@pulumi/aws 6.74.0 → 6.75.0-alpha.1743518204

package/types/input.d.ts

@@ -2496,6 +2496,12 @@ export declare namespace apigateway {
          */
         vpcEndpointIds?: pulumi.Input<pulumi.Input<string>[]>;
     }
+    interface RestApiPutTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: pulumi.Input<string>;
+    }
     interface StageAccessLogSettings {
         /**
          * ARN of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with `amazon-apigateway-`. Automatically removes trailing `:*` if present.
@@ -9830,6 +9836,16 @@ export declare namespace bedrock {
          */
         update?: pulumi.Input<string>;
     }
+    interface AgentAgentMemoryConfiguration {
+        /**
+         * The type of memory being stored by the agent. See [AWS API documentation](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_MemoryConfiguration.html) for possible values.
+         */
+        enabledMemoryTypes: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * The number of days the agent is configured to retain the conversational context. Minimum value of 0, maximum value of 30.
+         */
+        storageDays: pulumi.Input<number>;
+    }
     interface AgentAgentPromptOverrideConfiguration {
         /**
          * ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the `promptConfigurations` block must contain a `parserMode` value that is set to `OVERRIDDEN`.
@@ -15536,6 +15552,108 @@ export declare namespace codepipeline {
          */
         providerType: pulumi.Input<string>;
     }
+    interface PipelineTriggerAll {
+        /**
+         * Provides the filter criteria and the source stage for the repository event that starts the pipeline. For more information, refer to the [AWS documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-filter.html). A `gitConfiguration` block is documented below.
+         */
+        gitConfigurations?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfiguration>[]>;
+        /**
+         * The source provider for the event. Possible value is `CodeStarSourceConnection`.
+         */
+        providerType?: pulumi.Input<string>;
+    }
+    interface PipelineTriggerAllGitConfiguration {
+        /**
+         * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below.
+         */
+        pullRequests?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPullRequest>[]>;
+        /**
+         * The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details. A `push` block is documented below.
+         */
+        pushes?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPush>[]>;
+        /**
+         * The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.
+         */
+        sourceActionName?: pulumi.Input<string>;
+    }
+    interface PipelineTriggerAllGitConfigurationPullRequest {
+        /**
+         * The field that specifies to filter on branches for the pull request trigger configuration. A `branches` block is documented below.
+         */
+        branches?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPullRequestBranch>[]>;
+        /**
+         * A list that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration. Possible values are `OPEN`, `UPDATED ` and `CLOSED`.
+         */
+        events?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * The field that specifies to filter on file paths for the pull request trigger configuration. A `filePaths` block is documented below.
+         */
+        filePaths?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPullRequestFilePath>[]>;
+    }
+    interface PipelineTriggerAllGitConfigurationPullRequestBranch {
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes?: pulumi.Input<pulumi.Input<string>[]>;
+    }
+    interface PipelineTriggerAllGitConfigurationPullRequestFilePath {
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes?: pulumi.Input<pulumi.Input<string>[]>;
+    }
+    interface PipelineTriggerAllGitConfigurationPush {
+        /**
+         * The field that specifies to filter on branches for the push trigger configuration. A `branches` block is documented below.
+         */
+        branches?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPushBranch>[]>;
+        /**
+         * The field that specifies to filter on file paths for the push trigger configuration. A `filePaths` block is documented below.
+         */
+        filePaths?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPushFilePath>[]>;
+        /**
+         * The field that contains the details for the Git tags trigger configuration. A `tags` block is documented below.
+         */
+        tags?: pulumi.Input<pulumi.Input<inputs.codepipeline.PipelineTriggerAllGitConfigurationPushTag>[]>;
+    }
+    interface PipelineTriggerAllGitConfigurationPushBranch {
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes?: pulumi.Input<pulumi.Input<string>[]>;
+    }
+    interface PipelineTriggerAllGitConfigurationPushFilePath {
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes?: pulumi.Input<pulumi.Input<string>[]>;
+    }
+    interface PipelineTriggerAllGitConfigurationPushTag {
+        /**
+         * A list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.
+         */
+        excludes?: pulumi.Input<pulumi.Input<string>[]>;
+        /**
+         * A list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes?: pulumi.Input<pulumi.Input<string>[]>;
+    }
     interface PipelineTriggerGitConfiguration {
         /**
          * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below.
@@ -15635,8 +15753,6 @@ export declare namespace codepipeline {
         defaultValue?: pulumi.Input<string>;
         /**
          * The description of a pipeline-level variable.
-         *
-         * > **Note:** The input artifact of an action must exactly match the output artifact declared in a preceding action, but the input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions.
          */
         description?: pulumi.Input<string>;
         /**
@@ -16265,7 +16381,7 @@ export declare namespace cognito {
         /**
          * Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
          */
-        caseSensitive: pulumi.Input<boolean>;
+        caseSensitive?: pulumi.Input<boolean>;
     }
     interface UserPoolVerificationMessageTemplate {
         /**
@@ -74888,16 +75004,45 @@ export declare namespace transfer {
     }
 }
 export declare namespace verifiedaccess {
+    interface EndpointCidrOptions {
+        cidr: pulumi.Input<string>;
+        portRanges: pulumi.Input<pulumi.Input<inputs.verifiedaccess.EndpointCidrOptionsPortRange>[]>;
+        protocol?: pulumi.Input<string>;
+        subnetIds?: pulumi.Input<pulumi.Input<string>[]>;
+    }
+    interface EndpointCidrOptionsPortRange {
+        fromPort: pulumi.Input<number>;
+        toPort: pulumi.Input<number>;
+    }
     interface EndpointLoadBalancerOptions {
         loadBalancerArn?: pulumi.Input<string>;
         port?: pulumi.Input<number>;
+        portRanges?: pulumi.Input<pulumi.Input<inputs.verifiedaccess.EndpointLoadBalancerOptionsPortRange>[]>;
         protocol?: pulumi.Input<string>;
         subnetIds?: pulumi.Input<pulumi.Input<string>[]>;
     }
+    interface EndpointLoadBalancerOptionsPortRange {
+        fromPort: pulumi.Input<number>;
+        toPort: pulumi.Input<number>;
+    }
     interface EndpointNetworkInterfaceOptions {
         networkInterfaceId?: pulumi.Input<string>;
+        port?: pulumi.Input<number>;
+        portRanges?: pulumi.Input<pulumi.Input<inputs.verifiedaccess.EndpointNetworkInterfaceOptionsPortRange>[]>;
+        protocol?: pulumi.Input<string>;
+    }
+    interface EndpointNetworkInterfaceOptionsPortRange {
+        fromPort: pulumi.Input<number>;
+        toPort: pulumi.Input<number>;
+    }
+    interface EndpointRdsOptions {
         port?: pulumi.Input<number>;
         protocol?: pulumi.Input<string>;
+        rdsDbClusterArn?: pulumi.Input<string>;
+        rdsDbInstanceArn?: pulumi.Input<string>;
+        rdsDbProxyArn?: pulumi.Input<string>;
+        rdsEndpoint?: pulumi.Input<string>;
+        subnetIds?: pulumi.Input<pulumi.Input<string>[]>;
     }
     interface EndpointSseSpecification {
         customerManagedKeyEnabled?: pulumi.Input<boolean>;
@@ -74998,6 +75143,16 @@ export declare namespace verifiedaccess {
     interface TrustProviderDeviceOptions {
         tenantId?: pulumi.Input<string>;
     }
+    interface TrustProviderNativeApplicationOidcOptions {
+        authorizationEndpoint?: pulumi.Input<string>;
+        clientId?: pulumi.Input<string>;
+        clientSecret: pulumi.Input<string>;
+        issuer?: pulumi.Input<string>;
+        publicSigningKeyEndpoint?: pulumi.Input<string>;
+        scope?: pulumi.Input<string>;
+        tokenEndpoint?: pulumi.Input<string>;
+        userInfoEndpoint?: pulumi.Input<string>;
+    }
     interface TrustProviderOidcOptions {
         authorizationEndpoint?: pulumi.Input<string>;
         clientId?: pulumi.Input<string>;
@@ -75007,6 +75162,10 @@ export declare namespace verifiedaccess {
         tokenEndpoint?: pulumi.Input<string>;
         userInfoEndpoint?: pulumi.Input<string>;
     }
+    interface TrustProviderSseSpecification {
+        customerManagedKeyEnabled?: pulumi.Input<boolean>;
+        kmsKeyArn?: pulumi.Input<string>;
+    }
 }
 export declare namespace verifiedpermissions {
     interface IdentitySourceConfiguration {

package/types/input.js.map

@@ -1 +1 @@
-{"version":3,"file":"input.js","sourceRoot":"","sources":["../../types/input.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AA8yhEjF,IAAiB,GAAG,CAwcnB;AAxcD,WAAiB,GAAG;IAyXhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAuEL,CAAC,EAxcgB,GAAG,GAAH,WAAG,KAAH,WAAG,QAwcnB"}
+{"version":3,"file":"input.js","sourceRoot":"","sources":["../../types/input.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AA66hEjF,IAAiB,GAAG,CAwcnB;AAxcD,WAAiB,GAAG;IAyXhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAuEL,CAAC,EAxcgB,GAAG,GAAH,WAAG,KAAH,WAAG,QAwcnB"}

package/types/output.d.ts

@@ -1381,6 +1381,12 @@ export declare namespace apigateway {
          */
         vpcEndpointIds: string[];
     }
+    interface RestApiPutTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: string;
+    }
     interface StageAccessLogSettings {
         /**
          * ARN of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with `amazon-apigateway-`. Automatically removes trailing `:*` if present.
@@ -10838,6 +10844,16 @@ export declare namespace bedrock {
          */
         update?: string;
     }
+    interface AgentAgentMemoryConfiguration {
+        /**
+         * The type of memory being stored by the agent. See [AWS API documentation](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_MemoryConfiguration.html) for possible values.
+         */
+        enabledMemoryTypes: string[];
+        /**
+         * The number of days the agent is configured to retain the conversational context. Minimum value of 0, maximum value of 30.
+         */
+        storageDays: number;
+    }
     interface AgentAgentPromptOverrideConfiguration {
         /**
          * ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the `promptConfigurations` block must contain a `parserMode` value that is set to `OVERRIDDEN`.
@@ -17159,6 +17175,108 @@ export declare namespace codepipeline {
          */
         providerType: string;
     }
+    interface PipelineTriggerAll {
+        /**
+         * Provides the filter criteria and the source stage for the repository event that starts the pipeline. For more information, refer to the [AWS documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-filter.html). A `gitConfiguration` block is documented below.
+         */
+        gitConfigurations: outputs.codepipeline.PipelineTriggerAllGitConfiguration[];
+        /**
+         * The source provider for the event. Possible value is `CodeStarSourceConnection`.
+         */
+        providerType: string;
+    }
+    interface PipelineTriggerAllGitConfiguration {
+        /**
+         * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below.
+         */
+        pullRequests: outputs.codepipeline.PipelineTriggerAllGitConfigurationPullRequest[];
+        /**
+         * The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details. A `push` block is documented below.
+         */
+        pushes: outputs.codepipeline.PipelineTriggerAllGitConfigurationPush[];
+        /**
+         * The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only.
+         */
+        sourceActionName: string;
+    }
+    interface PipelineTriggerAllGitConfigurationPullRequest {
+        /**
+         * The field that specifies to filter on branches for the pull request trigger configuration. A `branches` block is documented below.
+         */
+        branches: outputs.codepipeline.PipelineTriggerAllGitConfigurationPullRequestBranch[];
+        /**
+         * A list that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration. Possible values are `OPEN`, `UPDATED ` and `CLOSED`.
+         */
+        events: string[];
+        /**
+         * The field that specifies to filter on file paths for the pull request trigger configuration. A `filePaths` block is documented below.
+         */
+        filePaths: outputs.codepipeline.PipelineTriggerAllGitConfigurationPullRequestFilePath[];
+    }
+    interface PipelineTriggerAllGitConfigurationPullRequestBranch {
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes: string[];
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes: string[];
+    }
+    interface PipelineTriggerAllGitConfigurationPullRequestFilePath {
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes: string[];
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes: string[];
+    }
+    interface PipelineTriggerAllGitConfigurationPush {
+        /**
+         * The field that specifies to filter on branches for the push trigger configuration. A `branches` block is documented below.
+         */
+        branches: outputs.codepipeline.PipelineTriggerAllGitConfigurationPushBranch[];
+        /**
+         * The field that specifies to filter on file paths for the push trigger configuration. A `filePaths` block is documented below.
+         */
+        filePaths: outputs.codepipeline.PipelineTriggerAllGitConfigurationPushFilePath[];
+        /**
+         * The field that contains the details for the Git tags trigger configuration. A `tags` block is documented below.
+         */
+        tags: outputs.codepipeline.PipelineTriggerAllGitConfigurationPushTag[];
+    }
+    interface PipelineTriggerAllGitConfigurationPushBranch {
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes: string[];
+        /**
+         * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes: string[];
+    }
+    interface PipelineTriggerAllGitConfigurationPushFilePath {
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline.
+         */
+        excludes: string[];
+        /**
+         * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes: string[];
+    }
+    interface PipelineTriggerAllGitConfigurationPushTag {
+        /**
+         * A list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline.
+         */
+        excludes: string[];
+        /**
+         * A list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline.
+         */
+        includes: string[];
+    }
     interface PipelineTriggerGitConfiguration {
         /**
          * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below.
@@ -17258,8 +17376,6 @@ export declare namespace codepipeline {
         defaultValue?: string;
         /**
          * The description of a pipeline-level variable.
-         *
-         * > **Note:** The input artifact of an action must exactly match the output artifact declared in a preceding action, but the input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions.
          */
         description?: string;
         /**
@@ -83637,16 +83753,45 @@ export declare namespace transfer {
     }
 }
 export declare namespace verifiedaccess {
+    interface EndpointCidrOptions {
+        cidr: string;
+        portRanges: outputs.verifiedaccess.EndpointCidrOptionsPortRange[];
+        protocol?: string;
+        subnetIds?: string[];
+    }
+    interface EndpointCidrOptionsPortRange {
+        fromPort: number;
+        toPort: number;
+    }
     interface EndpointLoadBalancerOptions {
         loadBalancerArn?: string;
         port?: number;
+        portRanges?: outputs.verifiedaccess.EndpointLoadBalancerOptionsPortRange[];
         protocol?: string;
         subnetIds?: string[];
     }
+    interface EndpointLoadBalancerOptionsPortRange {
+        fromPort: number;
+        toPort: number;
+    }
     interface EndpointNetworkInterfaceOptions {
         networkInterfaceId?: string;
+        port?: number;
+        portRanges?: outputs.verifiedaccess.EndpointNetworkInterfaceOptionsPortRange[];
+        protocol?: string;
+    }
+    interface EndpointNetworkInterfaceOptionsPortRange {
+        fromPort: number;
+        toPort: number;
+    }
+    interface EndpointRdsOptions {
         port?: number;
         protocol?: string;
+        rdsDbClusterArn?: string;
+        rdsDbInstanceArn?: string;
+        rdsDbProxyArn?: string;
+        rdsEndpoint?: string;
+        subnetIds?: string[];
     }
     interface EndpointSseSpecification {
         customerManagedKeyEnabled?: boolean;
@@ -83747,6 +83892,16 @@ export declare namespace verifiedaccess {
     interface TrustProviderDeviceOptions {
         tenantId?: string;
     }
+    interface TrustProviderNativeApplicationOidcOptions {
+        authorizationEndpoint?: string;
+        clientId?: string;
+        clientSecret: string;
+        issuer?: string;
+        publicSigningKeyEndpoint?: string;
+        scope?: string;
+        tokenEndpoint?: string;
+        userInfoEndpoint?: string;
+    }
     interface TrustProviderOidcOptions {
         authorizationEndpoint?: string;
         clientId?: string;
@@ -83756,6 +83911,10 @@ export declare namespace verifiedaccess {
         tokenEndpoint?: string;
         userInfoEndpoint?: string;
     }
+    interface TrustProviderSseSpecification {
+        customerManagedKeyEnabled?: boolean;
+        kmsKeyArn?: string;
+    }
 }
 export declare namespace verifiedpermissions {
     interface GetPolicyStoreValidationSetting {

package/types/output.js.map

@@ -1 +1 @@
-{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAogzEjF,IAAiB,GAAG,CA4cnB;AA5cD,WAAiB,GAAG;IA4XhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAwEL,CAAC,EA5cgB,GAAG,GAAH,WAAG,KAAH,WAAG,QA4cnB"}
+{"version":3,"file":"output.js","sourceRoot":"","sources":["../../types/output.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAmozEjF,IAAiB,GAAG,CA4cnB;AA5cD,WAAiB,GAAG;IA4XhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAwEL,CAAC,EA5cgB,GAAG,GAAH,WAAG,KAAH,WAAG,QA4cnB"}

package/verifiedaccess/endpoint.d.ts

@@ -53,6 +53,30 @@ import * as outputs from "../types/output";
  * });
  * ```
  *
+ * ### Cidr Example
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ *
+ * const example = new aws.verifiedaccess.Endpoint("example", {
+ *     attachmentType: "vpc",
+ *     description: "example",
+ *     endpointType: "cidr",
+ *     cidrOptions: {
+ *         cidr: test[0].cidrBlock,
+ *         portRanges: [{
+ *             fromPort: 443,
+ *             toPort: 443,
+ *         }],
+ *         protocol: "tcp",
+ *         subnetIds: .map(subnet => (subnet.id)),
+ *     },
+ *     securityGroupIds: [testAwsSecurityGroup.id],
+ *     verifiedAccessGroupId: testAwsVerifiedaccessGroup.id,
+ * });
+ * ```
+ *
  * ## Import
  *
  * Using `pulumi import`, import Verified Access Instances using the  `id`. For example:
@@ -78,13 +102,17 @@ export declare class Endpoint extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is Endpoint;
     /**
-     * The DNS name for users to reach your application.
+     * The DNS name for users to reach your application. This parameter is required if the endpoint type is `load-balancer` or `network-interface`.
      */
-    readonly applicationDomain: pulumi.Output<string>;
+    readonly applicationDomain: pulumi.Output<string | undefined>;
     /**
      * The type of attachment. Currently, only `vpc` is supported.
      */
     readonly attachmentType: pulumi.Output<string>;
+    /**
+     * The CIDR block details. This parameter is required if the endpoint type is `cidr`.
+     */
+    readonly cidrOptions: pulumi.Output<outputs.verifiedaccess.EndpointCidrOptions | undefined>;
     /**
      * A description for the Verified Access endpoint.
      */
@@ -94,9 +122,9 @@ export declare class Endpoint extends pulumi.CustomResource {
      */
     readonly deviceValidationDomain: pulumi.Output<string>;
     /**
-     * The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application.
+     * The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is `load-balancer` or `network-interface`.
      */
-    readonly domainCertificateArn: pulumi.Output<string>;
+    readonly domainCertificateArn: pulumi.Output<string | undefined>;
     /**
      * A DNS name that is generated for the endpoint.
      */
@@ -104,7 +132,7 @@ export declare class Endpoint extends pulumi.CustomResource {
     /**
      * A custom identifier that is prepended to the DNS name that is generated for the endpoint.
      */
-    readonly endpointDomainPrefix: pulumi.Output<string>;
+    readonly endpointDomainPrefix: pulumi.Output<string | undefined>;
     /**
      * The type of Verified Access endpoint to create. Currently `load-balancer` or `network-interface` are supported.
      */
@@ -121,6 +149,7 @@ export declare class Endpoint extends pulumi.CustomResource {
      * The policy document that is associated with this resource.
      */
     readonly policyDocument: pulumi.Output<string | undefined>;
+    readonly rdsOptions: pulumi.Output<outputs.verifiedaccess.EndpointRdsOptions | undefined>;
     /**
      * List of the the security groups IDs to associate with the Verified Access endpoint.
      */
@@ -162,13 +191,17 @@ export declare class Endpoint extends pulumi.CustomResource {
  */
 export interface EndpointState {
     /**
-     * The DNS name for users to reach your application.
+     * The DNS name for users to reach your application. This parameter is required if the endpoint type is `load-balancer` or `network-interface`.
      */
     applicationDomain?: pulumi.Input<string>;
     /**
      * The type of attachment. Currently, only `vpc` is supported.
      */
     attachmentType?: pulumi.Input<string>;
+    /**
+     * The CIDR block details. This parameter is required if the endpoint type is `cidr`.
+     */
+    cidrOptions?: pulumi.Input<inputs.verifiedaccess.EndpointCidrOptions>;
     /**
      * A description for the Verified Access endpoint.
      */
@@ -178,7 +211,7 @@ export interface EndpointState {
      */
     deviceValidationDomain?: pulumi.Input<string>;
     /**
-     * The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application.
+     * The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is `load-balancer` or `network-interface`.
      */
     domainCertificateArn?: pulumi.Input<string>;
     /**
@@ -205,6 +238,7 @@ export interface EndpointState {
      * The policy document that is associated with this resource.
      */
     policyDocument?: pulumi.Input<string>;
+    rdsOptions?: pulumi.Input<inputs.verifiedaccess.EndpointRdsOptions>;
     /**
      * List of the the security groups IDs to associate with the Verified Access endpoint.
      */
@@ -238,25 +272,29 @@ export interface EndpointState {
  */
 export interface EndpointArgs {
     /**
-     * The DNS name for users to reach your application.
+     * The DNS name for users to reach your application. This parameter is required if the endpoint type is `load-balancer` or `network-interface`.
      */
-    applicationDomain: pulumi.Input<string>;
+    applicationDomain?: pulumi.Input<string>;
     /**
      * The type of attachment. Currently, only `vpc` is supported.
      */
     attachmentType: pulumi.Input<string>;
+    /**
+     * The CIDR block details. This parameter is required if the endpoint type is `cidr`.
+     */
+    cidrOptions?: pulumi.Input<inputs.verifiedaccess.EndpointCidrOptions>;
     /**
      * A description for the Verified Access endpoint.
      */
     description?: pulumi.Input<string>;
     /**
-     * The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application.
+     * The ARN of the public TLS/SSL certificate in AWS Certificate Manager to associate with the endpoint. The CN in the certificate must match the DNS name your end users will use to reach your application. This parameter is required if the endpoint type is `load-balancer` or `network-interface`.
      */
-    domainCertificateArn: pulumi.Input<string>;
+    domainCertificateArn?: pulumi.Input<string>;
     /**
      * A custom identifier that is prepended to the DNS name that is generated for the endpoint.
      */
-    endpointDomainPrefix: pulumi.Input<string>;
+    endpointDomainPrefix?: pulumi.Input<string>;
     /**
      * The type of Verified Access endpoint to create. Currently `load-balancer` or `network-interface` are supported.
      */
@@ -273,6 +311,7 @@ export interface EndpointArgs {
      * The policy document that is associated with this resource.
      */
     policyDocument?: pulumi.Input<string>;
+    rdsOptions?: pulumi.Input<inputs.verifiedaccess.EndpointRdsOptions>;
     /**
      * List of the the security groups IDs to associate with the Verified Access endpoint.
      */