@pulumi/aws 7.4.0-alpha.1754934092 → 7.4.0-alpha.1755095636

package/types/input.d.ts

@@ -266,6 +266,10 @@ export interface ProviderEndpoint {
      * Use this to override the default service endpoint URL
      */
     bedrockagent?: pulumi.Input<string>;
+    /**
+     * Use this to override the default service endpoint URL
+     */
+    bedrockagentcore?: pulumi.Input<string>;
     /**
      * Use this to override the default service endpoint URL
      */
@@ -942,6 +946,10 @@ export interface ProviderEndpoint {
      * Use this to override the default service endpoint URL
      */
     oam?: pulumi.Input<string>;
+    /**
+     * Use this to override the default service endpoint URL
+     */
+    odb?: pulumi.Input<string>;
     /**
      * Use this to override the default service endpoint URL
      */
@@ -1130,6 +1138,10 @@ export interface ProviderEndpoint {
      * Use this to override the default service endpoint URL
      */
     s3tables?: pulumi.Input<string>;
+    /**
+     * Use this to override the default service endpoint URL
+     */
+    s3vectors?: pulumi.Input<string>;
     /**
      * Use this to override the default service endpoint URL
      */
@@ -11603,9 +11615,25 @@ export declare namespace bedrock {
     }
     interface GuardrailSensitiveInformationPolicyConfigPiiEntitiesConfig {
         /**
-         * Options for sensitive information action.
+         * Options for sensitive information action. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`.
          */
         action: pulumi.Input<string>;
+        /**
+         * Action to take when harmful content is detected in the input. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`.
+         */
+        inputAction?: pulumi.Input<string>;
+        /**
+         * Whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation.
+         */
+        inputEnabled?: pulumi.Input<boolean>;
+        /**
+         * Action to take when harmful content is detected in the output. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`.
+         */
+        outputAction?: pulumi.Input<string>;
+        /**
+         * Whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation.
+         */
+        outputEnabled?: pulumi.Input<boolean>;
         /**
          * The currently supported PII entities.
          */
@@ -11613,17 +11641,33 @@ export declare namespace bedrock {
     }
     interface GuardrailSensitiveInformationPolicyConfigRegexesConfig {
         /**
-         * Options for sensitive information action.
+         * Options for sensitive information action. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`.
          */
         action: pulumi.Input<string>;
         /**
          * The regex description.
          */
         description?: pulumi.Input<string>;
+        /**
+         * Action to take when harmful content is detected in the input. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`.
+         */
+        inputAction?: pulumi.Input<string>;
+        /**
+         * Whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation.
+         */
+        inputEnabled?: pulumi.Input<boolean>;
         /**
          * The regex name.
          */
         name: pulumi.Input<string>;
+        /**
+         * Action to take when harmful content is detected in the output. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`.
+         */
+        outputAction?: pulumi.Input<string>;
+        /**
+         * Whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation.
+         */
+        outputEnabled?: pulumi.Input<boolean>;
         /**
          * The regex pattern.
          */
@@ -20877,7 +20921,7 @@ export declare namespace dlm {
          */
         policyType?: pulumi.Input<string>;
         /**
-         * The location of the resources to backup. If the source resources are located in an AWS Region, specify `CLOUD`. If the source resources are located on an Outpost in your account, specify `OUTPOST`. If you specify `OUTPOST`, Amazon Data Lifecycle Manager backs up all resources of the specified type with matching target tags across all of the Outposts in your account. Valid values are `CLOUD` and `OUTPOST`.
+         * The location of the resources to backup. If the source resources are located in an AWS Region, specify `CLOUD`. If the source resources are located on an Outpost in your account, specify `OUTPOST`. If the source resources are located in a Local Zone, specify `LOCAL_ZONE`. Valid values are `CLOUD`, `LOCAL_ZONE`, and `OUTPOST`.
          */
         resourceLocations?: pulumi.Input<string>;
         /**
@@ -21451,6 +21495,16 @@ export declare namespace docdb {
          */
         useLatestRestorableTime?: pulumi.Input<boolean>;
     }
+    interface ClusterServerlessV2ScalingConfiguration {
+        /**
+         * Maximum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. Valid values are multiples of 0.5 between 1 and 256.
+         */
+        maxCapacity: pulumi.Input<number>;
+        /**
+         * Minimum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. Valid values are multiples of 0.5 between 0.5 and 256.
+         */
+        minCapacity: pulumi.Input<number>;
+    }
     interface ElasticClusterTimeouts {
         /**
          * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
@@ -27446,6 +27500,16 @@ export declare namespace ecr {
          */
         scanOnPush: pulumi.Input<boolean>;
     }
+    interface RepositoryImageTagMutabilityExclusionFilter {
+        /**
+         * The filter pattern to use for excluding image tags from the mutability setting. Must contain only letters, numbers, and special characters (._*-). Each filter can be up to 128 characters long and can contain a maximum of 2 wildcards (*).
+         */
+        filter: pulumi.Input<string>;
+        /**
+         * The type of filter to use. Must be `WILDCARD`.
+         */
+        filterType: pulumi.Input<string>;
+    }
 }
 export declare namespace ecrpublic {
     interface RepositoryCatalogData {
@@ -38617,6 +38681,7 @@ export declare namespace kinesis {
         secretArn?: pulumi.Input<string>;
     }
     interface FirehoseDeliveryStreamIcebergConfiguration {
+        appendOnly?: pulumi.Input<boolean>;
         /**
          * Buffer incoming data for the specified period of time, in seconds between 0 and 900, before delivering it to the destination. The default value is 300.
          */
@@ -59222,6 +59287,51 @@ export declare namespace networkfirewall {
          */
         resourceArn?: pulumi.Input<string>;
     }
+    interface VpcEndpointAssociationSubnetMapping {
+        /**
+         * The subnet's IP address type. Valid values: `"DUALSTACK"`, `"IPV4"`.
+         */
+        ipAddressType?: pulumi.Input<string>;
+        /**
+         * The unique identifier for the subnet.
+         */
+        subnetId: pulumi.Input<string>;
+    }
+    interface VpcEndpointAssociationTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: pulumi.Input<string>;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+         */
+        delete?: pulumi.Input<string>;
+    }
+    interface VpcEndpointAssociationVpcEndpointAssociationStatus {
+        associationSyncStates: pulumi.Input<pulumi.Input<inputs.networkfirewall.VpcEndpointAssociationVpcEndpointAssociationStatusAssociationSyncState>[]>;
+    }
+    interface VpcEndpointAssociationVpcEndpointAssociationStatusAssociationSyncState {
+        /**
+         * Nested list describing the attachment status of the firewall's VPC Endpoint Association with a single VPC subnet.
+         */
+        attachments: pulumi.Input<pulumi.Input<inputs.networkfirewall.VpcEndpointAssociationVpcEndpointAssociationStatusAssociationSyncStateAttachment>[]>;
+        /**
+         * The Availability Zone where the subnet is configured.
+         */
+        availabilityZone: pulumi.Input<string>;
+    }
+    interface VpcEndpointAssociationVpcEndpointAssociationStatusAssociationSyncStateAttachment {
+        /**
+         * The identifier of the VPC endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
+         */
+        endpointId: pulumi.Input<string>;
+        status: pulumi.Input<string>;
+        statusMessage: pulumi.Input<string>;
+        /**
+         * The unique identifier of the subnet that you've specified to be used for a VPC Endpoint Association endpoint.
+         */
+        subnetId: pulumi.Input<string>;
+    }
 }
 export declare namespace networkmanager {
     interface ConnectAttachmentOptions {
@@ -61767,6 +61877,100 @@ export declare namespace quicksight {
          */
         dataSetPlaceholder: pulumi.Input<string>;
     }
+    interface CustomPermissionsCapabilities {
+        /**
+         * The ability to add or run anomaly detection. Valid values: `DENY`.
+         */
+        addOrRunAnomalyDetectionForAnalyses?: pulumi.Input<string>;
+        /**
+         * The ability to create and update email reports. Valid values: `DENY`.
+         */
+        createAndUpdateDashboardEmailReports?: pulumi.Input<string>;
+        /**
+         * The ability to create and update data sources. Valid values: `DENY`.
+         */
+        createAndUpdateDataSources?: pulumi.Input<string>;
+        /**
+         * The ability to create and update datasets. Valid values: `DENY`.
+         */
+        createAndUpdateDatasets?: pulumi.Input<string>;
+        /**
+         * The ability to export to create and update themes. Valid values: `DENY`.
+         */
+        createAndUpdateThemes?: pulumi.Input<string>;
+        /**
+         * The ability to create and update threshold alerts. Valid values: `DENY`.
+         */
+        createAndUpdateThresholdAlerts?: pulumi.Input<string>;
+        /**
+         * The ability to create shared folders. Valid values: `DENY`.
+         */
+        createSharedFolders?: pulumi.Input<string>;
+        /**
+         * The ability to create a SPICE dataset. Valid values: `DENY`.
+         */
+        createSpiceDataset?: pulumi.Input<string>;
+        /**
+         * The ability to export to CSV files from the UI. Valid values: `DENY`.
+         */
+        exportToCsv?: pulumi.Input<string>;
+        /**
+         * The ability to export to CSV files in scheduled email reports. Valid values: `DENY`.
+         */
+        exportToCsvInScheduledReports?: pulumi.Input<string>;
+        /**
+         * The ability to export to Excel files from the UI. Valid values: `DENY`.
+         */
+        exportToExcel?: pulumi.Input<string>;
+        /**
+         * The ability to export to Excel files in scheduled email reports. Valid values: `DENY`.
+         */
+        exportToExcelInScheduledReports?: pulumi.Input<string>;
+        /**
+         * The ability to export to PDF files from the UI. Valid values: `DENY`.
+         */
+        exportToPdf?: pulumi.Input<string>;
+        /**
+         * The ability to export to PDF files in scheduled email reports. Valid values: `DENY`.
+         */
+        exportToPdfInScheduledReports?: pulumi.Input<string>;
+        /**
+         * The ability to include content in scheduled email reports. Valid values: `DENY`.
+         */
+        includeContentInScheduledReportsEmail?: pulumi.Input<string>;
+        /**
+         * The ability to print reports. Valid values: `DENY`.
+         */
+        printReports?: pulumi.Input<string>;
+        /**
+         * The ability to rename shared folders. Valid values: `DENY`.
+         */
+        renameSharedFolders?: pulumi.Input<string>;
+        /**
+         * The ability to share analyses. Valid values: `DENY`.
+         */
+        shareAnalyses?: pulumi.Input<string>;
+        /**
+         * The ability to share dashboards. Valid values: `DENY`.
+         */
+        shareDashboards?: pulumi.Input<string>;
+        /**
+         * The ability to share data sources. Valid values: `DENY`.
+         */
+        shareDataSources?: pulumi.Input<string>;
+        /**
+         * The ability to share datasets. Valid values: `DENY`.
+         */
+        shareDatasets?: pulumi.Input<string>;
+        /**
+         * The ability to subscribe to email reports. Valid values: `DENY`.
+         */
+        subscribeDashboardEmailReports?: pulumi.Input<string>;
+        /**
+         * The ability to view account SPICE capacity. Valid values: `DENY`.
+         */
+        viewAccountSpiceCapacity?: pulumi.Input<string>;
+    }
     interface DashboardDashboardPublishOptions {
         /**
          * Ad hoc (one-time) filtering option. See ad_hoc_filtering_option.
@@ -81570,6 +81774,348 @@ export declare namespace wafv2 {
          */
         immunityTime?: pulumi.Input<number>;
     }
+    interface WebAclRuleGroupAssociationManagedRuleGroup {
+        /**
+         * Name of the managed rule group.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Override actions for specific rules within the rule group. See below.
+         */
+        ruleActionOverrides?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverride>[]>;
+        /**
+         * Name of the managed rule group vendor. For AWS managed rule groups, this is `AWS`.
+         */
+        vendorName: pulumi.Input<string>;
+        /**
+         * Version of the managed rule group. If not specified, the default version is used.
+         */
+        version?: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverride {
+        /**
+         * Action to use instead of the rule's original action. See below.
+         */
+        actionToUse?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUse>;
+        /**
+         * Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
+         */
+        name: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUse {
+        /**
+         * Allow the request. See below.
+         */
+        allow?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllow>;
+        /**
+         * Block the request. See below.
+         */
+        block?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlock>;
+        /**
+         * Require CAPTCHA verification. See below.
+         */
+        captcha?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptcha>;
+        /**
+         * Require challenge verification. See below.
+         */
+        challenge?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallenge>;
+        /**
+         * Count the request without taking action. See below.
+         */
+        count?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCount>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllow {
+        /**
+         * Custom handling for allowed requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlock {
+        /**
+         * Custom response for blocked requests. See below.
+         */
+        customResponse?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponse>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponse {
+        /**
+         * Key of a custom response body to use.
+         */
+        customResponseBodyKey?: pulumi.Input<string>;
+        /**
+         * HTTP response code to return (200-599).
+         */
+        responseCode: pulumi.Input<number>;
+        /**
+         * Headers to include in the response. See below.
+         */
+        responseHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeader {
+        /**
+         * Name of the response header.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the response header.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptcha {
+        /**
+         * Custom handling for CAPTCHA requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallenge {
+        /**
+         * Custom handling for challenge requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCount {
+        /**
+         * Custom handling for counted requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReference {
+        /**
+         * ARN of the Rule Group to associate with the Web ACL.
+         */
+        arn: pulumi.Input<string>;
+        /**
+         * Override actions for specific rules within the rule group. See below.
+         */
+        ruleActionOverrides?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverride>[]>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverride {
+        /**
+         * Action to use instead of the rule's original action. See below.
+         */
+        actionToUse?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUse>;
+        /**
+         * Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
+         */
+        name: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUse {
+        /**
+         * Allow the request. See below.
+         */
+        allow?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllow>;
+        /**
+         * Block the request. See below.
+         */
+        block?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlock>;
+        /**
+         * Require CAPTCHA verification. See below.
+         */
+        captcha?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptcha>;
+        /**
+         * Require challenge verification. See below.
+         */
+        challenge?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallenge>;
+        /**
+         * Count the request without taking action. See below.
+         */
+        count?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCount>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllow {
+        /**
+         * Custom handling for allowed requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlock {
+        /**
+         * Custom response for blocked requests. See below.
+         */
+        customResponse?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponse>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponse {
+        /**
+         * Key of a custom response body to use.
+         */
+        customResponseBodyKey?: pulumi.Input<string>;
+        /**
+         * HTTP response code to return (200-599).
+         */
+        responseCode: pulumi.Input<number>;
+        /**
+         * Headers to include in the response. See below.
+         */
+        responseHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeader {
+        /**
+         * Name of the response header.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the response header.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptcha {
+        /**
+         * Custom handling for CAPTCHA requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallenge {
+        /**
+         * Custom handling for challenge requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCount {
+        /**
+         * Custom handling for counted requests. See below.
+         */
+        customRequestHandling?: pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandling>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandling {
+        /**
+         * Headers to insert into the request. See below.
+         */
+        insertHeaders?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>[]>;
+    }
+    interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader {
+        /**
+         * Name of the header to insert.
+         */
+        name: pulumi.Input<string>;
+        /**
+         * Value of the header to insert.
+         */
+        value: pulumi.Input<string>;
+    }
+    interface WebAclRuleGroupAssociationTimeouts {
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        create?: pulumi.Input<string>;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+         */
+        delete?: pulumi.Input<string>;
+        /**
+         * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+         */
+        update?: pulumi.Input<string>;
+    }
     interface WebAclRuleOverrideAction {
         /**
          * Override the rule action setting to count (i.e., only count matches). Configured as an empty block `{}`.

package/types/input.js.map

@@ -1 +1 @@
-{"version":3,"file":"input.js","sourceRoot":"","sources":["../../types/input.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AA8qkEjF,IAAiB,GAAG,CAwcnB;AAxcD,WAAiB,GAAG;IAyXhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAuEL,CAAC,EAxcgB,GAAG,GAAH,WAAG,KAAH,WAAG,QAwcnB"}
+{"version":3,"file":"input.js","sourceRoot":"","sources":["../../types/input.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAk4kEjF,IAAiB,GAAG,CAwcnB;AAxcD,WAAiB,GAAG;IAyXhB;;OAEG;IACH,SAAgB,sCAAsC,CAAC,GAA4B;;QAC/E,uCACO,GAAG,KACN,WAAW,EAAE,MAAA,CAAC,GAAG,CAAC,WAAW,CAAC,mCAAI,WAAW,IAC/C;IACN,CAAC;IALe,0CAAsC,yCAKrD,CAAA;AAuEL,CAAC,EAxcgB,GAAG,GAAH,WAAG,KAAH,WAAG,QAwcnB"}