@pulumi/aws-native 1.28.0-alpha.1747373744 → 1.28.0-alpha.1747657511

package/types/input.d.ts

@@ -5689,11 +5689,23 @@ export declare namespace appsync {
         authType?: pulumi.Input<enums.appsync.ChannelNamespaceAuthenticationType>;
     }
     interface ChannelNamespaceHandlerConfigArgs {
+        /**
+         * The behavior for the handler.
+         */
         behavior: pulumi.Input<enums.appsync.ChannelNamespaceHandlerBehavior>;
+        /**
+         * The integration data source configuration for the handler.
+         */
         integration: pulumi.Input<inputs.appsync.ChannelNamespaceIntegrationArgs>;
     }
     interface ChannelNamespaceHandlerConfigsArgs {
+        /**
+         * The configuration for the `OnPublish` handler.
+         */
         onPublish?: pulumi.Input<inputs.appsync.ChannelNamespaceHandlerConfigArgs>;
+        /**
+         * The configuration for the `OnSubscribe` handler.
+         */
         onSubscribe?: pulumi.Input<inputs.appsync.ChannelNamespaceHandlerConfigArgs>;
     }
     interface ChannelNamespaceIntegrationArgs {
@@ -5701,9 +5713,15 @@ export declare namespace appsync {
          * Data source to invoke for this integration.
          */
         dataSourceName: pulumi.Input<string>;
+        /**
+         * The configuration for a Lambda data source.
+         */
         lambdaConfig?: pulumi.Input<inputs.appsync.ChannelNamespaceLambdaConfigArgs>;
     }
     interface ChannelNamespaceLambdaConfigArgs {
+        /**
+         * The invocation type for a Lambda data source.
+         */
         invokeType: pulumi.Input<enums.appsync.ChannelNamespaceInvokeType>;
     }
     interface DataSourceAuthorizationConfigArgs {
@@ -13670,10 +13688,10 @@ export declare namespace cloudfront {
     interface CachePolicyCookiesConfigArgs {
         /**
          * Determines whether any cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
-         *   +   ``none`` – No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.
-         *   +   ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
-         *   +   ``allExcept`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* for those that are listed in the ``CookieNames`` type, which are not included.
-         *   +   ``all`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
+         *   +  ``none`` – No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in an ``OriginRequestPolicy``*are* included in origin requests.
+         *   +  ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
+         *   +  ``allExcept`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* for those that are listed in the ``CookieNames`` type, which are not included.
+         *   +  ``all`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
          */
         cookieBehavior: pulumi.Input<string>;
         /**
@@ -13687,8 +13705,8 @@ export declare namespace cloudfront {
     interface CachePolicyHeadersConfigArgs {
         /**
          * Determines whether any HTTP headers are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
-         *   +   ``none`` – No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.
-         *   +   ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in the cache key and in requests that CloudFront sends to the origin.
+         *   +  ``none`` – No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in an ``OriginRequestPolicy``*are* included in origin requests.
+         *   +  ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in the cache key and in requests that CloudFront sends to the origin.
          */
         headerBehavior: pulumi.Input<string>;
         /**
@@ -13707,7 +13725,7 @@ export declare namespace cloudfront {
         cookiesConfig: pulumi.Input<inputs.cloudfront.CachePolicyCookiesConfigArgs>;
         /**
          * A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.
-         *  This field is related to the ``EnableAcceptEncodingGzip`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
+         *  This field is related to the ``EnableAcceptEncodingGzip`` field. If one or both of these fields is ``true``*and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
          *   +  Normalizes the value of the viewer's ``Accept-Encoding`` header
          *   +  Includes the normalized header in the cache key
          *   +  Includes the normalized header in the request to the origin, if a request is necessary
@@ -13719,7 +13737,7 @@ export declare namespace cloudfront {
         enableAcceptEncodingBrotli?: pulumi.Input<boolean>;
         /**
          * A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.
-         *  This field is related to the ``EnableAcceptEncodingBrotli`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
+         *  This field is related to the ``EnableAcceptEncodingBrotli`` field. If one or both of these fields is ``true``*and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
          *   +  Normalizes the value of the viewer's ``Accept-Encoding`` header
          *   +  Includes the normalized header in the cache key
          *   +  Includes the normalized header in the request to the origin, if a request is necessary
@@ -13744,10 +13762,10 @@ export declare namespace cloudfront {
     interface CachePolicyQueryStringsConfigArgs {
         /**
          * Determines whether any URL query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
-         *   +   ``none`` – No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.
-         *   +   ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
-         *   +   ``allExcept`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* those that are listed in the ``QueryStringNames`` type, which are not included.
-         *   +   ``all`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
+         *   +  ``none`` – No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in an ``OriginRequestPolicy``*are* included in origin requests.
+         *   +  ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
+         *   +  ``allExcept`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* those that are listed in the ``QueryStringNames`` type, which are not included.
+         *   +  ``all`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
          */
         queryStringBehavior: pulumi.Input<string>;
         /**
@@ -13979,9 +13997,9 @@ export declare namespace cloudfront {
         trustedSigners?: pulumi.Input<pulumi.Input<string>[]>;
         /**
          * The protocol that viewers can use to access the files in the origin specified by ``TargetOriginId`` when a request matches the path pattern in ``PathPattern``. You can specify the following options:
-         *   +   ``allow-all``: Viewers can use HTTP or HTTPS.
-         *   +   ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
-         *   +   ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
+         *   +  ``allow-all``: Viewers can use HTTP or HTTPS.
+         *   +  ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
+         *   +  ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
          *
          *  For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide*.
          *   The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
@@ -14112,7 +14130,7 @@ export declare namespace cloudfront {
         viewerCertificate?: pulumi.Input<inputs.cloudfront.DistributionViewerCertificateArgs>;
         /**
          * A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``.
-         *   WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
+         *  WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
          */
         webAclId?: pulumi.Input<string>;
     }
@@ -14184,7 +14202,7 @@ export declare namespace cloudfront {
         responsePagePath?: pulumi.Input<string>;
     }
     /**
-     * A custom origin. A custom origin is any origin that is *not* an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin.
+     * A custom origin. A custom origin is any origin that is *not* an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)*is* a custom origin.
      */
     interface DistributionCustomOriginConfigArgs {
         /**
@@ -14202,9 +14220,9 @@ export declare namespace cloudfront {
         originKeepaliveTimeout?: pulumi.Input<number>;
         /**
          * Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:
-         *   +   ``http-only`` – CloudFront always uses HTTP to connect to the origin.
-         *   +   ``match-viewer`` – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.
-         *   +   ``https-only`` – CloudFront always uses HTTPS to connect to the origin.
+         *   +  ``http-only`` – CloudFront always uses HTTP to connect to the origin.
+         *   +  ``match-viewer`` – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.
+         *   +  ``https-only`` – CloudFront always uses HTTPS to connect to the origin.
          */
         originProtocolPolicy: pulumi.Input<string>;
         /**
@@ -14321,9 +14339,9 @@ export declare namespace cloudfront {
         trustedSigners?: pulumi.Input<pulumi.Input<string>[]>;
         /**
          * The protocol that viewers can use to access the files in the origin specified by ``TargetOriginId`` when a request matches the path pattern in ``PathPattern``. You can specify the following options:
-         *   +   ``allow-all``: Viewers can use HTTP or HTTPS.
-         *   +   ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
-         *   +   ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
+         *   +  ``allow-all``: Viewers can use HTTP or HTTPS.
+         *   +  ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
+         *   +  ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
          *
          *  For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide*.
          *   The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
@@ -14396,9 +14414,9 @@ export declare namespace cloudfront {
         locations?: pulumi.Input<pulumi.Input<string>[]>;
         /**
          * The method that you want to use to restrict distribution of your content by country:
-         *   +   ``none``: No geo restriction is enabled, meaning access to content is not restricted by client geo location.
-         *   +   ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content.
-         *   +   ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content.
+         *   +  ``none``: No geo restriction is enabled, meaning access to content is not restricted by client geo location.
+         *   +  ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content.
+         *   +  ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content.
          */
         restrictionType: pulumi.Input<string>;
     }
@@ -14419,10 +14437,10 @@ export declare namespace cloudfront {
     interface DistributionLambdaFunctionAssociationArgs {
         /**
          * Specifies the event type that triggers a Lambda@Edge function invocation. You can specify the following values:
-         *   +   ``viewer-request``: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.
-         *   +   ``origin-request``: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute.
-         *   +   ``origin-response``: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute.
-         *   +   ``viewer-response``: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
+         *   +  ``viewer-request``: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.
+         *   +  ``origin-request``: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute.
+         *   +  ``origin-response``: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute.
+         *   +  ``viewer-response``: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
          *  If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn't execute.
          */
         eventType?: pulumi.Input<string>;
@@ -14436,7 +14454,7 @@ export declare namespace cloudfront {
         lambdaFunctionArn?: pulumi.Input<string>;
     }
     /**
-     * A custom origin. A custom origin is any origin that is *not* an S3 bucket, with one exception. An S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin.
+     * A custom origin. A custom origin is any origin that is *not* an S3 bucket, with one exception. An S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)*is* a custom origin.
      *   This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead.
      */
     interface DistributionLegacyCustomOriginArgs {
@@ -14661,6 +14679,9 @@ export declare namespace cloudfront {
          */
         originShieldRegion?: pulumi.Input<string>;
     }
+    /**
+     * A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
+     */
     interface DistributionParameterDefinitionArgs {
         /**
          * The value that you assigned to the parameter.
@@ -14720,15 +14741,21 @@ export declare namespace cloudfront {
          */
         quantity: pulumi.Input<number>;
     }
+    /**
+     * The ACMlong (ACM) certificate associated with your distribution.
+     */
     interface DistributionTenantCertificateArgs {
         /**
          * The Amazon Resource Name (ARN) of the ACM certificate.
          */
         arn?: pulumi.Input<string>;
     }
+    /**
+     * Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.
+     */
     interface DistributionTenantCustomizationsArgs {
         /**
-         * The AWS Certificate Manager (ACM) certificate.
+         * The ACMlong (ACM) certificate.
          */
         certificate?: pulumi.Input<inputs.cloudfront.DistributionTenantCertificateArgs>;
         /**
@@ -14736,10 +14763,13 @@ export declare namespace cloudfront {
          */
         geoRestrictions?: pulumi.Input<inputs.cloudfront.DistributionTenantGeoRestrictionCustomizationArgs>;
         /**
-         * The AWS WAF web ACL.
+         * The WAF web ACL.
          */
         webAcl?: pulumi.Input<inputs.cloudfront.DistributionTenantWebAclCustomizationArgs>;
     }
+    /**
+     * The customizations that you specified for the distribution tenant for geographic restrictions.
+     */
     interface DistributionTenantGeoRestrictionCustomizationArgs {
         /**
          * The locations for geographic restrictions.
@@ -14747,16 +14777,18 @@ export declare namespace cloudfront {
         locations?: pulumi.Input<pulumi.Input<string>[]>;
         /**
          * The method that you want to use to restrict distribution of your content by country:
-         *
-         * - `none` : No geographic restriction is enabled, meaning access to content is not restricted by client geo location.
-         * - `blacklist` : The `Location` elements specify the countries in which you don't want CloudFront to distribute your content.
-         * - `whitelist` : The `Location` elements specify the countries in which you want CloudFront to distribute your content.
+         *   +  ``none``: No geographic restriction is enabled, meaning access to content is not restricted by client geo location.
+         *   +  ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content.
+         *   +  ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content.
          */
         restrictionType?: pulumi.Input<enums.cloudfront.DistributionTenantGeoRestrictionCustomizationRestrictionType>;
     }
+    /**
+     * An object that represents the request for the Amazon CloudFront managed ACM certificate.
+     */
     interface DistributionTenantManagedCertificateRequestArgs {
         /**
-         * You can opt out of certificate transparency logging by specifying the `disabled` option. Opt in by specifying `enabled` . For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) in the *AWS Certificate Manager User Guide* .
+         * You can opt out of certificate transparency logging by specifying the ``disabled`` option. Opt in by specifying ``enabled``. For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) in the *User Guide*.
          */
         certificateTransparencyLoggingPreference?: pulumi.Input<enums.cloudfront.DistributionTenantManagedCertificateRequestCertificateTransparencyLoggingPreference>;
         /**
@@ -14765,12 +14797,14 @@ export declare namespace cloudfront {
         primaryDomainName?: pulumi.Input<string>;
         /**
          * Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate.
-         *
-         * - For `cloudfront` , CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately.
-         * - For `self-hosted` , you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.
+         *   +  For ``cloudfront``, CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately.
+         *   +  For ``self-hosted``, you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.
          */
         validationTokenHost?: pulumi.Input<enums.cloudfront.DistributionTenantManagedCertificateRequestValidationTokenHost>;
     }
+    /**
+     * A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
+     */
     interface DistributionTenantParameterArgs {
         /**
          * The parameter name.
@@ -14781,13 +14815,16 @@ export declare namespace cloudfront {
          */
         value?: pulumi.Input<string>;
     }
+    /**
+     * The WAF web ACL customization specified for the distribution tenant.
+     */
     interface DistributionTenantWebAclCustomizationArgs {
         /**
-         * The action for the AWS WAF web ACL customization. You can specify `override` to specify a separate AWS WAF web ACL for the distribution tenant. If you specify `disable` , the distribution tenant won't have AWS WAF web ACL protections and won't inherit from the multi-tenant distribution.
+         * The action for the WAF web ACL customization. You can specify ``override`` to specify a separate WAF web ACL for the distribution tenant. If you specify ``disable``, the distribution tenant won't have WAF web ACL protections and won't inherit from the multi-tenant distribution.
          */
         action?: pulumi.Input<enums.cloudfront.DistributionTenantWebAclCustomizationAction>;
         /**
-         * The Amazon Resource Name (ARN) of the AWS WAF web ACL.
+         * The Amazon Resource Name (ARN) of the WAF web ACL.
          */
         arn?: pulumi.Input<string>;
     }
@@ -14801,8 +14838,8 @@ export declare namespace cloudfront {
      *
      *   +  The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*.
      *   +  The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both):
-     *   +   ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.)
-     *   +   ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.)
+     *   +  ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.)
+     *   +  ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.)
      *
      *
      *  All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``.
@@ -14818,7 +14855,7 @@ export declare namespace cloudfront {
         /**
          * If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, set this field to ``true``.
          *  If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:
-         *   +   ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
+         *   +  ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
          *   +   ``MinimumProtocolVersion``
          *   +   ``SslSupportMethod``
          */
@@ -14843,9 +14880,9 @@ export declare namespace cloudfront {
         /**
          * In CloudFormation, this field name is ``SslSupportMethod``. Note the different capitalization.
          *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
-         *   +   ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
-         *   +   ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
-         *   +   ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
+         *   +  ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
+         *   +  ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
+         *   +  ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
          *
          *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, don't set a value for this field.
          */
@@ -14975,9 +15012,9 @@ export declare namespace cloudfront {
         /**
          * Specifies which requests CloudFront signs (adds authentication information to). Specify ``always`` for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide*.
          *  This field can have one of the following values:
-         *   +   ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.
-         *   +   ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
-         *   +   ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.*
+         *   +  ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.
+         *   +  ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
+         *   +  ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.*
          */
         signingBehavior: pulumi.Input<string>;
         /**
@@ -15022,10 +15059,10 @@ export declare namespace cloudfront {
     interface OriginRequestPolicyCookiesConfigArgs {
         /**
          * Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:
-         *   +   ``none`` – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in a ``CachePolicy`` *are* included in origin requests.
-         *   +   ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in requests that CloudFront sends to the origin.
-         *   +   ``all`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin.
-         *   +   ``allExcept`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``CookieNames`` type, which are not included.
+         *   +  ``none`` – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in a ``CachePolicy``*are* included in origin requests.
+         *   +  ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in requests that CloudFront sends to the origin.
+         *   +  ``all`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin.
+         *   +  ``allExcept`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``CookieNames`` type, which are not included.
          */
         cookieBehavior: pulumi.Input<string>;
         /**
@@ -15039,11 +15076,11 @@ export declare namespace cloudfront {
     interface OriginRequestPolicyHeadersConfigArgs {
         /**
          * Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are:
-         *   +   ``none`` – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in a ``CachePolicy`` *are* included in origin requests.
-         *   +   ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin.
-         *   +   ``allViewer`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.
-         *   +   ``allViewerAndWhitelistCloudFront`` – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.
-         *   +   ``allExcept`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``Headers`` type, which are not included.
+         *   +  ``none`` – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in a ``CachePolicy``*are* included in origin requests.
+         *   +  ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin.
+         *   +  ``allViewer`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.
+         *   +  ``allViewerAndWhitelistCloudFront`` – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.
+         *   +  ``allExcept`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``Headers`` type, which are not included.
          */
         headerBehavior: pulumi.Input<string>;
         /**
@@ -15057,10 +15094,10 @@ export declare namespace cloudfront {
     interface OriginRequestPolicyQueryStringsConfigArgs {
         /**
          * Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:
-         *   +   ``none`` – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in a ``CachePolicy`` *are* included in origin requests.
-         *   +   ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in requests that CloudFront sends to the origin.
-         *   +   ``all`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin.
-         *   +   ``allExcept`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``QueryStringNames`` type, which are not included.
+         *   +  ``none`` – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in a ``CachePolicy``*are* included in origin requests.
+         *   +  ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in requests that CloudFront sends to the origin.
+         *   +  ``all`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin.
+         *   +  ``allExcept`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``QueryStringNames`` type, which are not included.
          */
         queryStringBehavior: pulumi.Input<string>;
         /**
@@ -15090,11 +15127,11 @@ export declare namespace cloudfront {
         name: pulumi.Input<string>;
     }
     /**
-     * Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.
+     * Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
      */
     interface RealtimeLogConfigEndPointArgs {
         /**
-         * Contains information about the Amazon Kinesis data stream where you are sending real-time log data.
+         * Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.
          */
         kinesisStreamConfig: pulumi.Input<inputs.cloudfront.RealtimeLogConfigKinesisStreamConfigArgs>;
         /**
@@ -15142,7 +15179,7 @@ export declare namespace cloudfront {
          *   +   ``PUT``
          *   +   ``ALL``
          *
-         *   ``ALL`` is a special value that includes all of the listed HTTP methods.
+         *  ``ALL`` is a special value that includes all of the listed HTTP methods.
          */
         items: pulumi.Input<pulumi.Input<string>[]>;
     }
@@ -16280,6 +16317,10 @@ export declare namespace codepipeline {
          * The name of the environment variable.
          */
         name: pulumi.Input<string>;
+        /**
+         * The type of the environment variable.
+         */
+        type?: pulumi.Input<enums.codepipeline.PipelineEnvironmentVariableType>;
         /**
          * The value of the environment variable.
          */
@@ -21612,6 +21653,10 @@ export declare namespace deadline {
         sizeGiB?: pulumi.Input<number>;
         throughputMiB?: pulumi.Input<number>;
     }
+    interface FleetHostConfigurationArgs {
+        scriptBody: pulumi.Input<string>;
+        scriptTimeoutSeconds?: pulumi.Input<number>;
+    }
     interface FleetMemoryMiBRangeArgs {
         max?: pulumi.Input<number>;
         min: pulumi.Input<number>;
@@ -24275,6 +24320,20 @@ export declare namespace ec2 {
          *  Valid Range: Minimum value of 125. Maximum value of 1000.
          */
         throughput?: pulumi.Input<number>;
+        /**
+         * Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as *volume initialization* . Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.
+         *
+         * This parameter is supported only for volumes created from snapshots. Omit this parameter if:
+         *
+         * - You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.
+         *
+         * > If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.
+         * - You want to create a volume that is initialized at the default rate.
+         *
+         * For more information, see [Initialize Amazon EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html) in the *Amazon EC2 User Guide* .
+         *
+         * Valid range: 100 - 300 MiB/s
+         */
         volumeInitializationRate?: pulumi.Input<number>;
         /**
          * The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:
@@ -27508,11 +27567,11 @@ export declare namespace ecs {
      */
     interface ServiceManagedEbsVolumeConfigurationArgs {
         /**
-         * Indicates whether the volume should be encrypted. If no value is specified, encryption is turned on by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*.
+         * Indicates whether the volume should be encrypted. If you turn on Region-level Amazon EBS encryption by default but set this value as ``false``, the setting is overridden and the volume is encrypted with the KMS key specified for Amazon EBS encryption by default. This parameter maps 1:1 with the ``Encrypted`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*.
          */
         encrypted?: pulumi.Input<boolean>;
         /**
-         * The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the task will fail to start.
+         * The filesystem type for the volume. For volumes created from a snapshot, you must specify the same filesystem type that the volume was using when the snapshot was created. If there is a filesystem type mismatch, the tasks will fail to start.
          *  The available Linux filesystem types are
          *  ``ext3``, ``ext4``, and ``xfs``. If no value is specified, the ``xfs`` filesystem type is used by default.
          *  The available Windows filesystem types are ``NTFS``.
@@ -27530,7 +27589,7 @@ export declare namespace ecs {
          */
         iops?: pulumi.Input<number>;
         /**
-         * The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When encryption is turned on and no AWS Key Management Service key is specified, the default AWS managed key for Amazon EBS volumes is used. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*.
+         * The Amazon Resource Name (ARN) identifier of the AWS Key Management Service key to use for Amazon EBS encryption. When a key is specified using this parameter, it overrides Amazon EBS default encryption or any KMS key that you specified for cluster-level managed storage encryption. This parameter maps 1:1 with the ``KmsKeyId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. For more information about encrypting Amazon EBS volumes attached to tasks, see [Encrypt data stored in Amazon EBS volumes attached to Amazon ECS tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ebs-kms-encryption.html).
          *   AWS authenticates the AWS Key Management Service key asynchronously. Therefore, if you specify an ID, alias, or ARN that is invalid, the action can appear to complete, but eventually fails.
          */
         kmsKeyId?: pulumi.Input<string>;
@@ -27548,7 +27607,7 @@ export declare namespace ecs {
          */
         sizeInGiB?: pulumi.Input<number>;
         /**
-         * The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot ID or a volume size. This parameter maps 1:1 with the ``SnapshotId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*.
+         * The snapshot that Amazon ECS uses to create volumes for attachment to tasks maintained by the service. You must specify either ``snapshotId`` or ``sizeInGiB`` in your volume configuration. This parameter maps 1:1 with the ``SnapshotId`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*.
          */
         snapshotId?: pulumi.Input<string>;
         /**
@@ -27560,6 +27619,9 @@ export declare namespace ecs {
          *   This parameter is only supported for the ``gp3`` volume type.
          */
         throughput?: pulumi.Input<number>;
+        /**
+         * The rate, in MiB/s, at which data is fetched from a snapshot of an existing EBS volume to create new volumes for attachment to the tasks maintained by the service. This property can be specified only if you specify a ``snapshotId``. For more information, see [Initialize Amazon EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html) in the *Amazon EBS User Guide*.
+         */
         volumeInitializationRate?: pulumi.Input<number>;
         /**
          * The volume type. This parameter maps 1:1 with the ``VolumeType`` parameter of the [CreateVolume API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html) in the *Amazon EC2 API Reference*. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) in the *Amazon EC2 User Guide*.
@@ -51537,7 +51599,13 @@ export declare namespace omics {
         optional?: pulumi.Input<boolean>;
     }
     interface WorkflowVersionWorkflowParameterArgs {
+        /**
+         * The parameter's description.
+         */
         description?: pulumi.Input<string>;
+        /**
+         * Whether the parameter is optional.
+         */
         optional?: pulumi.Input<boolean>;
     }
 }
@@ -86712,6 +86780,9 @@ export declare namespace sagemaker {
          * The SageMaker image name that you are hiding from the Studio user interface.
          */
         sageMakerImageName?: pulumi.Input<enums.sagemaker.DomainHiddenSageMakerImageSageMakerImageName>;
+        /**
+         * The version aliases you are hiding from the Studio user interface.
+         */
         versionAliases?: pulumi.Input<pulumi.Input<string>[]>;
     }
     interface DomainIdleSettingsArgs {
@@ -90115,6 +90186,9 @@ export declare namespace sagemaker {
          * The SageMaker image name that you are hiding from the Studio user interface.
          */
         sageMakerImageName?: pulumi.Input<enums.sagemaker.UserProfileHiddenSageMakerImageSageMakerImageName>;
+        /**
+         * The version aliases you are hiding from the Studio user interface.
+         */
         versionAliases?: pulumi.Input<pulumi.Input<string>[]>;
     }
     interface UserProfileIdleSettingsArgs {