by_path array must contain valid suppression configurations with resource paths and justifications",
443
2124
  "properties": {
444
2125
  "by_path": {
445
- "description": "Q-ENHANCED-PROPERTY\nArray of CDK Nag suppressions organized by CloudFormation resource path, enabling targeted suppression of specific security rules for individual resources. Each suppression requires justification and maps to specific CloudFormation resource paths.\n\nUse cases: Resource-specific security exceptions; False positive rule suppressions; Approved compliance deviations\n\nAWS: CDK Nag rule suppression targeting specific CloudFormation resources during security validation\n\nValidation: Must be array of valid MdaaNagSuppressionByPath objects with valid resource paths and suppression details\n *",
2126
+ "description": "Array of CDK Nag suppressions organized by CloudFormation resource path, enabling targeted",
446
2127
  "items": {
447
2128
  "$ref": "#/definitions/MdaaNagSuppressionByPath"
448
2129
  },
@@ -456,7 +2137,6 @@
456
2137
  },
457
2138
  "MdaaPrefixListPeer": {
458
2139
  "additionalProperties": false,
459
- "description": "Q-ENHANCED-INTERFACE\nMdaaPrefixListPeer interface.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
460
2140
  "properties": {
461
2141
  "description": {
462
2142
  "type": "string"
@@ -465,7 +2145,7 @@
465
2145
  "type": "number"
466
2146
  },
467
2147
  "prefixList": {
468
- "description": "Q-ENHANCED-PROPERTY\nRequired prefix list identifier for managed IP range access control in security group rules enabling AWS service and managed IP range-based access control. Defines the prefix list ID that contains managed IP ranges for AWS services or custom IP ranges for streamlined security group rule management.\n\nUse cases: AWS service access; Managed IP ranges; Prefix list-based filtering; Streamlined rule management\n\nAWS: Amazon EC2 prefix list identifier for managed IP range-based network access control\n\nValidation: Must be valid prefix list ID format (pl-xxxxxxxxx); required for prefix list-based security group rules",
2148
+ "description": "Prefix list identifier for managed IP range access control in security group rules enabling",
469
2149
  "type": "string"
470
2150
  },
471
2151
  "protocol": {
@@ -478,7 +2158,7 @@
478
2158
  "type": "array"
479
2159
  },
480
2160
  "toPort": {
481
- "description": "Q-ENHANCED-PROPERTY\nThe ending port number for the security group rule defining the upper bound of the port range. Specifies the ending port for port range rules enabling flexible port range configuration for network access control and service-specific traffic management.\n\nUse cases: Port range configuration; Service port ranges; Flexible port access; Multi-port services; Port range restrictions\n\nAWS: AWS EC2 SecurityGroup rule ToPort property for port range specification\n\nValidation: Must be valid port number (1-65535); should be >= port (fromPort); optional number for port range rules",
2161
+ "description": "The ending port number for the security group rule defining the upper bound of the port range",
482
2162
  "type": "number"
483
2163
  }
484
2164
  },
@@ -488,9 +2168,169 @@
488
2168
  ],
489
2169
  "type": "object"
490
2170
  },
2171
+ "MdaaResourceNamingConfig": {
2172
+ "additionalProperties": false,
2173
+ "properties": {
2174
+ "cdkNode": {
2175
+ "$ref": "#/definitions/Node",
2176
+ "description": "CDK construct node providing access to context values for custom naming implementations"
2177
+ },
2178
+ "domain": {
2179
+ "description": "Domain identifier from MDAA configuration representing logical business or organizational boundaries",
2180
+ "type": "string"
2181
+ },
2182
+ "env": {
2183
+ "description": "Environment identifier from MDAA configuration that distinguishes deployment stages within the same domain",
2184
+ "type": "string"
2185
+ },
2186
+ "moduleName": {
2187
+ "description": "Module name from MDAA configuration identifying the specific MDAA module deployment within a domain/environment",
2188
+ "type": "string"
2189
+ },
2190
+ "org": {
2191
+ "description": "Organization identifier from MDAA configuration that serves as the top-level namespace for all AWS resource names",
2192
+ "type": "string"
2193
+ }
2194
+ },
2195
+ "required": [
2196
+ "cdkNode",
2197
+ "domain",
2198
+ "env",
2199
+ "moduleName",
2200
+ "org"
2201
+ ],
2202
+ "type": "object"
2203
+ },
2204
+ "MdaaRoleRef": {
2205
+ "additionalProperties": false,
2206
+ "properties": {
2207
+ "arn": {
2208
+ "description": "Full IAM role ARN for cross-account role references and explicit role identification.\n\nUse cases: Cross-account role references; Explicit role binding; Multi-account deployments\n\nAWS: Full IAM role ARN (arn:aws:iam::ACCOUNT:role/ROLE-NAME)\n\nValidation: Optional; must be a valid IAM role ARN if provided",
2209
+ "type": "string"
2210
+ },
2211
+ "id": {
2212
+ "description": "IAM role unique identifier for role resolution using the role's AWS-generated ID.\n\nUse cases: Stable role references; Role resolution by unique ID; Immutable role binding\n\nAWS: IAM role unique ID (e.g., AROA...)\n\nValidation: Optional; must be a valid IAM role unique ID if provided",
2213
+ "type": "string"
2214
+ },
2215
+ "immutable": {
2216
+ "description": "Flag indicating whether the referenced role should be treated as immutable and not modified by MDAA operations.\n\nUse cases: Pre-existing role protection; Externally managed roles; Read-only role references\n\nAWS: Controls whether MDAA attaches policies or modifies the referenced IAM role\n\nValidation: Optional boolean; defaults to false",
2217
+ "type": "boolean"
2218
+ },
2219
+ "name": {
2220
+ "description": "IAM role name for role resolution within the same AWS account.\n\nUse cases: Same-account role references; Role name-based resolution; Local IAM role binding\n\nAWS: IAM role name resolved via GetRole within the deployment account\n\nValidation: Optional; must be a valid IAM role name; mutually preferred with arn/id for resolution",
2221
+ "type": "string"
2222
+ },
2223
+ "refId": {
2224
+ "description": "Unique identifier for the role reference within a configuration scope, enabling role lookup and deduplication.\n\nUse cases: Role reference identification; Configuration deduplication; Role lookup key\n\nAWS: Logical identifier for IAM role references within MDAA configuration\n\nValidation: Optional; must be unique within the configuration scope if provided",
2225
+ "type": "string"
2226
+ },
2227
+ "sso": {
2228
+ "description": "Flag indicating the role should be resolved as an AWS SSO auto-generated role.\n\nUse cases: AWS IAM Identity Center integration; SSO permission set role binding; Federated access\n\nAWS: Resolves role via AWS SSO/Identity Center auto-generated role naming convention\n\nValidation: Optional boolean; defaults to false",
2229
+ "type": "boolean"
2230
+ }
2231
+ },
2232
+ "type": "object"
2233
+ },
2234
+ "MdaaSageMakerBluePrintParameterConfig": {
2235
+ "additionalProperties": false,
2236
+ "properties": {
2237
+ "blueprintParamProps": {
2238
+ "$ref": "#/definitions/MdaaSageMakerBluePrintParameterProps"
2239
+ },
2240
+ "cfnParamProps": {
2241
+ "$ref": "#/definitions/CfnParameterProps"
2242
+ }
2243
+ },
2244
+ "required": [
2245
+ "blueprintParamProps"
2246
+ ],
2247
+ "type": "object"
2248
+ },
2249
+ "MdaaSageMakerBluePrintParameterProps": {
2250
+ "additionalProperties": false,
2251
+ "properties": {
2252
+ "defaultValue": {
2253
+ "type": "string"
2254
+ },
2255
+ "description": {
2256
+ "type": "string"
2257
+ },
2258
+ "fieldType": {
2259
+ "type": "string"
2260
+ },
2261
+ "isEditable": {
2262
+ "type": "boolean"
2263
+ },
2264
+ "isOptional": {
2265
+ "type": "boolean"
2266
+ },
2267
+ "isUpdateSupported": {
2268
+ "type": "boolean"
2269
+ }
2270
+ },
2271
+ "required": [
2272
+ "fieldType"
2273
+ ],
2274
+ "type": "object"
2275
+ },
2276
+ "MdaaSageMakerCustomBluePrintConfig": {
2277
+ "additionalProperties": false,
2278
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS SageMaker blueprint deployment that specifies domain association, and parameterization. Enables MDAA modules to be deployed as self-service SageMaker blueprints with controlled access and validation.\n\nUse cases: Self-service infrastructure deployment; Controlled resource provisioning; Parameterized blueprint offerings\n\nAWS: Configures AWS SageMaker blueprints for self-service deployment of MDAA modules with domain management\n\nValidation: domain_arn must be valid SageMaker domain ARN;",
2279
+ "properties": {
2280
+ "additionalAccounts": {
2281
+ "additionalProperties": {
2282
+ "$ref": "#/definitions/AdditionalBlueprintAccount"
2283
+ },
2284
+ "description": "Q-ENHANCED-PROPERTY\nOptional map of additional AWS accounts where the SageMaker blueprint should be enabled. Each entry maps a friendly account name to account-specific configuration including provisioning role ARN and optional parameters and authorized domain units.\n\nUse cases: Multi-account deployment; Cross-account provisioning; Account-specific configuration\n\nAWS: AWS SageMaker blueprint multi-account provisioning configuration\n\nValidation: Must be object with string keys and valid account configuration values if provided",
2285
+ "type": "object"
2286
+ },
2287
+ "authorizedDomainUnits": {
2288
+ "items": {
2289
+ "type": "string"
2290
+ },
2291
+ "type": "array"
2292
+ },
2293
+ "blueprintName": {
2294
+ "type": "string"
2295
+ },
2296
+ "description": {
2297
+ "description": "Q-ENHANCED-PROPERTY\nDescription for the SageMaker blueprint that will be visible to end users in the SageMaker console. Should be descriptive and user-friendly to facilitate blueprint discovery and selection.\n\nUse cases: Product identification; User-friendly naming; SageMaker console display\n\nAWS: AWS SageMaker blueprint name for user interface display\n\nValidation: Must be non-empty string suitable for SageMaker blueprint naming",
2298
+ "type": "string"
2299
+ },
2300
+ "domainBucketName": {
2301
+ "type": "string"
2302
+ },
2303
+ "domainConfig": {
2304
+ "$ref": "#/definitions/DomainConfig"
2305
+ },
2306
+ "domainConfigSSMParam": {
2307
+ "description": "Q-ENHANCED-PROPERTY\nOptional SSM parameter reference for domain configuration enabling dynamic domain configuration management. Specifies the SSM parameter containing domain configuration data for flexible domain setup and configuration management.\n\nUse cases: Dynamic configuration; SSM parameter reference; Configuration management; Flexible setup\n\nAWS: AWS Systems Manager parameter for DataZone domain configuration reference\n\nValidation: Must be valid SSM parameter name if provided; parameter must contain valid domain configuration",
2308
+ "type": "string"
2309
+ },
2310
+ "enabledRegions": {
2311
+ "items": {
2312
+ "type": "string"
2313
+ },
2314
+ "type": "array"
2315
+ },
2316
+ "parameters": {
2317
+ "additionalProperties": {
2318
+ "$ref": "#/definitions/MdaaSageMakerBluePrintParameterConfig"
2319
+ },
2320
+ "description": "Q-ENHANCED-PROPERTY\nOptional object containing named parameter configurations for the SageMaker blueprint. Enables parameterized blueprint deployment with validation rules and user input constraints.\n\nUse cases: Product parameterization; User input collection; Deployment customization\n\nAWS: AWS SageMaker blueprint parameters for user-configurable deployment options\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogParameterConfig values if provided\n *",
2321
+ "type": "object"
2322
+ },
2323
+ "provisioningRole": {
2324
+ "$ref": "#/definitions/MdaaRoleRef"
2325
+ }
2326
+ },
2327
+ "required": [
2328
+ "provisioningRole"
2329
+ ],
2330
+ "type": "object"
2331
+ },
491
2332
  "MdaaSecurityGroupPeer": {
492
2333
  "additionalProperties": false,
493
- "description": "Q-ENHANCED-INTERFACE\nMdaaSecurityGroupPeer interface.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
494
2334
  "properties": {
495
2335
  "description": {
496
2336
  "type": "string"
@@ -502,7 +2342,7 @@
502
2342
  "type": "string"
503
2343
  },
504
2344
  "sgId": {
505
- "description": "Q-ENHANCED-PROPERTY\nRequired security group identifier for security group-based access control in network rules enabling security group reference-based access control. Defines the security group ID that will be referenced in security group rules for allowing access between security groups and resources.\n\nUse cases: Security group reference; Cross-security group access; Resource-based access control; Security group chaining\n\nAWS: Amazon EC2 security group identifier for security group-based network access control\n\nValidation: Must be valid security group ID format (sg-xxxxxxxxx); required for security group-based rules",
2345
+ "description": "Security group identifier for security group-based access control in network rules enabling",
506
2346
  "type": "string"
507
2347
  },
508
2348
  "suppressions": {
@@ -512,7 +2352,7 @@
512
2352
  "type": "array"
513
2353
  },
514
2354
  "toPort": {
515
- "description": "Q-ENHANCED-PROPERTY\nThe ending port number for the security group rule defining the upper bound of the port range. Specifies the ending port for port range rules enabling flexible port range configuration for network access control and service-specific traffic management.\n\nUse cases: Port range configuration; Service port ranges; Flexible port access; Multi-port services; Port range restrictions\n\nAWS: AWS EC2 SecurityGroup rule ToPort property for port range specification\n\nValidation: Must be valid port number (1-65535); should be >= port (fromPort); optional number for port range rules",
2355
+ "description": "The ending port number for the security group rule defining the upper bound of the port range",
516
2356
  "type": "number"
517
2357
  }
518
2358
  },
@@ -524,24 +2364,23 @@
524
2364
  },
525
2365
  "MdaaSecurityGroupRuleProps": {
526
2366
  "additionalProperties": false,
527
- "description": "Q-ENHANCED-INTERFACE\nMdaaSecurityGroupRuleProps configuration interface for compute infrastructure and instance management.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
528
2367
  "properties": {
529
2368
  "ipv4": {
530
- "description": "Q-ENHANCED-PROPERTY\nIPv4 CIDR block rules for security group traffic control defining IP address-based access restrictions. Specifies IPv4 CIDR blocks that are allowed or denied access through the security group for network-level access control and IP-based security policies.\n\nUse cases: IP-based access control; Network segmentation; CIDR-based restrictions; Geographic access control; Network security policies\n\nAWS: AWS EC2 SecurityGroup rules with IPv4 CIDR block sources/destinations\n\nValidation: Must be valid MdaaCidrPeer array with valid CIDR notation; optional array for IP-based rules\n *",
2369
+ "description": "IPv4 CIDR block rules for security group traffic control defining IP address-based access restrictions",
531
2370
  "items": {
532
2371
  "$ref": "#/definitions/MdaaCidrPeer"
533
2372
  },
534
2373
  "type": "array"
535
2374
  },
536
2375
  "prefixList": {
537
- "description": "Q-ENHANCED-PROPERTY\nPrefix list rules for security group traffic control defining managed prefix list-based access restrictions. Specifies AWS-managed or customer-managed prefix lists for scalable IP address range management and centralized network access control.\n\nUse cases: Managed IP ranges; Scalable access control; Centralized IP management; AWS service access; Regional IP restrictions\n\nAWS: AWS EC2 SecurityGroup rules with prefix list sources/destinations\n\nValidation: Must be valid MdaaPrefixListPeer array with valid prefix list IDs; optional array for prefix list-based rules\n *",
2376
+ "description": "Prefix list rules for security group traffic control defining managed prefix list-based access restrictions",
538
2377
  "items": {
539
2378
  "$ref": "#/definitions/MdaaPrefixListPeer"
540
2379
  },
541
2380
  "type": "array"
542
2381
  },
543
2382
  "sg": {
544
- "description": "Q-ENHANCED-PROPERTY\nSecurity group rules for cross-security group traffic control defining security group-based access restrictions. Specifies other security groups that are allowed access through this security group for resource-level access control and security group chaining.\n\nUse cases: Cross-security group access; Resource-based access control; Security group chaining; Service-to-service communication; Layered security\n\nAWS: AWS EC2 SecurityGroup rules with security group sources/destinations\n\nValidation: Must be valid MdaaSecurityGroupPeer array with valid security group IDs; optional array for SG-based rules\n *",
2383
+ "description": "Security group rules for cross-security group traffic control defining security group-based access restrictions",
545
2384
  "items": {
546
2385
  "$ref": "#/definitions/MdaaSecurityGroupPeer"
547
2386
  },
@@ -552,17 +2391,16 @@
552
2391
  },
553
2392
  "MdaaServiceCatalogConstraintConfig": {
554
2393
  "additionalProperties": false,
555
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraints that group multiple validation rules with descriptive information. Enables parameter validation and business rule enforcement for Service Catalog products.\n\nUse cases: Product parameter validation; Business rule grouping; Service Catalog compliance enforcement\n\nAWS: Configures AWS Service Catalog constraints with multiple validation rules for product provisioning\n\nValidation: description must be non-empty; rules must be object with valid constraint rule configurations",
556
2394
  "properties": {
557
2395
  "description": {
558
- "description": "Q-ENHANCED-PROPERTY\nHuman-readable description explaining the purpose and scope of the Service Catalog constraint. Provides clear documentation about the validation rules and business requirements enforced by the constraint.\n\nUse cases: Constraint documentation; User guidance; Business rule explanation\n\nAWS: AWS Service Catalog constraint description for user understanding\n\nValidation: Must be non-empty descriptive text explaining the constraint purpose and scope",
2396
+ "description": "Human-readable description explaining the purpose and scope of the Service Catalog constraint",
559
2397
  "type": "string"
560
2398
  },
561
2399
  "rules": {
562
2400
  "additionalProperties": {
563
2401
  "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleConfig"
564
2402
  },
565
- "description": "Q-ENHANCED-PROPERTY\nObject containing named constraint rules that define the validation logic for Service Catalog product parameters. Each rule can contain conditions and assertions for parameter validation.\n\nUse cases: Named validation rules; Organized constraint logic; Multiple validation scenarios\n\nAWS: AWS Service Catalog constraint rules for structured parameter validation\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogConstraintRuleConfig values\n *",
2403
+ "description": "Object containing named constraint rules that define the validation logic for Service Catalog product parameters",
566
2404
  "type": "object"
567
2405
  }
568
2406
  },
@@ -574,14 +2412,13 @@
574
2412
  },
575
2413
  "MdaaServiceCatalogConstraintRuleAssertionConfig": {
576
2414
  "additionalProperties": false,
577
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraint rule assertions that define validation logic for Service Catalog product parameters. Enables parameter validation and business rule enforcement during Service Catalog product provisioning.\n\nUse cases: Parameter validation rules; Business logic enforcement; Service Catalog product compliance\n\nAWS: Configures AWS Service Catalog constraint rules for product parameter validation during provisioning\n\nValidation: assert must be valid constraint assertion expression; description must be non-empty explanatory text",
578
2415
  "properties": {
579
2416
  "assert": {
580
- "description": "Q-ENHANCED-PROPERTY\nConstraint assertion expression that defines the validation logic for Service Catalog product parameters. Uses CloudFormation intrinsic functions and conditions to validate parameter values during product provisioning.\n\nUse cases: Parameter range validation; Cross-parameter dependency checks; Business rule enforcement\n\nAWS: AWS Service Catalog constraint rule assertion for parameter validation\n\nValidation: Must be valid CloudFormation condition expression using intrinsic functions",
2417
+ "description": "Constraint assertion expression that defines the validation logic for Service Catalog product parameters",
581
2418
  "type": "string"
582
2419
  },
583
2420
  "description": {
584
- "description": "Q-ENHANCED-PROPERTY\nHuman-readable description explaining the purpose and requirements of the constraint assertion. Provides clear guidance to users about parameter validation requirements and business rules.\n\nUse cases: User guidance for parameter validation; Error message context; Business rule documentation\n\nAWS: AWS Service Catalog constraint rule description for user guidance\n\nValidation: Must be non-empty descriptive text explaining the constraint purpose",
2421
+ "description": "Human-readable description explaining the purpose and requirements of the constraint assertion",
585
2422
  "type": "string"
586
2423
  }
587
2424
  },
@@ -597,10 +2434,9 @@
597
2434
  },
598
2435
  "MdaaServiceCatalogConstraintRuleConfig": {
599
2436
  "additionalProperties": false,
600
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraint rules that combine conditions and assertions for parameter validation. Enables complex validation logic with conditional assertions based on parameter values.\n\nUse cases: Complex parameter validation; Conditional business rules; Multi-parameter validation logic\n\nAWS: Configures AWS Service Catalog constraint rules with conditions and assertions for product parameter validation\n\nValidation: condition must be valid condition config; assertions must be array of valid assertion configs",
601
2437
  "properties": {
602
2438
  "assertions": {
603
- "description": "Q-ENHANCED-PROPERTY\nArray of constraint assertions that define the validation logic to be applied when the condition is met. Each assertion validates specific aspects of the Service Catalog product parameters.\n\nUse cases: Multiple validation checks; parameter validation; Business rule enforcement\n\nAWS: AWS Service Catalog constraint rule assertions for parameter validation\n\nValidation: Must be array of valid MdaaServiceCatalogConstraintRuleAssertionConfig objects",
2439
+ "description": "Array of constraint assertions that define the validation logic to be applied when the condition is met",
604
2440
  "items": {
605
2441
  "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleAssertionConfig"
606
2442
  },
@@ -608,7 +2444,7 @@
608
2444
  },
609
2445
  "condition": {
610
2446
  "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleCondititionConfig",
611
- "description": "Q-ENHANCED-PROPERTY\nCondition configuration that determines when the constraint rule assertions should be evaluated. Enables conditional validation logic based on parameter values and deployment context.\n\nUse cases: Conditional validation logic; Context-dependent rules; Parameter-dependent constraints\n\nAWS: AWS Service Catalog constraint rule condition for conditional validation\n\nValidation: Must be valid MdaaServiceCatalogConstraintRuleCondititionConfig object"
2447
+ "description": "Condition configuration that determines when the constraint rule assertions should be evaluated"
612
2448
  }
613
2449
  },
614
2450
  "required": [
@@ -619,15 +2455,14 @@
619
2455
  },
620
2456
  "MdaaServiceCatalogParameterConfig": {
621
2457
  "additionalProperties": false,
622
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog product parameters that combines CloudFormation parameter properties with optional constraint validation. Enables parameterized Service Catalog products with validation rules.\n\nUse cases: Service Catalog product parameterization; Parameter validation; User input constraints\n\nAWS: Configures AWS Service Catalog product parameters with CloudFormation properties and validation constraints\n\nValidation: props must be valid CfnParameterProps; constraints must be valid constraint configuration if provided",
623
2458
  "properties": {
624
2459
  "constraints": {
625
2460
  "$ref": "#/definitions/MdaaServiceCatalogConstraintConfig",
626
- "description": "Q-ENHANCED-PROPERTY\nOptional constraint configuration that defines additional validation rules for the Service Catalog product parameter. Enables business rule enforcement and complex parameter validation beyond basic CloudFormation constraints.\n\nUse cases: Advanced parameter validation; Business rule enforcement; Cross-parameter validation\n\nAWS: AWS Service Catalog parameter constraints for enhanced validation during provisioning\n\nValidation: Must be valid MdaaServiceCatalogConstraintConfig object if provided"
2461
+ "description": "Constraint configuration that defines additional validation rules for the Service Catalog product parameter"
627
2462
  },
628
2463
  "props": {
629
2464
  "$ref": "#/definitions/CfnParameterProps",
630
- "description": "Q-ENHANCED-PROPERTY\nCloudFormation parameter properties that define the parameter characteristics including type, default value, and allowed values. Provides the foundational parameter definition for Service Catalog products.\n\nUse cases: Parameter type definition; Default value specification; Allowed value constraints\n\nAWS: AWS CloudFormation parameter properties for Service Catalog product parameters\n\nValidation: Must be valid CfnParameterProps object with required CloudFormation parameter properties"
2465
+ "description": "CloudFormation parameter properties that define the parameter characteristics including type,"
631
2466
  }
632
2467
  },
633
2468
  "required": [
@@ -637,105 +2472,126 @@
637
2472
  },
638
2473
  "MdaaServiceCatalogProductConfig": {
639
2474
  "additionalProperties": false,
640
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog product deployment that specifies portfolio association, ownership, and parameterization. Enables MDAA modules to be deployed as self-service Service Catalog products with controlled access and validation.\n\nUse cases: Self-service infrastructure deployment; Controlled resource provisioning; Parameterized product offerings\n\nAWS: Configures AWS Service Catalog products for self-service deployment of MDAA modules with portfolio management\n\nValidation: portfolio_arn must be valid Service Catalog portfolio ARN; owner and name must be non-empty strings",
641
2475
  "properties": {
642
2476
  "launch_role_name": {
643
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role name that will be used to launch the Service Catalog product. Enables controlled permissions for product provisioning and resource creation with specific IAM role constraints.\n\nUse cases: Controlled provisioning permissions; IAM role-based access; Security constraint enforcement\n\nAWS: AWS Service Catalog launch role for controlled product provisioning permissions\n\nValidation: Must be valid IAM role name if provided",
2477
+ "description": "IAM role name that will be used to launch the Service Catalog product",
644
2478
  "type": "string"
645
2479
  },
646
2480
  "name": {
647
- "description": "Q-ENHANCED-PROPERTY\nDisplay name for the Service Catalog product that will be visible to end users in the Service Catalog console. Should be descriptive and user-friendly to facilitate product discovery and selection.\n\nUse cases: Product identification; User-friendly naming; Service Catalog console display\n\nAWS: AWS Service Catalog product name for user interface display\n\nValidation: Must be non-empty string suitable for Service Catalog product naming",
2481
+ "description": "Display name for the Service Catalog product that will be visible to end users in the Service Catalog console",
648
2482
  "type": "string"
649
2483
  },
650
2484
  "owner": {
651
- "description": "Q-ENHANCED-PROPERTY\nOwner identifier for the Service Catalog product, typically representing the team or organization responsible for the product. Provides accountability and contact information for product management.\n\nUse cases: Product ownership identification; Contact information; Responsibility assignment\n\nAWS: AWS Service Catalog product owner for accountability and management\n\nValidation: Must be non-empty string identifying the product owner",
2485
+ "description": "Owner identifier for the Service Catalog product, typically representing the team or organization",
652
2486
  "type": "string"
653
2487
  },
654
2488
  "parameters": {
655
2489
  "additionalProperties": {
656
2490
  "$ref": "#/definitions/MdaaServiceCatalogParameterConfig"
657
2491
  },
658
- "description": "Q-ENHANCED-PROPERTY\nOptional object containing named parameter configurations for the Service Catalog product. Enables parameterized product deployment with validation rules and user input constraints.\n\nUse cases: Product parameterization; User input collection; Deployment customization\n\nAWS: AWS Service Catalog product parameters for user-configurable deployment options\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogParameterConfig values if provided\n *",
2492
+ "description": "Object containing named parameter configurations for the Service Catalog product",
659
2493
  "type": "object"
660
2494
  },
661
2495
  "portfolio_arn": {
662
- "description": "Q-ENHANCED-PROPERTY\nARN of the AWS Service Catalog portfolio where the product will be associated. Determines access control and organizational structure for the Service Catalog product deployment.\n\nUse cases: Portfolio organization; Access control; Product categorization\n\nAWS: AWS Service Catalog portfolio ARN for product association and access management\n\nValidation: Must be valid AWS Service Catalog portfolio ARN format",
2496
+ "description": "ARN of the AWS Service Catalog portfolio where the product will be associated",
2497
+ "type": "string"
2498
+ },
2499
+ "portfolio_bucket_name": {
663
2500
  "type": "string"
664
2501
  }
665
2502
  },
666
2503
  "required": [
667
2504
  "name",
668
2505
  "owner",
669
- "portfolio_arn"
2506
+ "portfolio_arn",
2507
+ "portfolio_bucket_name"
2508
+ ],
2509
+ "type": "object"
2510
+ },
2511
+ "MetadataEntry": {
2512
+ "additionalProperties": false,
2513
+ "description": "An entry in the construct metadata table.",
2514
+ "properties": {
2515
+ "data": {
2516
+ "description": "The data."
2517
+ },
2518
+ "trace": {
2519
+ "default": "- no trace information",
2520
+ "description": "Stack trace at the point of adding the metadata.\n\nOnly available if `addMetadata()` is called with `stackTrace: true`.",
2521
+ "items": {
2522
+ "type": "string"
2523
+ },
2524
+ "type": "array"
2525
+ },
2526
+ "type": {
2527
+ "description": "The metadata entry type.",
2528
+ "type": "string"
2529
+ }
2530
+ },
2531
+ "required": [
2532
+ "data",
2533
+ "type"
670
2534
  ],
671
2535
  "type": "object"
672
2536
  },
673
2537
  "MicrosoftSqlServerSettingsProperty": {
674
2538
  "additionalProperties": false,
675
- "description": "Q-ENHANCED-INTERFACE\nMicrosoft SQL Server settings configuration interface for DMS providing SQL Server migration and enterprise database capabilities. Defines SQL Server-specific properties for Database Migration Service including enterprise features, backup integration, and SQL Server migration for enterprise database migration workflows.\n\nUse cases: SQL Server migration; Enterprise database migration; SQL Server connectivity; Enterprise migration workflows; Database backup integration; DMS SQL Server integration\n\nAWS: AWS DMS Microsoft SQL Server endpoint configuration with enterprise database migration and SQL Server capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
2539
+ "description": "Provides information that defines a Microsoft SQL Server endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using SQL Server as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SQLServer.html#CHAP_Source.SQLServer.ConnectionAttrib) and [Extra connection attributes when using SQL Server as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.SQLServer.html#CHAP_Target.SQLServer.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
676
2540
  "properties": {
677
2541
  "bcpPacketSize": {
678
- "description": "Q-ENHANCED-PROPERTY\nOptional BCP packet size in bytes for SQL Server data transfer optimization enabling performance tuning for bulk data operations. Defines the maximum packet size used for Bulk Copy Program (BCP) operations during SQL Server data migration for optimal network utilization and transfer performance.\n\nUse cases: SQL Server performance tuning; Bulk data transfer optimization; Network utilization; Migration performance\n\nAWS: DMS Microsoft SQL Server endpoint bcpPacketSize setting for BCP transfer optimization\n\nValidation: Must be valid packet size in bytes if provided; affects BCP transfer performance and network utilization\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-bcppacketsize",
2542
+ "description": "BCP packet size in bytes for SQL Server data transfer optimization enabling performance",
679
2543
  "type": "number"
680
2544
  },
681
2545
  "controlTablesFileGroup": {
682
- "description": "Q-ENHANCED-PROPERTY\nOptional file group specification for DMS internal control tables enabling SQL Server storage organization and performance optimization. Defines the file group where DMS creates internal control tables (awsdms_apply_exception, awsdms_apply, awsdms_changes) for organized storage management and performance tuning.\n\nUse cases: SQL Server storage organization; Performance optimization; File group management; Control table organization\n\nAWS: DMS Microsoft SQL Server endpoint controlTablesFileGroup setting for internal table storage organization\n\nValidation: Must be valid SQL Server file group name if provided; affects DMS internal table storage location\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-controltablesfilegroup",
683
2546
  "type": "string"
684
2547
  },
685
2548
  "databaseName": {
686
- "description": "Q-ENHANCED-PROPERTY\nOptional database name for SQL Server endpoint connectivity enabling specific database targeting within SQL Server instance. Defines the target database name within the SQL Server instance for focused migration operations and database-specific connectivity.\n\nUse cases: Database-specific migration; SQL Server database targeting; Multi-database instance management; Database connectivity\n\nAWS: DMS Microsoft SQL Server endpoint databaseName setting for specific database connectivity\n\nValidation: Must be valid SQL Server database name if provided; targets specific database within SQL Server instance\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-databasename",
2549
+ "description": "Database name for SQL Server endpoint connectivity enabling specific database targeting",
687
2550
  "type": "string"
688
2551
  },
689
2552
  "forceLobLookup": {
690
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to force LOB lookup on inline LOB data enabling large object handling in SQL Server migration. Forces DMS to perform LOB lookup operations on inline LOB data for complete large object migration and data integrity in SQL Server environments.\n\nUse cases: Large object migration; SQL Server LOB handling; Data integrity; Complete data migration\n\nAWS: DMS Microsoft SQL Server endpoint forceLobLookup setting for LOB data handling configuration\n\nValidation: Must be boolean value if provided; affects LOB data migration behavior and completeness\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-forceloblookup",
691
2553
  "type": "boolean"
692
2554
  },
693
2555
  "port": {
694
- "description": "Q-ENHANCED-PROPERTY\nOptional TCP port number for SQL Server endpoint connectivity enabling custom port configuration for database connections. Defines the network port for SQL Server database connectivity allowing for non-standard port configurations and network security requirements.\n\nUse cases: Custom port configuration; Network security; SQL Server connectivity; Port management\n\nAWS: DMS Microsoft SQL Server endpoint port setting for database connectivity configuration\n\nValidation: Must be valid TCP port number if provided; enables custom SQL Server port connectivity\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-port",
2556
+ "description": "TCP port number for SQL Server endpoint connectivity enabling custom port configuration for",
695
2557
  "type": "number"
696
2558
  },
697
2559
  "querySingleAlwaysOnNode": {
698
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to query single Always On node in SQL Server Always On availability groups enabling optimized connectivity for high availability environments. Directs DMS to query only a single node in Always On availability groups for improved performance and reduced resource utilization in high availability SQL Server deployments.\n\nUse cases: Always On availability groups; High availability optimization; Performance tuning; Resource optimization\n\nAWS: DMS Microsoft SQL Server endpoint querySingleAlwaysOnNode setting for Always On optimization\n\nValidation: Must be boolean value if provided; optimizes connectivity for Always On availability groups\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-querysinglealwaysonnode",
699
2560
  "type": "boolean"
700
2561
  },
701
2562
  "readBackupOnly": {
702
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to read changes only from transaction log backups enabling controlled transaction log management in SQL Server migration. When enabled, DMS reads changes only from transaction log backups rather than active transaction logs, providing better control over log file growth and replication latency.\n\nUse cases: Transaction log management; Log file growth control; Replication latency control; Backup-based replication\n\nAWS: DMS Microsoft SQL Server endpoint readBackupOnly setting for transaction log management\n\nValidation: Must be boolean value if provided; affects transaction log reading behavior and log file growth\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-readbackuponly",
2563
+ "description": "Flag to read changes only from transaction log backups enabling controlled transaction log",
703
2564
  "type": "boolean"
704
2565
  },
705
2566
  "safeguardPolicy": {
706
- "description": "Q-ENHANCED-PROPERTY\nOptional safeguard policy for transaction log truncation prevention enabling controlled log management in SQL Server replication. Defines the method for preventing transaction log truncation with options for transaction-based or sp_repldone-based approaches for optimal log management and replication coordination.\n\nUse cases: Transaction log truncation prevention; Log management; Replication coordination; Parallel task management\n\nAWS: DMS Microsoft SQL Server endpoint safeguardPolicy setting for transaction log management\n\nValidation: Must be valid safeguard policy value if provided; controls transaction log truncation prevention method\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-safeguardpolicy",
707
2567
  "type": "string"
708
2568
  },
709
2569
  "secretsManagerAccessRoleArn": {
710
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS to access Secrets Manager secret containing SQL Server credentials enabling secure credential management. Defines the IAM role that DMS assumes to retrieve database credentials from Secrets Manager for SQL Server endpoint connectivity with role-based security.\n\nUse cases: Secure credential access; IAM role-based security; Secrets Manager integration; DMS authentication\n\nAWS: DMS Microsoft SQL Server endpoint secretsManagerAccessRoleArn setting for IAM role-based credential access\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole and Secrets Manager access permissions\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-secretsmanageraccessrolearn",
2570
+ "description": "IAM role ARN for DMS to access Secrets Manager secret containing SQL Server credentials",
711
2571
  "type": "string"
712
2572
  },
713
2573
  "secretsManagerSecretArn": {
714
- "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing SQL Server endpoint connection details enabling secure credential storage for database connectivity. Defines the AWS Secrets Manager secret that stores database connection credentials including username, password, and connection parameters for SQL Server endpoint access.\n\nUse cases: Secure credential storage; SQL Server connectivity; Database authentication; Secrets management\n\nAWS: DMS Microsoft SQL Server endpoint secretsManagerSecretId setting for Secrets Manager secret reference\n\nValidation: Must be valid Secrets Manager secret ARN; required; secret must contain valid SQL Server connection credentials\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-secretsmanagersecretid",
715
2574
  "type": "string"
716
2575
  },
717
2576
  "secretsManagerSecretKMSArn": {
718
- "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Secrets Manager secret containing SQL Server credentials enabling enhanced security for database connection details. Defines the KMS key used to encrypt the Secrets Manager secret that stores SQL Server endpoint credentials for additional security layer.\n\nUse cases: Credential encryption; Enhanced security; KMS integration; Secrets Manager encryption\n\nAWS: DMS Microsoft SQL Server endpoint secretsManagerSecretKMSArn setting for KMS encryption of credentials\n\nValidation: Must be valid KMS key ARN if provided; enables encryption of Secrets Manager secret containing credentials",
2577
+ "description": "KMS key ARN for encrypting Secrets Manager secret containing SQL Server credentials",
719
2578
  "type": "string"
720
2579
  },
721
2580
  "serverName": {
722
- "description": "Q-ENHANCED-PROPERTY\nOptional fully qualified domain name for SQL Server endpoint connectivity enabling precise server identification and network routing. Defines the complete server name including domain for SQL Server database connectivity, typically from RDS DescribeDBInstances endpoint address for managed instances.\n\nUse cases: Server identification; Network routing; SQL Server connectivity; RDS integration\n\nAWS: DMS Microsoft SQL Server endpoint serverName setting for database server identification\n\nValidation: Must be valid FQDN if provided; enables precise SQL Server server identification and connectivity\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-servername",
723
2581
  "type": "string"
724
2582
  },
725
2583
  "tlogAccessMode": {
726
- "description": "Q-ENHANCED-PROPERTY\nOptional transaction log access mode for CDC data fetching enabling optimized change data capture in SQL Server migration. Defines the method for accessing transaction log data for change data capture operations, affecting CDC performance and resource utilization in SQL Server replication.\n\nUse cases: CDC optimization; Transaction log access; Change data capture; Replication performance\n\nAWS: DMS Microsoft SQL Server endpoint tlogAccessMode setting for CDC data access configuration\n\nValidation: Must be valid transaction log access mode if provided; affects CDC data fetching behavior and performance\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-tlogaccessmode",
2584
+ "description": "Transaction log access mode for CDC data fetching enabling optimized change data capture in",
727
2585
  "type": "string"
728
2586
  },
729
2587
  "trimSpaceInChar": {
730
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to right-trim spaces in CHAR and NCHAR data types during SQL Server migration enabling data formatting consistency. Controls whether DMS removes trailing spaces from CHAR and NCHAR columns during migration for consistent data formatting and storage optimization.\n\nUse cases: Data formatting consistency; Space trimming; Character data optimization; Migration data quality\n\nAWS: DMS Microsoft SQL Server endpoint trimSpaceInChar setting for character data formatting\n\nValidation: Must be boolean value if provided; default is true; affects character data formatting during migration\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-trimspaceinchar",
731
2588
  "type": "boolean"
732
2589
  },
733
2590
  "useBcpFullLoad": {
734
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to use BCP for full-load operations enabling optimized bulk data transfer in SQL Server migration. Controls whether DMS uses Bulk Copy Program (BCP) for full-load operations, providing high-performance data transfer but requiring consideration of identity columns and table structure compatibility.\n\nUse cases: Bulk data transfer optimization; Full-load performance; SQL Server migration optimization; High-volume data transfer\n\nAWS: DMS Microsoft SQL Server endpoint useBcpFullLoad setting for bulk copy optimization\n\nValidation: Must be boolean value if provided; affects full-load performance and identity column handling\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-usebcpfullload",
2591
+ "description": "Flag to use BCP for full-load operations enabling optimized bulk data transfer in SQL Server migration",
735
2592
  "type": "boolean"
736
2593
  },
737
2594
  "useThirdPartyBackupDevice": {
738
- "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to enable processing of third-party transaction log backups for SQL Server DMS migration enabling backup-based replication. Controls whether DMS will process third-party transaction log backups created in native format for SQL Server migration scenarios, providing flexibility for backup-based data migration strategies.\n\nUse cases: Third-party backup processing; Backup-based migration; Transaction log processing; SQL Server migration; Native backup integration\n\nAWS: AWS DMS SQL Server third-party backup device processing for backup-based migration and transaction log handling\n\nValidation: Must be boolean value if provided; optional for third-party backup processing control",
739
2595
  "type": "boolean"
740
2596
  }
741
2597
  },
@@ -746,34 +2602,34 @@
746
2602
  },
747
2603
  "MongoDbSettingsProperty": {
748
2604
  "additionalProperties": false,
749
- "description": "Q-ENHANCED-INTERFACE\nMongoDB settings configuration interface for DMS providing NoSQL database migration and document database capabilities. Defines MongoDB-specific properties for Database Migration Service including document migration, authentication settings, and MongoDB integration for NoSQL database migration workflows.\n\nUse cases: NoSQL database migration; Document database migration; MongoDB connectivity; NoSQL migration workflows; Document data migration; DMS MongoDB integration\n\nAWS: AWS DMS MongoDB endpoint configuration with NoSQL database migration and document database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
2605
+ "description": "Provides information that defines a MongoDB endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about other available settings, see [Endpoint configuration settings when using MongoDB as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.MongoDB.html#CHAP_Source.MongoDB.Configuration) in the *AWS Database Migration Service User Guide* .",
750
2606
  "properties": {
751
2607
  "authMechanism": {
752
- "description": "Q-ENHANCED-PROPERTY\nOptional authentication mechanism for MongoDB source endpoint access with version-specific defaults. Specifies authentication method with default \"mongodb_cr\" for MongoDB 2.x and \"scram_sha_1\" for MongoDB 3.x+, not used when AuthType is \"no\", enabling secure MongoDB database connectivity and authentication.\n\nUse cases: MongoDB authentication; Version-specific auth; Database security; Connection authentication; MongoDB connectivity\n\nAWS: AWS DMS MongoDB endpoint authMechanism for authentication method specification and secure database access\n\nValidation: Must be valid MongoDB authentication mechanism if provided; version-dependent defaults; not used when AuthType is \"no\"",
2608
+ "description": "Authentication mechanism for MongoDB source endpoint access with version-specific defaults",
753
2609
  "type": "string"
754
2610
  },
755
2611
  "authSource": {
756
- "description": "Q-ENHANCED-PROPERTY\nOptional MongoDB database name for authentication with default \"admin\" database. Specifies the database used for authentication operations, not used when AuthType is \"no\", enabling proper authentication context and database-specific access control for MongoDB migration operations.\n\nUse cases: Authentication database; MongoDB auth context; Database-specific auth; Authentication scope; MongoDB security\n\nAWS: AWS DMS MongoDB endpoint authSource for authentication database specification and access control\n\nValidation: Must be valid MongoDB database name if provided; default \"admin\"; not used when AuthType is \"no\"",
2612
+ "description": "MongoDB database name for authentication with default \"admin\" database",
757
2613
  "type": "string"
758
2614
  },
759
2615
  "authType": {
760
- "description": "Q-ENHANCED-PROPERTY\nOptional authentication type for MongoDB source endpoint access control. Specifies authentication type with \"no\" disabling username/password requirements and allowing empty credentials, enabling flexible authentication configuration for MongoDB database connectivity and migration operations.\n\nUse cases: Authentication control; MongoDB security; Credential management; Access control; Database authentication\n\nAWS: AWS DMS MongoDB endpoint authType for authentication type specification and access control\n\nValidation: Must be valid authentication type if provided; \"no\" disables username/password requirements; controls MongoDB authentication",
2616
+ "description": "Authentication type for MongoDB source endpoint access control",
761
2617
  "type": "string"
762
2618
  },
763
2619
  "databaseName": {
764
- "description": "Q-ENHANCED-PROPERTY\nOptional database name on MongoDB source endpoint for migration scope specification. Specifies the target database name for MongoDB migration operations, defining the scope of data migration and database-specific operations for NoSQL document database migration workflows.\n\nUse cases: Database scope; Migration target; MongoDB database selection; Data scope; Database specification\n\nAWS: AWS DMS MongoDB endpoint databaseName for migration database specification and scope definition\n\nValidation: Must be valid MongoDB database name if provided; defines migration scope and target database for operations",
2620
+ "description": "Database name on MongoDB source endpoint for migration scope specification",
765
2621
  "type": "string"
766
2622
  },
767
2623
  "docsToInvestigate": {
768
- "description": "Q-ENHANCED-PROPERTY\nOptional number of documents to preview for document organization analysis when using table mode. Specifies document count for preview analysis with default 1000, used when NestingLevel is \"one\", enabling proper document structure analysis and table mode configuration.\n\nUse cases: Document analysis; Structure preview; Table mode configuration; Document organization; Schema analysis\n\nAWS: AWS DMS MongoDB endpoint docsToInvestigate for document structure analysis and table mode configuration\n\nValidation: Must be positive integer greater than 0 if provided; default 1000; used when NestingLevel is \"one\"",
2624
+ "description": "Number of documents to preview for document organization analysis when using table mode",
769
2625
  "type": "string"
770
2626
  },
771
2627
  "extractDocId": {
772
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to specify document ID extraction when using document mode. Specifies whether to extract document ID with default \"false\", used when NestingLevel is \"none\", enabling document ID handling and document mode configuration for MongoDB migration operations.\n\nUse cases: Document ID extraction; Document mode; ID handling; Document configuration; MongoDB document processing\n\nAWS: AWS DMS MongoDB endpoint extractDocId for document ID extraction and document mode configuration\n\nValidation: Must be \"true\" or \"false\" if provided; default \"false\"; used when NestingLevel is \"none\"",
2628
+ "description": "Flag to specify document ID extraction when using document mode",
773
2629
  "type": "string"
774
2630
  },
775
2631
  "nestingLevel": {
776
- "description": "Q-ENHANCED-PROPERTY\nOptional nesting level specification for document or table mode selection. Specifies migration mode with \"none\" for document mode and \"one\" for table mode, with default \"none\", controlling how MongoDB documents are processed and migrated in NoSQL database operations.\n\nUse cases: Migration mode; Document processing; Table mode; Document mode; MongoDB structure handling\n\nAWS: AWS DMS MongoDB endpoint nestingLevel for migration mode specification and document processing control\n\nValidation: Must be \"none\" or \"one\" if provided; default \"none\"; \"none\" uses document mode, \"one\" uses table mode",
2632
+ "description": "Nesting level specification for document or table mode selection",
777
2633
  "type": "string"
778
2634
  },
779
2635
  "port": {
@@ -804,46 +2660,46 @@
804
2660
  },
805
2661
  "MySqlSettingsProperty": {
806
2662
  "additionalProperties": false,
807
- "description": "Q-ENHANCED-INTERFACE\nMySQL database settings configuration interface for DMS providing database migration and MySQL-specific capabilities. Defines MySQL-specific properties for Database Migration Service including connection settings, replication configuration, and MySQL migration parameters for MySQL database migration workflows.\n\nUse cases: MySQL database migration; Database replication; Connection configuration; MySQL migration workflows; Database connectivity; DMS integration\n\nAWS: AWS DMS MySQL endpoint configuration with MySQL-specific migration settings and replication management\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
2663
+ "description": "Provides information that defines a MySQL endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using MySQL as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.MySQL.html#CHAP_Source.MySQL.ConnectionAttrib) and [Extra connection attributes when using a MySQL-compatible database as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.MySQL.html#CHAP_Target.MySQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
808
2664
  "properties": {
809
2665
  "afterConnectScript": {
810
- "description": "Q-ENHANCED-PROPERTY\nOptional SQL script to execute immediately after DMS connects to the MySQL endpoint for initialization tasks. Provides custom initialization logic that runs after connection establishment, with migration task continuing regardless of script success or failure, enabling database-specific setup and configuration.\n\nUse cases: Database initialization; Connection setup; Custom configuration; Post-connection tasks; Database preparation\n\nAWS: AWS DMS MySQL endpoint afterConnectScript for post-connection initialization and setup\n\nValidation: Must be valid SQL script code if provided; script content not filename; migration continues regardless of execution result",
2666
+ "description": "SQL script to execute immediately after DMS connects to the MySQL endpoint for initialization tasks",
811
2667
  "type": "string"
812
2668
  },
813
2669
  "cleanSourceMetadataOnMismatch": {
814
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to clean and recreate table metadata on replication instance when mismatches occur. Handles situations where DDL operations cause cached table metadata differences on the replication instance, ensuring metadata consistency during MySQL database migration and replication operations.\n\nUse cases: Metadata consistency; DDL handling; Cache management; Replication reliability; Table structure synchronization\n\nAWS: AWS DMS MySQL endpoint cleanSourceMetadataOnMismatch for metadata consistency and cache management\n\nValidation: Must be boolean value if provided; enables automatic metadata cleanup and recreation on mismatch detection",
2670
+ "description": "Flag to clean and recreate table metadata on replication instance when mismatches occur",
815
2671
  "type": "boolean"
816
2672
  },
817
2673
  "eventsPollInterval": {
818
- "description": "Q-ENHANCED-PROPERTY\nOptional polling interval in seconds for checking MySQL binary log changes when database is idle. Specifies how frequently DMS checks binary logs for new changes during idle periods, with default of 5 seconds, affecting change detection latency and system resource usage during MySQL replication.\n\nUse cases: Change detection; Polling frequency; Performance tuning; Idle monitoring; Binary log processing\n\nAWS: AWS DMS MySQL endpoint eventsPollInterval for binary log change detection frequency\n\nValidation: Must be positive integer in seconds if provided; default 5 seconds; affects change detection latency and resource usage",
2674
+ "description": "Polling interval in seconds for checking MySQL binary log changes when database is idle",
819
2675
  "type": "number"
820
2676
  },
821
2677
  "maxFileSize": {
822
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum CSV file size in KB for MySQL data transfer operations. Specifies the maximum size limit for CSV files used in data transfer to MySQL-compatible databases, controlling file size for bulk data operations and affecting transfer performance and memory usage.\n\nUse cases: File size control; Bulk data transfer; Performance optimization; Memory management; CSV processing\n\nAWS: AWS DMS MySQL endpoint maxFileSize for CSV file size limits in data transfer operations\n\nValidation: Must be positive integer in KB if provided; controls CSV file size for MySQL data transfer operations",
2678
+ "description": "Maximum CSV file size in KB for MySQL data transfer operations",
823
2679
  "type": "number"
824
2680
  },
825
2681
  "parallelLoadThreads": {
826
- "description": "Q-ENHANCED-PROPERTY\nOptional number of parallel threads for loading data into MySQL-compatible target databases for performance optimization. Specifies thread count for parallel data loading with each thread requiring separate connection, affecting performance and database load with default of 1 thread for MySQL target operations.\n\nUse cases: Performance optimization; Parallel loading; Thread configuration; MySQL target optimization; Load balancing\n\nAWS: AWS DMS MySQL endpoint parallelLoadThreads for parallel data loading performance optimization\n\nValidation: Must be positive integer if provided; default 1; higher values may impact database performance due to connection overhead",
2682
+ "description": "Number of parallel threads for loading data into MySQL-compatible target databases for",
827
2683
  "type": "number"
828
2684
  },
829
2685
  "secretsManagerAccessRoleArn": {
830
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to MySQL endpoint credentials. Specifies the IAM role with required permissions to access SecretsManagerSecret containing MySQL endpoint credentials, enabling secure credential management and access control for MySQL database connections.\n\nUse cases: Credential management; Secrets Manager integration; Secure access; IAM role configuration; MySQL authentication\n\nAWS: AWS IAM role ARN for Secrets Manager access to MySQL endpoint credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action and Secrets Manager access permissions",
2686
+ "description": "IAM role ARN for AWS Secrets Manager access to MySQL endpoint credentials",
831
2687
  "type": "string"
832
2688
  },
833
2689
  "secretsManagerSecretArn": {
834
- "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing MySQL endpoint connection details for secure credential management. Specifies the full ARN of the secret containing MySQL database connection information including credentials, enabling secure storage and access of MySQL endpoint authentication details.\n\nUse cases: Secure credential storage; MySQL authentication; Secrets Manager integration; Database connection security; Credential management\n\nAWS: AWS Secrets Manager secret ARN containing MySQL endpoint connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN; required for secure MySQL endpoint credential management and authentication",
2690
+ "description": "Secrets Manager secret ARN containing MySQL endpoint connection details for secure credential management",
835
2691
  "type": "string"
836
2692
  },
837
2693
  "secretsManagerSecretKMSArn": {
838
- "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting MySQL endpoint credentials secret in Secrets Manager. Specifies the KMS key used to encrypt the credentials secret, providing additional encryption layer for MySQL endpoint authentication information stored in AWS Secrets Manager.\n\nUse cases: Credential encryption; KMS integration; Enhanced security; Secret encryption; MySQL credential protection\n\nAWS: AWS KMS key ARN for encrypting Secrets Manager secret containing MySQL endpoint credentials\n\nValidation: Must be valid KMS key ARN if provided; provides additional encryption for MySQL credentials in Secrets Manager",
2694
+ "description": "KMS key ARN for encrypting MySQL endpoint credentials secret in Secrets Manager",
839
2695
  "type": "string"
840
2696
  },
841
2697
  "serverTimezone": {
842
- "description": "Q-ENHANCED-PROPERTY\nOptional time zone specification for MySQL source database configuration. Specifies the time zone for the source MySQL database affecting timestamp handling and data conversion during migration, ensuring proper time zone handling and data consistency across different time zones.\n\nUse cases: Time zone configuration; Timestamp handling; Data consistency; MySQL configuration; Time zone conversion\n\nAWS: AWS DMS MySQL endpoint serverTimezone for source database time zone configuration\n\nValidation: Must be valid time zone string if provided; do not enclose in single quotes; affects timestamp data handling",
2698
+ "description": "Time zone specification for MySQL source database configuration",
843
2699
  "type": "string"
844
2700
  },
845
2701
  "targetDbType": {
846
- "description": "Q-ENHANCED-PROPERTY\nOptional target database type specification for MySQL migration destination configuration. Specifies whether to migrate source tables to a single database or multiple databases on the target, with SPECIFIC_DATABASE requiring DatabaseName parameter and MULTIPLE_DATABASES preserving source database structure.\n\nUse cases: Database structure preservation; Migration strategy; Target configuration; Database organization; Schema mapping\n\nAWS: AWS DMS MySQL endpoint targetDbType for target database structure and migration destination configuration\n\nValidation: Must be valid target type if provided; SPECIFIC_DATABASE requires DatabaseName parameter; MULTIPLE_DATABASES preserves structure",
2702
+ "description": "Target database type specification for MySQL migration destination configuration",
847
2703
  "type": "string"
848
2704
  }
849
2705
  },
@@ -893,190 +2749,282 @@
893
2749
  "additionalProperties": {
894
2750
  "$ref": "#/definitions/EndpointProps"
895
2751
  },
896
- "description": "Q-ENHANCED-INTERFACE\nNamedEndpointProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
2752
+ "description": "Named map of endpoint names to endpoint configurations.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
897
2753
  "type": "object"
898
2754
  },
899
2755
  "NamedReplicationInstanceProps": {
900
2756
  "additionalProperties": {
901
2757
  "$ref": "#/definitions/ReplicationInstanceProps"
902
2758
  },
903
- "description": "Q-ENHANCED-INTERFACE\nNamedReplicationInstanceProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
2759
+ "description": "Named map of replication instance names to configurations.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
904
2760
  "type": "object"
905
2761
  },
906
2762
  "NamedReplicationTaskProps": {
907
2763
  "additionalProperties": {
908
2764
  "$ref": "#/definitions/ReplicationTaskProps"
909
2765
  },
910
- "description": "Q-ENHANCED-INTERFACE\nNamedReplicationTaskProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
2766
+ "description": "Named map of replication task names to configurations.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
2767
+ "type": "object"
2768
+ },
2769
+ "NeptuneSettingsProperty": {
2770
+ "additionalProperties": false,
2771
+ "description": "Provides information that defines an Amazon Neptune endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about the available settings, see [Specifying endpoint settings for Amazon Neptune as a target](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Neptune.html#CHAP_Target.Neptune.EndpointSettings) in the *AWS Database Migration Service User Guide* .",
2772
+ "properties": {
2773
+ "errorRetryDuration": {
2774
+ "description": "Retry duration in milliseconds for DMS bulk-load operations to Neptune target database",
2775
+ "type": "number"
2776
+ },
2777
+ "maxFileSize": {
2778
+ "type": "number"
2779
+ },
2780
+ "maxRetryCount": {
2781
+ "description": "Maximum retry count for DMS bulk-load operations to Neptune target database enabling",
2782
+ "type": "number"
2783
+ },
2784
+ "s3BucketFolder": {
2785
+ "type": "string"
2786
+ },
2787
+ "s3BucketName": {
2788
+ "description": "S3 bucket name for temporary storage of migrated graph data during DMS Neptune migration",
2789
+ "type": "string"
2790
+ },
2791
+ "serviceAccessRoleArn": {
2792
+ "type": "string"
2793
+ }
2794
+ },
2795
+ "required": [
2796
+ "s3BucketName"
2797
+ ],
911
2798
  "type": "object"
912
2799
  },
913
- "NeptuneSettingsProperty": {
2800
+ "Node": {
914
2801
  "additionalProperties": false,
915
- "description": "Q-ENHANCED-INTERFACE\nNeptune settings configuration interface for DMS providing graph database migration and graph data capabilities. Defines Neptune-specific properties for Database Migration Service including graph data migration, graph database connectivity, and Neptune integration for graph database migration workflows.\n\nUse cases: Graph database migration; Graph data migration; Neptune connectivity; Graph database workflows; Graph data integration; DMS Neptune integration\n\nAWS: AWS DMS Neptune endpoint configuration with graph database migration and graph data capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
2802
+ "description": "Represents the construct node in the scope tree.",
916
2803
  "properties": {
917
- "errorRetryDuration": {
918
- "description": "Q-ENHANCED-PROPERTY\nOptional retry duration in milliseconds for DMS bulk-load operations to Neptune target database enabling resilient graph data migration with configurable error recovery. Defines the wait time before retrying failed bulk-load operations for migrated graph data to ensure reliable data transfer to Neptune.\n\nUse cases: Graph data migration resilience; Bulk-load error recovery; Neptune migration optimization; Retry configuration\n\nAWS: DMS Neptune endpoint errorRetryDuration setting for bulk-load retry timing configuration\n\nValidation: Must be positive integer in milliseconds; default is 250ms; controls retry timing for failed bulk operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-errorretryduration",
919
- "type": "number"
2804
+ "_addr": {},
2805
+ "_children": {},
2806
+ "_context": {},
2807
+ "_defaultChild": {},
2808
+ "_dependencies": {},
2809
+ "_locked": {},
2810
+ "_metadata": {},
2811
+ "_validations": {},
2812
+ "addChild": {
2813
+ "description": "Adds a child construct to this node."
2814
+ },
2815
+ "addr": {
2816
+ "description": "Returns an opaque tree-unique address for this construct.\n\nAddresses are 42 characters hexadecimal strings. They begin with \"c8\"\nfollowed by 40 lowercase hexadecimal characters (0-9a-f).\n\nAddresses are calculated using a SHA-1 of the components of the construct\npath.\n\nTo enable refactorings of construct trees, constructs with the ID `Default`\nwill be excluded from the calculation. In those cases constructs in the\nsame tree may have the same addreess.",
2817
+ "type": "string"
2818
+ },
2819
+ "children": {
2820
+ "description": "All direct children of this construct.",
2821
+ "items": {
2822
+ "$ref": "#/definitions/IConstruct"
2823
+ },
2824
+ "type": "array"
920
2825
  },
921
- "maxFileSize": {
922
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum file size in kilobytes for CSV files containing migrated graph data before DMS bulk-loads to Neptune target database enabling optimized batch processing. Defines the size threshold for CSV files storing graph data before triggering bulk-load operations to Neptune, optimizing memory usage and transfer efficiency.\n\nUse cases: Graph data batch optimization; Memory management; CSV file size control; Neptune bulk-load efficiency\n\nAWS: DMS Neptune endpoint maxFileSize setting for CSV file size threshold configuration\n\nValidation: Must be positive integer in kilobytes; default is 1,048,576 KB (1GB); controls CSV batch size for bulk operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-maxfilesize",
923
- "type": "number"
2826
+ "defaultChild": {
2827
+ "$ref": "#/definitions/IConstruct",
2828
+ "description": "Returns the child construct that has the id `Default` or `Resource\"`.\nThis is usually the construct that provides the bulk of the underlying functionality.\nUseful for modifications of the underlying construct that are not available at the higher levels.\nOverride the defaultChild property.\n\nThis should only be used in the cases where the correct\ndefault child is not named 'Resource' or 'Default' as it\nshould be.\n\nIf you set this to undefined, the default behavior of finding\nthe child named 'Resource' or 'Default' will be used."
924
2829
  },
925
- "maxRetryCount": {
926
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum retry count for DMS bulk-load operations to Neptune target database enabling configurable resilience for graph data migration. Defines the number of retry attempts for failed bulk-load operations before raising an error, ensuring reliable graph data transfer with controlled retry behavior.\n\nUse cases: Graph migration resilience; Bulk-load retry control; Neptune migration reliability; Error handling configuration\n\nAWS: DMS Neptune endpoint maxRetryCount setting for bulk-load retry attempt configuration\n\nValidation: Must be positive integer; default is 5 retries; controls maximum retry attempts for failed bulk operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-maxretrycount",
927
- "type": "number"
2830
+ "dependencies": {
2831
+ "description": "Return all dependencies registered on this node (non-recursive).",
2832
+ "items": {
2833
+ "$ref": "#/definitions/IConstruct"
2834
+ },
2835
+ "type": "array"
928
2836
  },
929
- "s3BucketFolder": {
930
- "description": "Q-ENHANCED-PROPERTY\nOptional S3 bucket folder path for storing migrated graph data during DMS Neptune migration enabling organized data staging and processing. Defines the folder structure within the S3 bucket for temporary storage of graph data CSV files before bulk-loading to Neptune target database.\n\nUse cases: Graph data organization; S3 staging structure; Migration data management; Temporary storage organization\n\nAWS: DMS Neptune endpoint s3BucketFolder setting for S3 staging folder path configuration\n\nValidation: Must be valid S3 folder path if provided; enables organized staging of graph migration data\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-s3bucketfolder",
2837
+ "host": {},
2838
+ "id": {
2839
+ "description": "The id of this construct within the current scope.\n\nThis is a a scope-unique id. To obtain an app-unique id for this construct, use `addr`.",
931
2840
  "type": "string"
932
2841
  },
933
- "s3BucketName": {
934
- "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for temporary storage of migrated graph data during DMS Neptune migration enabling staged data processing and bulk-loading. Defines the S3 bucket where DMS stores CSV files containing graph data before bulk-loading to Neptune target database.\n\nUse cases: Graph data staging; Neptune migration storage; Temporary CSV storage; Bulk-load data preparation\n\nAWS: DMS Neptune endpoint s3BucketName setting for S3 staging bucket configuration\n\nValidation: Must be valid S3 bucket name; required for Neptune endpoint configuration; bucket must exist and be accessible\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-s3bucketname",
935
- "type": "string"
2842
+ "locked": {
2843
+ "description": "Returns true if this construct or the scopes in which it is defined are\nlocked.",
2844
+ "type": "boolean"
936
2845
  },
937
- "serviceAccessRoleArn": {
938
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM service role ARN for DMS Neptune endpoint access enabling secure authentication and authorization for graph database operations. Defines the IAM role that DMS assumes to access Neptune target database with required permissions for bulk-loading and graph data operations.\n\nUse cases: Neptune access control; DMS service authentication; IAM role-based security; Graph database permissions\n\nAWS: DMS Neptune endpoint serviceAccessRoleArn setting for IAM role-based authentication\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole permission and Neptune access policies\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-serviceaccessrolearn",
2846
+ "metadata": {
2847
+ "description": "An immutable array of metadata objects associated with this construct.\nThis can be used, for example, to implement support for deprecation notices, source mapping, etc.",
2848
+ "items": {
2849
+ "$ref": "#/definitions/MetadataEntry"
2850
+ },
2851
+ "type": "array"
2852
+ },
2853
+ "path": {
2854
+ "description": "The full, absolute path of this construct in the tree.\n\nComponents are separated by '/'.",
939
2855
  "type": "string"
2856
+ },
2857
+ "root": {
2858
+ "$ref": "#/definitions/IConstruct",
2859
+ "description": "Returns the root of the construct tree."
2860
+ },
2861
+ "scope": {
2862
+ "$ref": "#/definitions/IConstruct",
2863
+ "description": "Returns the scope in which this construct is defined.\n\nThe value is `undefined` at the root of the construct scope tree."
2864
+ },
2865
+ "scopes": {
2866
+ "description": "All parent scopes of this construct.",
2867
+ "items": {
2868
+ "$ref": "#/definitions/IConstruct"
2869
+ },
2870
+ "type": "array"
940
2871
  }
941
2872
  },
942
2873
  "required": [
943
- "s3BucketName"
2874
+ "_children",
2875
+ "_context",
2876
+ "_defaultChild",
2877
+ "_dependencies",
2878
+ "_locked",
2879
+ "_metadata",
2880
+ "_validations",
2881
+ "addChild",
2882
+ "addr",
2883
+ "children",
2884
+ "dependencies",
2885
+ "host",
2886
+ "id",
2887
+ "locked",
2888
+ "metadata",
2889
+ "path",
2890
+ "root",
2891
+ "scopes"
944
2892
  ],
945
2893
  "type": "object"
946
2894
  },
947
2895
  "OracleSettingsProperty": {
948
2896
  "additionalProperties": false,
949
- "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS DMS Oracle database endpoint settings providing replication and change data capture options. Provides Oracle-specific configuration properties for DMS endpoints including supplemental logging, archived log management, and advanced Oracle database features for secure and efficient data migration and replication.\n\nUse cases: Oracle database migration; Change data capture; Database replication; Oracle-specific configuration; Advanced Oracle features\n\nAWS: AWS Database Migration Service Oracle endpoint configuration with Oracle-specific settings and optimization parameters\n\nValidation: Boolean properties must be true/false; numeric properties must be valid integers; string properties must follow Oracle naming conventions",
2897
+ "description": "Provides information that defines an Oracle endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.ConnectionAttrib) and [Extra connection attributes when using Oracle as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Oracle.html#CHAP_Target.Oracle.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
950
2898
  "properties": {
951
2899
  "accessAlternateDirectly": {
952
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to disable Binary Reader access to redo logs through direct file access for Oracle RDS sources. Controls whether DMS accesses redo logs directly or through specified path prefix replacement, affecting change data capture performance and configuration for Oracle database replication.\n\nUse cases: RDS Oracle configuration; Change data capture optimization; Direct file access control; Performance tuning; Oracle replication setup\n\nAWS: AWS DMS Oracle endpoint accessAlternateDirectly setting for redo log access configuration\n\nValidation: Must be boolean value if provided; affects Oracle change data capture behavior and performance",
2900
+ "description": "Flag to disable Binary Reader access to redo logs through direct file access for Oracle RDS sources",
953
2901
  "type": "boolean"
954
2902
  },
955
2903
  "addSupplementalLogging": {
956
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable table-level supplemental logging for Oracle database migration tasks. Enables PRIMARY KEY supplemental logging on all selected tables for migration, providing necessary change data capture information while requiring database-level supplemental logging to be enabled separately.\n\nUse cases: Supplemental logging; Change data capture; Table-level logging; Oracle migration; Primary key tracking\n\nAWS: AWS DMS Oracle endpoint addSupplementalLogging for table-level supplemental logging configuration\n\nValidation: Must be boolean value if provided; requires database-level supplemental logging to be enabled for proper operation",
2904
+ "description": "Flag to enable table-level supplemental logging for Oracle database migration tasks",
957
2905
  "type": "boolean"
958
2906
  },
959
2907
  "additionalArchivedLogDestId": {
960
- "description": "Q-ENHANCED-PROPERTY\nOptional additional archived log destination ID for Oracle primary/standby switchover scenarios. Specifies the destination for archive redo logs in switchover situations where the previous primary instance becomes standby, enabling continuous replication during Oracle database role changes.\n\nUse cases: Oracle switchover; High availability; Standby database configuration; Archive log management; Disaster recovery\n\nAWS: AWS DMS Oracle endpoint additionalArchivedLogDestId for switchover archive log destination\n\nValidation: Must be valid integer destination ID if provided; used for Oracle switchover scenarios and archive log management",
2908
+ "description": "Additional archived log destination ID for Oracle primary/standby switchover scenarios",
961
2909
  "type": "number"
962
2910
  },
963
2911
  "allowSelectNestedTables": {
964
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable replication of Oracle tables with nested tables or defined types for complex data structure migration. Allows DMS to replicate Oracle tables containing columns with nested tables or user-defined types, enabling migration of complex Oracle database schemas with advanced data structures.\n\nUse cases: Complex schema migration; Nested table replication; User-defined types; Advanced Oracle features; Complex data structures\n\nAWS: AWS DMS Oracle endpoint allowSelectNestedTables for complex data type replication support\n\nValidation: Must be boolean value if provided; enables replication of Oracle nested tables and defined types",
2912
+ "description": "Flag to enable replication of Oracle tables with nested tables or defined types for complex",
965
2913
  "type": "boolean"
966
2914
  },
967
2915
  "archivedLogDestId": {
968
- "description": "Q-ENHANCED-PROPERTY\nOptional archived redo log destination ID for Oracle change data capture configuration. Specifies the destination ID for archived redo logs matching the dest_id column in v$archived_log view, optimizing performance by ensuring correct log access from the start of replication operations.\n\nUse cases: Archived log configuration; Performance optimization; Change data capture; Log destination management; Oracle replication tuning\n\nAWS: AWS DMS Oracle endpoint archivedLogDestId for archived redo log destination specification\n\nValidation: Must be valid integer matching Oracle v$archived_log dest_id; improves performance through correct log access",
2916
+ "description": "Archived redo log destination ID for Oracle change data capture configuration",
969
2917
  "type": "number"
970
2918
  },
971
2919
  "archivedLogsOnly": {
972
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to restrict DMS access to archived redo logs only for Oracle replication. When enabled, DMS accesses only archived redo logs, requiring ASM privileges if logs are stored on Automatic Storage Management, providing controlled access to Oracle change data.\n\nUse cases: Archived log only access; ASM storage; Controlled log access; Oracle security; Change data capture restriction\n\nAWS: AWS DMS Oracle endpoint archivedLogsOnly for restricted archived log access configuration\n\nValidation: Must be boolean value if provided; requires ASM privileges when archived logs are on ASM storage",
2920
+ "description": "Flag to restrict DMS access to archived redo logs only for Oracle replication",
973
2921
  "type": "boolean"
974
2922
  },
975
2923
  "asmServer": {
976
- "description": "Q-ENHANCED-PROPERTY\nOptional ASM server address for Oracle source endpoint Binary Reader configuration. Specifies the Automatic Storage Management server address for Oracle databases using ASM, enabling DMS Binary Reader access to Oracle databases with ASM storage for change data capture operations.\n\nUse cases: ASM configuration; Binary Reader setup; Oracle ASM access; Storage management; Change data capture with ASM\n\nAWS: AWS DMS Oracle endpoint asmServer for ASM server address configuration with Binary Reader\n\nValidation: Must be valid ASM server address if provided; required for Oracle databases using ASM storage with Binary Reader",
2924
+ "description": "ASM server address for Oracle source endpoint Binary Reader configuration",
977
2925
  "type": "string"
978
2926
  },
979
2927
  "charLengthSemantics": {
980
- "description": "Q-ENHANCED-PROPERTY\nOptional character length semantics specification for Oracle character column interpretation. Determines whether character column lengths are measured in bytes or characters, affecting data type mapping and character handling during Oracle database migration and replication operations.\n\nUse cases: Character encoding; Data type mapping; Character column handling; Oracle character semantics; Migration accuracy\n\nAWS: AWS DMS Oracle endpoint charLengthSemantics for character column length interpretation\n\nValidation: Must be 'CHAR' for character-based or default for byte-based; affects character column length calculation",
2928
+ "description": "Character length semantics specification for Oracle character column interpretation",
981
2929
  "type": "string"
982
2930
  },
983
2931
  "directPathNoLog": {
984
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable direct path loading without database logging for Oracle target performance optimization. Increases commit rate on Oracle target databases by writing directly to tables without creating database log trails, improving performance for bulk data loading operations.\n\nUse cases: Performance optimization; Bulk loading; Direct path loading; Oracle target optimization; High-speed migration\n\nAWS: AWS DMS Oracle endpoint directPathNoLog for direct path loading without logging\n\nValidation: Must be boolean value if provided; improves performance but bypasses Oracle database logging mechanisms",
2932
+ "description": "Flag to enable direct path loading without database logging for Oracle target performance optimization",
985
2933
  "type": "boolean"
986
2934
  },
987
2935
  "directPathParallelLoad": {
988
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable parallel loading when direct path full load is active for Oracle target performance optimization. Enables parallel load operations when useDirectPathFullLoad is set, requiring target tables without constraints or indexes for maximum performance during bulk data migration.\n\nUse cases: Parallel loading; Performance optimization; Bulk migration; Direct path loading; High-speed data transfer\n\nAWS: AWS DMS Oracle endpoint directPathParallelLoad for parallel loading with direct path full load\n\nValidation: Must be boolean value if provided; requires useDirectPathFullLoad enabled and target tables without constraints/indexes",
2936
+ "description": "Flag to enable parallel loading when direct path full load is active for Oracle target",
989
2937
  "type": "boolean"
990
2938
  },
991
2939
  "enableHomogenousTablespace": {
992
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable homogeneous tablespace replication for Oracle target database consistency. Creates existing tables and indexes under the same tablespace on the target database, maintaining Oracle tablespace organization and storage structure during migration operations.\n\nUse cases: Tablespace consistency; Oracle structure preservation; Storage organization; Database layout maintenance; Migration fidelity\n\nAWS: AWS DMS Oracle endpoint enableHomogenousTablespace for tablespace replication and consistency\n\nValidation: Must be boolean value if provided; maintains Oracle tablespace structure and organization on target database",
2940
+ "description": "Flag to enable homogeneous tablespace replication for Oracle target database consistency",
993
2941
  "type": "boolean"
994
2942
  },
995
2943
  "extraArchivedLogDestIds": {
996
- "description": "Q-ENHANCED-PROPERTY\nOptional array of additional archived log destination IDs for Oracle Data Guard switchover scenarios. Specifies multiple destinations for archived redo logs in primary-to-multiple-standby setups, enabling DMS to access correct archive logs during Oracle Data Guard switchover operations.\n\nUse cases: Data Guard switchover; Multiple standby configuration; Archive log management; High availability; Disaster recovery\n\nAWS: AWS DMS Oracle endpoint extraArchivedLogDestIds for multiple archived log destination configuration\n\nValidation: Must be array of valid integer destination IDs if provided; used with archivedLogDestId for switchover scenarios\n *",
2944
+ "description": "Array of additional archived log destination IDs for Oracle Data Guard switchover scenarios",
997
2945
  "items": {
998
2946
  "type": "number"
999
2947
  },
1000
2948
  "type": "array"
1001
2949
  },
1002
2950
  "failTasksOnLobTruncation": {
1003
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to cause task failure when LOB column size exceeds specified LobMaxSize limit. Forces task failure instead of LOB data truncation when actual LOB size is greater than LobMaxSize in limited LOB mode, ensuring data integrity and preventing silent data loss.\n\nUse cases: Data integrity; LOB handling; Error handling; Data validation; Migration quality control\n\nAWS: AWS DMS Oracle endpoint failTasksOnLobTruncation for LOB size validation and error handling\n\nValidation: Must be boolean value if provided; causes task failure instead of LOB truncation when size limits exceeded",
2951
+ "description": "Flag to cause task failure when LOB column size exceeds specified LobMaxSize limit",
1004
2952
  "type": "boolean"
1005
2953
  },
1006
2954
  "numberDatatypeScale": {
1007
- "description": "Q-ENHANCED-PROPERTY\nOptional number data type scale specification for Oracle NUMBER data type conversion precision. Defines the scale for NUMBER data type conversion up to 38 or FLOAT, controlling precision and scale during Oracle numeric data migration with default precision 38, scale 10.\n\nUse cases: Numeric precision; Data type conversion; Oracle NUMBER handling; Precision control; Migration accuracy\n\nAWS: AWS DMS Oracle endpoint numberDatatypeScale for NUMBER data type conversion precision\n\nValidation: Must be integer between 0-38 or FLOAT if provided; controls Oracle NUMBER data type conversion precision and scale",
2955
+ "description": "Number data type scale specification for Oracle NUMBER data type conversion precision",
1008
2956
  "type": "number"
1009
2957
  },
1010
2958
  "oraclePathPrefix": {
1011
- "description": "Q-ENHANCED-PROPERTY\nOptional Oracle path prefix for Binary Reader redo log access configuration. Specifies the default Oracle root path for accessing redo logs when using Binary Reader for change data capture from Amazon RDS for Oracle sources, enabling proper redo log access and change data capture operations.\n\nUse cases: Binary Reader configuration; Redo log access; RDS Oracle sources; Change data capture; Path configuration\n\nAWS: AWS DMS Oracle endpoint oraclePathPrefix for Binary Reader redo log access path specification\n\nValidation: Must be valid Oracle path string if provided; required for Binary Reader access to RDS Oracle redo logs",
2959
+ "description": "Oracle path prefix for Binary Reader redo log access configuration",
1012
2960
  "type": "string"
1013
2961
  },
1014
2962
  "parallelAsmReadThreads": {
1015
- "description": "Q-ENHANCED-PROPERTY\nOptional number of parallel ASM read threads for Oracle change data capture performance optimization. Configures the number of threads (2-8) for CDC load operations using Oracle Automatic Storage Management, working with readAheadBlocks for optimized ASM performance during change data capture.\n\nUse cases: ASM performance; CDC optimization; Thread configuration; Parallel processing; Oracle ASM tuning\n\nAWS: AWS DMS Oracle endpoint parallelAsmReadThreads for ASM CDC performance optimization\n\nValidation: Must be integer between 2-8 if provided; used with readAheadBlocks for ASM performance tuning",
2963
+ "description": "Number of parallel ASM read threads for Oracle change data capture performance optimization",
1016
2964
  "type": "number"
1017
2965
  },
1018
2966
  "readAheadBlocks": {
1019
- "description": "Q-ENHANCED-PROPERTY\nOptional number of read-ahead blocks for Oracle ASM change data capture performance optimization. Configures read-ahead blocks (1000-200000) for CDC load operations using Oracle Automatic Storage Management, working with parallelAsmReadThreads for optimized ASM performance during change data capture.\n\nUse cases: ASM performance; CDC optimization; Block configuration; Read-ahead tuning; Oracle ASM optimization\n\nAWS: AWS DMS Oracle endpoint readAheadBlocks for ASM CDC read-ahead performance optimization\n\nValidation: Must be integer between 1000-200000 if provided; used with parallelAsmReadThreads for ASM performance tuning",
2967
+ "description": "Number of read-ahead blocks for Oracle ASM change data capture performance optimization",
1020
2968
  "type": "number"
1021
2969
  },
1022
2970
  "readTableSpaceName": {
1023
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable tablespace name reading for Oracle tablespace replication support. Enables DMS to read and replicate tablespace information during Oracle database migration, supporting tablespace-aware migration and maintaining Oracle storage organization on target databases.\n\nUse cases: Tablespace replication; Storage organization; Oracle structure preservation; Tablespace awareness; Migration fidelity\n\nAWS: AWS DMS Oracle endpoint readTableSpaceName for tablespace replication and organization support\n\nValidation: Must be boolean value if provided; enables tablespace name reading and replication during Oracle migration",
2971
+ "description": "Flag to enable tablespace name reading for Oracle tablespace replication support",
1024
2972
  "type": "boolean"
1025
2973
  },
1026
2974
  "replacePathPrefix": {
1027
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable path prefix replacement for Binary Reader redo log access. Instructs DMS to replace the default Oracle root with usePathPrefix setting for redo log access when using Binary Reader for change data capture from Amazon RDS for Oracle sources.\n\nUse cases: Path replacement; Binary Reader configuration; RDS Oracle access; Redo log path management; Change data capture setup\n\nAWS: AWS DMS Oracle endpoint replacePathPrefix for Binary Reader path replacement configuration\n\nValidation: Must be boolean value if provided; enables path prefix replacement for Binary Reader redo log access",
2975
+ "description": "Flag to enable path prefix replacement for Binary Reader redo log access",
1028
2976
  "type": "boolean"
1029
2977
  },
1030
2978
  "retryInterval": {
1031
- "description": "Q-ENHANCED-PROPERTY\nOptional retry interval in seconds for Oracle connection query retry operations. Specifies the wait time before resending queries to Oracle database, providing resilience and error recovery for Oracle database connectivity issues during migration and replication operations.\n\nUse cases: Connection resilience; Error recovery; Query retry; Oracle connectivity; Network reliability\n\nAWS: AWS DMS Oracle endpoint retryInterval for query retry timing and connection resilience\n\nValidation: Must be positive integer in seconds if provided; controls query retry timing for Oracle connection resilience",
2979
+ "description": "Retry interval in seconds for Oracle connection query retry operations",
1032
2980
  "type": "number"
1033
2981
  },
1034
2982
  "secretsManagerAccessRoleArn": {
1035
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to Oracle endpoint credentials. Specifies the IAM role with required permissions to access SecretsManagerSecret containing Oracle endpoint credentials, enabling secure credential management and access control for Oracle database connections.\n\nUse cases: Credential management; Secrets Manager integration; Secure access; IAM role configuration; Oracle authentication\n\nAWS: AWS IAM role ARN for Secrets Manager access to Oracle endpoint credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action and Secrets Manager access permissions",
2983
+ "description": "IAM role ARN for AWS Secrets Manager access to Oracle endpoint credentials",
1036
2984
  "type": "string"
1037
2985
  },
1038
2986
  "secretsManagerOracleAsmAccessRoleArn": {
1039
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to Oracle ASM credentials when using Advanced Storage Manager. Specifies the IAM role with required permissions to access SecretsManagerOracleAsmSecret containing Oracle ASM connection details, enabling secure ASM credential management for Oracle endpoints with ASM storage.\n\nUse cases: ASM credential management; Secrets Manager integration; Oracle ASM access; Secure ASM authentication; Advanced storage configuration\n\nAWS: AWS IAM role ARN for Secrets Manager access to Oracle ASM credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; required for Oracle endpoints using ASM; mutually exclusive with clear-text ASM credentials",
2987
+ "description": "IAM role ARN for AWS Secrets Manager access to Oracle ASM credentials when using Advanced Storage Manager",
1040
2988
  "type": "string"
1041
2989
  },
1042
2990
  "secretsManagerOracleAsmSecretArn": {
1043
- "description": "Q-ENHANCED-PROPERTY\nOptional Secrets Manager secret ARN containing Oracle ASM connection details for Advanced Storage Manager endpoints. Specifies the full ARN of the secret containing Oracle ASM connection information, enabling secure storage and access of ASM credentials for Oracle endpoints using Advanced Storage Manager.\n\nUse cases: ASM secret storage; Secure ASM credentials; Oracle ASM configuration; Advanced storage authentication; Secret management\n\nAWS: AWS Secrets Manager secret ARN containing Oracle ASM connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN if provided; required for Oracle endpoints using ASM with Secrets Manager",
2991
+ "description": "Secrets Manager secret ARN containing Oracle ASM connection details for Advanced Storage Manager endpoints",
1044
2992
  "type": "string"
1045
2993
  },
1046
2994
  "secretsManagerSecretArn": {
1047
- "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing Oracle endpoint connection details for secure credential management. Specifies the full ARN of the secret containing Oracle database connection information including credentials, enabling secure storage and access of Oracle endpoint authentication details.\n\nUse cases: Secure credential storage; Oracle authentication; Secrets Manager integration; Database connection security; Credential management\n\nAWS: AWS Secrets Manager secret ARN containing Oracle endpoint connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN; required for secure Oracle endpoint credential management and authentication",
2995
+ "description": "Secrets Manager secret ARN containing Oracle endpoint connection details for secure credential management",
1048
2996
  "type": "string"
1049
2997
  },
1050
2998
  "secretsManagerSecretKMSArn": {
1051
- "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Oracle endpoint credentials secret in Secrets Manager. Specifies the KMS key used to encrypt the credentials secret, providing additional encryption layer for Oracle endpoint authentication information stored in AWS Secrets Manager.\n\nUse cases: Credential encryption; KMS integration; Enhanced security; Secret encryption; Oracle credential protection\n\nAWS: AWS KMS key ARN for encrypting Secrets Manager secret containing Oracle endpoint credentials\n\nValidation: Must be valid KMS key ARN if provided; provides additional encryption for Oracle credentials in Secrets Manager",
2999
+ "description": "KMS key ARN for encrypting Oracle endpoint credentials secret in Secrets Manager",
1052
3000
  "type": "string"
1053
3001
  },
1054
3002
  "spatialDataOptionToGeoJsonFunctionName": {
1055
- "description": "Q-ENHANCED-PROPERTY\nOptional custom function name for converting Oracle SDO_GEOMETRY to GEOJSON format during spatial data migration. Specifies a custom function to handle spatial data conversion, defaulting to SDO2GEOJSON function if available, enabling proper handling of Oracle spatial data types during migration operations.\n\nUse cases: Spatial data conversion; GEOJSON transformation; Oracle spatial types; Custom function usage; Spatial data migration\n\nAWS: AWS DMS Oracle endpoint spatial data conversion function for SDO_GEOMETRY to GEOJSON transformation\n\nValidation: Must be valid Oracle function name if provided; function must be accessible and mimic SDO2GEOJSON operation",
3003
+ "description": "Custom function name for converting Oracle SDO_GEOMETRY to GEOJSON format during spatial data migration",
1056
3004
  "type": "string"
1057
3005
  },
1058
3006
  "standbyDelayTime": {
1059
- "description": "Q-ENHANCED-PROPERTY\nOptional standby delay time in minutes for Oracle Active Data Guard standby database synchronization. Specifies the time lag between primary and standby databases when using Oracle Active Data Guard standby as CDC source, enabling replication from standby instances without impacting production databases.\n\nUse cases: Active Data Guard; Standby replication; Production isolation; CDC from standby; Database synchronization delay\n\nAWS: AWS DMS Oracle endpoint standby delay configuration for Active Data Guard standby database replication\n\nValidation: Must be positive integer in minutes if provided; controls synchronization delay for Active Data Guard standby sources",
3007
+ "description": "Standby delay time in minutes for Oracle Active Data Guard standby database synchronization",
1060
3008
  "type": "number"
1061
3009
  },
1062
3010
  "useAlternateFolderForOnline": {
1063
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable alternate folder usage for online redo logs with Binary Reader for Oracle RDS sources. Instructs DMS Binary Reader to use specified prefix replacement for accessing online redo logs, enabling proper change data capture from Amazon RDS for Oracle databases with custom redo log configurations.\n\nUse cases: Binary Reader configuration; Online redo log access; RDS Oracle sources; Prefix replacement; Change data capture optimization\n\nAWS: AWS DMS Oracle endpoint useAlternateFolderForOnline for Binary Reader online redo log access configuration\n\nValidation: Must be boolean value if provided; enables alternate folder usage for Binary Reader online redo log access",
3011
+ "description": "Flag to enable alternate folder usage for online redo logs with Binary Reader for Oracle RDS sources",
1064
3012
  "type": "boolean"
1065
3013
  },
1066
3014
  "useBFile": {
1067
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable Binary Reader utility for Oracle change data capture operations. Enables Binary Reader for change data capture requiring UseLogminerReader to be disabled, providing alternative method for accessing Oracle redo logs with additional configuration for RDS Oracle sources and ASM environments.\n\nUse cases: Binary Reader CDC; Alternative log access; Oracle ASM support; RDS Oracle configuration; Change data capture method selection\n\nAWS: AWS DMS Oracle endpoint useBFile for Binary Reader utility change data capture configuration\n\nValidation: Must be boolean value if provided; requires UseLogminerReader set to false; additional attributes needed for RDS Oracle",
3015
+ "description": "Flag to enable Binary Reader utility for Oracle change data capture operations",
1068
3016
  "type": "boolean"
1069
3017
  },
1070
3018
  "useDirectPathFullLoad": {
1071
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable direct path full load for Oracle target database performance optimization. Uses Oracle Call Interface (OCI) direct path protocol for bulk-loading Oracle target tables during full load operations, providing improved performance for large data migration scenarios.\n\nUse cases: Performance optimization; Bulk loading; Full load acceleration; Oracle target optimization; Large data migration\n\nAWS: AWS DMS Oracle endpoint useDirectPathFullLoad for direct path protocol bulk loading optimization\n\nValidation: Must be boolean value if provided; enables OCI direct path protocol for bulk-loading Oracle target tables",
3019
+ "description": "Flag to enable direct path full load for Oracle target database performance optimization",
1072
3020
  "type": "boolean"
1073
3021
  },
1074
3022
  "useLogminerReader": {
1075
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable Oracle LogMiner utility for change data capture operations (default method). Controls whether to use LogMiner (default) or Binary Reader for accessing redo logs, with LogMiner being the standard method and Binary Reader requiring additional configuration for binary file access.\n\nUse cases: LogMiner CDC; Standard log access; Change data capture method; Oracle replication; Log access method selection\n\nAWS: AWS DMS Oracle endpoint useLogminerReader for LogMiner utility change data capture configuration\n\nValidation: Must be boolean value if provided; default true for LogMiner; set false to enable Binary Reader with useBFile",
3023
+ "description": "Flag to enable Oracle LogMiner utility for change data capture operations (default method)",
1076
3024
  "type": "boolean"
1077
3025
  },
1078
3026
  "usePathPrefix": {
1079
- "description": "Q-ENHANCED-PROPERTY\nOptional path prefix for Binary Reader redo log access replacement in Oracle RDS sources. Specifies the path prefix to replace the default Oracle root for accessing redo logs when using Binary Reader for change data capture from Amazon RDS for Oracle databases.\n\nUse cases: Binary Reader configuration; Path replacement; RDS Oracle access; Redo log path management; Custom path configuration\n\nAWS: AWS DMS Oracle endpoint usePathPrefix for Binary Reader path prefix replacement configuration\n\nValidation: Must be valid path prefix string if provided; used with Binary Reader for RDS Oracle redo log access replacement",
3027
+ "description": "Path prefix for Binary Reader redo log access replacement in Oracle RDS sources",
1080
3028
  "type": "string"
1081
3029
  }
1082
3030
  },
@@ -1085,24 +3033,40 @@
1085
3033
  ],
1086
3034
  "type": "object"
1087
3035
  },
3036
+ "Port": {
3037
+ "additionalProperties": false,
3038
+ "description": "Interface for classes that provide the connection-specification parts of a security group rule",
3039
+ "properties": {
3040
+ "canInlineRule": {
3041
+ "description": "Whether the rule containing this port range can be inlined into a securitygroup or not.",
3042
+ "type": "boolean"
3043
+ },
3044
+ "props": {}
3045
+ },
3046
+ "required": [
3047
+ "canInlineRule",
3048
+ "props"
3049
+ ],
3050
+ "type": "object"
3051
+ },
1088
3052
  "PostgreSqlSettingsProperty": {
1089
3053
  "additionalProperties": false,
1090
- "description": "Q-ENHANCED-INTERFACE\nPostgreSQL settings configuration interface for DMS providing PostgreSQL migration and open-source database capabilities. Defines PostgreSQL-specific properties for Database Migration Service including advanced PostgreSQL features, replication settings, and PostgreSQL integration for open-source database migration workflows.\n\nUse cases: PostgreSQL migration; Open-source database migration; PostgreSQL connectivity; Advanced PostgreSQL features; Database replication; DMS PostgreSQL integration\n\nAWS: AWS DMS PostgreSQL endpoint configuration with PostgreSQL migration and open-source database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
3054
+ "description": "Provides information that defines a PostgreSQL endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using PostgreSQL as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) and [Extra connection attributes when using PostgreSQL as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.PostgreSQL.html#CHAP_Target.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
1091
3055
  "properties": {
1092
3056
  "afterConnectScript": {
1093
- "description": "Q-ENHANCED-PROPERTY\nOptional SQL script executed after connecting to PostgreSQL source for change data capture (CDC) optimization enabling performance tuning and constraint bypassing. Provides custom SQL commands that run immediately after DMS connects to the PostgreSQL database, commonly used to bypass foreign keys and triggers during bulk loading for improved migration performance.\n\nUse cases: CDC performance optimization; Constraint bypassing; Custom connection setup; Migration performance tuning; Bulk load optimization\n\nAWS: AWS DMS PostgreSQL after-connect script for CDC optimization and custom connection configuration\n\nValidation: Must be valid SQL script if provided; commonly used for session configuration; optional for connection customization",
3057
+ "description": "SQL script executed after connecting to PostgreSQL source for change data capture (CDC)",
1094
3058
  "type": "string"
1095
3059
  },
1096
3060
  "babelfishDatabaseName": {
1097
- "description": "Q-ENHANCED-PROPERTY\nOptional Babelfish for Aurora PostgreSQL database name for DMS endpoint configuration enabling SQL Server compatibility layer access. Specifies the database name when using Babelfish for Aurora PostgreSQL, which provides SQL Server compatibility on top of PostgreSQL for cross-database migration scenarios.\n\nUse cases: Babelfish database access; SQL Server compatibility; Aurora PostgreSQL with Babelfish; Cross-database migration; SQL Server to PostgreSQL migration\n\nAWS: AWS DMS Babelfish for Aurora PostgreSQL database name for SQL Server compatibility layer access\n\nValidation: Must be valid database name if provided; used with Babelfish-enabled Aurora PostgreSQL; optional for Babelfish configuration",
3061
+ "description": "Babelfish for Aurora PostgreSQL database name for DMS endpoint configuration enabling SQL",
1098
3062
  "type": "string"
1099
3063
  },
1100
3064
  "captureDdls": {
1101
- "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to enable DDL event capture for PostgreSQL DMS migration enabling schema change tracking and replication. Controls whether DMS will capture DDL events by creating artifacts in the PostgreSQL database, allowing schema changes to be tracked and replicated during migration operations.\n\nUse cases: DDL event capture; Schema change tracking; DDL replication; Database schema migration; Change data capture\n\nAWS: AWS DMS PostgreSQL DDL capture for schema change tracking and DDL event replication\n\nValidation: Must be boolean value if provided; optional for DDL capture control",
3065
+ "description": "Boolean flag to enable DDL event capture for PostgreSQL DMS migration enabling schema",
1102
3066
  "type": "boolean"
1103
3067
  },
1104
3068
  "databaseMode": {
1105
- "description": "Q-ENHANCED-PROPERTY\nOptional database mode specification for PostgreSQL-compatible endpoints requiring additional configuration enabling specialized endpoint handling. Defines the default behavior for handling PostgreSQL-compatible endpoints such as Babelfish endpoints that require specific configuration and compatibility settings.\n\nUse cases: PostgreSQL-compatible endpoint handling; Babelfish endpoint configuration; Specialized database modes; Endpoint compatibility; Database-specific settings\n\nAWS: AWS DMS PostgreSQL database mode for PostgreSQL-compatible endpoint handling and specialized configuration\n\nValidation: Must be valid database mode string if provided; optional for specialized endpoint configuration",
3069
+ "description": "Database mode specification for PostgreSQL-compatible endpoints requiring additional",
1106
3070
  "type": "string"
1107
3071
  },
1108
3072
  "ddlArtifactsSchema": {
@@ -1118,11 +3082,11 @@
1118
3082
  "type": "boolean"
1119
3083
  },
1120
3084
  "heartbeatEnable": {
1121
- "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to enable WAL heartbeat feature for PostgreSQL DMS migration preventing storage full scenarios and maintaining replication slot health. Enables write-ahead log heartbeat that mimics dummy transactions to keep restart_lsn moving and prevent idle logical replication slots from holding old WAL logs.\n\nUse cases: WAL heartbeat management; Storage full prevention; Replication slot maintenance; Logical replication optimization; WAL log management\n\nAWS: AWS DMS PostgreSQL WAL heartbeat for replication slot maintenance and storage optimization\n\nValidation: Must be boolean value if provided; optional for WAL heartbeat control",
3085
+ "description": "Boolean flag to enable WAL heartbeat feature for PostgreSQL DMS migration preventing",
1122
3086
  "type": "boolean"
1123
3087
  },
1124
3088
  "heartbeatFrequency": {
1125
- "description": "Q-ENHANCED-PROPERTY\nOptional WAL heartbeat frequency in minutes for PostgreSQL DMS migration enabling configurable heartbeat timing and replication optimization. Defines how frequently the WAL heartbeat feature will execute dummy transactions to maintain replication slot health and prevent storage issues.\n\nUse cases: Heartbeat frequency control; Replication optimization; WAL management timing; Storage optimization; Performance tuning\n\nAWS: AWS DMS PostgreSQL WAL heartbeat frequency for configurable replication slot maintenance timing\n\nValidation: Must be positive number in minutes if provided; optional for heartbeat frequency control",
3089
+ "description": "WAL heartbeat frequency in minutes for PostgreSQL DMS migration enabling configurable",
1126
3090
  "type": "number"
1127
3091
  },
1128
3092
  "heartbeatSchema": {
@@ -1163,112 +3127,140 @@
1163
3127
  ],
1164
3128
  "type": "object"
1165
3129
  },
3130
+ "PrincipalPolicyFragment": {
3131
+ "additionalProperties": false,
3132
+ "description": "A collection of the fields in a PolicyStatement that can be used to identify a principal.\n\nThis consists of the JSON used in the \"Principal\" field, and optionally a\nset of \"Condition\"s that need to be applied to the policy.\n\nGenerally, a principal looks like:\n\n { '<TYPE>': ['ID', 'ID', ...] }\n\nAnd this is also the type of the field `principalJson`. However, there is a\nspecial type of principal that is just the string '*', which is treated\ndifferently by some services. To represent that principal, `principalJson`\nshould contain `{ 'LiteralString': ['*'] }`.",
3133
+ "properties": {
3134
+ "conditions": {
3135
+ "$ref": "#/definitions/Conditions",
3136
+ "description": "The conditions under which the policy is in effect.\nSee [the IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html)."
3137
+ },
3138
+ "principalJson": {
3139
+ "additionalProperties": {
3140
+ "items": {
3141
+ "type": "string"
3142
+ },
3143
+ "type": "array"
3144
+ },
3145
+ "type": "object"
3146
+ }
3147
+ },
3148
+ "required": [
3149
+ "conditions",
3150
+ "principalJson"
3151
+ ],
3152
+ "type": "object"
3153
+ },
3154
+ "Record<string,Grant>": {
3155
+ "additionalProperties": false,
3156
+ "type": "object"
3157
+ },
1166
3158
  "RedshiftSettingsProperty": {
1167
3159
  "additionalProperties": false,
1168
- "description": "Q-ENHANCED-INTERFACE\nRedshift settings configuration interface for DMS providing data warehouse integration and bulk loading capabilities. Defines Redshift-specific properties for Database Migration Service including data loading configuration, S3 integration, and Redshift optimization for data warehouse migration workflows.\n\nUse cases: Data warehouse migration; Redshift integration; Bulk data loading; Data warehouse workflows; S3 staging; DMS Redshift integration\n\nAWS: AWS DMS Redshift endpoint configuration with data warehouse integration and bulk loading optimization\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and Redshift-specific requirements",
3160
+ "description": "Provides information that defines an Amazon Redshift endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about other available settings, see [Extra connection attributes when using Amazon Redshift as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Redshift.html#CHAP_Target.Redshift.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
1169
3161
  "properties": {
1170
3162
  "acceptAnyDate": {
1171
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to allow any date format including invalid formats for flexible date handling in Redshift data warehouse. Enables loading of any date format including invalid formats like 00/00/00 00:00:00 without errors, with false default, requiring DATEFORMAT parameter for proper date handling.\n\nUse cases: Flexible date handling; Invalid date processing; Date format tolerance; Data warehouse loading; TIMESTAMP/DATE columns\n\nAWS: AWS DMS Redshift endpoint acceptAnyDate for flexible date format handling in data warehouse loading\n\nValidation: Must be boolean if provided; default false; applies only to TIMESTAMP and DATE columns; requires DATEFORMAT parameter",
3163
+ "description": "Flag to allow any date format including invalid formats for flexible date handling in Redshift data warehouse",
1172
3164
  "type": "boolean"
1173
3165
  },
1174
3166
  "afterConnectScript": {
1175
- "description": "Q-ENHANCED-PROPERTY\nOptional SQL script to execute after connecting to Redshift endpoint for initialization and setup tasks. Provides custom initialization logic that runs after connection establishment to Redshift data warehouse, enabling database-specific setup and configuration for data warehouse operations.\n\nUse cases: Database initialization; Connection setup; Custom configuration; Post-connection tasks; Data warehouse preparation\n\nAWS: AWS DMS Redshift endpoint afterConnectScript for post-connection initialization and setup\n\nValidation: Must be valid SQL script code if provided; script content not filename; enables custom Redshift initialization",
3167
+ "description": "SQL script to execute after connecting to Redshift endpoint for initialization and setup tasks",
1176
3168
  "type": "string"
1177
3169
  },
1178
3170
  "bucketFolder": {
1179
- "description": "Q-ENHANCED-PROPERTY\nOptional S3 folder for storing CSV files before uploading to Redshift cluster for staged data loading. Specifies S3 folder where CSV files are stored before Redshift COPY operations, with full load using BucketFolder/TableID path and CDC using BucketFolder/NetChangesTableID path for organized data staging.\n\nUse cases: Data staging; S3 organization; CSV storage; Redshift COPY operations; Staged loading\n\nAWS: AWS S3 folder path for DMS Redshift CSV file staging and COPY operation organization\n\nValidation: Must be valid S3 folder path if provided; used for CSV staging before Redshift COPY operations",
3171
+ "description": "S3 folder for storing CSV files before uploading to Redshift cluster for staged data loading",
1180
3172
  "type": "string"
1181
3173
  },
1182
3174
  "bucketName": {
1183
- "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for intermediate CSV file storage before Redshift data loading operations. Specifies the S3 bucket where CSV files are stored before uploading to Redshift cluster, serving as staging area for Redshift COPY operations and data warehouse loading workflows.\n\nUse cases: Data staging; S3 storage; CSV intermediate storage; Redshift loading; Data warehouse staging\n\nAWS: AWS S3 bucket name for DMS Redshift CSV file staging and data warehouse loading operations\n\nValidation: Must be valid S3 bucket name; required for Redshift endpoint configuration and CSV staging operations",
3175
+ "description": "S3 bucket name for intermediate CSV file storage before Redshift data loading operations",
1184
3176
  "type": "string"
1185
3177
  },
1186
3178
  "caseSensitiveNames": {
1187
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable case-sensitive schema names in Redshift data warehouse for precise schema handling. Enables case-sensitive schema name support when Redshift is configured for case sensitivity with default false, ensuring proper schema name handling and data organization in data warehouse operations.\n\nUse cases: Case-sensitive schemas; Schema name precision; Data organization; Redshift configuration; Schema handling\n\nAWS: AWS DMS Redshift endpoint caseSensitiveNames for case-sensitive schema name handling\n\nValidation: Must be boolean if provided; default false; requires Redshift configured for case-sensitive schema names",
3179
+ "description": "Flag to enable case-sensitive schema names in Redshift data warehouse for precise schema handling",
1188
3180
  "type": "boolean"
1189
3181
  },
1190
3182
  "compUpdate": {
1191
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable automatic compression for empty Redshift tables for storage optimization. Enables automatic compression when table is empty even with existing encodings other than RAW, with true default, optimizing storage efficiency and query performance in data warehouse operations.\n\nUse cases: Storage optimization; Compression management; Performance tuning; Data warehouse optimization; Automatic encoding\n\nAWS: AWS DMS Redshift endpoint compUpdate for automatic compression and storage optimization\n\nValidation: Must be boolean if provided; default true; applies automatic compression to empty tables regardless of existing encodings",
3183
+ "description": "Flag to enable automatic compression for empty Redshift tables for storage optimization",
1192
3184
  "type": "boolean"
1193
3185
  },
1194
3186
  "connectionTimeout": {
1195
- "description": "Q-ENHANCED-PROPERTY\nOptional connection timeout in milliseconds for Redshift endpoint connection establishment. Specifies the maximum time to wait for initial connection establishment to Redshift data warehouse, controlling connection reliability and timeout behavior for data warehouse connectivity.\n\nUse cases: Connection reliability; Timeout control; Network configuration; Connection management; Data warehouse connectivity\n\nAWS: AWS DMS Redshift endpoint connectionTimeout for connection establishment timeout control\n\nValidation: Must be positive integer in milliseconds if provided; controls initial connection timeout for Redshift endpoint",
3187
+ "description": "Connection timeout in milliseconds for Redshift endpoint connection establishment",
1196
3188
  "type": "number"
1197
3189
  },
1198
3190
  "dateFormat": {
1199
- "description": "Q-ENHANCED-PROPERTY\nOptional date format specification for Redshift data loading and date handling. Specifies date format with 'auto' for automatic recognition, custom format string in quotes, or NULL for default YYYY-MM-DD format, enabling flexible date parsing and data warehouse date handling.\n\nUse cases: Date format specification; Flexible date parsing; Data warehouse loading; Date handling; Format recognition\n\nAWS: AWS DMS Redshift endpoint dateFormat for date format specification and parsing control\n\nValidation: Must be 'auto', quoted format string, or NULL if provided; default YYYY-MM-DD; use 'auto' for mixed formats",
3191
+ "description": "Date format specification for Redshift data loading and date handling",
1200
3192
  "type": "string"
1201
3193
  },
1202
3194
  "emptyAsNull": {
1203
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to migrate empty CHAR and VARCHAR fields as NULL for consistent null handling. Enables migration of empty string fields as NULL values with true setting and false default, ensuring consistent null representation in Redshift data warehouse operations.\n\nUse cases: NULL handling; Empty string processing; Data consistency; Redshift migration; Field representation\n\nAWS: AWS DMS Redshift endpoint emptyAsNull for empty field NULL conversion and consistent data representation\n\nValidation: Must be boolean if provided; default false; converts empty CHAR/VARCHAR fields to NULL when true",
3195
+ "description": "Flag to migrate empty CHAR and VARCHAR fields as NULL for consistent null handling",
1204
3196
  "type": "boolean"
1205
3197
  },
1206
3198
  "explicitIds": {
1207
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to override auto-generated IDENTITY column values with explicit source values for full-load migration. Enables tables with IDENTITY columns to use explicit values from source data files instead of auto-generated values, applicable only to full-load migration tasks.\n\nUse cases: IDENTITY column handling; Explicit value loading; Full-load migration; Source value preservation; Identity management\n\nAWS: AWS DMS Redshift endpoint explicitIds for IDENTITY column value override in full-load migration\n\nValidation: Must be boolean if provided; default false; applies only to full-load migration tasks with IDENTITY columns",
3199
+ "description": "Flag to override auto-generated IDENTITY column values with explicit source values for full-load migration",
1208
3200
  "type": "boolean"
1209
3201
  },
1210
3202
  "fileTransferUploadStreams": {
1211
- "description": "Q-ENHANCED-PROPERTY\nOptional number of parallel threads for single file upload to optimize S3 multipart upload performance. Specifies thread count (1-64) for uploading single CSV files to S3 using multipart upload with default 10, affecting upload performance and throughput for Redshift staging operations.\n\nUse cases: Upload optimization; Parallel processing; S3 multipart upload; Performance tuning; File transfer optimization\n\nAWS: AWS S3 multipart upload thread configuration for DMS Redshift CSV file upload optimization\n\nValidation: Must be integer between 1-64 if provided; default 10; controls parallel streams for S3 multipart upload",
3203
+ "description": "Number of parallel threads for single file upload to optimize S3 multipart upload performance",
1212
3204
  "type": "number"
1213
3205
  },
1214
3206
  "loadTimeout": {
1215
- "description": "Q-ENHANCED-PROPERTY\nOptional timeout in milliseconds for Redshift cluster operations including COPY, INSERT, DELETE, and UPDATE. Specifies maximum wait time for DMS operations on Redshift cluster, controlling operation timeout behavior and preventing hung operations in data warehouse loading.\n\nUse cases: Operation timeout; Performance control; Redshift operations; Timeout management; Data warehouse loading\n\nAWS: AWS DMS Redshift endpoint loadTimeout for cluster operation timeout control and performance management\n\nValidation: Must be positive integer in milliseconds if provided; controls timeout for Redshift COPY/INSERT/DELETE/UPDATE operations",
3207
+ "description": "Timeout in milliseconds for Redshift cluster operations including COPY, INSERT, DELETE, and UPDATE",
1216
3208
  "type": "number"
1217
3209
  },
1218
3210
  "mapBooleanAsBoolean": {
1219
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to migrate boolean type as native boolean in Redshift for proper data type representation. Enables migration of boolean values as boolean type instead of default varchar(1), requiring setting on both source and target endpoints for proper boolean data type handling in data warehouse.\n\nUse cases: Boolean type preservation; Data type accuracy; Redshift native types; Type mapping; Data warehouse optimization\n\nAWS: AWS DMS Redshift endpoint mapBooleanAsBoolean for native boolean type migration and data type preservation\n\nValidation: Must be boolean if provided; must be set on both source and target endpoints; preserves boolean data type in Redshift",
3211
+ "description": "Flag to migrate boolean type as native boolean in Redshift for proper data type representation",
1220
3212
  "type": "boolean"
1221
3213
  },
1222
3214
  "maxFileSize": {
1223
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum CSV file size in KB for S3 staging and Redshift data transfer optimization. Specifies maximum size limit for CSV files used in S3 bucket loading and Redshift data transfer with default 1 GB (1048576KB), affecting staging performance and transfer efficiency.\n\nUse cases: File size control; S3 staging optimization; Transfer performance; Data warehouse loading; Storage management\n\nAWS: AWS DMS Redshift endpoint maxFileSize for CSV file size limits in S3 staging and data transfer\n\nValidation: Must be positive integer in KB if provided; default 1 GB; controls CSV file size for S3 staging and Redshift transfer",
3215
+ "description": "Maximum CSV file size in KB for S3 staging and Redshift data transfer optimization",
1224
3216
  "type": "number"
1225
3217
  },
1226
3218
  "removeQuotes": {
1227
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to remove surrounding quotation marks from strings in incoming data for cleaner data processing. Enables removal of quotation marks while retaining all characters within quotes including delimiters, with false default, affecting string data processing in Redshift migration.\n\nUse cases: String processing; Quotation handling; Data cleaning; Character processing; String formatting\n\nAWS: AWS DMS Redshift endpoint removeQuotes for quotation mark removal and string data processing\n\nValidation: Must be boolean if provided; default false; removes surrounding quotation marks while preserving internal content",
3219
+ "description": "Flag to remove surrounding quotation marks from strings in incoming data for cleaner data processing",
1228
3220
  "type": "boolean"
1229
3221
  },
1230
3222
  "replaceChars": {
1231
- "description": "Q-ENHANCED-PROPERTY\nOptional replacement character for invalid characters specified in ReplaceInvalidChars for data cleaning. Specifies the substitution character for invalid characters during data migration with default \"?\" character, working with ReplaceInvalidChars for character replacement and data cleaning.\n\nUse cases: Character replacement; Data cleaning; Invalid character handling; String processing; Data sanitization\n\nAWS: AWS DMS Redshift endpoint replaceChars for invalid character replacement and data cleaning\n\nValidation: Must be valid replacement character if provided; default \"?\"; works with ReplaceInvalidChars for character substitution",
3223
+ "description": "Replacement character for invalid characters specified in ReplaceInvalidChars for data cleaning",
1232
3224
  "type": "string"
1233
3225
  },
1234
3226
  "replaceInvalidChars": {
1235
- "description": "Q-ENHANCED-PROPERTY\nOptional list of characters to replace during data migration for data cleaning. Specifies characters that should be replaced using ReplaceChars substitution, enabling data sanitization and character normalization during Redshift data warehouse migration operations.\n\nUse cases: Character filtering; Data sanitization; Invalid character removal; String normalization; Data cleaning\n\nAWS: AWS DMS Redshift endpoint replaceInvalidChars for character filtering and data sanitization\n\nValidation: Must be valid character list if provided; works with ReplaceChars for character replacement and data cleaning",
3227
+ "description": "List of characters to replace during data migration for data cleaning",
1236
3228
  "type": "string"
1237
3229
  },
1238
3230
  "secretsManagerAccessRoleArn": {
1239
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to Redshift endpoint credentials. Specifies the IAM role with required permissions to access SecretsManagerSecret containing Redshift endpoint credentials, enabling secure credential management and access control for data warehouse connections.\n\nUse cases: Credential management; Secrets Manager integration; Secure access; IAM role configuration; Redshift authentication\n\nAWS: AWS IAM role ARN for Secrets Manager access to Redshift endpoint credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action and Secrets Manager access permissions",
3231
+ "description": "IAM role ARN for AWS Secrets Manager access to Redshift endpoint credentials",
1240
3232
  "type": "string"
1241
3233
  },
1242
3234
  "secretsManagerSecretArn": {
1243
- "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing Redshift endpoint connection details for secure credential management. Specifies the full ARN of the secret containing Redshift database connection information including credentials, enabling secure storage and access of Redshift endpoint authentication details.\n\nUse cases: Secure credential storage; Redshift authentication; Secrets Manager integration; Database connection security; Credential management\n\nAWS: AWS Secrets Manager secret ARN containing Redshift endpoint connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN; required for secure Redshift endpoint credential management and authentication",
3235
+ "description": "Secrets Manager secret ARN containing Redshift endpoint connection details for secure credential management",
1244
3236
  "type": "string"
1245
3237
  },
1246
3238
  "secretsManagerSecretKMSArn": {
1247
- "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Redshift endpoint credentials secret in Secrets Manager. Specifies the KMS key used to encrypt the credentials secret, providing additional encryption layer for Redshift endpoint authentication information stored in AWS Secrets Manager.\n\nUse cases: Credential encryption; KMS integration; Enhanced security; Secret encryption; Redshift credential protection\n\nAWS: AWS KMS key ARN for encrypting Secrets Manager secret containing Redshift endpoint credentials\n\nValidation: Must be valid KMS key ARN if provided; provides additional encryption for Redshift credentials in Secrets Manager",
3239
+ "description": "KMS key ARN for encrypting Redshift endpoint credentials secret in Secrets Manager",
1248
3240
  "type": "string"
1249
3241
  },
1250
3242
  "serverSideEncryptionKmsKeyId": {
1251
- "description": "Q-ENHANCED-PROPERTY\nRequired KMS key ID for server-side encryption when using SSE_KMS encryption mode for Redshift S3 staging security. Specifies the AWS KMS key for encrypting S3 staging objects, requiring attached policy enabling IAM user permissions and key usage for secure data warehouse staging and compliance.\n\nUse cases: Data encryption; KMS integration; S3 security; Compliance requirements; Data protection\n\nAWS: AWS KMS key ID for S3 server-side encryption with customer-managed keys in Redshift staging\n\nValidation: Must be valid KMS key ID; required when EncryptionMode is SSE_KMS; requires proper IAM permissions and key policy",
3243
+ "description": "KMS key ID for server-side encryption when using SSE_KMS encryption mode for Redshift S3 staging security",
1252
3244
  "type": "string"
1253
3245
  },
1254
3246
  "serviceAccessRoleArn": {
1255
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS service access to Redshift service operations for data warehouse integration. Specifies the service role enabling DMS to access Redshift service, requiring iam:PassRole action for secure Redshift access and data warehouse migration operations.\n\nUse cases: Service access; IAM role configuration; Redshift permissions; Secure access; Data warehouse authorization\n\nAWS: AWS IAM role ARN for DMS service access to Redshift service operations and data warehouse integration\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action; enables Redshift service access operations",
3247
+ "description": "IAM role ARN for DMS service access to Redshift service operations for data warehouse integration",
1256
3248
  "type": "string"
1257
3249
  },
1258
3250
  "timeFormat": {
1259
- "description": "Q-ENHANCED-PROPERTY\nOptional time format specification for Redshift data loading and time handling. Specifies time format with 'auto' for automatic recognition, custom timeformat_string, epochsecs, or epochmillisecs options, enabling flexible time parsing and data warehouse time handling with default 10.\n\nUse cases: Time format specification; Flexible time parsing; Data warehouse loading; Time handling; Format recognition\n\nAWS: AWS DMS Redshift endpoint timeFormat for time format specification and parsing control\n\nValidation: Must be 'auto', timeformat_string, 'epochsecs', or 'epochmillisecs' if provided; default 10; use 'auto' for mixed formats",
3251
+ "description": "Time format specification for Redshift data loading and time handling",
1260
3252
  "type": "string"
1261
3253
  },
1262
3254
  "trimBlanks": {
1263
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to remove trailing white space characters from VARCHAR strings for cleaner data processing. Enables removal of trailing whitespace from VARCHAR columns with true setting and false default, improving data quality and consistency in Redshift data warehouse operations.\n\nUse cases: Data cleaning; Whitespace removal; VARCHAR processing; Data quality; String normalization\n\nAWS: AWS DMS Redshift endpoint trimBlanks for trailing whitespace removal from VARCHAR columns\n\nValidation: Must be boolean if provided; default false; applies only to VARCHAR data type columns; removes trailing whitespace",
3255
+ "description": "Flag to remove trailing white space characters from VARCHAR strings for cleaner data processing",
1264
3256
  "type": "boolean"
1265
3257
  },
1266
3258
  "truncateColumns": {
1267
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to truncate data in columns to fit column size limits for data integrity in Redshift. Enables truncation of data in VARCHAR or CHAR columns to appropriate character limits for rows 4MB or less, with false default, ensuring data fits column constraints in data warehouse operations.\n\nUse cases: Data truncation; Column size compliance; Data integrity; VARCHAR/CHAR handling; Size constraint management\n\nAWS: AWS DMS Redshift endpoint truncateColumns for data truncation and column size compliance\n\nValidation: Must be boolean if provided; default false; applies only to VARCHAR/CHAR columns with rows ≤4MB; ensures data fits columns",
3259
+ "description": "Flag to truncate data in columns to fit column size limits for data integrity in Redshift",
1268
3260
  "type": "boolean"
1269
3261
  },
1270
3262
  "writeBufferSize": {
1271
- "description": "Q-ENHANCED-PROPERTY\nOptional in-memory file write buffer size in KB for CSV file generation performance optimization. Specifies buffer size for generating CSV files on local disk at DMS replication instance with default 1000KB (1MB), affecting CSV generation performance and memory usage.\n\nUse cases: Performance optimization; Buffer management; CSV generation; Memory optimization; File write performance\n\nAWS: AWS DMS Redshift endpoint writeBufferSize for CSV file generation buffer optimization and performance tuning\n\nValidation: Must be positive integer in KB if provided; default 1000KB; controls in-memory buffer size for CSV file generation",
3263
+ "description": "In-memory file write buffer size in KB for CSV file generation performance optimization",
1272
3264
  "type": "number"
1273
3265
  }
1274
3266
  },
@@ -1295,7 +3287,7 @@
1295
3287
  },
1296
3288
  "ReplicationInstanceProps": {
1297
3289
  "additionalProperties": false,
1298
- "description": "Q-ENHANCED-INTERFACE\nReplicationInstanceProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
3290
+ "description": "Configuration for a DMS replication instance with compute, networking, and security settings.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
1299
3291
  "properties": {
1300
3292
  "addSelfReferenceRule": {
1301
3293
  "description": "If true, the SG will allow traffic to and from itself",
@@ -1310,18 +3302,18 @@
1310
3302
  "description": "List of ingress rules to be added to the function SG"
1311
3303
  },
1312
3304
  "instanceClass": {
1313
- "description": "Q-ENHANCED-PROPERTY\nRequired compute class specification for DMS replication instance enabling performance and capacity optimization for database migration workloads. Defines the compute capacity and performance characteristics of the replication instance for handling database migration tasks, data transfer operations, and replication workloads.\n\nUse cases: Performance optimization; Capacity planning; Migration workload sizing; Cost optimization; Compute resource specification\n\nAWS: AWS DMS replication instance class for compute capacity and performance optimization\n\nValidation: Must be valid DMS instance class; required for replication instance deployment; see AWS DMS documentation for supported types",
3305
+ "description": "DMS replication instance class (e.g., 'dms.r5.large').",
1314
3306
  "type": "string"
1315
3307
  },
1316
3308
  "subnetIds": {
1317
- "description": "Q-ENHANCED-PROPERTY\nRequired array of subnet identifiers for DMS replication instance deployment enabling multi-AZ availability and network distribution. Defines the subnets where the replication instance will be deployed, requiring at least two availability zones for high availability and fault tolerance in database migration operations.\n\nUse cases: Multi-AZ deployment; High availability; Network distribution; Fault tolerance; Availability zone redundancy\n\nAWS: Amazon VPC subnet identifiers for DMS replication instance multi-AZ deployment and high availability\n\nValidation: Must be array of valid subnet identifiers; required for replication instance deployment; must span at least two availability zones",
3309
+ "description": "Subnet IDs for replication instance deployment, spanning at least two AZs.",
1318
3310
  "items": {
1319
3311
  "type": "string"
1320
3312
  },
1321
3313
  "type": "array"
1322
3314
  },
1323
3315
  "vpcId": {
1324
- "description": "Q-ENHANCED-PROPERTY\nRequired VPC identifier for DMS replication instance deployment enabling network isolation and security boundaries. Defines the Virtual Private Cloud that will host the replication instance providing network-level security and isolation for database migration operations and data transfer workflows.\n\nUse cases: Network isolation; VPC deployment; Security boundaries; Private migration environments; Network-level security\n\nAWS: Amazon VPC identifier for DMS replication instance deployment and network isolation\n\nValidation: Must be valid VPC identifier; required for VPC-based replication instance deployment",
3316
+ "description": "VPC ID for replication instance deployment.",
1325
3317
  "type": "string"
1326
3318
  }
1327
3319
  },
@@ -1334,7 +3326,7 @@
1334
3326
  },
1335
3327
  "ReplicationTaskProps": {
1336
3328
  "additionalProperties": false,
1337
- "description": "Q-ENHANCED-INTERFACE\nReplicationTaskProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
3329
+ "description": "Configuration for a DMS replication task defining migration settings.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
1338
3330
  "properties": {
1339
3331
  "cdcStartPosition": {
1340
3332
  "description": "Indicates when you want a change data capture (CDC) operation to start.\nUse either `CdcStartPosition` or `CdcStartTime` to specify when you want a CDC operation to start. Specifying both values results in an error.\nThe value can be in date, checkpoint, log sequence number (LSN), or system change number (SCN) format.\nHere is a date example: `--cdc-start-position \"2018-03-08T12:12:12\"`\nHere is a checkpoint example: `--cdc-start-position \"checkpoint:V1#27#mysql-bin-changelog.157832:1975:-1:2002:677883278264080:mysql-bin-changelog.157832:1876#0#0#*#0#93\"`\nHere is an LSN example: `--cdc-start-position “mysql-bin-changelog.000024:373”`\n> When you use this task setting with a source PostgreSQL database, a logical replication slot should already be created and associated with the source endpoint. You can verify this by setting the `slotName` extra connection attribute to the name of this logical replication slot. For more information, see [Extra Connection Attributes When Using PostgreSQL as a Source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-cdcstartposition",
@@ -1353,7 +3345,7 @@
1353
3345
  "description": "The migration type.\nValid values: `full-load` | `cdc` | `full-load-and-cdc`\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-migrationtype"
1354
3346
  },
1355
3347
  "replicationInstance": {
1356
- "description": "Q-ENHANCED-PROPERTY\nRequired replication instance name reference for DMS task execution enabling task-to-instance association and resource allocation. Specifies the name of the replication instance from the replicationInstances section that will execute this migration task, providing compute resources for data transfer operations.\n\nUse cases: Task-instance association; Resource allocation; Migration task execution; Compute resource assignment; DMS task configuration\n\nAWS: AWS DMS replication instance reference for task execution and resource allocation\n\nValidation: Must reference valid replication instance name from replicationInstances section; required for task execution",
3348
+ "description": "Name of the replication instance from the replicationInstances section.",
1357
3349
  "type": "string"
1358
3350
  },
1359
3351
  "replicationTaskSettings": {
@@ -1362,7 +3354,7 @@
1362
3354
  "type": "object"
1363
3355
  },
1364
3356
  "sourceEndpoint": {
1365
- "description": "Q-ENHANCED-PROPERTY\nRequired source endpoint name reference for DMS task data source configuration enabling source database connectivity and data extraction. Specifies the name of the source endpoint from the endpoints section that defines the source database connection for data migration operations.\n\nUse cases: Source database configuration; Data extraction setup; Database connectivity; Migration source definition; Endpoint reference\n\nAWS: AWS DMS source endpoint reference for source database connectivity and data extraction\n\nValidation: Must reference valid source endpoint name from endpoints section; required for source database configuration",
3357
+ "description": "Name of the source endpoint from the endpoints section.",
1366
3358
  "type": "string"
1367
3359
  },
1368
3360
  "tableMappings": {
@@ -1371,7 +3363,7 @@
1371
3363
  "type": "object"
1372
3364
  },
1373
3365
  "targetEndpoint": {
1374
- "description": "Q-ENHANCED-PROPERTY\nRequired target endpoint name reference for DMS task data destination configuration enabling target database connectivity and data loading. Specifies the name of the target endpoint from the endpoints section that defines the destination database connection for data migration operations.\n\nUse cases: Target database configuration; Data loading setup; Database connectivity; Migration destination definition; Endpoint reference\n\nAWS: AWS DMS target endpoint reference for target database connectivity and data loading\n\nValidation: Must reference valid target endpoint name from endpoints section; required for target database configuration",
3366
+ "description": "Name of the target endpoint from the endpoints section.",
1375
3367
  "type": "string"
1376
3368
  },
1377
3369
  "taskData": {
@@ -1389,156 +3381,246 @@
1389
3381
  ],
1390
3382
  "type": "object"
1391
3383
  },
3384
+ "ResourceEnvironment": {
3385
+ "additionalProperties": false,
3386
+ "description": "Represents the environment a given resource lives in.\nUsed as the return value for the `IResource.env` property.",
3387
+ "properties": {
3388
+ "account": {
3389
+ "description": "The AWS account ID that this resource belongs to.\nSince this can be a Token\n(for example, when the account is CloudFormation's AWS::AccountId intrinsic),\nmake sure to use Token.compareStrings()\ninstead of just comparing the values for equality.",
3390
+ "type": "string"
3391
+ },
3392
+ "region": {
3393
+ "description": "The AWS region that this resource belongs to.\nSince this can be a Token\n(for example, when the region is CloudFormation's AWS::Region intrinsic),\nmake sure to use Token.compareStrings()\ninstead of just comparing the values for equality.",
3394
+ "type": "string"
3395
+ }
3396
+ },
3397
+ "required": [
3398
+ "account",
3399
+ "region"
3400
+ ],
3401
+ "type": "object"
3402
+ },
3403
+ "RoleReference": {
3404
+ "additionalProperties": false,
3405
+ "description": "A reference to a Role resource.",
3406
+ "properties": {
3407
+ "roleArn": {
3408
+ "description": "The ARN of the Role resource.",
3409
+ "type": "string"
3410
+ },
3411
+ "roleName": {
3412
+ "description": "The RoleName of the Role resource.",
3413
+ "type": "string"
3414
+ }
3415
+ },
3416
+ "required": [
3417
+ "roleArn",
3418
+ "roleName"
3419
+ ],
3420
+ "type": "object"
3421
+ },
3422
+ "Runtime": {
3423
+ "additionalProperties": false,
3424
+ "description": "Lambda function runtime environment.\n\nIf you need to use a runtime name that doesn't exist as a static member, you\ncan instantiate a `Runtime` object, e.g: `new Runtime('nodejs99.99')`.",
3425
+ "properties": {
3426
+ "bundlingImage": {
3427
+ "$ref": "#/definitions/DockerImage",
3428
+ "description": "The bundling Docker image for this runtime."
3429
+ },
3430
+ "family": {
3431
+ "description": "The runtime family.",
3432
+ "enum": [
3433
+ 0,
3434
+ 1,
3435
+ 2,
3436
+ 3,
3437
+ 4,
3438
+ 5,
3439
+ 6
3440
+ ],
3441
+ "type": "number"
3442
+ },
3443
+ "isVariable": {
3444
+ "description": "Enabled for runtime enums that always target the latest available.",
3445
+ "type": "boolean"
3446
+ },
3447
+ "name": {
3448
+ "description": "The name of this runtime, as expected by the Lambda resource.",
3449
+ "type": "string"
3450
+ },
3451
+ "supportsCodeGuruProfiling": {
3452
+ "description": "Whether this runtime is integrated with and supported for profiling using Amazon CodeGuru Profiler.",
3453
+ "type": "boolean"
3454
+ },
3455
+ "supportsInlineCode": {
3456
+ "description": "Whether the ``ZipFile`` (aka inline code) property can be used with this\nruntime.",
3457
+ "type": "boolean"
3458
+ },
3459
+ "supportsSnapStart": {
3460
+ "description": "Whether this runtime supports snapstart.",
3461
+ "type": "boolean"
3462
+ }
3463
+ },
3464
+ "required": [
3465
+ "bundlingImage",
3466
+ "isVariable",
3467
+ "name",
3468
+ "supportsCodeGuruProfiling",
3469
+ "supportsInlineCode",
3470
+ "supportsSnapStart"
3471
+ ],
3472
+ "type": "object"
3473
+ },
1392
3474
  "S3SettingsProperty": {
1393
3475
  "additionalProperties": false,
1394
- "description": "Q-ENHANCED-INTERFACE\nS3 settings configuration interface for DMS providing data lake integration and file-based migration capabilities. Defines S3-specific properties for Database Migration Service including data format configuration, compression settings, and S3 integration for database-to-data lake migration workflows.\n\nUse cases: Database to data lake migration; S3 data integration; Data format configuration; File-based migration; Data lake workflows; DMS S3 integration\n\nAWS: AWS DMS S3 endpoint configuration with data lake integration and file format management\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
3476
+ "description": "Provides information that defines an Amazon S3 endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For more information about the available settings, see [Extra connection attributes when using Amazon S3 as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.S3.html#CHAP_Source.S3.Configuring) and [Extra connection attributes when using Amazon S3 as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html#CHAP_Target.S3.Configuring) in the *AWS Database Migration Service User Guide* .",
1395
3477
  "properties": {
1396
3478
  "addColumnName": {
1397
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to add column name information to CSV output files for S3 data lake integration. Enables column headers in CSV files when migrating data to S3, improving data usability and self-documentation for data lake consumers with default false value and support for boolean or y/n values.\n\nUse cases: CSV headers; Data documentation; Data lake usability; Self-describing data; CSV format enhancement\n\nAWS: AWS DMS S3 endpoint addColumnName for CSV column header inclusion in data lake files\n\nValidation: Must be boolean, 'y', or 'n' if provided; default false; improves CSV data usability in S3 data lake",
3479
+ "description": "Flag to add column name information to CSV output files for S3 data lake integration",
1398
3480
  "type": "boolean"
1399
3481
  },
1400
3482
  "bucketFolder": {
1401
- "description": "Q-ENHANCED-PROPERTY\nOptional S3 bucket folder name for organizing migrated data with hierarchical structure. Specifies a folder prefix for table organization in S3 bucket, creating path structure as bucketFolder/schema_name/table_name/ instead of default schema_name/table_name/ for better data organization.\n\nUse cases: Data organization; Folder structure; S3 hierarchy; Data lake organization; Path management\n\nAWS: AWS DMS S3 endpoint bucketFolder for hierarchical data organization in S3 bucket structure\n\nValidation: Must be valid S3 folder name if provided; creates bucketFolder/schema_name/table_name/ path structure",
3483
+ "description": "S3 bucket folder name for organizing migrated data with hierarchical structure",
1402
3484
  "type": "string"
1403
3485
  },
1404
3486
  "bucketName": {
1405
- "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for DMS data migration destination in data lake architecture. Specifies the target S3 bucket where migrated database data will be stored, serving as the primary destination for database-to-data lake migration workflows and data storage.\n\nUse cases: Data lake destination; S3 storage; Migration target; Data repository; Database migration endpoint\n\nAWS: AWS S3 bucket name for DMS data migration destination and data lake storage\n\nValidation: Must be valid S3 bucket name; required for S3 endpoint configuration and data migration destination",
3487
+ "description": "S3 bucket name for DMS data migration destination in data lake architecture",
1406
3488
  "type": "string"
1407
3489
  },
1408
3490
  "cannedAclForObjects": {
1409
- "description": "Q-ENHANCED-PROPERTY\nOptional predefined access control list (ACL) for S3 objects created during data migration. Specifies canned ACL for CSV and Parquet files created in S3 bucket, controlling object-level permissions with options including NONE, PRIVATE, PUBLIC_READ, and BUCKET_OWNER_FULL_CONTROL for security management.\n\nUse cases: Access control; S3 permissions; Object security; Data lake security; File permissions\n\nAWS: AWS S3 canned ACL for objects created by DMS during data migration to S3 bucket\n\nValidation: Must be valid S3 canned ACL if provided; default NONE; controls object-level permissions in S3 bucket",
3491
+ "description": "Predefined access control list (ACL) for S3 objects created during data migration",
1410
3492
  "type": "string"
1411
3493
  },
1412
3494
  "cdcInsertsAndUpdates": {
1413
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable CDC INSERT and UPDATE operations capture to S3 files for change tracking. Enables writing INSERT and UPDATE operations to CSV or Parquet files during change data capture, with operation indication controlled by IncludeOpForFullLoad parameter, mutually exclusive with CdcInsertsOnly.\n\nUse cases: Change data capture; INSERT/UPDATE tracking; Data lake CDC; Operation logging; change tracking\n\nAWS: AWS DMS S3 endpoint cdcInsertsAndUpdates for CDC INSERT and UPDATE operations capture\n\nValidation: Must be boolean or 'y' if provided; mutually exclusive with CdcInsertsOnly; requires DMS version 3.3.1+",
3495
+ "description": "Flag to enable CDC INSERT and UPDATE operations capture to S3 files for change tracking",
1414
3496
  "type": "boolean"
1415
3497
  },
1416
3498
  "cdcInsertsOnly": {
1417
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable CDC INSERT-only operations capture to S3 files for insert-focused change tracking. Enables writing only INSERT operations to CSV or Parquet files during change data capture, with operation indication controlled by IncludeOpForFullLoad parameter, mutually exclusive with CdcInsertsAndUpdates.\n\nUse cases: Insert-only CDC; Append-only data lakes; INSERT tracking; Simplified change capture; Insert-focused replication\n\nAWS: AWS DMS S3 endpoint cdcInsertsOnly for CDC INSERT-only operations capture\n\nValidation: Must be boolean or 'y' if provided; mutually exclusive with CdcInsertsAndUpdates; requires DMS version 3.1.4+",
3499
+ "description": "Flag to enable CDC INSERT-only operations capture to S3 files for insert-focused change tracking",
1418
3500
  "type": "boolean"
1419
3501
  },
1420
3502
  "cdcMaxBatchInterval": {
1421
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum batch interval in seconds for CDC file output to S3 for time-based file creation. Specifies the maximum time interval before triggering file output to S3, working with CdcMinFileSize where first condition met triggers write, with default 60 seconds for CDC file management.\n\nUse cases: File timing control; CDC batching; Time-based triggers; File output scheduling; Batch interval management\n\nAWS: AWS DMS S3 endpoint cdcMaxBatchInterval for time-based CDC file output triggering\n\nValidation: Must be positive integer in seconds if provided; default 60; works with CdcMinFileSize for file output triggering",
3503
+ "description": "Maximum batch interval in seconds for CDC file output to S3 for time-based file creation",
1422
3504
  "type": "number"
1423
3505
  },
1424
3506
  "cdcMinFileSize": {
1425
- "description": "Q-ENHANCED-PROPERTY\nOptional minimum file size in kilobytes for CDC file output to S3 for size-based file creation. Specifies the minimum file size before triggering file output to S3, working with CdcMaxBatchInterval where first condition met triggers write, with default 32 MB for CDC file management.\n\nUse cases: File size control; CDC batching; Size-based triggers; File output optimization; Batch size management\n\nAWS: AWS DMS S3 endpoint cdcMinFileSize for size-based CDC file output triggering\n\nValidation: Must be positive integer in KB if provided; default 32 MB; works with CdcMaxBatchInterval for file output triggering",
3507
+ "description": "Minimum file size in kilobytes for CDC file output to S3 for size-based file creation",
1426
3508
  "type": "number"
1427
3509
  },
1428
3510
  "cdcPath": {
1429
- "description": "Q-ENHANCED-PROPERTY\nOptional CDC folder path specification for change data capture file organization in S3. Specifies the folder path for CDC files in S3 bucket, required for S3 sources with CDC and optional for targets, enabling transaction order preservation and organized CDC file storage in data lake architecture.\n\nUse cases: CDC organization; Transaction order; File path management; S3 CDC structure; Change data organization\n\nAWS: AWS DMS S3 endpoint cdcPath for CDC file organization and transaction order preservation\n\nValidation: Must be valid S3 folder path if provided; required for S3 sources with CDC; supports DMS version 3.4.2+",
3511
+ "description": "CDC folder path specification for change data capture file organization in S3",
1430
3512
  "type": "string"
1431
3513
  },
1432
3514
  "compressionType": {
1433
- "description": "Q-ENHANCED-PROPERTY\nOptional compression type for S3 target files to optimize storage and transfer performance. Specifies compression method for CSV and Parquet files with GZIP enabling compression and NONE (default) for uncompressed files, affecting storage costs and data transfer performance in data lake operations.\n\nUse cases: Storage optimization; Compression; Performance tuning; Cost optimization; File size reduction\n\nAWS: AWS DMS S3 endpoint compressionType for target file compression and storage optimization\n\nValidation: Must be GZIP or NONE if provided; default NONE; applies to both CSV and Parquet file formats",
3515
+ "description": "Compression type for S3 target files to optimize storage and transfer performance",
1434
3516
  "type": "string"
1435
3517
  },
1436
3518
  "csvDelimiter": {
1437
- "description": "Q-ENHANCED-PROPERTY\nOptional column delimiter for CSV file format in S3 data lake integration. Specifies the character used to separate columns in CSV files for both source and target operations, with default comma delimiter, affecting CSV file structure and data parsing in data lake workflows.\n\nUse cases: CSV formatting; Column separation; Data parsing; File structure; CSV customization\n\nAWS: AWS DMS S3 endpoint csvDelimiter for CSV column separation and file formatting\n\nValidation: Must be valid delimiter character if provided; default comma; affects CSV file structure and parsing",
3519
+ "description": "Column delimiter for CSV file format in S3 data lake integration",
1438
3520
  "type": "string"
1439
3521
  },
1440
3522
  "csvNoSupValue": {
1441
- "description": "Q-ENHANCED-PROPERTY\nOptional string value for columns not included in supplemental log during CDC CSV operations. Specifies the value to use for columns not in supplemental log when UseCsvNoSupValue is true, with null value used if not specified, affecting CDC data completeness in CSV format.\n\nUse cases: Supplemental log handling; CDC data completeness; Missing column values; CSV CDC operations; Data consistency\n\nAWS: AWS DMS S3 endpoint csvNoSupValue for supplemental log column handling in CDC CSV operations\n\nValidation: Must be valid string value if provided; used when UseCsvNoSupValue is true; supports DMS version 3.4.1+",
3523
+ "description": "String value for columns not included in supplemental log during CDC CSV operations",
1442
3524
  "type": "string"
1443
3525
  },
1444
3526
  "csvNullValue": {
1445
- "description": "Q-ENHANCED-PROPERTY\nOptional null value representation for CSV files in S3 data lake operations. Specifies how DMS treats null values when writing to target, allowing user-defined string as null representation to differentiate between empty strings and null values, with default NULL value for CSV null handling.\n\nUse cases: Null value handling; CSV formatting; Data representation; Empty string differentiation; Target compatibility\n\nAWS: AWS DMS S3 endpoint csvNullValue for null value representation in CSV files\n\nValidation: Must be valid string if provided; default NULL; differentiates empty strings from null values in CSV format",
3527
+ "description": "Null value representation for CSV files in S3 data lake operations",
1446
3528
  "type": "string"
1447
3529
  },
1448
3530
  "csvRowDelimiter": {
1449
- "description": "Q-ENHANCED-PROPERTY\nOptional row delimiter for CSV files in S3 data lake integration. Specifies the character used to separate rows in CSV files for both source and target operations, with default carriage return (\\n), affecting CSV file structure and data parsing in data lake workflows.\n\nUse cases: CSV formatting; Row separation; Data parsing; File structure; CSV customization\n\nAWS: AWS DMS S3 endpoint csvRowDelimiter for CSV row separation and file formatting\n\nValidation: Must be valid delimiter character if provided; default carriage return (\\n); affects CSV file structure and parsing",
3531
+ "description": "Row delimiter for CSV files in S3 data lake integration",
1450
3532
  "type": "string"
1451
3533
  },
1452
3534
  "dataFormat": {
1453
- "description": "Q-ENHANCED-PROPERTY\nOptional data format specification for S3 output files in data lake architecture. Specifies the output file format with CSV for row-based comma-separated values and Parquet for columnar storage with efficient compression and faster query response, affecting data lake performance and storage.\n\nUse cases: Data format selection; Storage optimization; Query performance; Compression efficiency; Data lake architecture\n\nAWS: AWS DMS S3 endpoint dataFormat for output file format selection and data lake optimization\n\nValidation: Must be 'csv' or 'parquet' if provided; affects storage efficiency and query performance in data lake",
3535
+ "description": "Data format specification for S3 output files in data lake architecture",
1454
3536
  "type": "string"
1455
3537
  },
1456
3538
  "dataPageSize": {
1457
- "description": "Q-ENHANCED-PROPERTY\nOptional data page size in bytes for Parquet file format optimization. Specifies the size of one data page for Parquet files with default 1 MiB (1024 * 1024 bytes), affecting Parquet file structure, compression efficiency, and query performance in columnar data lake storage.\n\nUse cases: Parquet optimization; Page size tuning; Compression efficiency; Query performance; Columnar storage optimization\n\nAWS: AWS DMS S3 endpoint dataPageSize for Parquet file page size optimization and performance tuning\n\nValidation: Must be positive integer in bytes if provided; default 1 MiB; applies only to Parquet file format",
3539
+ "description": "Data page size in bytes for Parquet file format optimization",
1458
3540
  "type": "number"
1459
3541
  },
1460
3542
  "datePartitionDelimiter": {
1461
- "description": "Q-ENHANCED-PROPERTY\nOptional date partition delimiter for S3 folder partitioning organization. Specifies the delimiter character used in date-based folder partitioning with default SLASH, used when DatePartitionedEnabled is true for organizing data lake files by transaction commit dates in hierarchical folder structure.\n\nUse cases: Date partitioning; Folder organization; Data lake structure; Time-based organization; Partition delimiter\n\nAWS: AWS DMS S3 endpoint datePartitionDelimiter for date-based folder partitioning organization\n\nValidation: Must be valid delimiter if provided; default SLASH; used when DatePartitionedEnabled is true",
3543
+ "description": "Date partition delimiter for S3 folder partitioning organization",
1462
3544
  "type": "string"
1463
3545
  },
1464
3546
  "datePartitionEnabled": {
1465
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable date-based folder partitioning for S3 bucket organization. Enables partitioning S3 bucket folders based on transaction commit dates with default false, providing time-based data organization for improved data lake query performance and data management.\n\nUse cases: Date-based partitioning; Data organization; Query optimization; Time-based structure; Data lake management\n\nAWS: AWS DMS S3 endpoint datePartitionEnabled for date-based folder partitioning and data organization\n\nValidation: Must be boolean if provided; default false; enables date-based folder partitioning for data lake organization",
3547
+ "description": "Flag to enable date-based folder partitioning for S3 bucket organization",
1466
3548
  "type": "boolean"
1467
3549
  },
1468
3550
  "datePartitionSequence": {
1469
- "description": "Q-ENHANCED-PROPERTY\nOptional date format sequence for folder partitioning organization in S3 data lake. Specifies the date format sequence for folder partitioning with default YYYYMMDD, used when DatePartitionedEnabled is true for consistent date-based folder naming and organization.\n\nUse cases: Date format specification; Folder naming; Partition sequence; Date organization; Consistent naming\n\nAWS: AWS DMS S3 endpoint datePartitionSequence for date format specification in folder partitioning\n\nValidation: Must be valid date format if provided; default YYYYMMDD; used when DatePartitionedEnabled is true",
3551
+ "description": "Date format sequence for folder partitioning organization in S3 data lake",
1470
3552
  "type": "string"
1471
3553
  },
1472
3554
  "datePartitionTimezone": {
1473
- "description": "Q-ENHANCED-PROPERTY\nOptional time zone specification for date partition folder creation and CDC file naming. Converts UTC time to specified time zone when creating date partition folders and CDC file names, using Area/Location format when DatePartitionedEnabled is true for consistent time zone handling.\n\nUse cases: Time zone conversion; Date partition timing; CDC file naming; Time zone consistency; Global data management\n\nAWS: AWS DMS S3 endpoint datePartitionTimezone for time zone conversion in date partitioning\n\nValidation: Must be valid Area/Location time zone format if provided; used when DatePartitionedEnabled is true",
3555
+ "description": "Time zone specification for date partition folder creation and CDC file naming",
1474
3556
  "type": "string"
1475
3557
  },
1476
3558
  "dictPageSizeLimit": {
1477
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum dictionary page size limit for Parquet column encoding optimization. Specifies the maximum size of encoded dictionary page for columns with default 1 MiB, reverting to PLAIN encoding when exceeded, affecting Parquet compression efficiency and query performance in columnar data lake storage.\n\nUse cases: Parquet optimization; Dictionary encoding; Compression efficiency; Column storage optimization; Encoding performance\n\nAWS: AWS DMS S3 endpoint dictPageSizeLimit for Parquet dictionary page size optimization and encoding control\n\nValidation: Must be positive integer in bytes if provided; default 1 MiB; applies only to Parquet file format",
3559
+ "description": "Maximum dictionary page size limit for Parquet column encoding optimization",
1478
3560
  "type": "number"
1479
3561
  },
1480
3562
  "enableStatistics": {
1481
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable statistics collection for Parquet pages and row groups for query optimization. Enables collection of NULL, DISTINCT, MAX, and MIN statistics with default true, improving query performance and data analysis capabilities in Parquet columnar data lake storage.\n\nUse cases: Query optimization; Statistics collection; Parquet performance; Data analysis; Query planning\n\nAWS: AWS DMS S3 endpoint enableStatistics for Parquet statistics collection and query optimization\n\nValidation: Must be boolean if provided; default true; applies only to Parquet file format; improves query performance",
3563
+ "description": "Flag to enable statistics collection for Parquet pages and row groups for query optimization",
1482
3564
  "type": "boolean"
1483
3565
  },
1484
3566
  "encodingType": {
1485
- "description": "Q-ENHANCED-PROPERTY\nOptional encoding type specification for Parquet file compression and storage optimization. Specifies encoding method with RLE_DICTIONARY (default) for efficient repeated value storage, PLAIN for no encoding, and PLAIN_DICTIONARY for column-specific dictionary encoding, affecting compression and performance.\n\nUse cases: Compression optimization; Encoding selection; Storage efficiency; Parquet performance; Data compression\n\nAWS: AWS DMS S3 endpoint encodingType for Parquet encoding method selection and compression optimization\n\nValidation: Must be RLE_DICTIONARY, PLAIN, or PLAIN_DICTIONARY if provided; default RLE_DICTIONARY; affects Parquet compression",
3567
+ "description": "Encoding type specification for Parquet file compression and storage optimization",
1486
3568
  "type": "string"
1487
3569
  },
1488
3570
  "externalTableDefinition": {
1489
- "description": "Q-ENHANCED-PROPERTY\nOptional external table definition for S3 source configuration in data lake integration. Specifies the table definition when using S3 as source, required for S3 source endpoints to define table structure and schema for data processing and migration operations.\n\nUse cases: S3 source configuration; Table definition; Schema specification; Data structure; Source table mapping\n\nAWS: AWS DMS S3 endpoint externalTableDefinition for S3 source table structure and schema definition\n\nValidation: Must be valid table definition if provided; required when S3 is used as source; defines table structure and schema",
3571
+ "description": "External table definition for S3 source configuration in data lake integration",
1490
3572
  "type": "string"
1491
3573
  },
1492
3574
  "ignoreHeaderRows": {
1493
- "description": "Q-ENHANCED-PROPERTY\nOptional number of header rows to ignore in CSV files for S3 source processing. Specifies whether to ignore the first row header in CSV files with 1 enabling the feature and 0 (default) disabling it, affecting CSV file parsing and data processing in S3 source operations.\n\nUse cases: CSV header handling; File parsing; Data processing; Header row management; CSV source configuration\n\nAWS: AWS DMS S3 endpoint ignoreHeaderRows for CSV header row handling in S3 source processing\n\nValidation: Must be 0 or 1 if provided; default 0; controls CSV header row processing in S3 source operations",
3575
+ "description": "Number of header rows to ignore in CSV files for S3 source processing",
1494
3576
  "type": "number"
1495
3577
  },
1496
3578
  "includeOpForFullLoad": {
1497
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to include INSERT operation indicators in full load CSV output for consistency with CDC operations. Enables recording INSERT operations as 'I' annotation in first field of CSV files during full load, providing consistency with CDC load format and operation tracking.\n\nUse cases: Operation tracking; Full load consistency; CDC compatibility; INSERT indication; Data lineage\n\nAWS: AWS DMS S3 endpoint includeOpForFullLoad for INSERT operation indication in full load CSV output\n\nValidation: Must be boolean or 'y' if provided; requires DMS version 3.1.4+; works with CdcInsertsOnly and CdcInsertsAndUpdates",
3579
+ "description": "Flag to include INSERT operation indicators in full load CSV output for consistency with CDC operations",
1498
3580
  "type": "boolean"
1499
3581
  },
1500
3582
  "maxFileSize": {
1501
- "description": "Q-ENHANCED-PROPERTY\nOptional maximum CSV file size in KB for S3 target during full load migration operations. Specifies the maximum size limit for CSV files created during full load migration with default 1 GB (1,048,576 KB), controlling file size and affecting data lake file organization and performance.\n\nUse cases: File size control; Full load optimization; Storage management; File organization; Performance tuning\n\nAWS: AWS DMS S3 endpoint maxFileSize for CSV file size limits during full load migration\n\nValidation: Must be integer between 1-1,048,576 KB if provided; default 1 GB; controls CSV file size during full load",
3583
+ "description": "Maximum CSV file size in KB for S3 target during full load migration operations",
1502
3584
  "type": "number"
1503
3585
  },
1504
3586
  "parquetTimestampInMillisecond": {
1505
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to set TIMESTAMP column precision to milliseconds in Parquet files for Athena and Glue compatibility. Enables millisecond precision for TIMESTAMP columns in Parquet format instead of microsecond precision, ensuring compatibility with Amazon Athena and AWS Glue query engines that handle only millisecond precision.\n\nUse cases: Athena compatibility; Glue integration; Timestamp precision; Parquet optimization; Query engine compatibility\n\nAWS: AWS DMS S3 endpoint parquetTimestampInMillisecond for TIMESTAMP precision in Parquet files\n\nValidation: Must be boolean or 'y' if provided; requires DMS version 3.1.4+; applies only to Parquet format; CSV always uses microsecond",
3587
+ "description": "Flag to set TIMESTAMP column precision to milliseconds in Parquet files for Athena and Glue compatibility",
1506
3588
  "type": "boolean"
1507
3589
  },
1508
3590
  "parquetVersion": {
1509
- "description": "Q-ENHANCED-PROPERTY\nOptional Apache Parquet format version specification for S3 data lake columnar storage. Specifies the Parquet format version with parquet_1_0 (default) or parquet_2_0 options, affecting file compatibility, features, and performance characteristics in columnar data lake storage operations.\n\nUse cases: Parquet version selection; Format compatibility; Feature availability; Performance optimization; Columnar storage\n\nAWS: AWS DMS S3 endpoint parquetVersion for Apache Parquet format version specification\n\nValidation: Must be 'parquet_1_0' or 'parquet_2_0' if provided; default parquet_1_0; affects Parquet file compatibility and features",
3591
+ "description": "Apache Parquet format version specification for S3 data lake columnar storage",
1510
3592
  "type": "string"
1511
3593
  },
1512
3594
  "preserveTransactions": {
1513
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to preserve transaction order for CDC loads in S3 target for data consistency. Enables saving transaction order for change data capture loads on S3 target specified by CdcPath, ensuring transactional consistency and proper ordering in data lake CDC operations.\n\nUse cases: Transaction consistency; CDC ordering; Data integrity; Transaction preservation; Change data consistency\n\nAWS: AWS DMS S3 endpoint preserveTransactions for CDC transaction order preservation in S3 target\n\nValidation: Must be boolean if provided; requires CdcPath setting; supports DMS version 3.4.2+; ensures transaction order consistency",
3595
+ "description": "Flag to preserve transaction order for CDC loads in S3 target for data consistency",
1514
3596
  "type": "boolean"
1515
3597
  },
1516
3598
  "rfc4180": {
1517
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable RFC 4180 compliance for CSV quotation mark handling in S3 operations. Controls quotation mark behavior with true (default) requiring paired quotation marks and proper escaping, and false allowing delimiters within strings, affecting CSV parsing and data integrity.\n\nUse cases: CSV compliance; Quotation handling; RFC 4180 standard; Data parsing; CSV formatting\n\nAWS: AWS DMS S3 endpoint rfc4180 for CSV quotation mark handling and RFC 4180 compliance\n\nValidation: Must be boolean, 'y', or 'n' if provided; default true; affects CSV quotation mark handling and delimiter behavior",
3599
+ "description": "Flag to enable RFC 4180 compliance for CSV quotation mark handling in S3 operations",
1518
3600
  "type": "boolean"
1519
3601
  },
1520
3602
  "rowGroupLength": {
1521
- "description": "Q-ENHANCED-PROPERTY\nOptional number of rows in Parquet row group for read/write performance optimization. Specifies row group size with default 10,000 rows, balancing faster reads (smaller groups) against slower writes (more groups), with maximum 64MB limit for Parquet file performance tuning.\n\nUse cases: Parquet optimization; Read performance; Write performance; Row group tuning; Columnar storage optimization\n\nAWS: AWS DMS S3 endpoint rowGroupLength for Parquet row group size optimization and performance tuning\n\nValidation: Must be positive integer if provided; default 10,000; maximum 64MB (64*1024*1024 bytes); applies only to Parquet format",
3603
+ "description": "Number of rows in Parquet row group for read/write performance optimization",
1522
3604
  "type": "number"
1523
3605
  },
1524
3606
  "serverSideEncryptionKmsKeyId": {
1525
- "description": "Q-ENHANCED-PROPERTY\nRequired KMS key ID for server-side encryption when using SSE_KMS encryption mode for S3 data lake security. Specifies the AWS KMS key for encrypting S3 objects, requiring attached policy enabling IAM user permissions and key usage for secure data lake storage and compliance.\n\nUse cases: Data encryption; KMS integration; S3 security; Compliance requirements; Data protection\n\nAWS: AWS KMS key ID for S3 server-side encryption with customer-managed keys\n\nValidation: Must be valid KMS key ID; required when EncryptionMode is SSE_KMS; requires proper IAM permissions and key policy",
3607
+ "description": "KMS key ID for server-side encryption when using SSE_KMS encryption mode for S3 data lake security",
1526
3608
  "type": "string"
1527
3609
  },
1528
3610
  "serviceAccessRoleArn": {
1529
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS service access to S3 bucket operations for data lake integration. Specifies the service role enabling DMS to read and write S3 objects, requiring iam:PassRole action for secure S3 bucket access and data migration operations.\n\nUse cases: Service access; IAM role configuration; S3 permissions; Secure access; Data migration authorization\n\nAWS: AWS IAM role ARN for DMS service access to S3 bucket operations and data lake integration\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action; enables S3 read/write operations",
3611
+ "description": "IAM role ARN for DMS service access to S3 bucket operations for data lake integration",
1530
3612
  "type": "string"
1531
3613
  },
1532
3614
  "timestampColumnName": {
1533
- "description": "Q-ENHANCED-PROPERTY\nOptional timestamp column name for adding migration timing information to S3 data lake files. Adds STRING column with timestamp information to CSV or Parquet files, containing transfer timestamps for full load and commit timestamps for CDC, with microsecond precision format yyyy-MM-dd HH:mm:ss.SSSSSS.\n\nUse cases: Data lineage; Migration tracking; Timestamp information; Data auditing; Change tracking\n\nAWS: AWS DMS S3 endpoint timestampColumnName for migration timestamp tracking in data lake files\n\nValidation: Must be valid column name if provided; requires DMS version 3.1.4+; adds timestamp column to output files",
3615
+ "description": "Timestamp column name for adding migration timing information to S3 data lake files",
1534
3616
  "type": "string"
1535
3617
  },
1536
3618
  "useCsvNoSupValue": {
1537
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to use CsvNoSupValue for columns not in supplemental log during CDC CSV operations. Controls handling of columns not included in supplemental log with true using CsvNoSupValue and false using null value, affecting CDC data completeness in CSV format operations.\n\nUse cases: Supplemental log handling; CDC data completeness; Missing column values; CSV CDC operations; Data consistency\n\nAWS: AWS DMS S3 endpoint useCsvNoSupValue for supplemental log column handling in CDC CSV operations\n\nValidation: Must be boolean if provided; works with CsvNoSupValue setting; applies only to CDC loads in CSV format",
3619
+ "description": "Flag to use CsvNoSupValue for columns not in supplemental log during CDC CSV operations",
1538
3620
  "type": "boolean"
1539
3621
  },
1540
3622
  "useTaskStartTimeForFullLoadTimestamp": {
1541
- "description": "Q-ENHANCED-PROPERTY\nOptional flag to use task start time for full load timestamp column instead of data arrival time. Controls timestamp behavior with true using task start time for full load and transaction commit time for CDC, and false using incremental data arrival time for full load operations.\n\nUse cases: Timestamp consistency; Task timing; Full load timing; Timestamp behavior; Data lineage\n\nAWS: AWS DMS S3 endpoint useTaskStartTimeForFullLoadTimestamp for timestamp column behavior control\n\nValidation: Must be boolean if provided; affects timestamp column behavior for full load operations; CDC always uses commit time",
3623
+ "description": "Flag to use task start time for full load timestamp column instead of data arrival time",
1542
3624
  "type": "boolean"
1543
3625
  }
1544
3626
  },
@@ -1548,20 +3630,226 @@
1548
3630
  ],
1549
3631
  "type": "object"
1550
3632
  },
3633
+ "SecurityGroupReference": {
3634
+ "additionalProperties": false,
3635
+ "description": "A reference to a SecurityGroup resource.",
3636
+ "properties": {
3637
+ "securityGroupId": {
3638
+ "description": "The Id of the SecurityGroup resource.",
3639
+ "type": "string"
3640
+ }
3641
+ },
3642
+ "required": [
3643
+ "securityGroupId"
3644
+ ],
3645
+ "type": "object"
3646
+ },
3647
+ "Stack": {
3648
+ "additionalProperties": false,
3649
+ "description": "A root construct which represents a single CloudFormation stack.",
3650
+ "properties": {
3651
+ "_crossRegionReferences": {
3652
+ "description": "Whether cross region references are enabled for this stack",
3653
+ "type": "boolean"
3654
+ },
3655
+ "_logicalIds": {
3656
+ "description": "Logical ID generation strategy"
3657
+ },
3658
+ "_missingContext": {
3659
+ "description": "Lists all missing contextual information.\nThis is returned when the stack is synthesized under the 'missing' attribute\nand allows tooling to obtain the context and re-synthesize."
3660
+ },
3661
+ "_notificationArns": {
3662
+ "description": "SNS Notification ARNs to receive stack events.",
3663
+ "items": {
3664
+ "type": "string"
3665
+ },
3666
+ "type": "array"
3667
+ },
3668
+ "_stackDependencies": {
3669
+ "description": "Other stacks this stack depends on"
3670
+ },
3671
+ "_stackName": {},
3672
+ "_suppressTemplateIndentation": {
3673
+ "default": "- the value of `@aws-cdk/core:suppressTemplateIndentation`, or `false` if that is not set.",
3674
+ "description": "Enable this flag to suppress indentation in generated\nCloudFormation templates.\n\nIf not specified, the value of the `@aws-cdk/core:suppressTemplateIndentation`\ncontext key will be used. If that is not specified, then the\ndefault value `false` will be used."
3675
+ },
3676
+ "_terminationProtection": {},
3677
+ "_versionReportingEnabled": {
3678
+ "description": "Whether version reporting is enabled for this stack\n\nControls whether the CDK Metadata resource is injected",
3679
+ "type": "boolean"
3680
+ },
3681
+ "account": {
3682
+ "description": "The AWS account into which this stack will be deployed.\n\nThis value is resolved according to the following rules:\n\n1. The value provided to `env.account` when the stack is defined. This can\n either be a concrete account (e.g. `585695031111`) or the\n `Aws.ACCOUNT_ID` token.\n3. `Aws.ACCOUNT_ID`, which represents the CloudFormation intrinsic reference\n `{ \"Ref\": \"AWS::AccountId\" }` encoded as a string token.\n\nPreferably, you should use the return value as an opaque string and not\nattempt to parse it to implement your logic. If you do, you must first\ncheck that it is a concrete value an not an unresolved token. If this\nvalue is an unresolved token (`Token.isUnresolved(stack.account)` returns\n`true`), this implies that the user wishes that this stack will synthesize\ninto an **account-agnostic template**. In this case, your code should either\nfail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or\nimplement some other account-agnostic behavior.",
3683
+ "type": "string"
3684
+ },
3685
+ "addPermissionsBoundaryAspect": {
3686
+ "description": "Adds an aspect to the stack that will apply the permissions boundary.\nThis will only add the aspect if the permissions boundary has been set"
3687
+ },
3688
+ "artifactId": {
3689
+ "description": "The ID of the cloud assembly artifact for this stack.",
3690
+ "type": "string"
3691
+ },
3692
+ "availabilityZones": {
3693
+ "description": "Returns the list of AZs that are available in the AWS environment\n(account/region) associated with this stack.\n\nIf the stack is environment-agnostic (either account and/or region are\ntokens), this property will return an array with 2 tokens that will resolve\nat deploy-time to the first two availability zones returned from CloudFormation's\n`Fn::GetAZs` intrinsic function.\n\nIf they are not available in the context, returns a set of dummy values and\nreports them as missing, and let the CLI resolve them by calling EC2\n`DescribeAvailabilityZones` on the target environment.\n\nTo specify a different strategy for selecting availability zones override this method.",
3694
+ "items": {
3695
+ "type": "string"
3696
+ },
3697
+ "type": "array"
3698
+ },
3699
+ "bundlingRequired": {
3700
+ "description": "Indicates whether the stack requires bundling or not",
3701
+ "type": "boolean"
3702
+ },
3703
+ "dependencies": {
3704
+ "description": "Return the stacks this stack depends on",
3705
+ "items": {
3706
+ "$ref": "#/definitions/Stack"
3707
+ },
3708
+ "type": "array"
3709
+ },
3710
+ "environment": {
3711
+ "description": "The environment coordinates in which this stack is deployed. In the form\n`aws://account/region`. Use `stack.account` and `stack.region` to obtain\nthe specific values, no need to parse.\n\nYou can use this value to determine if two stacks are targeting the same\nenvironment.\n\nIf either `stack.account` or `stack.region` are not concrete values (e.g.\n`Aws.ACCOUNT_ID` or `Aws.REGION`) the special strings `unknown-account` and/or\n`unknown-region` will be used respectively to indicate this stack is\nregion/account-agnostic.",
3712
+ "type": "string"
3713
+ },
3714
+ "generateStackArtifactId": {
3715
+ "description": "The artifact ID for this stack\n\nStack artifact ID is unique within the App's Cloud Assembly."
3716
+ },
3717
+ "generateStackId": {
3718
+ "description": "Generate an ID with respect to the given container construct."
3719
+ },
3720
+ "generateStackName": {
3721
+ "description": "Calculate the stack name based on the construct path\n\nThe stack name is the name under which we'll deploy the stack,\nand incorporates containing Stage names by default.\n\nGenerally this looks a lot like how logical IDs are calculated.\nThe stack name is calculated based on the construct root path,\nas follows:\n\n- Path is calculated with respect to containing App or Stage (if any)\n- If the path is one component long just use that component, otherwise\n combine them with a hash.\n\nSince the hash is quite ugly and we'd like to avoid it if possible -- but\nwe can't anymore in the general case since it has been written into legacy\nstacks. The introduction of Stages makes it possible to make this nicer however.\nWhen a Stack is nested inside a Stage, we use the path components below the\nStage, and prefix the path components of the Stage before it."
3722
+ },
3723
+ "maxResources": {
3724
+ "description": "Maximum number of resources in the stack\n\nSet to 0 to mean \"unlimited\"."
3725
+ },
3726
+ "nested": {
3727
+ "description": "Indicates if this is a nested stack, in which case `parentStack` will include a reference to it's parent.",
3728
+ "type": "boolean"
3729
+ },
3730
+ "nestedStackParent": {
3731
+ "$ref": "#/definitions/Stack",
3732
+ "description": "If this is a nested stack, returns it's parent stack."
3733
+ },
3734
+ "nestedStackResource": {
3735
+ "$ref": "#/definitions/CfnResource",
3736
+ "description": "If this is a nested stack, this represents its `AWS::CloudFormation::Stack`\nresource. `undefined` for top-level (non-nested) stacks."
3737
+ },
3738
+ "node": {
3739
+ "$ref": "#/definitions/Node",
3740
+ "description": "The tree node."
3741
+ },
3742
+ "notificationArns": {
3743
+ "description": "Returns the list of notification Amazon Resource Names (ARNs) for the current stack.",
3744
+ "items": {
3745
+ "type": "string"
3746
+ },
3747
+ "type": "array"
3748
+ },
3749
+ "parseEnvironment": {
3750
+ "description": "Determine the various stack environment attributes."
3751
+ },
3752
+ "partition": {
3753
+ "description": "The partition in which this stack is defined",
3754
+ "type": "string"
3755
+ },
3756
+ "permissionsBoundaryArn": {
3757
+ "description": "If a permissions boundary has been applied on this scope or any parent scope\nthen this will return the ARN of the permissions boundary.\n\nThis will return the permissions boundary that has been applied to the most\nspecific scope.\n\nFor example:\n\nconst stage = new Stage(app, 'stage', {\n permissionsBoundary: PermissionsBoundary.fromName('stage-pb'),\n});\n\nconst stack = new Stack(stage, 'Stack', {\n permissionsBoundary: PermissionsBoundary.fromName('some-other-pb'),\n});\n\n Stack.permissionsBoundaryArn === 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/some-other-pb';"
3758
+ },
3759
+ "region": {
3760
+ "description": "The AWS region into which this stack will be deployed (e.g. `us-west-2`).\n\nThis value is resolved according to the following rules:\n\n1. The value provided to `env.region` when the stack is defined. This can\n either be a concrete region (e.g. `us-west-2`) or the `Aws.REGION`\n token.\n3. `Aws.REGION`, which is represents the CloudFormation intrinsic reference\n `{ \"Ref\": \"AWS::Region\" }` encoded as a string token.\n\nPreferably, you should use the return value as an opaque string and not\nattempt to parse it to implement your logic. If you do, you must first\ncheck that it is a concrete value an not an unresolved token. If this\nvalue is an unresolved token (`Token.isUnresolved(stack.region)` returns\n`true`), this implies that the user wishes that this stack will synthesize\ninto a **region-agnostic template**. In this case, your code should either\nfail (throw an error, emit a synth error using `Annotations.of(construct).addError()`) or\nimplement some other region-agnostic behavior.",
3761
+ "type": "string"
3762
+ },
3763
+ "resolveExportedValue": {},
3764
+ "stackDependencyReasons": {
3765
+ "description": "Check whether this stack has a (transitive) dependency on another stack\n\nReturns the list of reasons on the dependency path, or undefined\nif there is no dependency."
3766
+ },
3767
+ "stackId": {
3768
+ "description": "The ID of the stack",
3769
+ "type": "string"
3770
+ },
3771
+ "stackName": {
3772
+ "description": "The concrete CloudFormation physical stack name.\n\nThis is either the name defined explicitly in the `stackName` prop or\nallocated based on the stack's location in the construct tree. Stacks that\nare directly defined under the app use their construct `id` as their stack\nname. Stacks that are defined deeper within the tree will use a hashed naming\nscheme based on the construct path to ensure uniqueness.\n\nIf you wish to obtain the deploy-time AWS::StackName intrinsic,\nyou can use `Aws.STACK_NAME` directly.",
3773
+ "type": "string"
3774
+ },
3775
+ "synthesizer": {
3776
+ "$ref": "#/definitions/IStackSynthesizer",
3777
+ "description": "Synthesis method for this stack"
3778
+ },
3779
+ "tags": {
3780
+ "$ref": "#/definitions/TagManager",
3781
+ "description": "Tags to be applied to the stack."
3782
+ },
3783
+ "templateFile": {
3784
+ "description": "The name of the CloudFormation template file emitted to the output\ndirectory during synthesis.\n\nExample value: `MyStack.template.json`",
3785
+ "type": "string"
3786
+ },
3787
+ "templateOptions": {
3788
+ "$ref": "#/definitions/ITemplateOptions",
3789
+ "description": "Options for CloudFormation template (like version, transform, description)."
3790
+ },
3791
+ "terminationProtection": {
3792
+ "description": "Whether termination protection is enabled for this stack.",
3793
+ "type": "boolean"
3794
+ },
3795
+ "urlSuffix": {
3796
+ "description": "The Amazon domain suffix for the region in which this stack is defined",
3797
+ "type": "string"
3798
+ }
3799
+ },
3800
+ "required": [
3801
+ "_crossRegionReferences",
3802
+ "_logicalIds",
3803
+ "_missingContext",
3804
+ "_stackDependencies",
3805
+ "_stackName",
3806
+ "_suppressTemplateIndentation",
3807
+ "_terminationProtection",
3808
+ "_versionReportingEnabled",
3809
+ "account",
3810
+ "addPermissionsBoundaryAspect",
3811
+ "artifactId",
3812
+ "availabilityZones",
3813
+ "bundlingRequired",
3814
+ "dependencies",
3815
+ "environment",
3816
+ "generateStackArtifactId",
3817
+ "generateStackId",
3818
+ "generateStackName",
3819
+ "maxResources",
3820
+ "nested",
3821
+ "node",
3822
+ "notificationArns",
3823
+ "parseEnvironment",
3824
+ "partition",
3825
+ "permissionsBoundaryArn",
3826
+ "region",
3827
+ "resolveExportedValue",
3828
+ "stackDependencyReasons",
3829
+ "stackId",
3830
+ "stackName",
3831
+ "synthesizer",
3832
+ "tags",
3833
+ "templateFile",
3834
+ "templateOptions",
3835
+ "terminationProtection",
3836
+ "urlSuffix"
3837
+ ],
3838
+ "type": "object"
3839
+ },
1551
3840
  "SybaseSettingsProperty": {
1552
3841
  "additionalProperties": false,
1553
- "description": "Q-ENHANCED-INTERFACE\nSybase database settings configuration interface for DMS endpoint with secure credential management and IAM role-based access. Defines Sybase-specific properties for Database Migration Service including Secrets Manager integration for secure credential storage and IAM role configuration for accessing SAP ASE endpoints.\n\nUse cases: Sybase database migration; SAP ASE connectivity; Secure credential management; Enterprise database integration\n\nAWS: AWS DMS Sybase endpoint configuration with Secrets Manager integration and IAM role-based security\n\nValidation: Must include valid Secrets Manager secret ARN; IAM role must have appropriate DMS and Secrets Manager permissions",
3842
+ "description": "Provides information that defines a SAP ASE endpoint. Modified from the equivalent L1 Construct to prevent use of plaintext credentials and enforce use of KMS encryption.\nThis information includes the output format of records applied to the endpoint and details of transaction and control table data information. For information about other available settings, see [Extra connection attributes when using SAP ASE as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SAP.html#CHAP_Source.SAP.ConnectionAttrib) and [Extra connection attributes when using SAP ASE as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.SAP.html#CHAP_Target.SAP.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .",
1554
3843
  "properties": {
1555
3844
  "secretsManagerAccessRoleArn": {
1556
- "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS to access Secrets Manager secret containing Sybase endpoint credentials enabling secure credential management. Defines the IAM role that DMS assumes to retrieve database credentials from Secrets Manager for SAP ASE endpoint connectivity with role-based security.\n\nUse cases: Secure credential access; IAM role-based security; Secrets Manager integration; DMS authentication\n\nAWS: DMS Sybase endpoint secretsManagerAccessRoleArn setting for IAM role-based credential access\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole and Secrets Manager access permissions\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-sybasesettings.html#cfn-dms-endpoint-sybasesettings-secretsmanageraccessrolearn",
3845
+ "description": "IAM role ARN for DMS to access Secrets Manager secret containing Sybase endpoint",
1557
3846
  "type": "string"
1558
3847
  },
1559
3848
  "secretsManagerSecretArn": {
1560
- "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing Sybase endpoint connection details enabling secure credential storage for SAP ASE database connectivity. Defines the AWS Secrets Manager secret that stores database connection credentials including username, password, and connection parameters for Sybase endpoint access.\n\nUse cases: Secure credential storage; SAP ASE connectivity; Database authentication; Secrets management\n\nAWS: DMS Sybase endpoint secretsManagerSecretId setting for Secrets Manager secret reference\n\nValidation: Must be valid Secrets Manager secret ARN; secret must contain valid Sybase connection credentials\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-sybasesettings.html#cfn-dms-endpoint-sybasesettings-secretsmanagersecretid",
1561
3849
  "type": "string"
1562
3850
  },
1563
3851
  "secretsManagerSecretKMSArn": {
1564
- "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Secrets Manager secret containing Sybase credentials enabling enhanced security for database connection details. Defines the KMS key used to encrypt the Secrets Manager secret that stores Sybase endpoint credentials for additional security layer.\n\nUse cases: Credential encryption; Enhanced security; KMS integration; Secrets Manager encryption\n\nAWS: DMS Sybase endpoint secretsManagerSecretKMSArn setting for KMS encryption of credentials\n\nValidation: Must be valid KMS key ARN if provided; enables encryption of Secrets Manager secret containing credentials",
3852
+ "description": "KMS key ARN for encrypting Secrets Manager secret containing Sybase credentials enabling",
1565
3853
  "type": "string"
1566
3854
  }
1567
3855
  },
@@ -1569,39 +3857,275 @@
1569
3857
  "secretsManagerSecretArn"
1570
3858
  ],
1571
3859
  "type": "object"
3860
+ },
3861
+ "TagManager": {
3862
+ "additionalProperties": false,
3863
+ "description": "TagManager facilitates a common implementation of tagging for Constructs\n\nNormally, you do not need to use this class, as the CloudFormation specification\nwill indicate which resources are taggable. However, sometimes you will need this\nto make custom resources taggable. Used `tagManager.renderedTags` to obtain a\nvalue that will resolve to the tags at synthesis time.",
3864
+ "properties": {
3865
+ "_setTag": {},
3866
+ "didHaveInitialTags": {},
3867
+ "dynamicTags": {},
3868
+ "externalTagPriority": {},
3869
+ "parseExternalTags": {
3870
+ "description": "Parse external tags.\n\nSet the parseable ones into this tag manager. Save the rest (tokens, lazies) in `this.dynamicTags`."
3871
+ },
3872
+ "priorities": {},
3873
+ "renderedTags": {
3874
+ "$ref": "#/definitions/IResolvable",
3875
+ "description": "A lazy value that represents the rendered tags at synthesis time\n\nIf you need to make a custom construct taggable, use the value of this\nproperty to pass to the `tags` property of the underlying construct."
3876
+ },
3877
+ "resourceTypeName": {},
3878
+ "sortedTags": {},
3879
+ "tagFormatter": {},
3880
+ "tagPropertyName": {
3881
+ "description": "The property name for tag values\n\nNormally this is `tags` but some resources choose a different name. Cognito\nUserPool uses UserPoolTags",
3882
+ "type": "string"
3883
+ },
3884
+ "tags": {}
3885
+ },
3886
+ "required": [
3887
+ "_setTag",
3888
+ "didHaveInitialTags",
3889
+ "externalTagPriority",
3890
+ "parseExternalTags",
3891
+ "priorities",
3892
+ "renderedTags",
3893
+ "resourceTypeName",
3894
+ "sortedTags",
3895
+ "tagFormatter",
3896
+ "tagPropertyName",
3897
+ "tags"
3898
+ ],
3899
+ "type": "object"
3900
+ },
3901
+ "Version": {
3902
+ "additionalProperties": false,
3903
+ "description": "Tag the current state of a Function with a Version number\n\nAvoid using this resource directly. If you need a Version object, use\n`function.currentVersion` instead. That will add a Version object to your\ntemplate, and make sure the Version is invalidated whenever the Function\nobject changes. If you use the `Version` resource directly, you are\nresponsible for making sure it is invalidated (by changing its\nlogical ID) whenever necessary.\n\nVersion resources can then be used in `Alias` resources to refer to a\nparticular deployment of a Lambda.\n\nIf you want to ensure that you're associating the right version with\nthe right deployment, specify the `codeSha256` property while\ncreating the `Version.",
3904
+ "properties": {
3905
+ "_allowCrossEnvironment": {},
3906
+ "_connections": {
3907
+ "$ref": "#/definitions/Connections",
3908
+ "description": "Actual connections object for this Lambda\n\nMay be unset, in which case this Lambda is not configured use in a VPC."
3909
+ },
3910
+ "_functionUrlInvocationGrants": {
3911
+ "$ref": "#/definitions/Record%3Cstring%2CGrant%3E",
3912
+ "description": "Mapping of function URL invocation principals to grants. Used to de-dupe `grantInvokeUrl()` calls."
3913
+ },
3914
+ "_hasAddedArrayTokenStatements": {
3915
+ "description": "Track whether we've added statements with array token resources to the role's default policy"
3916
+ },
3917
+ "_hasAddedLiteralStatements": {
3918
+ "description": "Track whether we've added statements with literal resources to the role's default policy"
3919
+ },
3920
+ "_invocationGrants": {
3921
+ "$ref": "#/definitions/Record%3Cstring%2CGrant%3E",
3922
+ "description": "Mapping of invocation principals to grants. Used to de-dupe `grantInvoke()` calls."
3923
+ },
3924
+ "_latestVersion": {},
3925
+ "_physicalName": {},
3926
+ "_policyCounter": {
3927
+ "description": "The number of permissions added to this function"
3928
+ },
3929
+ "_skipPermissions": {
3930
+ "description": "Whether the user decides to skip adding permissions.\nThe only use case is for cross-account, imported lambdas\nwhere the user commits to modifying the permisssions\non the imported lambda outside CDK.",
3931
+ "type": "boolean"
3932
+ },
3933
+ "_warnIfCurrentVersionCalled": {
3934
+ "description": "Flag to delay adding a warning message until current version is invoked.",
3935
+ "type": "boolean"
3936
+ },
3937
+ "architecture": {
3938
+ "$ref": "#/definitions/Architecture",
3939
+ "description": "The architecture of this Lambda Function."
3940
+ },
3941
+ "canCreatePermissions": {
3942
+ "const": true,
3943
+ "default": true,
3944
+ "description": "Whether the addPermission() call adds any permissions\n\nTrue for new Lambdas, false for version $LATEST and imported Lambdas\nfrom different accounts.",
3945
+ "type": "boolean"
3946
+ },
3947
+ "connections": {
3948
+ "$ref": "#/definitions/Connections",
3949
+ "description": "Access the Connections object\n\nWill fail if not a VPC-enabled Lambda Function"
3950
+ },
3951
+ "determineProvisionedConcurrency": {
3952
+ "description": "Validate that the provisionedConcurrentExecutions makes sense\n\nMember must have value greater than or equal to 1"
3953
+ },
3954
+ "edgeArn": {
3955
+ "description": "The ARN of the version for Lambda@Edge.",
3956
+ "type": "string"
3957
+ },
3958
+ "env": {
3959
+ "$ref": "#/definitions/ResourceEnvironment",
3960
+ "description": "The environment this resource belongs to.\nFor resources that are created and managed by the CDK\n(generally, those created by creating new class instances like Role, Bucket, etc.),\nthis is always the same as the environment of the stack they belong to;\nhowever, for imported resources\n(those obtained from static methods like fromRoleArn, fromBucketName, etc.),\nthat might be different than the stack they were imported into."
3961
+ },
3962
+ "functionArn": {
3963
+ "description": "The ARN fo the function.",
3964
+ "type": "string"
3965
+ },
3966
+ "functionName": {
3967
+ "description": "The name of the function.",
3968
+ "type": "string"
3969
+ },
3970
+ "functionRef": {
3971
+ "$ref": "#/definitions/FunctionReference",
3972
+ "description": "A reference to a Function resource."
3973
+ },
3974
+ "grant": {},
3975
+ "grantPrincipal": {
3976
+ "$ref": "#/definitions/IPrincipal",
3977
+ "description": "The principal this Lambda Function is running as"
3978
+ },
3979
+ "isBoundToVpc": {
3980
+ "description": "Whether or not this Lambda function was bound to a VPC\n\nIf this is is `false`, trying to access the `connections` object will fail.",
3981
+ "type": "boolean"
3982
+ },
3983
+ "isPrincipalWithConditions": {},
3984
+ "lambda": {
3985
+ "$ref": "#/definitions/IFunction",
3986
+ "description": "The underlying `IFunction`"
3987
+ },
3988
+ "latestVersion": {
3989
+ "$ref": "#/definitions/IVersion",
3990
+ "description": "The `$LATEST` version of this function.\n\nNote that this is reference to a non-specific AWS Lambda version, which\nmeans the function this version refers to can return different results in\ndifferent invocations.\n\nTo obtain a reference to an explicit version which references the current\nfunction configuration, use `lambdaFunction.currentVersion` instead."
3991
+ },
3992
+ "node": {
3993
+ "$ref": "#/definitions/Node",
3994
+ "description": "The tree node."
3995
+ },
3996
+ "parsePermissionPrincipal": {
3997
+ "description": "Translate IPrincipal to something we can pass to AWS::Lambda::Permissions\n\nDo some nasty things because `Permission` supports a subset of what the\nfull IAM principal language supports, and we may not be able to parse strings\noutright because they may be tokens.\n\nTry to recognize some specific Principal classes first, then try a generic\nfallback."
3998
+ },
3999
+ "permissionsNode": {
4000
+ "$ref": "#/definitions/Node",
4001
+ "description": "The construct node where permissions are attached."
4002
+ },
4003
+ "physicalName": {
4004
+ "description": "Returns a string-encoded token that resolves to the physical name that\nshould be passed to the CloudFormation resource.\n\nThis value will resolve to one of the following:\n- a concrete value (e.g. `\"my-awesome-bucket\"`)\n- `undefined`, when a name should be generated by CloudFormation\n- a concrete name generated automatically during synthesis, in\n cross-environment scenarios.",
4005
+ "type": "string"
4006
+ },
4007
+ "qualifier": {
4008
+ "description": "The qualifier of the version or alias of this function.\nA qualifier is the identifier that's appended to a version or alias ARN.",
4009
+ "type": "string"
4010
+ },
4011
+ "resourceArnsForGrantInvoke": {
4012
+ "description": "The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke()",
4013
+ "items": {
4014
+ "type": "string"
4015
+ },
4016
+ "type": "array"
4017
+ },
4018
+ "role": {
4019
+ "$ref": "#/definitions/IRole",
4020
+ "description": "The IAM role associated with this function.\n\nUndefined if the function was imported without a role."
4021
+ },
4022
+ "stack": {
4023
+ "$ref": "#/definitions/Stack",
4024
+ "description": "The stack in which this resource is defined."
4025
+ },
4026
+ "statementHasArrayTokens": {
4027
+ "description": "Check if a policy statement contains array tokens that would cause CloudFormation\nresolution conflicts when mixed with literal arrays in the same policy document.\n\nArray tokens are created by CloudFormation intrinsic functions that return arrays,\nsuch as Fn::Split, Fn::GetAZs, etc. These cannot be safely merged with literal\nresource arrays due to CloudFormation's token resolution limitations.\n\nIndividual string tokens within literal arrays (e.g., `[\"arn:${token}:...\"]`) are\nsafe and do not cause conflicts, so they are not detected by this method."
4028
+ },
4029
+ "validateConditionCombinations": {},
4030
+ "validateConditions": {},
4031
+ "version": {
4032
+ "description": "The most recently deployed version of this function.",
4033
+ "type": "string"
4034
+ },
4035
+ "versionRef": {
4036
+ "$ref": "#/definitions/VersionReference",
4037
+ "description": "A reference to a Version resource."
4038
+ }
4039
+ },
4040
+ "required": [
4041
+ "_allowCrossEnvironment",
4042
+ "_functionUrlInvocationGrants",
4043
+ "_hasAddedArrayTokenStatements",
4044
+ "_hasAddedLiteralStatements",
4045
+ "_invocationGrants",
4046
+ "_physicalName",
4047
+ "_policyCounter",
4048
+ "_warnIfCurrentVersionCalled",
4049
+ "architecture",
4050
+ "canCreatePermissions",
4051
+ "connections",
4052
+ "determineProvisionedConcurrency",
4053
+ "edgeArn",
4054
+ "env",
4055
+ "functionArn",
4056
+ "functionName",
4057
+ "functionRef",
4058
+ "grant",
4059
+ "grantPrincipal",
4060
+ "isBoundToVpc",
4061
+ "isPrincipalWithConditions",
4062
+ "lambda",
4063
+ "latestVersion",
4064
+ "node",
4065
+ "parsePermissionPrincipal",
4066
+ "permissionsNode",
4067
+ "physicalName",
4068
+ "qualifier",
4069
+ "resourceArnsForGrantInvoke",
4070
+ "stack",
4071
+ "statementHasArrayTokens",
4072
+ "validateConditionCombinations",
4073
+ "validateConditions",
4074
+ "version",
4075
+ "versionRef"
4076
+ ],
4077
+ "type": "object"
4078
+ },
4079
+ "VersionReference": {
4080
+ "additionalProperties": false,
4081
+ "description": "A reference to a Version resource.",
4082
+ "properties": {
4083
+ "functionArn": {
4084
+ "description": "The FunctionArn of the Version resource.",
4085
+ "type": "string"
4086
+ }
4087
+ },
4088
+ "required": [
4089
+ "functionArn"
4090
+ ],
4091
+ "type": "object"
1572
4092
  }
1573
4093
  },
1574
4094
  "properties": {
1575
- "deploymentRole": {
1576
- "description": "Q-ENHANCED-PROPERTY\nRequired IAM role ARN for DataOps deployment operations enabling secure deployment and resource management. Provides the IAM role used for deploying and managing DataOps resources with appropriate permissions for infrastructure operations.\n\nUse cases: Deployment operations; Resource management; IAM permissions; Secure deployment\n\nAWS: IAM role ARN for DataOps deployment operations and resource management\n\nValidation: Must be valid IAM role ARN; required for deployment operations and resource management",
4095
+ "bucketName": {
4096
+ "description": "S3 bucket name for project storage (scripts, artifacts, temp files).\nAuto-resolved from project when projectName is set.\n\nUse cases: Script storage; Processing artifacts; Centralized project storage\n\nAWS: S3 bucket\n\nValidation: Optional; auto-wired from project if projectName provided",
4097
+ "type": "string"
4098
+ },
4099
+ "deploymentRoleArn": {
4100
+ "description": "IAM role ARN for deployment operations and resource management.\nAuto-resolved from project when projectName is set.\n\nUse cases: Deployment permissions; Resource provisioning\n\nAWS: IAM role\n\nValidation: Optional; auto-wired from project if projectName provided",
1577
4101
  "type": "string"
1578
4102
  },
1579
4103
  "dms": {
1580
4104
  "$ref": "#/definitions/DMSProps",
1581
- "description": "Q-ENHANCED-PROPERTY\nRequired DMS configuration defining database migration and replication capabilities including replication instances, source and target endpoints, migration tasks, and data transformation. Provides complete DMS setup with secure data migration and real-time replication capabilities.\n\nUse cases: Database migration; Real-time replication; data movement and transformation between databases\n\nAWS: AWS Database Migration Service for database migration and replication operations\n\nValidation: Must be valid DMSProps; required; defines all DMS migration and replication characteristics"
4105
+ "description": "DMS migration and replication configuration including instances, endpoints, and tasks.\n\nUse cases: Database migration; Real-time replication; Cross-engine data movement\n\nAWS: AWS Database Migration Service\n\nValidation: Required; valid DMSProps"
1582
4106
  },
1583
4107
  "kmsArn": {
1584
- "description": "Q-ENHANCED-PROPERTY\nRequired KMS key ARN for DataOps encryption enabling data protection and security compliance. Provides the customer-managed KMS key for encrypting DataOps resources, data, and operational artifacts ensuring data protection and compliance.\n\nUse cases: Data encryption; Security compliance; Key management; Data protection\n\nAWS: KMS key ARN for DataOps encryption and data protection compliance\n\nValidation: Must be valid KMS key ARN; required for encryption and data protection compliance",
4108
+ "description": "KMS key ARN for encrypting DataOps resources and data.\nAuto-resolved from project when projectName is set.\n\nUse cases: Data encryption; Security compliance\n\nAWS: KMS key\n\nValidation: Optional; auto-wired from project if projectName provided",
1585
4109
  "type": "string"
1586
4110
  },
1587
4111
  "nag_suppressions": {
1588
4112
  "$ref": "#/definitions/MdaaNagSuppressionConfigs",
1589
4113
  "description": "Q-ENHANCED-PROPERTY\nOptional CDK Nag suppression configurations for compliance rule management enabling controlled security rule exceptions and compliance documentation. Provides structured approach to managing security rule suppressions with proper justification and documentation for compliance auditing.\n\nUse cases: Compliance management; Security rule exceptions; Audit documentation; Controlled suppressions\n\nAWS: CDK Nag suppressions for compliance rule management and security exception documentation\n\nValidation: Must be valid MdaaNagSuppressionConfigs if provided; enables structured compliance rule management"
1590
4114
  },
1591
- "projectBucket": {
1592
- "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for DataOps project storage enabling centralized data storage and artifact management. Provides the shared S3 bucket for project data, scripts, temporary files, and processing artifacts across DataOps workflows.\n\nUse cases: Project storage; Data artifacts; Script storage; Centralized storage management\n\nAWS: S3 bucket for DataOps project storage and artifact management\n\nValidation: Must be valid S3 bucket name; required for project storage and artifact management",
4115
+ "notificationTopicArn": {
4116
+ "description": "SNS topic ARN for job notifications and workflow alerts.\nAuto-resolved from project when projectName is set.\n\nUse cases: Job failure alerts; Workflow status notifications\n\nAWS: SNS topic\n\nValidation: Optional; auto-wired from project if projectName provided",
1593
4117
  "type": "string"
1594
4118
  },
1595
4119
  "projectName": {
1596
- "description": "Q-ENHANCED-PROPERTY\nRequired DataOps project name for resource coordination and shared infrastructure enabling project-based resource organization and management. Provides the project identifier that coordinates shared resources across DataOps applications and workflows.\n\nUse cases: Project coordination; Resource organization; Shared infrastructure; Project management\n\nAWS: DataOps project name for resource coordination and shared infrastructure management\n\nValidation: Must be valid project name; required for project coordination and resource organization",
4120
+ "description": "DataOps project name enabling auto-wiring of shared resources (bucket, KMS key,\nSNS topic, deployment role, security configuration) via SSM parameters.\n\nUse cases: Project resource coordination; Shared infrastructure reuse\n\nAWS: DataOps project SSM parameter references\n\nValidation: Optional; must match an existing deployed project",
1597
4121
  "type": "string"
1598
4122
  },
1599
- "projectTopicArn": {
1600
- "description": "Q-ENHANCED-PROPERTY\nRequired SNS topic ARN for DataOps notifications enabling event-driven communication and workflow coordination. Provides the SNS topic for job notifications, error alerts, and workflow status updates across DataOps operations.\n\nUse cases: Job notifications; Error alerts; Workflow coordination; Event-driven communication\n\nAWS: SNS topic ARN for DataOps notifications and workflow coordination\n\nValidation: Must be valid SNS topic ARN; required for notifications and workflow coordination",
1601
- "type": "string"
4123
+ "sagemakerBlueprint": {
4124
+ "$ref": "#/definitions/MdaaSageMakerCustomBluePrintConfig",
4125
+ "description": "Q-ENHANCED-PROPERTY\nOptional SageMaker blueprint configuration for governed self-service deployment enabling controlled infrastructure provisioning and governance. When specified, deploys the module as a SageMaker blueprint instead of direct deployment for governed access and compliance.\n\nUse cases: Governed deployment; Self-service provisioning; SageMaker integration; Controlled access\n\nAWS: SageMaker blueprint configuration for governed infrastructure deployment and self-service provisioning\n\nValidation: Must be valid MdaaServiceCatalogProductConfig if provided; enables SageMaker deployment mode"
1602
4126
  },
1603
4127
  "securityConfigurationName": {
1604
- "description": "Q-ENHANCED-PROPERTY\nRequired Glue security configuration name for DataOps job security enabling encryption and access control for data processing operations. Provides the security configuration that will be used by Glue jobs for encryption at rest, in transit, and CloudWatch logs encryption.\n\nUse cases: Glue job security; Encryption configuration; Security compliance; Data protection\n\nAWS: Glue security configuration for DataOps job encryption and security compliance\n\nValidation: Must be valid security configuration name; required for Glue job security and encryption",
4128
+ "description": "Glue security configuration name for job encryption (at rest, in transit, CloudWatch logs).\nAuto-resolved from project when projectName is set.\n\nUse cases: Job encryption; Security compliance\n\nAWS: Glue security configuration\n\nValidation: Optional; auto-wired from project if projectName provided",
1605
4129
  "type": "string"
1606
4130
  },
1607
4131
  "service_catalog_product_config": {
@@ -1610,8 +4134,7 @@
1610
4134
  }
1611
4135
  },
1612
4136
  "required": [
1613
- "dms",
1614
- "projectName"
4137
+ "dms"
1615
4138
  ],
1616
4139
  "type": "object"
1617
4140
  }