@propulsionworks/cloudformation 0.1.20 → 0.1.21

package/out/exports/resources.generated/aws-iotsitewise-assetmodel.d.ts

@@ -2,20 +2,22 @@ import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
  * Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see [Defining asset models](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/define-models.html) in the *AWS IoT SiteWise User Guide* .
  *
- * You can create two types of asset models, `ASSET_MODEL` or `COMPONENT_MODEL` .
+ * You can create three types of asset models, `ASSET_MODEL` , `COMPONENT_MODEL` , or an `INTERFACE` .
  *
  * - *ASSET_MODEL* – (default) An asset model that you can use to create assets. Can't be included as a component in another asset model.
  * - *COMPONENT_MODEL* – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.
+ * - *INTERFACE* – An interface is a type of model that defines a standard structure that can be applied to different asset models.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotsitewise-assetmodel.html}
  */
 export type IoTSiteWiseAssetModel = ResourceDefinitionWithAttributes<"AWS::IoTSiteWise::AssetModel", IoTSiteWiseAssetModelProps, IoTSiteWiseAssetModelAttribs>;
 /**
  * Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see [Defining asset models](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/define-models.html) in the *AWS IoT SiteWise User Guide* .
  *
- * You can create two types of asset models, `ASSET_MODEL` or `COMPONENT_MODEL` .
+ * You can create three types of asset models, `ASSET_MODEL` , `COMPONENT_MODEL` , or an `INTERFACE` .
  *
  * - *ASSET_MODEL* – (default) An asset model that you can use to create assets. Can't be included as a component in another asset model.
  * - *COMPONENT_MODEL* – A reusable component that you can include in the composite models of other asset models. You can't create assets directly from this type of asset model.
+ * - *INTERFACE* – An interface is a type of model that defines a standard structure that can be applied to different asset models.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotsitewise-assetmodel.html}
  */
 export type IoTSiteWiseAssetModelProps = {
@@ -66,6 +68,11 @@ export type IoTSiteWiseAssetModelProps = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotsitewise-assetmodel.html#cfn-iotsitewise-assetmodel-assetmodeltype}
      */
     AssetModelType?: string | undefined;
+    /**
+     * a list of asset model and interface relationships
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotsitewise-assetmodel.html#cfn-iotsitewise-assetmodel-enforcedassetmodelinterfacerelationships}
+     */
+    EnforcedAssetModelInterfaceRelationships?: EnforcedAssetModelInterfaceRelationship[] | undefined;
     /**
      * A list of key-value pairs that contain metadata for the asset. For more information, see [Tagging your AWS IoT SiteWise resources](https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) in the *AWS IoT SiteWise User Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iotsitewise-assetmodel.html#cfn-iotsitewise-assetmodel-tags}
@@ -256,6 +263,43 @@ export type DataType = "STRING" | "INTEGER" | "DOUBLE" | "BOOLEAN" | "STRUCT";
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-datatypespec.html}
  */
 export type DataTypeSpec = "AWS/ALARM_STATE";
+/**
+ * Contains information about enforced interface property and asset model property
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping.html}
+ */
+export type EnforcedAssetModelInterfacePropertyMapping = {
+    /**
+     * The external ID of the enforced asset model property
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping.html#cfn-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping-assetmodelpropertyexternalid}
+     */
+    AssetModelPropertyExternalId?: string | undefined;
+    /**
+     * The logical ID of the enforced asset model property
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping.html#cfn-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping-assetmodelpropertylogicalid}
+     */
+    AssetModelPropertyLogicalId?: string | undefined;
+    /**
+     * The external ID of the enforced interface property
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping.html#cfn-iotsitewise-assetmodel-enforcedassetmodelinterfacepropertymapping-interfaceassetmodelpropertyexternalid}
+     */
+    InterfaceAssetModelPropertyExternalId: string;
+};
+/**
+ * Contains information about enforced interface hierarchy and asset model hierarchy
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacerelationship.html}
+ */
+export type EnforcedAssetModelInterfaceRelationship = {
+    /**
+     * The ID of the interface that is enforced to the asset model
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacerelationship.html#cfn-iotsitewise-assetmodel-enforcedassetmodelinterfacerelationship-interfaceassetmodelid}
+     */
+    InterfaceAssetModelId?: string | undefined;
+    /**
+     * Contains information about enforced interface property and asset model property
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-enforcedassetmodelinterfacerelationship.html#cfn-iotsitewise-assetmodel-enforcedassetmodelinterfacerelationship-propertymappings}
+     */
+    PropertyMappings?: EnforcedAssetModelInterfacePropertyMapping[] | undefined;
+};
 /**
  * Contains expression variable information.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iotsitewise-assetmodel-expressionvariable.html}

package/out/exports/resources.generated/aws-kinesisfirehose-deliverystream.d.ts

@@ -702,7 +702,7 @@ export type Deserializer = {
     OpenXJsonSerDe?: OpenXJsonSerDe | undefined;
 };
 /**
- * Describes the configuration of a destination in Apache Iceberg Tables.
+ * Describes the configuration of a destination in Apache Iceberg Tables. This section is only needed for tables where you want to update or delete data.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesisfirehose-deliverystream-destinationtableconfiguration.html}
  */
 export type DestinationTableConfiguration = {

package/out/exports/resources.generated/aws-lambda-url.d.ts

@@ -23,7 +23,7 @@ export type LambdaUrlProps = {
      * Use one of the following options:
      *
      * - `BUFFERED` – This is the default option. Lambda invokes your function using the `Invoke` API operation. Invocation results are available when the payload is complete. The maximum payload size is 6 MB.
-     * - `RESPONSE_STREAM` – Your function streams payload results as they become available. Lambda invokes your function using the `InvokeWithResponseStream` API operation. The maximum response payload size is 20 MB, however, you can [request a quota increase](https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html) .
+     * - `RESPONSE_STREAM` – Your function streams payload results as they become available. Lambda invokes your function using the `InvokeWithResponseStream` API operation. The maximum response payload size is 200 MB.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-url.html#cfn-lambda-url-invokemode}
      */
     InvokeMode?: "BUFFERED" | "RESPONSE_STREAM" | undefined;

package/out/exports/resources.generated/aws-lambda-version.d.ts

@@ -52,7 +52,7 @@ export type LambdaVersionProps = {
 export type LambdaVersionAttribs = {
     /**
      * The ARN of the function.
-     * @pattern ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST(\.PUBLISHED)?|[a-zA-Z0-9-_]+))?$
+     * @pattern ^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?$
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-version.html#cfn-lambda-version-functionarn}
      */
     FunctionArn: string;

package/out/exports/resources.generated/aws-logs-destination.d.ts

@@ -30,7 +30,7 @@ export type LogsDestinationProps = {
      */
     RoleArn: string;
     /**
-     * An array of key-value pairs to apply to this resource.
+     * The tags that have been assigned to this delivery destination.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html#cfn-logs-destination-tags}
      */
     Tags?: Tag[] | undefined;

package/out/exports/resources.generated/aws-mediapackagev2-originendpoint.d.ts

@@ -455,6 +455,24 @@ export type DrmSystem = "CLEAR_KEY_AES_128" | "FAIRPLAY" | "PLAYREADY" | "WIDEVI
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpoint-encryption.html}
  */
 export type Encryption = {
+    /**
+     * Excludes SEIG and SGPD boxes from segment metadata in CMAF containers.
+     *
+     * When set to `true` , MediaPackage omits these DRM metadata boxes from CMAF segments, which can improve compatibility with certain devices and players that don't support these boxes.
+     *
+     * Important considerations:
+     *
+     * - This setting only affects CMAF container formats
+     * - Key rotation can still be handled through media playlist signaling
+     * - PSSH and TENC boxes remain unaffected
+     * - Default behavior is preserved when this setting is disabled
+     *
+     * Valid values: `true` | `false`
+     *
+     * Default: `false`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-mediapackagev2-originendpoint-encryption.html#cfn-mediapackagev2-originendpoint-encryption-cmafexcludesegmentdrmmetadata}
+     */
+    CmafExcludeSegmentDrmMetadata?: boolean | undefined;
     /**
      * A 128-bit, 16-byte hex value represented by a 32-character string, used in conjunction with the key for encrypting content. If you don't specify a value, then MediaPackage creates the constant initialization vector (IV).
      * @minLength 32

package/out/exports/resources.generated/aws-networkfirewall-firewall.d.ts

@@ -1,18 +1,28 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
- * Use the `Firewall` to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
+ * Use the firewall to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
  *
  * The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html}
  */
 export type NetworkFirewallFirewall = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::Firewall", NetworkFirewallFirewallProps, NetworkFirewallFirewallAttribs>;
 /**
- * Use the `Firewall` to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
+ * Use the firewall to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
  *
  * The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html}
  */
 export type NetworkFirewallFirewallProps = {
+    /**
+     * A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to `TRUE` , you must first disable this protection before adding or removing Availability Zones.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-availabilityzonechangeprotection}
+     */
+    AvailabilityZoneChangeProtection?: boolean | undefined;
+    /**
+     * The Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall. Each mapping specifies an Availability Zone where the firewall processes traffic.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-availabilityzonemappings}
+     */
+    AvailabilityZoneMappings?: AvailabilityZoneMapping[] | undefined;
     /**
      * A flag indicating whether it is possible to delete the firewall. A setting of `TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-deleteprotection}
@@ -63,7 +73,7 @@ export type NetworkFirewallFirewallProps = {
      * In addition to these subnets, you can define other endpoints for the firewall in `VpcEndpointAssociation` resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-subnetmappings}
      */
-    SubnetMappings: SubnetMapping[];
+    SubnetMappings?: SubnetMapping[] | undefined;
     /**
      * An array of key-value pairs to apply to this resource.
      *
@@ -71,6 +81,13 @@ export type NetworkFirewallFirewallProps = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-tags}
      */
     Tags?: Tag[] | undefined;
+    /**
+     * The unique identifier of the transit gateway associated with this firewall. This field is only present for transit gateway-attached firewalls.
+     * @maxLength 128
+     * @pattern ^tgw-[0-9a-z]+$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-transitgatewayid}
+     */
+    TransitGatewayId?: string | undefined;
     /**
      * The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
      * @minLength 1
@@ -78,7 +95,7 @@ export type NetworkFirewallFirewallProps = {
      * @pattern ^vpc-[0-9a-f]+$
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-vpcid}
      */
-    VpcId: string;
+    VpcId?: string | undefined;
 };
 /**
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#aws-resource-networkfirewall-firewall-return-values}
@@ -90,12 +107,12 @@ export type NetworkFirewallFirewallAttribs = {
      */
     EndpointIds: string[];
     /**
-     * The Amazon Resource Name (ARN) of the `Firewall` .
+     * The Amazon Resource Name (ARN) of the firewall.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-firewallarn}
      */
     FirewallArn: string;
     /**
-     * The name of the `Firewall` resource.
+     * The name of the firewallresource.
      * @minLength 36
      * @maxLength 36
      * @pattern ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$
@@ -103,6 +120,19 @@ export type NetworkFirewallFirewallAttribs = {
      */
     FirewallId: string;
 };
+/**
+ * Defines the mapping between an Availability Zone and a firewall endpoint for a transit gateway-attached firewall. Each mapping represents where the firewall can process traffic. You use these mappings when calling `CreateFirewall` , `AssociateAvailabilityZones` , and `DisassociateAvailabilityZones` .
+ *
+ * To retrieve the current Availability Zone mappings for a firewall, use `DescribeFirewall` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-availabilityzonemapping.html}
+ */
+export type AvailabilityZoneMapping = {
+    /**
+     * The ID of the Availability Zone where the firewall endpoint is located. For example, `us-east-2a` . The Availability Zone must be in the same Region as the transit gateway.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-availabilityzonemapping.html#cfn-networkfirewall-firewall-availabilityzonemapping-availabilityzone}
+     */
+    AvailabilityZone: string;
+};
 /**
  * An analysis type.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewall-enabledanalysistype.html}

package/out/exports/resources.generated/aws-networkfirewall-firewallpolicy.d.ts

@@ -1,11 +1,11 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
- * Use the `FirewallPolicy` to define the stateless and stateful network traffic filtering behavior for your `Firewall` . You can use one firewall policy for multiple firewalls.
+ * Use the firewall policy to define the stateless and stateful network traffic filtering behavior for your firewall. You can use one firewall policy for multiple firewalls.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html}
  */
 export type NetworkFirewallFirewallPolicy = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::FirewallPolicy", NetworkFirewallFirewallPolicyProps, NetworkFirewallFirewallPolicyAttribs>;
 /**
- * Use the `FirewallPolicy` to define the stateless and stateful network traffic filtering behavior for your `Firewall` . You can use one firewall policy for multiple firewalls.
+ * Use the firewall policy to define the stateless and stateful network traffic filtering behavior for your firewall. You can use one firewall policy for multiple firewalls.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html}
  */
 export type NetworkFirewallFirewallPolicyProps = {
@@ -43,12 +43,12 @@ export type NetworkFirewallFirewallPolicyProps = {
  */
 export type NetworkFirewallFirewallPolicyAttribs = {
     /**
-     * The Amazon Resource Name (ARN) of the `FirewallPolicy` .
+     * The Amazon Resource Name (ARN) of the firewall policy.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicyarn}
      */
     FirewallPolicyArn: string;
     /**
-     * The unique ID of the `FirewallPolicy` resource.
+     * The unique ID of the firewall policy resource.
      * @minLength 36
      * @maxLength 36
      * @pattern ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$
@@ -76,8 +76,8 @@ export type ActionDefinition = {
  *
  * You can use custom actions in the following places:
  *
- * - In an `RuleGroup.StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
- * - In an `FirewallPolicy` specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
+ * - In an `StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
+ * - In an firewall policy specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-customaction.html}
  */
 export type CustomAction = {
@@ -184,7 +184,7 @@ export type FirewallPolicy = {
     TLSInspectionConfigurationArn?: string | undefined;
 };
 /**
- * A list of IP addresses and address ranges, in CIDR notation. This is part of a `RuleVariables` .
+ * A list of IP addresses and address ranges, in CIDR notation. This is part of a rule variable.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-ipset.html}
  */
 export type IPSet = {
@@ -259,13 +259,20 @@ export type StatefulRuleGroupOverride = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statefulrulegroupreference.html}
  */
 export type StatefulRuleGroupReference = {
+    /**
+     * AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability. When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.
+     *
+     * > Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statefulrulegroupreference.html#cfn-networkfirewall-firewallpolicy-statefulrulegroupreference-deepthreatinspection}
+     */
+    DeepThreatInspection?: boolean | undefined;
     /**
      * The action that allows the policy owner to override the behavior of the rule group within a policy.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statefulrulegroupreference.html#cfn-networkfirewall-firewallpolicy-statefulrulegroupreference-override}
      */
     Override?: StatefulRuleGroupOverride | undefined;
     /**
-     * An integer setting that indicates the order in which to run the stateful rule groups in a single `FirewallPolicy` . This setting only applies to firewall policies that specify the `STRICT_ORDER` rule order in the stateful engine options settings.
+     * An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy. This setting only applies to firewall policies that specify the `STRICT_ORDER` rule order in the stateful engine options settings.
      *
      * Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
      *
@@ -285,7 +292,7 @@ export type StatefulRuleGroupReference = {
  */
 export type StatelessRuleGroupReference = {
     /**
-     * An integer setting that indicates the order in which to run the stateless rule groups in a single `FirewallPolicy` . Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
+     * An integer setting that indicates the order in which to run the stateless rule groups in a single firewall policy. Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-statelessrulegroupreference.html#cfn-networkfirewall-firewallpolicy-statelessrulegroupreference-priority}
      */
     Priority: number;

package/out/exports/resources.generated/aws-networkfirewall-loggingconfiguration.d.ts

@@ -1,10 +1,10 @@
 import type { ResourceDefinition } from "../main.ts";
 /**
- * Use the `LoggingConfiguration` to define the destinations and logging options for an `Firewall` .
+ * Use the logging configuration to define the destinations and logging options for an firewall.
  *
  * You must change the logging configuration by changing one `LogDestinationConfig` setting at a time in your `LogDestinationConfigs` .
  *
- * You can make only one of the following changes to your `LoggingConfiguration` resource:
+ * You can make only one of the following changes to your logging configuration resource:
  *
  * - Create a new log destination object by adding a single `LogDestinationConfig` array element to `LogDestinationConfigs` .
  * - Delete a log destination object by removing a single `LogDestinationConfig` array element from `LogDestinationConfigs` .
@@ -15,11 +15,11 @@ import type { ResourceDefinition } from "../main.ts";
  */
 export type NetworkFirewallLoggingConfiguration = ResourceDefinition<"AWS::NetworkFirewall::LoggingConfiguration", NetworkFirewallLoggingConfigurationProps>;
 /**
- * Use the `LoggingConfiguration` to define the destinations and logging options for an `Firewall` .
+ * Use the logging configuration to define the destinations and logging options for an firewall.
  *
  * You must change the logging configuration by changing one `LogDestinationConfig` setting at a time in your `LogDestinationConfigs` .
  *
- * You can make only one of the following changes to your `LoggingConfiguration` resource:
+ * You can make only one of the following changes to your logging configuration resource:
  *
  * - Create a new log destination object by adding a single `LogDestinationConfig` array element to `LogDestinationConfigs` .
  * - Delete a log destination object by removing a single `LogDestinationConfig` array element from `LogDestinationConfigs` .
@@ -34,7 +34,7 @@ export type NetworkFirewallLoggingConfigurationProps = {
      */
     EnableMonitoringDashboard?: boolean | undefined;
     /**
-     * The Amazon Resource Name (ARN) of the `Firewall` that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
+     * The Amazon Resource Name (ARN) of the firewallthat the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-loggingconfiguration.html#cfn-networkfirewall-loggingconfiguration-firewallarn}
      */
     FirewallArn: string;
@@ -47,13 +47,13 @@ export type NetworkFirewallLoggingConfigurationProps = {
      */
     FirewallName?: string | undefined;
     /**
-     * Defines how AWS Network Firewall performs logging for a `Firewall` .
+     * Defines how AWS Network Firewall performs logging for a firewall.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-loggingconfiguration.html#cfn-networkfirewall-loggingconfiguration-loggingconfiguration}
      */
     LoggingConfiguration: LoggingConfiguration;
 };
 /**
- * Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in `LoggingConfiguration` . You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
+ * Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in logging configuration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
  *
  * Network Firewall generates logs for stateful rule groups. You can save alert and flow log types. The stateful rules engine records flow logs for all network traffic that it receives. It records alert logs for traffic that matches stateful rules that have the rule action set to `DROP` or `ALERT` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-loggingconfiguration-logdestinationconfig.html}
@@ -92,7 +92,7 @@ export type LogDestinationConfig = {
     LogType: "ALERT" | "FLOW" | "TLS";
 };
 /**
- * Defines how AWS Network Firewall performs logging for a `Firewall` .
+ * Defines how AWS Network Firewall performs logging for a firewall.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-loggingconfiguration-loggingconfiguration.html}
  */
 export type LoggingConfiguration = {

package/out/exports/resources.generated/aws-networkfirewall-rulegroup.d.ts

@@ -1,11 +1,11 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
 /**
- * Use the `RuleGroup` to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an `FirewallPolicy` to specify the filtering behavior of an `Firewall` .
+ * Use the [](https://docs.aws.amazon.com/RuleGroup) to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an firewall policy to specify the filtering behavior of an firewall.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html}
  */
 export type NetworkFirewallRuleGroup = ResourceDefinitionWithAttributes<"AWS::NetworkFirewall::RuleGroup", NetworkFirewallRuleGroupProps, NetworkFirewallRuleGroupAttribs>;
 /**
- * Use the `RuleGroup` to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an `FirewallPolicy` to specify the filtering behavior of an `Firewall` .
+ * Use the [](https://docs.aws.amazon.com/RuleGroup) to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an firewall policy to specify the filtering behavior of an firewall.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html}
  */
 export type NetworkFirewallRuleGroupProps = {
@@ -35,6 +35,16 @@ export type NetworkFirewallRuleGroupProps = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroupname}
      */
     RuleGroupName: string;
+    /**
+     * A complex type containing the currently selected rule option fields that will be displayed for rule summarization returned by `DescribeRuleGroupSummary` .
+     *
+     * - The `RuleOptions` specified in `SummaryConfiguration`
+     * - Rule metadata organization preferences
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-summaryconfiguration}
+     */
+    SummaryConfiguration?: {
+        RuleOptions?: SummaryRuleOption[] | undefined;
+    } | undefined;
     /**
      * An array of key-value pairs to apply to this resource.
      *
@@ -54,12 +64,12 @@ export type NetworkFirewallRuleGroupProps = {
  */
 export type NetworkFirewallRuleGroupAttribs = {
     /**
-     * The Amazon Resource Name (ARN) of the `RuleGroup` .
+     * The Amazon Resource Name (ARN) of the rule group.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-rulegrouparn}
      */
     RuleGroupArn: string;
     /**
-     * The unique ID of the `RuleGroup` resource.
+     * The unique ID of the rule group resource.
      * @minLength 36
      * @maxLength 36
      * @pattern ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$
@@ -81,7 +91,7 @@ export type ActionDefinition = {
     PublishMetricAction?: PublishMetricAction | undefined;
 };
 /**
- * A single IP address specification. This is used in the `RuleGroup.MatchAttributes` source and destination specifications.
+ * A single IP address specification. This is used in the match attributes source and destination specifications.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-address.html}
  */
 export type Address = {
@@ -110,8 +120,8 @@ export type Address = {
  *
  * You can use custom actions in the following places:
  *
- * - In an `RuleGroup.StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
- * - In an `FirewallPolicy` specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
+ * - In a `StatelessRulesAndCustomActions` . The custom actions are available for use by name inside the `StatelessRulesAndCustomActions` where you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes.
+ * - In an firewall policy specification, in `StatelessCustomActions` . The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-customaction.html}
  */
 export type CustomAction = {
@@ -216,7 +226,7 @@ export type Header = {
     SourcePort: string;
 };
 /**
- * A list of IP addresses and address ranges, in CIDR notation. This is part of a `RuleGroup.RuleVariables` .
+ * A list of IP addresses and address ranges, in CIDR notation. This is part of a `RuleVariables` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-ipset.html}
  */
 export type IPSet = {
@@ -227,12 +237,12 @@ export type IPSet = {
     Definition?: string[] | undefined;
 };
 /**
- * Configures one or more `IPSetReferences` for a Suricata-compatible rule group. An IP set reference is a rule variable that references a resource that you create and manage in another AWS service, such as an Amazon VPC prefix list. Network Firewall IP set references enable you to dynamically update the contents of your rules. When you create, update, or delete the IP set you are referencing in your rule, Network Firewall automatically updates the rule's content with the changes. For more information about IP set references in Network Firewall , see [Using IP set references](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall Developer Guide* .
+ * Configures one or more IP set references for a Suricata-compatible rule group. An IP set reference is a rule variable that references a resource that you create and manage in another AWS service, such as an Amazon VPC prefix list. Network Firewall IP set references enable you to dynamically update the contents of your rules. When you create, update, or delete the IP set you are referencing in your rule, Network Firewall automatically updates the rule's content with the changes. For more information about IP set references in Network Firewall , see [Using IP set references](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall Developer Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-ipsetreference.html}
  */
 export type IPSetReference = {
     /**
-     * The Amazon Resource Name (ARN) of the resource to include in the `RuleGroup.IPSetReference` .
+     * The Amazon Resource Name (ARN) of the resource to include in the IP set reference.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-ipsetreference.html#cfn-networkfirewall-rulegroup-ipsetreference-referencearn}
      */
     ReferenceArn?: string | undefined;
@@ -280,7 +290,7 @@ export type MatchAttributes = {
     TCPFlags?: TCPFlagField[] | undefined;
 };
 /**
- * A single port range specification. This is used for source and destination port ranges in the stateless `RuleGroup.MatchAttributes` .
+ * A single port range specification. This is used for source and destination port ranges in the stateless match attributes.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-portrange.html}
  */
 export type PortRange = {
@@ -317,7 +327,7 @@ export type PublishMetricAction = {
     Dimensions: Dimension[];
 };
 /**
- * Configures the `ReferenceSets` for a stateful rule group. For more information, see the [Using IP set references in Suricata compatible rule groups](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall User Guide* .
+ * Configures the reference sets for a stateful rule group. For more information, see the [Using IP set references in Suricata compatible rule groups](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html) in the *Network Firewall User Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-referencesets.html}
  */
 export type ReferenceSets = {
@@ -335,7 +345,7 @@ export type RuleDefinition = {
     /**
      * The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action and you can add custom actions.
      *
-     * > Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the `FirewallPolicy` .
+     * > Network Firewall only forwards a packet for stateful rule inspection if you specify `aws:forward_to_sfe` for a rule that the packet matches, or if the packet doesn't match any stateless rule and you specify `aws:forward_to_sfe` for the `StatelessDefaultActions` setting for the firewall policy.
      *
      * For every rule, you must specify exactly one of the following standard actions.
      *
@@ -409,7 +419,7 @@ export type RuleOption = {
  */
 export type RuleOrder = "DEFAULT_ACTION_ORDER" | "STRICT_ORDER";
 /**
- * Settings that are available for use in the rules in the `RuleGroup` where this is defined. See `CreateRuleGroup` or `UpdateRuleGroup` for usage.
+ * Settings that are available for use in the rules in the rule group where this is defined.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulevariables.html}
  */
 export type RuleVariables = {
@@ -439,7 +449,7 @@ export type RulesSource = {
      *
      * These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
      *
-     * > You can't use the `priority` keyword if the `RuleOrder` option in `StatefulRuleOptions` is set to `STRICT_ORDER` .
+     * > You can't use the `priority` keyword if the `RuleOrder` option in StatefulRuleOptions is set to `STRICT_ORDER` .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessource.html#cfn-networkfirewall-rulegroup-rulessource-rulesstring}
      */
     RulesString?: string | undefined;
@@ -459,7 +469,7 @@ export type RulesSource = {
  *
  * For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.
  *
- * By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the `HOME_NET` rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see `RuleGroup.RuleVariables` in this guide and [Stateful domain list rule groups in AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html) in the *Network Firewall Developer Guide*
+ * By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the `HOME_NET` rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see `RuleVariables` in this guide and [Stateful domain list rule groups in AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html) in the *Network Firewall Developer Guide*
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html}
  */
 export type RulesSourceList = {
@@ -493,12 +503,12 @@ export type StatefulRule = {
      * The actions for a stateful rule are defined as follows:
      *
      * - *PASS* - Permits the packets to go to the intended destination.
-     * - *DROP* - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+     * - *DROP* - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the firewall logging configuration.
      * - *REJECT* - Drops traffic that matches the conditions of the stateful rule and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. `REJECT` is available only for TCP traffic.
-     * - *ALERT* - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+     * - *ALERT* - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the firewall logging configuration.
      *
      * You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with `ALERT` action, verify in the logs that the rule is filtering as you want, then change the action to `DROP` .
-     * - *REJECT* - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the `Firewall` `LoggingConfiguration` .
+     * - *REJECT* - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a `RST` bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the firewall logging configuration.
      *
      * `REJECT` isn't currently available for use with IMAP and FTP protocols.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statefulrule.html#cfn-networkfirewall-rulegroup-statefulrule-action}
@@ -527,7 +537,7 @@ export type StatefulRuleOptions = {
     RuleOrder?: RuleOrder | undefined;
 };
 /**
- * A single stateless rule. This is used in `RuleGroup.StatelessRulesAndCustomActions` .
+ * A single stateless rule. This is used in `StatelessRulesAndCustomActions` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statelessrule.html}
  */
 export type StatelessRule = {
@@ -554,7 +564,7 @@ export type StatelessRule = {
  */
 export type StatelessRulesAndCustomActions = {
     /**
-     * Defines an array of individual custom action definitions that are available for use by the stateless rules in this `StatelessRulesAndCustomActions` specification. You name each custom action that you define, and then you can use it by name in your stateless rule `RuleGroup.RuleDefinition` `Actions` specification.
+     * Defines an array of individual custom action definitions that are available for use by the stateless rules in this `StatelessRulesAndCustomActions` specification. You name each custom action that you define, and then you can use it by name in your stateless rule definition `Actions` specification.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statelessrulesandcustomactions.html#cfn-networkfirewall-rulegroup-statelessrulesandcustomactions-customactions}
      */
     CustomActions?: CustomAction[] | undefined;
@@ -564,12 +574,16 @@ export type StatelessRulesAndCustomActions = {
      */
     StatelessRules: StatelessRule[];
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-summaryruleoption.html}
+ */
+export type SummaryRuleOption = "SID" | "MSG" | "METADATA";
 /**
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-tcpflag.html}
  */
 export type TCPFlag = "FIN" | "SYN" | "RST" | "PSH" | "ACK" | "URG" | "ECE" | "CWR";
 /**
- * TCP flags and masks to inspect packets for. This is used in the `RuleGroup.MatchAttributes` specification.
+ * TCP flags and masks to inspect packets for. This is used in the match attributes specification.
  *
  * For example:
  *