@pulumi/aws 6.69.0-alpha.1739293705 → 6.69.0

package/types/output.d.ts

@@ -9359,7 +9359,7 @@ export declare namespace backup {
          */
         key: string;
         /**
-         * An operation, such as `StringEquals`, that is applied to a key-value pair used to filter resources in a selection.
+         * An operation, such as `STRINGEQUALS`, that is applied to a key-value pair used to filter resources in a selection.
          */
         type: string;
         /**
@@ -35439,21 +35439,149 @@ export declare namespace fms {
          */
         managedServiceData?: string;
         /**
-         * Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
+         * Contains the Network Firewall firewall policy options to configure a centralized deployment model. See the `policyOption` block.
          */
         policyOption?: outputs.fms.PolicySecurityServicePolicyDataPolicyOption;
         /**
-         * The service that the policy is using to protect the resources. For the current list of supported types, please refer to the [AWS Firewall Manager SecurityServicePolicyData API Type Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html#fms-Type-SecurityServicePolicyData-Type).
+         * An integer value containing ICMP type.
          */
         type: string;
     }
     interface PolicySecurityServicePolicyDataPolicyOption {
         /**
-         * Defines the deployment model to use for the firewall policy. Documented below.
+         * Defines NACL rules across accounts in their AWS Organization. See the `networkAclCommonPolicy` block.
+         */
+        networkAclCommonPolicy?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicy;
+        /**
+         * Defines the deployment model to use for the firewall policy.  See the `networkFirewallPolicy` block.
          */
         networkFirewallPolicy?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicy;
         thirdPartyFirewallPolicy?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicy;
     }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicy {
+        /**
+         * Defines NACL entries for Network ACL policy. See the `networkAclEntrySet` block.
+         */
+        networkAclEntrySet?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySet;
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySet {
+        /**
+         * The rules that you want to run first in the Firewall Manager managed network ACLs. Firewall manager creates entries with ID value between 1 and 5000. See the `firstEntry` block.
+         */
+        firstEntries?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntry[];
+        /**
+         * A boolean value, if true Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries. If false Firewall Manager marks the network ACL as noncompliant and does not try to remediate.
+         */
+        forceRemediateForFirstEntries: boolean;
+        /**
+         * A boolean value, if true Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries. If false Firewall Manager marks the network ACL as noncompliant and does not try to remediate.
+         */
+        forceRemediateForLastEntries: boolean;
+        /**
+         * The rules that you want to run last in the Firewall Manager managed network ACLs. Firewall manager creates entries with ID value between 32000 and 32766. See the `lastEntry` block.
+         */
+        lastEntries?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntry[];
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntry {
+        /**
+         * A string value containing the IPv4 network range to allow or deny, in CIDR notation.
+         */
+        cidrBlock?: string;
+        /**
+         * A boolean value, if true Firewall Manager creates egress rule. If false Firewall Manager creates ingress rule.
+         */
+        egress: boolean;
+        /**
+         * A configuration block for ICMP protocol: The ICMP type and code. See the `icmpTypeCode` block.
+         */
+        icmpTypeCodes?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntryIcmpTypeCode[];
+        /**
+         * A string value containing the IPv6 network range to allow or deny, in CIDR notation.
+         */
+        ipv6CidrBlock?: string;
+        /**
+         * A configuration block for PortRange. See the `portRange` block.
+         */
+        portRanges?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntryPortRange[];
+        /**
+         * The protocol number. A value of "-1" means all protocols.
+         */
+        protocol: string;
+        /**
+         * A string value that indicates whether to allow or deny the traffic that matches the rule. Valid values: `allow`, `deny`.
+         */
+        ruleAction: string;
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntryIcmpTypeCode {
+        /**
+         * An integer value containing ICMP code.
+         */
+        code?: number;
+        /**
+         * An integer value containing ICMP type.
+         */
+        type?: number;
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntryPortRange {
+        /**
+         * The beginning port number of the range.
+         */
+        from?: number;
+        /**
+         * The ending port number of the range.
+         */
+        to?: number;
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntry {
+        /**
+         * A string value containing the IPv4 network range to allow or deny, in CIDR notation.
+         */
+        cidrBlock?: string;
+        /**
+         * A boolean value, if true Firewall Manager creates egress rule. If false Firewall Manager creates ingress rule.
+         */
+        egress: boolean;
+        /**
+         * A configuration block for ICMP protocol: The ICMP type and code. See the `icmpTypeCode` block.
+         */
+        icmpTypeCodes?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntryIcmpTypeCode[];
+        /**
+         * A string value containing the IPv6 network range to allow or deny, in CIDR notation.
+         */
+        ipv6CidrBlock?: string;
+        /**
+         * A configuration block for PortRange. See the `portRange` block.
+         */
+        portRanges?: outputs.fms.PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntryPortRange[];
+        /**
+         * The protocol number. A value of "-1" means all protocols.
+         */
+        protocol: string;
+        /**
+         * A string value that indicates whether to allow or deny the traffic that matches the rule. Valid values: `allow`, `deny`.
+         */
+        ruleAction: string;
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntryIcmpTypeCode {
+        /**
+         * An integer value containing ICMP code.
+         */
+        code?: number;
+        /**
+         * An integer value containing ICMP type.
+         */
+        type?: number;
+    }
+    interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntryPortRange {
+        /**
+         * The beginning port number of the range.
+         */
+        from?: number;
+        /**
+         * The ending port number of the range.
+         */
+        to?: number;
+    }
     interface PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicy {
         /**
          * Defines the deployment model to use for the third-party firewall policy. Valid values are `CENTRALIZED` and `DISTRIBUTED`.
@@ -70208,11 +70336,11 @@ export declare namespace route53 {
          */
         evaluateTargetHealth: boolean;
         /**
-         * DNS domain name for a CloudFront distribution, S3 bucket, ELB, or another resource record set in this hosted zone.
+         * DNS domain name for a CloudFront distribution, S3 bucket, ELB, AWS Global Accelerator, or another resource record set in this hosted zone.
          */
         name: string;
         /**
-         * Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See `resource_elb.zone_id` for example.
+         * Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, AWS Global Accelerator, or Route 53 hosted zone. See `resource_elb.zone_id` for example.
          */
         zoneId: string;
     }
@@ -71286,7 +71414,7 @@ export declare namespace s3 {
          *
          * @deprecated Use filter instead
          */
-        prefix?: string;
+        prefix: string;
         /**
          * Whether the rule is currently being applied. Valid values: `Enabled` or `Disabled`.
          */
@@ -71310,7 +71438,7 @@ export declare namespace s3 {
         /**
          * Lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
          */
-        days?: number;
+        days: number;
         /**
          * Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to `true`, the delete marker will be expired; if set to `false` the policy takes no action.
          */
@@ -71324,15 +71452,15 @@ export declare namespace s3 {
         /**
          * Minimum object size (in bytes) to which the rule applies.
          */
-        objectSizeGreaterThan?: string;
+        objectSizeGreaterThan: number;
         /**
          * Maximum object size (in bytes) to which the rule applies.
          */
-        objectSizeLessThan?: string;
+        objectSizeLessThan: number;
         /**
          * Prefix identifying one or more objects to which the rule applies. Defaults to an empty string (`""`) if not specified.
          */
-        prefix?: string;
+        prefix: string;
         /**
          * Configuration block for specifying a tag key and value. See below.
          */
@@ -71342,15 +71470,15 @@ export declare namespace s3 {
         /**
          * Minimum object size to which the rule applies. Value must be at least `0` if specified. Defaults to 128000 (128 KB) for all `storageClass` values unless `transitionDefaultMinimumObjectSize` specifies otherwise.
          */
-        objectSizeGreaterThan?: number;
+        objectSizeGreaterThan: number;
         /**
          * Maximum object size to which the rule applies. Value must be at least `1` if specified.
          */
-        objectSizeLessThan?: number;
+        objectSizeLessThan: number;
         /**
          * Prefix identifying one or more objects to which the rule applies.
          */
-        prefix?: string;
+        prefix: string;
         /**
          * Key-value map of resource tags. All of these tags must exist in the object's tag set in order for the rule to apply.
          */
@@ -71372,21 +71500,21 @@ export declare namespace s3 {
         /**
          * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer.
          */
-        newerNoncurrentVersions?: string;
+        newerNoncurrentVersions: number;
         /**
          * Number of days an object is noncurrent before Amazon S3 can perform the associated action. Must be a positive integer.
          */
-        noncurrentDays?: number;
+        noncurrentDays: number;
     }
     interface BucketLifecycleConfigurationV2RuleNoncurrentVersionTransition {
         /**
          * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer.
          */
-        newerNoncurrentVersions?: string;
+        newerNoncurrentVersions: number;
         /**
          * Number of days an object is noncurrent before Amazon S3 can perform the associated action.
          */
-        noncurrentDays?: number;
+        noncurrentDays: number;
         /**
          * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`.
          */
@@ -71400,12 +71528,22 @@ export declare namespace s3 {
         /**
          * Number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. If both `days` and `date` are not specified, defaults to `0`. Valid values depend on `storageClass`, see [Transition objects using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html) for more details.
          */
-        days?: number;
+        days: number;
         /**
          * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`.
          */
         storageClass: string;
     }
+    interface BucketLifecycleConfigurationV2Timeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: string;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        update?: string;
+    }
     interface BucketLifecycleRule {
         /**
          * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.

package/types/output.js.map

@@ -1 +1 @@
-{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AA+pwEjF,IAAiB,GAAG,CA6bnB;AA7bD,WAAiB,GAAG;IA4XhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAyDL,CAAC,EA7bgB,GAAG,GAAH,WAAG,KAAH,WAAG,QA6bnB"}
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAuywEjF,IAAiB,GAAG,CA6bnB;AA7bD,WAAiB,GAAG;IA4XhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAyDL,CAAC,EA7bgB,GAAG,GAAH,WAAG,KAAH,WAAG,QA6bnB"}

package/wafv2/webAcl.d.ts

@@ -59,7 +59,7 @@ export declare class WebAcl extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Raw JSON string to allow more than three nested statements. Conflicts with `rule` attribute. This is for advanced use cases where more than 3 levels of nested statements are required. **There is no drift detection at this time**. If you use this attribute instead of `rule`, you will be foregoing drift detection. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) for the JSON structure.
+     * Raw JSON string to allow more than three nested statements. Conflicts with `rule` attribute. This is for advanced use cases where more than 3 levels of nested statements are required. **There is no drift detection at this time**. If you use this attribute instead of `rule`, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with `ruleJson` set will result in a one time in-place update as the remote rule configuration is initially written to the `rule` attribute. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) for the JSON structure.
      */
     readonly ruleJson: pulumi.Output<string | undefined>;
     /**
@@ -147,7 +147,7 @@ export interface WebAclState {
      */
     name?: pulumi.Input<string>;
     /**
-     * Raw JSON string to allow more than three nested statements. Conflicts with `rule` attribute. This is for advanced use cases where more than 3 levels of nested statements are required. **There is no drift detection at this time**. If you use this attribute instead of `rule`, you will be foregoing drift detection. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) for the JSON structure.
+     * Raw JSON string to allow more than three nested statements. Conflicts with `rule` attribute. This is for advanced use cases where more than 3 levels of nested statements are required. **There is no drift detection at this time**. If you use this attribute instead of `rule`, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with `ruleJson` set will result in a one time in-place update as the remote rule configuration is initially written to the `rule` attribute. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) for the JSON structure.
      */
     ruleJson?: pulumi.Input<string>;
     /**
@@ -214,7 +214,7 @@ export interface WebAclArgs {
      */
     name?: pulumi.Input<string>;
     /**
-     * Raw JSON string to allow more than three nested statements. Conflicts with `rule` attribute. This is for advanced use cases where more than 3 levels of nested statements are required. **There is no drift detection at this time**. If you use this attribute instead of `rule`, you will be foregoing drift detection. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) for the JSON structure.
+     * Raw JSON string to allow more than three nested statements. Conflicts with `rule` attribute. This is for advanced use cases where more than 3 levels of nested statements are required. **There is no drift detection at this time**. If you use this attribute instead of `rule`, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with `ruleJson` set will result in a one time in-place update as the remote rule configuration is initially written to the `rule` attribute. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateWebACL.html) for the JSON structure.
      */
     ruleJson?: pulumi.Input<string>;
     /**