@propulsionworks/cloudformation 0.1.19 → 0.1.21

package/out/exports/resources.generated/aws-medialive-channel.d.ts

@@ -3762,6 +3762,9 @@ export type MediaPackageOutputDestinationSettings = {
     ChannelName?: string | undefined;
 };
 /**
+ * The settings for a MediaPackage output.
+ *
+ * The parent of this entity is OutputSettings.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-mediapackageoutputsettings.html}
  */
 export type MediaPackageOutputSettings = {

package/out/exports/resources.generated/aws-mediapackagev2-channel.d.ts

@@ -98,6 +98,13 @@ export type InputSwitchConfiguration = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-channel-inputswitchconfiguration.html#cfn-mediapackagev2-channel-inputswitchconfiguration-mqcsinputswitching}
      */
     MQCSInputSwitching?: boolean | undefined;
+    /**
+     * For CMAF inputs, indicates which input MediaPackage should prefer when both inputs have equal MQCS scores. Select `1` to prefer the first ingest endpoint, or `2` to prefer the second ingest endpoint. If you don't specify a preferred input, MediaPackage uses its default switching behavior when MQCS scores are equal.
+     * @min 1
+     * @max 2
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-channel-inputswitchconfiguration.html#cfn-mediapackagev2-channel-inputswitchconfiguration-preferredinput}
+     */
+    PreferredInput?: number | undefined;
 };
 /**
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-channel-inputtype.html}

package/out/exports/resources.generated/aws-mediapackagev2-originendpoint.d.ts

@@ -455,6 +455,24 @@ export type DrmSystem = "CLEAR_KEY_AES_128" | "FAIRPLAY" | "PLAYREADY" | "WIDEVI
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpoint-encryption.html}
  */
 export type Encryption = {
+    /**
+     * Excludes SEIG and SGPD boxes from segment metadata in CMAF containers.
+     *
+     * When set to `true` , MediaPackage omits these DRM metadata boxes from CMAF segments, which can improve compatibility with certain devices and players that don't support these boxes.
+     *
+     * Important considerations:
+     *
+     * - This setting only affects CMAF container formats
+     * - Key rotation can still be handled through media playlist signaling
+     * - PSSH and TENC boxes remain unaffected
+     * - Default behavior is preserved when this setting is disabled
+     *
+     * Valid values: `true` | `false`
+     *
+     * Default: `false`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpoint-encryption.html#cfn-mediapackagev2-originendpoint-encryption-cmafexcludesegmentdrmmetadata}
+     */
+    CmafExcludeSegmentDrmMetadata?: boolean | undefined;
     /**
      * A 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting content. If you don't specify a value, then MediaPackage creates the constant initialization vector (IV).
      * @minLength 32

package/out/exports/resources.generated/aws-mediapackagev2-originendpointpolicy.d.ts

@@ -9,6 +9,11 @@ export type MediaPackageV2OriginEndpointPolicy = ResourceDefinition<"AWS::MediaP
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-mediapackagev2-originendpointpolicy.html}
  */
 export type MediaPackageV2OriginEndpointPolicyProps = {
+    /**
+     * The settings to enable CDN authorization headers in MediaPackage.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-mediapackagev2-originendpointpolicy.html#cfn-mediapackagev2-originendpointpolicy-cdnauthconfiguration}
+     */
+    CdnAuthConfiguration?: CdnAuthConfiguration | undefined;
     /**
      * The name of the channel group associated with the origin endpoint policy.
      * @minLength 1
@@ -39,4 +44,22 @@ export type MediaPackageV2OriginEndpointPolicyProps = {
      */
     Policy: PolicyDocument;
 };
+/**
+ * The settings to enable CDN authorization headers in MediaPackage.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpointpolicy-cdnauthconfiguration.html}
+ */
+export type CdnAuthConfiguration = {
+    /**
+     * The ARN for the secret in Secrets Manager that your CDN uses for authorization to access the endpoint.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpointpolicy-cdnauthconfiguration.html#cfn-mediapackagev2-originendpointpolicy-cdnauthconfiguration-cdnidentifiersecretarns}
+     */
+    CdnIdentifierSecretArns: string[];
+    /**
+     * The ARN for the IAM role that gives MediaPackage read access to Secrets Manager and AWS KMS for CDN authorization.
+     * @minLength 20
+     * @maxLength 2048
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpointpolicy-cdnauthconfiguration.html#cfn-mediapackagev2-originendpointpolicy-cdnauthconfiguration-secretsrolearn}
+     */
+    SecretsRoleArn: string;
+};
 //# sourceMappingURL=aws-mediapackagev2-originendpointpolicy.d.ts.map

package/out/exports/resources.generated/aws-networkfirewall-firewall.d.ts

@@ -1,18 +1,28 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
- * Use the `Firewall` to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
+ * Use the firewall to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
  *
  * The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html}
  */
 export type NetworkFirewallFirewall = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::Firewall", NetworkFirewallFirewallProps, NetworkFirewallFirewallAttribs>;
 /**
- * Use the `Firewall` to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
+ * Use the firewall to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
  *
  * The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html}
  */
 export type NetworkFirewallFirewallProps = {
+    /**
+     * A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to `TRUE` , you must first disable this protection before adding or removing Availability Zones.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-availabilityzonechangeprotection}
+     */
+    AvailabilityZoneChangeProtection?: boolean | undefined;
+    /**
+     * The Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall. Each mapping specifies an Availability Zone where the firewall processes traffic.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-availabilityzonemappings}
+     */
+    AvailabilityZoneMappings?: AvailabilityZoneMapping[] | undefined;
     /**
      * A flag indicating whether it is possible to delete the firewall. A setting of `TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-deleteprotection}
@@ -63,7 +73,7 @@ export type NetworkFirewallFirewallProps = {
      * In addition to these subnets, you can define other endpoints for the firewall in `VpcEndpointAssociation` resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-subnetmappings}
      */
-    SubnetMappings: SubnetMapping[];
+    SubnetMappings?: SubnetMapping[] | undefined;
     /**
      * An array of key-value pairs to apply to this resource.
      *
@@ -71,6 +81,13 @@ export type NetworkFirewallFirewallProps = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-tags}
      */
     Tags?: Tag[] | undefined;
+    /**
+     * The unique identifier of the transit gateway associated with this firewall. This field is only present for transit gateway-attached firewalls.
+     * @maxLength 128
+     * @pattern ^tgw-[0-9a-z]+$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-transitgatewayid}
+     */
+    TransitGatewayId?: string | undefined;
     /**
      * The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
      * @minLength 1
@@ -78,7 +95,7 @@ export type NetworkFirewallFirewallProps = {
      * @pattern ^vpc-[0-9a-f]+$
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-vpcid}
      */
-    VpcId: string;
+    VpcId?: string | undefined;
 };
 /**
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#aws-resource-networkfirewall-firewall-return-values}
@@ -90,12 +107,12 @@ export type NetworkFirewallFirewallAttribs = {
      */
     EndpointIds: string[];
     /**
-     * The Amazon Resource Name (ARN) of the `Firewall` .
+     * The Amazon Resource Name (ARN) of the firewall.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-firewallarn}
      */
     FirewallArn: string;
     /**
-     * The name of the `Firewall` resource.
+     * The name of the firewallresource.
      * @minLength 36
      * @maxLength 36
      * @pattern ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$
@@ -103,6 +120,19 @@ export type NetworkFirewallFirewallAttribs = {
      */
     FirewallId: string;
 };
+/**
+ * Defines the mapping between an Availability Zone and a firewall endpoint for a transit gateway-attached firewall. Each mapping represents where the firewall can process traffic. You use these mappings when calling `CreateFirewall` , `AssociateAvailabilityZones` , and `DisassociateAvailabilityZones` .
+ *
+ * To retrieve the current Availability Zone mappings for a firewall, use `DescribeFirewall` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-availabilityzonemapping.html}
+ */
+export type AvailabilityZoneMapping = {
+    /**
+     * The ID of the Availability Zone where the firewall endpoint is located. For example, `us-east-2a` . The Availability Zone must be in the same Region as the transit gateway.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-availabilityzonemapping.html#cfn-networkfirewall-firewall-availabilityzonemapping-availabilityzone}
+     */
+    AvailabilityZone: string;
+};
 /**
  * An analysis type.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-enabledanalysistype.html}

package/out/exports/resources.generated/aws-networkfirewall-firewallpolicy.d.ts

@@ -1,11 +1,11 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
- * Use the `FirewallPolicy` to define the stateless and stateful network traffic filtering behavior for your `Firewall` . You can use one firewall policy for multiple firewalls.
+ * Use the firewall policy to define the stateless and stateful network traffic filtering behavior for your firewall. You can use one firewall policy for multiple firewalls.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html}
  */
 export type NetworkFirewallFirewallPolicy = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::FirewallPolicy", NetworkFirewallFirewallPolicyProps, NetworkFirewallFirewallPolicyAttribs>;
 /**
- * Use the `FirewallPolicy` to define the stateless and stateful network traffic filtering behavior for your `Firewall` . You can use one firewall policy for multiple firewalls.
+ * Use the firewall policy to define the stateless and stateful network traffic filtering behavior for your firewall. You can use one firewall policy for multiple firewalls.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html}
  */
 export type NetworkFirewallFirewallPolicyProps = {
@@ -43,12 +43,12 @@ export type NetworkFirewallFirewallPolicyProps = {
  */
 export type NetworkFirewallFirewallPolicyAttribs = {
     /**
-     * The Amazon Resource Name (ARN) of the `FirewallPolicy` .
+     * The Amazon Resource Name (ARN) of the firewall policy.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicyarn}
      */
     FirewallPolicyArn: string;
     /**
-     * The unique ID of the `FirewallPolicy` resource.
+     * The unique ID of the firewall policy resource.
      * @minLength 36
      * @maxLength 36
      * @pattern ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$
@@ -76,8 +76,8 @@ export type ActionDefinition = {
  *
  * You can use custom actions in the following places:
  *
- * - In an `RuleGroup.StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
- * - In an `FirewallPolicy` specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
+ * - In an `StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
+ * - In an firewall policy specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-customaction.html}
  */
 export type CustomAction = {
@@ -184,7 +184,7 @@ export type FirewallPolicy = {
     TLSInspectionConfigurationArn?: string | undefined;
 };
 /**
- * A list of IP addresses and address ranges, in CIDR notation. This is part of a `RuleVariables` .
+ * A list of IP addresses and address ranges, in CIDR notation. This is part of a rule variable.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-ipset.html}
  */
 export type IPSet = {
@@ -259,13 +259,20 @@ export type StatefulRuleGroupOverride = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statefulrulegroupreference.html}
  */
 export type StatefulRuleGroupReference = {
+    /**
+     * AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.
+     *
+     * > Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statefulrulegroupreference.html#cfn-networkfirewall-firewallpolicy-statefulrulegroupreference-deepthreatinspection}
+     */
+    DeepThreatInspection?: boolean | undefined;
     /**
      * The action that allows the policy owner to override the behavior of the rule group within a policy.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statefulrulegroupreference.html#cfn-networkfirewall-firewallpolicy-statefulrulegroupreference-override}
      */
     Override?: StatefulRuleGroupOverride | undefined;
     /**
-     * An integer setting that indicates the order in which to run the stateful rule groups in a single `FirewallPolicy` . This setting only applies to firewall policies that specify the `STRICT_ORDER` rule order in the stateful engine options settings.
+     * An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy. This setting only applies to firewall policies that specify the `STRICT_ORDER` rule order in the stateful engine options settings.
      *
      * Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
      *
@@ -285,7 +292,7 @@ export type StatefulRuleGroupReference = {
  */
 export type StatelessRuleGroupReference = {
     /**
-     * An integer setting that indicates the order in which to run the stateless rule groups in a single `FirewallPolicy` . Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
+     * An integer setting that indicates the order in which to run the stateless rule groups in a single firewall policy. Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statelessrulegroupreference.html#cfn-networkfirewall-firewallpolicy-statelessrulegroupreference-priority}
      */
     Priority: number;

package/out/exports/resources.generated/aws-networkfirewall-loggingconfiguration.d.ts

@@ -1,10 +1,10 @@
 import type { ResourceDefinition } from "../main.ts";
 /**
- * Use the `LoggingConfiguration` to define the destinations and logging options for an `Firewall` .
+ * Use the logging configuration to define the destinations and logging options for an firewall.
  *
  * You must change the logging configuration by changing one `LogDestinationConfig` setting at a time in your `LogDestinationConfigs` .
  *
- * You can make only one of the following changes to your `LoggingConfiguration` resource:
+ * You can make only one of the following changes to your logging configuration resource:
  *
  * - Create a new log destination object by adding a single `LogDestinationConfig` array element to `LogDestinationConfigs` .
  * - Delete a log destination object by removing a single `LogDestinationConfig` array element from `LogDestinationConfigs` .
@@ -15,11 +15,11 @@ import type { ResourceDefinition } from "../main.ts";
  */
 export type NetworkFirewallLoggingConfiguration = ResourceDefinition<"AWS::NetworkFirewall::LoggingConfiguration", NetworkFirewallLoggingConfigurationProps>;
 /**
- * Use the `LoggingConfiguration` to define the destinations and logging options for an `Firewall` .
+ * Use the logging configuration to define the destinations and logging options for an firewall.
  *
  * You must change the logging configuration by changing one `LogDestinationConfig` setting at a time in your `LogDestinationConfigs` .
  *
- * You can make only one of the following changes to your `LoggingConfiguration` resource:
+ * You can make only one of the following changes to your logging configuration resource:
  *
  * - Create a new log destination object by adding a single `LogDestinationConfig` array element to `LogDestinationConfigs` .
  * - Delete a log destination object by removing a single `LogDestinationConfig` array element from `LogDestinationConfigs` .
@@ -34,7 +34,7 @@ export type NetworkFirewallLoggingConfigurationProps = {
      */
     EnableMonitoringDashboard?: boolean | undefined;
     /**
-     * The Amazon Resource Name (ARN) of the `Firewall` that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
+     * The Amazon Resource Name (ARN) of the firewallthat the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-loggingconfiguration.html#cfn-networkfirewall-loggingconfiguration-firewallarn}
      */
     FirewallArn: string;
@@ -47,13 +47,13 @@ export type NetworkFirewallLoggingConfigurationProps = {
      */
     FirewallName?: string | undefined;
     /**
-     * Defines how AWS Network Firewall performs logging for a `Firewall` .
+     * Defines how AWS Network Firewall performs logging for a firewall.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-loggingconfiguration.html#cfn-networkfirewall-loggingconfiguration-loggingconfiguration}
      */
     LoggingConfiguration: LoggingConfiguration;
 };
 /**
- * Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in `LoggingConfiguration` . You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
+ * Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in logging configuration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
  *
  * Network Firewall generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to `DROP` or `ALERT` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-loggingconfiguration-logdestinationconfig.html}
@@ -92,7 +92,7 @@ export type LogDestinationConfig = {
     LogType: "ALERT" | "FLOW" | "TLS";
 };
 /**
- * Defines how AWS Network Firewall performs logging for a `Firewall` .
+ * Defines how AWS Network Firewall performs logging for a firewall.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-loggingconfiguration-loggingconfiguration.html}
  */
 export type LoggingConfiguration = {

package/out/exports/resources.generated/aws-networkfirewall-rulegroup.d.ts

@@ -1,11 +1,11 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
- * Use the `RuleGroup` to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an `FirewallPolicy` to specify the filtering behavior of an `Firewall` .
+ * Use the [](https://docs.aws.amazon.com/RuleGroup) to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an firewall policy to specify the filtering behavior of an firewall.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html}
  */
 export type NetworkFirewallRuleGroup = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::RuleGroup", NetworkFirewallRuleGroupProps, NetworkFirewallRuleGroupAttribs>;
 /**
- * Use the `RuleGroup` to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an `FirewallPolicy` to specify the filtering behavior of an `Firewall` .
+ * Use the [](https://docs.aws.amazon.com/RuleGroup) to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an firewall policy to specify the filtering behavior of an firewall.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html}
  */
 export type NetworkFirewallRuleGroupProps = {
@@ -35,6 +35,16 @@ export type NetworkFirewallRuleGroupProps = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroupname}
      */
     RuleGroupName: string;
+    /**
+     * A complex type containing the currently selected rule option fields that will be displayed for rule summarization returned by `DescribeRuleGroupSummary` .
+     *
+     * - The `RuleOptions` specified in `SummaryConfiguration`
+     * - Rule metadata organization preferences
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-summaryconfiguration}
+     */
+    SummaryConfiguration?: {
+        RuleOptions?: SummaryRuleOption[] | undefined;
+    } | undefined;
     /**
      * An array of key-value pairs to apply to this resource.
      *
@@ -54,12 +64,12 @@ export type NetworkFirewallRuleGroupProps = {
  */
 export type NetworkFirewallRuleGroupAttribs = {
     /**
-     * The Amazon Resource Name (ARN) of the `RuleGroup` .
+     * The Amazon Resource Name (ARN) of the rule group.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-rulegrouparn}
      */
     RuleGroupArn: string;
     /**
-     * The unique ID of the `RuleGroup` resource.
+     * The unique ID of the rule group resource.
      * @minLength 36
      * @maxLength 36
      * @pattern ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$
@@ -81,7 +91,7 @@ export type ActionDefinition = {
     PublishMetricAction?: PublishMetricAction | undefined;
 };
 /**
- * A single IP address specification. This is used in the `RuleGroup.MatchAttributes` source and destination specifications.
+ * A single IP address specification. This is used in the match attributes source and destination specifications.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-address.html}
  */
 export type Address = {
@@ -110,8 +120,8 @@ export type Address = {
  *
  * You can use custom actions in the following places:
  *
- * - In an `RuleGroup.StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
- * - In an `FirewallPolicy` specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
+ * - In a `StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
+ * - In an firewall policy specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-customaction.html}
  */
 export type CustomAction = {
@@ -216,7 +226,7 @@ export type Header = {
     SourcePort: string;
 };
 /**
- * A list of IP addresses and address ranges, in CIDR notation. This is part of a `RuleGroup.RuleVariables` .
+ * A list of IP addresses and address ranges, in CIDR notation. This is part of a `RuleVariables` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-ipset.html}
  */
 export type IPSet = {
@@ -227,12 +237,12 @@ export type IPSet = {
     Definition?: string[] | undefined;
 };
 /**
- * Configures one or more `IPSetReferences` for a Suricata-compatible rule group. An IP set reference is a rule variable that references a resource that you create and manage in another AWS service, such as an Amazon VPC prefix list. Network Firewall IP set references enable you to dynamically update the contents of your rules. When you create, update, or delete the IP set you are referencing in your rule, Network Firewall automatically updates the rule's content with the changes. For more information about IP set references in Network Firewall , see [Using IP set references](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall Developer Guide* .
+ * Configures one or more IP set references for a Suricata-compatible rule group. An IP set reference is a rule variable that references a resource that you create and manage in another AWS service, such as an Amazon VPC prefix list. Network Firewall IP set references enable you to dynamically update the contents of your rules. When you create, update, or delete the IP set you are referencing in your rule, Network Firewall automatically updates the rule's content with the changes. For more information about IP set references in Network Firewall , see [Using IP set references](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall Developer Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-ipsetreference.html}
  */
 export type IPSetReference = {
     /**
-     * The Amazon Resource Name (ARN) of the resource to include in the `RuleGroup.IPSetReference` .
+     * The Amazon Resource Name (ARN) of the resource to include in the IP set reference.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-ipsetreference.html#cfn-networkfirewall-rulegroup-ipsetreference-referencearn}
      */
     ReferenceArn?: string | undefined;
@@ -280,7 +290,7 @@ export type MatchAttributes = {
     TCPFlags?: TCPFlagField[] | undefined;
 };
 /**
- * A single port range specification. This is used for source and destination port ranges in the stateless `RuleGroup.MatchAttributes` .
+ * A single port range specification. This is used for source and destination port ranges in the stateless match attributes.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-portrange.html}
  */
 export type PortRange = {
@@ -317,7 +327,7 @@ export type PublishMetricAction = {
     Dimensions: Dimension[];
 };
 /**
- * Configures the `ReferenceSets` for a stateful rule group. For more information, see the [Using IP set references in Suricata compatible rule groups](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall User Guide* .
+ * Configures the reference sets for a stateful rule group. For more information, see the [Using IP set references in Suricata compatible rule groups](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall User Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-referencesets.html}
  */
 export type ReferenceSets = {
@@ -335,7 +345,7 @@ export type RuleDefinition = {
     /**
      * The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action and you can add custom actions.
      *
-     * > Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the `FirewallPolicy` .
+     * > Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the firewall policy.
      *
      * For every rule, you must specify exactly one of the following standard actions.
      *
@@ -409,7 +419,7 @@ export type RuleOption = {
  */
 export type RuleOrder = "DEFAULT_ACTION_ORDER" | "STRICT_ORDER";
 /**
- * Settings that are available for use in the rules in the `RuleGroup` where this is defined. See `CreateRuleGroup` or `UpdateRuleGroup` for usage.
+ * Settings that are available for use in the rules in the rule group where this is defined.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulevariables.html}
  */
 export type RuleVariables = {
@@ -439,7 +449,7 @@ export type RulesSource = {
      *
      * These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
      *
-     * > You can't use the `priority` keyword if the `RuleOrder` option in `StatefulRuleOptions` is set to `STRICT_ORDER` .
+     * > You can't use the `priority` keyword if the `RuleOrder` option in StatefulRuleOptions is set to `STRICT_ORDER` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessource.html#cfn-networkfirewall-rulegroup-rulessource-rulesstring}
      */
     RulesString?: string | undefined;
@@ -459,7 +469,7 @@ export type RulesSource = {
  *
  * For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.
  *
- * By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the `HOME_NET` rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see `RuleGroup.RuleVariables` in this guide and [Stateful domain list rule groups in AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html) in the *Network Firewall Developer Guide*
+ * By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the `HOME_NET` rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see `RuleVariables` in this guide and [Stateful domain list rule groups in AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html) in the *Network Firewall Developer Guide*
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html}
  */
 export type RulesSourceList = {
@@ -493,12 +503,12 @@ export type StatefulRule = {
      * The actions for a stateful rule are defined as follows:
      *
      * - *PASS* - Permits the packets to go to the intended destination.
-     * - *DROP* - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+     * - *DROP* - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the firewall logging configuration.
      * - *REJECT* - Drops traffic that matches the conditions of the stateful rule and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. `REJECT` is available only for TCP traffic.
-     * - *ALERT* - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+     * - *ALERT* - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the firewall logging configuration.
      *
      * You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with `ALERT` action, verify in the logs that the rule is filtering as you want, then change the action to `DROP` .
-     * - *REJECT* - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+     * - *REJECT* - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the firewall logging configuration.
      *
      * `REJECT` isn't currently available for use with IMAP and FTP protocols.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statefulrule.html#cfn-networkfirewall-rulegroup-statefulrule-action}
@@ -527,7 +537,7 @@ export type StatefulRuleOptions = {
     RuleOrder?: RuleOrder | undefined;
 };
 /**
- * A single stateless rule. This is used in `RuleGroup.StatelessRulesAndCustomActions` .
+ * A single stateless rule. This is used in `StatelessRulesAndCustomActions` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statelessrule.html}
  */
 export type StatelessRule = {
@@ -554,7 +564,7 @@ export type StatelessRule = {
  */
 export type StatelessRulesAndCustomActions = {
     /**
-     * Defines an array of individual custom action definitions that are available for use by the stateless rules in this `StatelessRulesAndCustomActions` specification. You name each custom action that you define, and then you can use it by name in your stateless rule `RuleGroup.RuleDefinition` `Actions` specification.
+     * Defines an array of individual custom action definitions that are available for use by the stateless rules in this `StatelessRulesAndCustomActions` specification. You name each custom action that you define, and then you can use it by name in your stateless rule definition `Actions` specification.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statelessrulesandcustomactions.html#cfn-networkfirewall-rulegroup-statelessrulesandcustomactions-customactions}
      */
     CustomActions?: CustomAction[] | undefined;
@@ -564,12 +574,16 @@ export type StatelessRulesAndCustomActions = {
      */
     StatelessRules: StatelessRule[];
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-summaryruleoption.html}
+ */
+export type SummaryRuleOption = "SID" | "MSG" | "METADATA";
 /**
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-tcpflag.html}
  */
 export type TCPFlag = "FIN" | "SYN" | "RST" | "PSH" | "ACK" | "URG" | "ECE" | "CWR";
 /**
- * TCP flags and masks to inspect packets for. This is used in the `RuleGroup.MatchAttributes` specification.
+ * TCP flags and masks to inspect packets for. This is used in the match attributes specification.
  *
  * For example:
  *

package/out/exports/resources.generated/aws-networkfirewall-vpcendpointassociation.d.ts

@@ -13,7 +13,7 @@ import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
  *
  * You can use AWS Resource Access Manager to share a `Firewall` that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see `PutResourcePolicy` in this guide and see [Sharing Network Firewall resources](https://docs.aws.amazon.com/network-firewall/latest/developerguide/sharing.html) in the *AWS Network Firewall Developer Guide* .
  *
- * The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding `VpcEndpointAssociationStatus` . You can retrieve both the association and its status by calling `DescribeVpcEndpointAssociation` .
+ * The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding VPC endpoint association status. You can retrieve both the association and its status by calling `DescribeVpcEndpointAssociation` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-vpcendpointassociation.html}
  */
 export type NetworkFirewallVpcEndpointAssociation = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::VpcEndpointAssociation", NetworkFirewallVpcEndpointAssociationProps, NetworkFirewallVpcEndpointAssociationAttribs>;
@@ -31,7 +31,7 @@ export type NetworkFirewallVpcEndpointAssociation = ResourceDefinitionWithAttrib
  *
  * You can use AWS Resource Access Manager to share a `Firewall` that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see `PutResourcePolicy` in this guide and see [Sharing Network Firewall resources](https://docs.aws.amazon.com/network-firewall/latest/developerguide/sharing.html) in the *AWS Network Firewall Developer Guide* .
  *
- * The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding `VpcEndpointAssociationStatus` . You can retrieve both the association and its status by calling `DescribeVpcEndpointAssociation` .
+ * The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding VPC endpoint association status. You can retrieve both the association and its status by calling `DescribeVpcEndpointAssociation` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-vpcendpointassociation.html}
  */
 export type NetworkFirewallVpcEndpointAssociationProps = {
@@ -66,7 +66,7 @@ export type NetworkFirewallVpcEndpointAssociationProps = {
  */
 export type NetworkFirewallVpcEndpointAssociationAttribs = {
     /**
-     * An endpoint Id.
+     * The unique ID of the firewall endpoint for the subnet that you attached to the firewall.For example: "vpce-111122223333"
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-vpcendpointassociation.html#cfn-networkfirewall-vpcendpointassociation-endpointid}
      */
     EndpointId: string;

package/out/exports/resources.generated/aws-opensearchserverless-securityconfig.d.ts

@@ -110,7 +110,7 @@ export type SamlConfigOptions = {
      */
     Metadata: string;
     /**
-     * Custom entity id attribute to override default entity id for this saml integration.
+     * Custom entity ID attribute to override the default entity ID for this SAML integration.
      * @minLength 1
      * @maxLength 1024
      * @pattern ^aws:opensearch:[0-9]{12}:*

package/out/exports/resources.generated/aws-opsworks-app.d.ts

@@ -69,7 +69,7 @@ export type OpsWorksAppProps = {
      */
     StackId: string;
     /**
-     * The app type. Each supported type is associated with a particular layer. For example, PHP applications are associated with a PHP layer. AWS OpsWorks Stacks deploys an application to those instances that are members of the corresponding layer. If your app isn't one of the standard types, or you prefer to implement your own Deploy recipes, specify `other` .
+     * The app type. Each supported type is associated with a particular layer. For example, PHP applications are associated with a PHP layer. OpsWorks Stacks deploys an application to those instances that are members of the corresponding layer. If your app isn't one of the standard types, or you prefer to implement your own Deploy recipes, specify `other` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opsworks-app.html#cfn-opsworks-app-type}
      */
     Type: string;
@@ -135,19 +135,19 @@ export type Source = {
      *
      * For more information on how to safely handle IAM credentials, see [](https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html) .
      *
-     * In responses, AWS OpsWorks Stacks returns `*****FILTERED*****` instead of the actual value.
+     * In responses, OpsWorks Stacks returns `*****FILTERED*****` instead of the actual value.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworks-app-source.html#cfn-opsworks-app-source-password}
      */
     Password?: string | undefined;
     /**
-     * The application's version. AWS OpsWorks Stacks enables you to easily deploy new versions of an application. One of the simplest approaches is to have branches or revisions in your repository that represent different versions that can potentially be deployed.
+     * The application's version. OpsWorks Stacks enables you to easily deploy new versions of an application. One of the simplest approaches is to have branches or revisions in your repository that represent different versions that can potentially be deployed.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworks-app-source.html#cfn-opsworks-app-source-revision}
      */
     Revision?: string | undefined;
     /**
      * In requests, the repository's SSH key.
      *
-     * In responses, AWS OpsWorks Stacks returns `*****FILTERED*****` instead of the actual value.
+     * In responses, OpsWorks Stacks returns `*****FILTERED*****` instead of the actual value.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opsworks-app-source.html#cfn-opsworks-app-source-sshkey}
      */
     SshKey?: string | undefined;

package/out/exports/resources.generated/aws-opsworks-elasticloadbalancerattachment.d.ts

@@ -15,7 +15,7 @@ export type OpsWorksElasticLoadBalancerAttachmentProps = {
      */
     ElasticLoadBalancerName: string;
     /**
-     * The AWS OpsWorks layer ID to which the Elastic Load Balancing load balancer is attached.
+     * The OpsWorks layer ID to which the Elastic Load Balancing load balancer is attached.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-opsworks-elasticloadbalancerattachment.html#cfn-opsworks-elasticloadbalancerattachment-layerid}
      */
     LayerId: string;