From b34ff969bc40a581b389cb8a75e5ece80fcb82f2 Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Tue, 14 Dec 2021 09:39:35 +0300 Subject: [PATCH] Generate example manifests Signed-off-by: Alper Rifat Ulucinar --- Makefile | 7 +- .../v1alpha1/zz_attachment_terraformed.go | 8 + .../v1alpha1/zz_attachment_types.go | 1 + .../zz_autoscalinggroup_terraformed.go | 8 + .../v1alpha1/zz_autoscalinggroup_types.go | 2 + .../v1alpha1/zz_generated.deepcopy.go | 12 +- apis/ebs/v1alpha1/zz_generated.deepcopy.go | 5 + apis/ebs/v1alpha1/zz_volume_terraformed.go | 8 + apis/ebs/v1alpha1/zz_volume_types.go | 2 + apis/ec2/v1alpha1/zz_elasticip_terraformed.go | 8 + apis/ec2/v1alpha1/zz_elasticip_types.go | 2 + apis/ec2/v1alpha1/zz_generated.deepcopy.go | 118 +- apis/ec2/v1alpha1/zz_instance_terraformed.go | 8 + apis/ec2/v1alpha1/zz_instance_types.go | 2 + ...zz_ipv4cidrblockassociation_terraformed.go | 8 + .../zz_ipv4cidrblockassociation_types.go | 1 + .../v1alpha1/zz_launchtemplate_terraformed.go | 8 + apis/ec2/v1alpha1/zz_launchtemplate_types.go | 2 + .../zz_networkinterface_terraformed.go | 8 + .../ec2/v1alpha1/zz_networkinterface_types.go | 2 + ...z_peeringconnectionaccepter_terraformed.go | 8 + .../zz_peeringconnectionaccepter_types.go | 2 + apis/ec2/v1alpha1/zz_route_terraformed.go | 8 + apis/ec2/v1alpha1/zz_route_types.go | 2 + .../ec2/v1alpha1/zz_routetable_terraformed.go | 8 + apis/ec2/v1alpha1/zz_routetable_types.go | 2 + .../zz_routetableassociation_terraformed.go | 8 + .../zz_routetableassociation_types.go | 1 + .../v1alpha1/zz_securitygroup_terraformed.go | 8 + apis/ec2/v1alpha1/zz_securitygroup_types.go | 2 + .../zz_securitygrouprule_terraformed.go | 8 + .../v1alpha1/zz_securitygrouprule_types.go | 1 + apis/ec2/v1alpha1/zz_subnet_terraformed.go | 8 + apis/ec2/v1alpha1/zz_subnet_types.go | 2 + .../v1alpha1/zz_transitgateway_terraformed.go | 8 + apis/ec2/v1alpha1/zz_transitgateway_types.go | 2 + .../zz_transitgatewayroute_terraformed.go | 8 + .../v1alpha1/zz_transitgatewayroute_types.go | 1 + ...zz_transitgatewayroutetable_terraformed.go | 8 + .../zz_transitgatewayroutetable_types.go | 2 + ...atewayroutetableassociation_terraformed.go | 8 + ...ansitgatewayroutetableassociation_types.go | 2 + ...atewayroutetablepropagation_terraformed.go | 8 + ...ansitgatewayroutetablepropagation_types.go | 2 + ...transitgatewayvpcattachment_terraformed.go | 8 + .../zz_transitgatewayvpcattachment_types.go | 2 + ...atewayvpcattachmentaccepter_terraformed.go | 8 + ...ansitgatewayvpcattachmentaccepter_types.go | 2 + apis/ec2/v1alpha1/zz_vpc_terraformed.go | 8 + apis/ec2/v1alpha1/zz_vpc_types.go | 2 + .../v1alpha1/zz_vpcendpoint_terraformed.go | 8 + apis/ec2/v1alpha1/zz_vpcendpoint_types.go | 2 + .../zz_vpcpeeringconnection_terraformed.go | 8 + .../v1alpha1/zz_vpcpeeringconnection_types.go | 2 + apis/ecr/v1alpha1/zz_generated.deepcopy.go | 5 + .../ecr/v1alpha1/zz_repository_terraformed.go | 8 + apis/ecr/v1alpha1/zz_repository_types.go | 2 + .../v1alpha1/zz_generated.deepcopy.go | 5 + .../v1alpha1/zz_repository_terraformed.go | 8 + .../ecrpublic/v1alpha1/zz_repository_types.go | 2 + .../zz_capacityprovider_terraformed.go | 8 + .../ecs/v1alpha1/zz_capacityprovider_types.go | 2 + apis/ecs/v1alpha1/zz_cluster_terraformed.go | 8 + apis/ecs/v1alpha1/zz_cluster_types.go | 2 + apis/ecs/v1alpha1/zz_generated.deepcopy.go | 20 + apis/ecs/v1alpha1/zz_service_terraformed.go | 8 + apis/ecs/v1alpha1/zz_service_types.go | 2 + .../v1alpha1/zz_taskdefinition_terraformed.go | 8 + apis/ecs/v1alpha1/zz_taskdefinition_types.go | 2 + apis/eks/v1alpha1/zz_addon_terraformed.go | 8 + apis/eks/v1alpha1/zz_addon_types.go | 2 + apis/eks/v1alpha1/zz_cluster_terraformed.go | 8 + apis/eks/v1alpha1/zz_cluster_types.go | 2 + .../v1alpha1/zz_fargateprofile_terraformed.go | 8 + apis/eks/v1alpha1/zz_fargateprofile_types.go | 2 + apis/eks/v1alpha1/zz_generated.deepcopy.go | 25 + .../zz_identityproviderconfig_terraformed.go | 8 + .../zz_identityproviderconfig_types.go | 2 + apis/eks/v1alpha1/zz_nodegroup_terraformed.go | 8 + apis/eks/v1alpha1/zz_nodegroup_types.go | 2 + .../v1alpha1/zz_cluster_terraformed.go | 8 + apis/elasticache/v1alpha1/zz_cluster_types.go | 2 + .../v1alpha1/zz_generated.deepcopy.go | 25 + .../v1alpha1/zz_parametergroup_terraformed.go | 8 + .../v1alpha1/zz_parametergroup_types.go | 2 + .../zz_replicationgroup_terraformed.go | 8 + .../v1alpha1/zz_replicationgroup_types.go | 2 + .../v1alpha1/zz_user_terraformed.go | 8 + apis/elasticache/v1alpha1/zz_user_types.go | 2 + .../v1alpha1/zz_usergroup_terraformed.go | 8 + .../v1alpha1/zz_usergroup_types.go | 2 + .../v1alpha1/zz_generated.deepcopy.go | 22 +- .../v1alpha1/zz_loadbalancer_terraformed.go | 8 + .../v1alpha1/zz_loadbalancer_types.go | 2 + .../zz_loadbalancerlistener_terraformed.go | 8 + .../v1alpha1/zz_loadbalancerlistener_types.go | 2 + .../v1alpha1/zz_targetgroup_terraformed.go | 8 + .../v1alpha1/zz_targetgroup_types.go | 2 + .../zz_targetgroupattachment_terraformed.go | 8 + .../zz_targetgroupattachment_types.go | 1 + apis/iam/v1alpha1/zz_accesskey_terraformed.go | 8 + apis/iam/v1alpha1/zz_accesskey_types.go | 2 + apis/iam/v1alpha1/zz_generated.deepcopy.go | 58 +- apis/iam/v1alpha1/zz_group_terraformed.go | 8 + apis/iam/v1alpha1/zz_group_types.go | 2 + .../zz_grouppolicyattachment_terraformed.go | 8 + .../zz_grouppolicyattachment_types.go | 1 + .../zz_instanceprofile_terraformed.go | 8 + apis/iam/v1alpha1/zz_instanceprofile_types.go | 2 + apis/iam/v1alpha1/zz_policy_terraformed.go | 8 + apis/iam/v1alpha1/zz_policy_types.go | 2 + apis/iam/v1alpha1/zz_role_terraformed.go | 8 + apis/iam/v1alpha1/zz_role_types.go | 2 + .../zz_rolepolicyattachment_terraformed.go | 8 + .../v1alpha1/zz_rolepolicyattachment_types.go | 1 + apis/iam/v1alpha1/zz_user_terraformed.go | 8 + apis/iam/v1alpha1/zz_user_types.go | 2 + .../zz_usergroupmembership_terraformed.go | 8 + .../v1alpha1/zz_usergroupmembership_types.go | 1 + .../zz_userpolicyattachment_terraformed.go | 8 + .../v1alpha1/zz_userpolicyattachment_types.go | 1 + apis/kms/v1alpha1/zz_generated.deepcopy.go | 5 + apis/kms/v1alpha1/zz_key_terraformed.go | 8 + apis/kms/v1alpha1/zz_key_types.go | 2 + apis/rds/v1alpha1/zz_dbcluster_terraformed.go | 8 + apis/rds/v1alpha1/zz_dbcluster_types.go | 2 + .../rds/v1alpha1/zz_dbinstance_terraformed.go | 8 + apis/rds/v1alpha1/zz_dbinstance_types.go | 2 + .../zz_dbparametergroup_terraformed.go | 8 + .../rds/v1alpha1/zz_dbparametergroup_types.go | 2 + apis/rds/v1alpha1/zz_generated.deepcopy.go | 15 + .../v1alpha1/zz_delegationset_terraformed.go | 8 + .../v1alpha1/zz_delegationset_types.go | 2 + .../route53/v1alpha1/zz_generated.deepcopy.go | 102 +- .../v1alpha1/zz_healthcheck_terraformed.go | 8 + apis/route53/v1alpha1/zz_healthcheck_types.go | 2 + .../zz_hostedzonednssec_terraformed.go | 8 + .../v1alpha1/zz_hostedzonednssec_types.go | 1 + .../v1alpha1/zz_keysigningkey_terraformed.go | 8 + .../v1alpha1/zz_keysigningkey_types.go | 2 + .../v1alpha1/zz_querylog_terraformed.go | 8 + apis/route53/v1alpha1/zz_querylog_types.go | 1 + .../route53/v1alpha1/zz_record_terraformed.go | 8 + apis/route53/v1alpha1/zz_record_types.go | 2 + .../zz_resolverdnssecconfig_terraformed.go | 8 + .../zz_resolverendpoint_terraformed.go | 8 + .../v1alpha1/zz_resolverendpoint_types.go | 2 + .../zz_resolverfirewallconfig_terraformed.go | 8 + .../zz_resolverfirewallconfig_types.go | 2 + ..._resolverfirewalldomainlist_terraformed.go | 8 + .../zz_resolverfirewalldomainlist_types.go | 2 + .../zz_resolverfirewallrule_terraformed.go | 8 + .../v1alpha1/zz_resolverfirewallrule_types.go | 1 + ...z_resolverfirewallrulegroup_terraformed.go | 8 + ...irewallrulegroupassociation_terraformed.go | 8 + ...olverfirewallrulegroupassociation_types.go | 2 + .../zz_resolverquerylogconfig_terraformed.go | 8 + .../zz_resolverquerylogconfig_types.go | 2 + ...erquerylogconfigassociation_terraformed.go | 8 + ...resolverquerylogconfigassociation_types.go | 1 + .../v1alpha1/zz_resolverrule_terraformed.go | 8 + .../route53/v1alpha1/zz_resolverrule_types.go | 2 + .../zz_resolverruleassociation_terraformed.go | 8 + .../zz_resolverruleassociation_types.go | 1 + ...vpcassociationauthorization_terraformed.go | 8 + .../zz_vpcassociationauthorization_types.go | 1 + apis/route53/v1alpha1/zz_zone_terraformed.go | 8 + apis/route53/v1alpha1/zz_zone_types.go | 2 + .../zz_zoneassociation_terraformed.go | 8 + .../v1alpha1/zz_zoneassociation_types.go | 2 + apis/s3/v1alpha1/zz_bucket_terraformed.go | 8 + apis/s3/v1alpha1/zz_bucket_types.go | 2 + apis/s3/v1alpha1/zz_generated.deepcopy.go | 5 + config/provider.go | 1 + .../autoscaling/attachment.yaml | 11 + .../autoscaling/autoscalinggroup.yaml | 38 + examples-generated/ebs/volume.yaml | 12 + examples-generated/ec2/elasticip.yaml | 11 + examples-generated/ec2/instance.yaml | 12 + .../ec2/ipv4cidrblockassociation.yaml | 11 + examples-generated/ec2/launchtemplate.yaml | 56 + examples-generated/ec2/networkinterface.yaml | 18 + .../ec2/peeringconnectionaccepter.yaml | 13 + examples-generated/ec2/route.yaml | 15 + examples-generated/ec2/routetable.yaml | 17 + .../ec2/routetableassociation.yaml | 12 + examples-generated/ec2/securitygroup.yaml | 31 + examples-generated/ec2/securitygrouprule.yaml | 18 + examples-generated/ec2/subnet.yaml | 13 + examples-generated/ec2/transitgateway.yaml | 9 + .../ec2/transitgatewayroute.yaml | 13 + .../ec2/transitgatewayroutetable.yaml | 10 + .../ec2/transitgatewayvpcattachment.yaml | 14 + .../transitgatewayvpcattachmentaccepter.yaml | 12 + examples-generated/ec2/vpc.yaml | 9 + examples-generated/ec2/vpcendpoint.yaml | 11 + .../ec2/vpcpeeringconnection.yaml | 13 + examples-generated/ecr/repository.yaml | 11 + examples-generated/ecrpublic/repository.yaml | 18 + examples-generated/ecs/capacityprovider.yaml | 17 + examples-generated/ecs/cluster.yaml | 11 + examples-generated/ecs/service.yaml | 26 + examples-generated/ecs/taskdefinition.yaml | 44 + examples-generated/eks/addon.yaml | 10 + examples-generated/eks/cluster.yaml | 16 + examples-generated/eks/fargateprofile.yaml | 16 + .../eks/identityproviderconfig.yaml | 14 + examples-generated/eks/nodegroup.yaml | 24 + examples-generated/elasticache/cluster.yaml | 14 + .../elasticache/parametergroup.yaml | 14 + .../elasticache/replicationgroup.yaml | 17 + examples-generated/elasticache/user.yaml | 15 + examples-generated/elasticache/usergroup.yaml | 11 + .../elasticloadbalancing/loadbalancer.yaml | 23 + .../loadbalancerlistener.yaml | 18 + .../elasticloadbalancing/targetgroup.yaml | 13 + .../targetgroupattachment.yaml | 12 + examples-generated/iam/accesskey.yaml | 11 + examples-generated/iam/group.yaml | 9 + .../iam/grouppolicyattachment.yaml | 12 + examples-generated/iam/instanceprofile.yaml | 10 + examples-generated/iam/policy.yaml | 24 + examples-generated/iam/role.yaml | 24 + .../iam/rolepolicyattachment.yaml | 12 + examples-generated/iam/user.yaml | 11 + .../iam/usergroupmembership.yaml | 12 + .../iam/userpolicyattachment.yaml | 12 + examples-generated/kms/key.yaml | 10 + examples-generated/rds/dbcluster.yaml | 23 + examples-generated/rds/dbinstance.yaml | 21 + examples-generated/rds/dbparametergroup.yaml | 14 + examples-generated/route53/delegationset.yaml | 9 + examples-generated/route53/healthcheck.yaml | 16 + .../route53/hostedzonednssec.yaml | 12 + examples-generated/route53/keysigningkey.yaml | 13 + examples-generated/route53/querylog.yaml | 12 + examples-generated/route53/record.yaml | 15 + .../route53/resolverdnssecconfig.yaml | 9 + .../route53/resolverendpoint.yaml | 19 + .../route53/resolverfirewallconfig.yaml | 10 + .../route53/resolverfirewalldomainlist.yaml | 9 + .../route53/resolverfirewallrule.yaml | 17 + .../route53/resolverfirewallrulegroup.yaml | 9 + .../resolverfirewallrulegroupassociation.yaml | 12 + .../route53/resolverquerylogconfig.yaml | 12 + .../resolverquerylogconfigassociation.yaml | 10 + examples-generated/route53/resolverrule.yaml | 10 + .../route53/resolverruleassociation.yaml | 10 + .../route53/vpcassociationauthorization.yaml | 12 + examples-generated/route53/zone.yaml | 9 + .../route53/zoneassociation.yaml | 12 + examples-generated/s3/bucket.yaml | 13 + go.mod | 2 + go.sum | 34 +- hack/provider-metadata.yaml | 35301 ++++++++++++++++ ...ing.aws.jet.crossplane.io_attachments.yaml | 3 + ...s.jet.crossplane.io_autoscalinggroups.yaml | 2 + .../ebs.aws.jet.crossplane.io_volumes.yaml | 2 + .../ec2.aws.jet.crossplane.io_elasticips.yaml | 2 + .../ec2.aws.jet.crossplane.io_instances.yaml | 2 + ...ossplane.io_ipv4cidrblockassociations.yaml | 3 + ...aws.jet.crossplane.io_launchtemplates.yaml | 2 + ...s.jet.crossplane.io_networkinterfaces.yaml | 2 + ...ssplane.io_peeringconnectionaccepters.yaml | 2 + .../ec2.aws.jet.crossplane.io_routes.yaml | 2 + ....crossplane.io_routetableassociations.yaml | 3 + ...ec2.aws.jet.crossplane.io_routetables.yaml | 2 + ....jet.crossplane.io_securitygrouprules.yaml | 3 + ....aws.jet.crossplane.io_securitygroups.yaml | 2 + .../ec2.aws.jet.crossplane.io_subnets.yaml | 2 + ...et.crossplane.io_transitgatewayroutes.yaml | 3 + ..._transitgatewayroutetableassociations.yaml | 2 + ..._transitgatewayroutetablepropagations.yaml | 2 + ...ossplane.io_transitgatewayroutetables.yaml | 2 + ...aws.jet.crossplane.io_transitgateways.yaml | 2 + ..._transitgatewayvpcattachmentaccepters.yaml | 2 + ...plane.io_transitgatewayvpcattachments.yaml | 2 + ...c2.aws.jet.crossplane.io_vpcendpoints.yaml | 2 + ...t.crossplane.io_vpcpeeringconnections.yaml | 2 + .../crds/ec2.aws.jet.crossplane.io_vpcs.yaml | 2 + ...cr.aws.jet.crossplane.io_repositories.yaml | 2 + ...ic.aws.jet.crossplane.io_repositories.yaml | 2 + ...s.jet.crossplane.io_capacityproviders.yaml | 2 + .../ecs.aws.jet.crossplane.io_clusters.yaml | 2 + .../ecs.aws.jet.crossplane.io_services.yaml | 2 + ...aws.jet.crossplane.io_taskdefinitions.yaml | 2 + .../eks.aws.jet.crossplane.io_addons.yaml | 2 + .../eks.aws.jet.crossplane.io_clusters.yaml | 2 + ...aws.jet.crossplane.io_fargateprofiles.yaml | 2 + ...crossplane.io_identityproviderconfigs.yaml | 2 + .../eks.aws.jet.crossplane.io_nodegroups.yaml | 2 + ...icache.aws.jet.crossplane.io_clusters.yaml | 2 + ...aws.jet.crossplane.io_parametergroups.yaml | 2 + ...s.jet.crossplane.io_replicationgroups.yaml | 2 + ...ache.aws.jet.crossplane.io_usergroups.yaml | 2 + ...asticache.aws.jet.crossplane.io_users.yaml | 2 + ...t.crossplane.io_loadbalancerlisteners.yaml | 2 + ...g.aws.jet.crossplane.io_loadbalancers.yaml | 2 + ....crossplane.io_targetgroupattachments.yaml | 3 + ...ng.aws.jet.crossplane.io_targetgroups.yaml | 2 + .../iam.aws.jet.crossplane.io_accesskeys.yaml | 2 + ....crossplane.io_grouppolicyattachments.yaml | 3 + .../iam.aws.jet.crossplane.io_groups.yaml | 2 + ...ws.jet.crossplane.io_instanceprofiles.yaml | 2 + .../iam.aws.jet.crossplane.io_policies.yaml | 2 + ...t.crossplane.io_rolepolicyattachments.yaml | 3 + .../crds/iam.aws.jet.crossplane.io_roles.yaml | 2 + ...et.crossplane.io_usergroupmemberships.yaml | 3 + ...t.crossplane.io_userpolicyattachments.yaml | 3 + .../crds/iam.aws.jet.crossplane.io_users.yaml | 2 + .../crds/kms.aws.jet.crossplane.io_keys.yaml | 2 + .../rds.aws.jet.crossplane.io_dbclusters.yaml | 2 + ...rds.aws.jet.crossplane.io_dbinstances.yaml | 2 + ...s.jet.crossplane.io_dbparametergroups.yaml | 2 + ....aws.jet.crossplane.io_delegationsets.yaml | 2 + ...53.aws.jet.crossplane.io_healthchecks.yaml | 2 + ...s.jet.crossplane.io_hostedzonednssecs.yaml | 3 + ....aws.jet.crossplane.io_keysigningkeys.yaml | 2 + ...ute53.aws.jet.crossplane.io_querylogs.yaml | 3 + ...route53.aws.jet.crossplane.io_records.yaml | 2 + ...s.jet.crossplane.io_resolverendpoints.yaml | 2 + ...crossplane.io_resolverfirewallconfigs.yaml | 2 + ...splane.io_resolverfirewalldomainlists.yaml | 2 + ...resolverfirewallrulegroupassociations.yaml | 2 + ...t.crossplane.io_resolverfirewallrules.yaml | 3 + ...io_resolverquerylogconfigassociations.yaml | 3 + ...crossplane.io_resolverquerylogconfigs.yaml | 2 + ...rossplane.io_resolverruleassociations.yaml | 3 + ...3.aws.jet.crossplane.io_resolverrules.yaml | 2 + ...plane.io_vpcassociationauthorizations.yaml | 3 + ...ws.jet.crossplane.io_zoneassociations.yaml | 2 + .../route53.aws.jet.crossplane.io_zones.yaml | 2 + .../s3.aws.jet.crossplane.io_buckets.yaml | 2 + 333 files changed, 37872 insertions(+), 25 deletions(-) create mode 100644 examples-generated/autoscaling/attachment.yaml create mode 100644 examples-generated/autoscaling/autoscalinggroup.yaml create mode 100644 examples-generated/ebs/volume.yaml create mode 100644 examples-generated/ec2/elasticip.yaml create mode 100644 examples-generated/ec2/instance.yaml create mode 100644 examples-generated/ec2/ipv4cidrblockassociation.yaml create mode 100644 examples-generated/ec2/launchtemplate.yaml create mode 100644 examples-generated/ec2/networkinterface.yaml create mode 100644 examples-generated/ec2/peeringconnectionaccepter.yaml create mode 100644 examples-generated/ec2/route.yaml create mode 100644 examples-generated/ec2/routetable.yaml create mode 100644 examples-generated/ec2/routetableassociation.yaml create mode 100644 examples-generated/ec2/securitygroup.yaml create mode 100644 examples-generated/ec2/securitygrouprule.yaml create mode 100644 examples-generated/ec2/subnet.yaml create mode 100644 examples-generated/ec2/transitgateway.yaml create mode 100644 examples-generated/ec2/transitgatewayroute.yaml create mode 100644 examples-generated/ec2/transitgatewayroutetable.yaml create mode 100644 examples-generated/ec2/transitgatewayvpcattachment.yaml create mode 100644 examples-generated/ec2/transitgatewayvpcattachmentaccepter.yaml create mode 100644 examples-generated/ec2/vpc.yaml create mode 100644 examples-generated/ec2/vpcendpoint.yaml create mode 100644 examples-generated/ec2/vpcpeeringconnection.yaml create mode 100644 examples-generated/ecr/repository.yaml create mode 100644 examples-generated/ecrpublic/repository.yaml create mode 100644 examples-generated/ecs/capacityprovider.yaml create mode 100644 examples-generated/ecs/cluster.yaml create mode 100644 examples-generated/ecs/service.yaml create mode 100644 examples-generated/ecs/taskdefinition.yaml create mode 100644 examples-generated/eks/addon.yaml create mode 100644 examples-generated/eks/cluster.yaml create mode 100644 examples-generated/eks/fargateprofile.yaml create mode 100644 examples-generated/eks/identityproviderconfig.yaml create mode 100644 examples-generated/eks/nodegroup.yaml create mode 100644 examples-generated/elasticache/cluster.yaml create mode 100644 examples-generated/elasticache/parametergroup.yaml create mode 100644 examples-generated/elasticache/replicationgroup.yaml create mode 100644 examples-generated/elasticache/user.yaml create mode 100644 examples-generated/elasticache/usergroup.yaml create mode 100644 examples-generated/elasticloadbalancing/loadbalancer.yaml create mode 100644 examples-generated/elasticloadbalancing/loadbalancerlistener.yaml create mode 100644 examples-generated/elasticloadbalancing/targetgroup.yaml create mode 100644 examples-generated/elasticloadbalancing/targetgroupattachment.yaml create mode 100644 examples-generated/iam/accesskey.yaml create mode 100644 examples-generated/iam/group.yaml create mode 100644 examples-generated/iam/grouppolicyattachment.yaml create mode 100644 examples-generated/iam/instanceprofile.yaml create mode 100644 examples-generated/iam/policy.yaml create mode 100644 examples-generated/iam/role.yaml create mode 100644 examples-generated/iam/rolepolicyattachment.yaml create mode 100644 examples-generated/iam/user.yaml create mode 100644 examples-generated/iam/usergroupmembership.yaml create mode 100644 examples-generated/iam/userpolicyattachment.yaml create mode 100644 examples-generated/kms/key.yaml create mode 100644 examples-generated/rds/dbcluster.yaml create mode 100644 examples-generated/rds/dbinstance.yaml create mode 100644 examples-generated/rds/dbparametergroup.yaml create mode 100644 examples-generated/route53/delegationset.yaml create mode 100644 examples-generated/route53/healthcheck.yaml create mode 100644 examples-generated/route53/hostedzonednssec.yaml create mode 100644 examples-generated/route53/keysigningkey.yaml create mode 100644 examples-generated/route53/querylog.yaml create mode 100644 examples-generated/route53/record.yaml create mode 100644 examples-generated/route53/resolverdnssecconfig.yaml create mode 100644 examples-generated/route53/resolverendpoint.yaml create mode 100644 examples-generated/route53/resolverfirewallconfig.yaml create mode 100644 examples-generated/route53/resolverfirewalldomainlist.yaml create mode 100644 examples-generated/route53/resolverfirewallrule.yaml create mode 100644 examples-generated/route53/resolverfirewallrulegroup.yaml create mode 100644 examples-generated/route53/resolverfirewallrulegroupassociation.yaml create mode 100644 examples-generated/route53/resolverquerylogconfig.yaml create mode 100644 examples-generated/route53/resolverquerylogconfigassociation.yaml create mode 100644 examples-generated/route53/resolverrule.yaml create mode 100644 examples-generated/route53/resolverruleassociation.yaml create mode 100644 examples-generated/route53/vpcassociationauthorization.yaml create mode 100644 examples-generated/route53/zone.yaml create mode 100644 examples-generated/route53/zoneassociation.yaml create mode 100644 examples-generated/s3/bucket.yaml create mode 100644 hack/provider-metadata.yaml diff --git a/Makefile b/Makefile index 31590704a..680d5b374 100644 --- a/Makefile +++ b/Makefile @@ -83,6 +83,11 @@ crds.clean: @find package/crds -name '*.yaml.sed' -delete || $(FAIL) @$(OK) cleaned generated CRDs +examples.clean: + @$(INFO) cleaning generated examples + @rm -fR examples-generated/* + @$(OK) cleaned generated examples + generate.done: crds.clean # Update the submodules, such as the common build scripts. @@ -98,7 +103,7 @@ run: go.build @# To see other arguments that can be provided, run the command with --help instead $(GO_OUT_DIR)/provider --debug -.PHONY: cobertura submodules fallthrough run crds.clean +.PHONY: cobertura submodules fallthrough run crds.clean examples.clean # ==================================================================================== # Special Targets diff --git a/apis/autoscaling/v1alpha1/zz_attachment_terraformed.go b/apis/autoscaling/v1alpha1/zz_attachment_terraformed.go index a936ff7ca..2229da230 100755 --- a/apis/autoscaling/v1alpha1/zz_attachment_terraformed.go +++ b/apis/autoscaling/v1alpha1/zz_attachment_terraformed.go @@ -54,6 +54,14 @@ func (tr *Attachment) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Attachment +func (tr *Attachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Attachment func (tr *Attachment) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/autoscaling/v1alpha1/zz_attachment_types.go b/apis/autoscaling/v1alpha1/zz_attachment_types.go index bb60ca2c6..188c74ad2 100755 --- a/apis/autoscaling/v1alpha1/zz_attachment_types.go +++ b/apis/autoscaling/v1alpha1/zz_attachment_types.go @@ -26,6 +26,7 @@ import ( ) type AttachmentObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type AttachmentParameters struct { diff --git a/apis/autoscaling/v1alpha1/zz_autoscalinggroup_terraformed.go b/apis/autoscaling/v1alpha1/zz_autoscalinggroup_terraformed.go index 1fb26d1ee..75edd6d7d 100755 --- a/apis/autoscaling/v1alpha1/zz_autoscalinggroup_terraformed.go +++ b/apis/autoscaling/v1alpha1/zz_autoscalinggroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *AutoscalingGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this AutoscalingGroup +func (tr *AutoscalingGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this AutoscalingGroup func (tr *AutoscalingGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/autoscaling/v1alpha1/zz_autoscalinggroup_types.go b/apis/autoscaling/v1alpha1/zz_autoscalinggroup_types.go index 58f30f991..5df8c825d 100755 --- a/apis/autoscaling/v1alpha1/zz_autoscalinggroup_types.go +++ b/apis/autoscaling/v1alpha1/zz_autoscalinggroup_types.go @@ -28,6 +28,8 @@ import ( type AutoscalingGroupObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + LoadBalancers []*string `json:"loadBalancers,omitempty" tf:"load_balancers,omitempty"` TargetGroupArns []*string `json:"targetGroupArns,omitempty" tf:"target_group_arns,omitempty"` diff --git a/apis/autoscaling/v1alpha1/zz_generated.deepcopy.go b/apis/autoscaling/v1alpha1/zz_generated.deepcopy.go index 47657bb56..efaa308ac 100644 --- a/apis/autoscaling/v1alpha1/zz_generated.deepcopy.go +++ b/apis/autoscaling/v1alpha1/zz_generated.deepcopy.go @@ -87,6 +87,11 @@ func (in *AttachmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AttachmentObservation) DeepCopyInto(out *AttachmentObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachmentObservation. @@ -175,7 +180,7 @@ func (in *AttachmentSpec) DeepCopy() *AttachmentSpec { func (in *AttachmentStatus) DeepCopyInto(out *AttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttachmentStatus. @@ -255,6 +260,11 @@ func (in *AutoscalingGroupObservation) DeepCopyInto(out *AutoscalingGroupObserva *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.LoadBalancers != nil { in, out := &in.LoadBalancers, &out.LoadBalancers *out = make([]*string, len(*in)) diff --git a/apis/ebs/v1alpha1/zz_generated.deepcopy.go b/apis/ebs/v1alpha1/zz_generated.deepcopy.go index 1bc62cd96..0c13dfd8a 100644 --- a/apis/ebs/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ebs/v1alpha1/zz_generated.deepcopy.go @@ -92,6 +92,11 @@ func (in *VolumeObservation) DeepCopyInto(out *VolumeObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) diff --git a/apis/ebs/v1alpha1/zz_volume_terraformed.go b/apis/ebs/v1alpha1/zz_volume_terraformed.go index a636a2577..139874ae6 100755 --- a/apis/ebs/v1alpha1/zz_volume_terraformed.go +++ b/apis/ebs/v1alpha1/zz_volume_terraformed.go @@ -54,6 +54,14 @@ func (tr *Volume) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Volume +func (tr *Volume) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Volume func (tr *Volume) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ebs/v1alpha1/zz_volume_types.go b/apis/ebs/v1alpha1/zz_volume_types.go index 7b6d7c1dd..d64565c9f 100755 --- a/apis/ebs/v1alpha1/zz_volume_types.go +++ b/apis/ebs/v1alpha1/zz_volume_types.go @@ -28,6 +28,8 @@ import ( type VolumeObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/ec2/v1alpha1/zz_elasticip_terraformed.go b/apis/ec2/v1alpha1/zz_elasticip_terraformed.go index 930fd0609..3d40d8184 100755 --- a/apis/ec2/v1alpha1/zz_elasticip_terraformed.go +++ b/apis/ec2/v1alpha1/zz_elasticip_terraformed.go @@ -54,6 +54,14 @@ func (tr *ElasticIP) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ElasticIP +func (tr *ElasticIP) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ElasticIP func (tr *ElasticIP) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_elasticip_types.go b/apis/ec2/v1alpha1/zz_elasticip_types.go index fc294576e..e798b8fae 100755 --- a/apis/ec2/v1alpha1/zz_elasticip_types.go +++ b/apis/ec2/v1alpha1/zz_elasticip_types.go @@ -36,6 +36,8 @@ type ElasticIPObservation struct { Domain *string `json:"domain,omitempty" tf:"domain,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + PrivateDNS *string `json:"privateDns,omitempty" tf:"private_dns,omitempty"` PrivateIP *string `json:"privateIp,omitempty" tf:"private_ip,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_generated.deepcopy.go b/apis/ec2/v1alpha1/zz_generated.deepcopy.go index 0cd7e4772..fbedfa63c 100644 --- a/apis/ec2/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ec2/v1alpha1/zz_generated.deepcopy.go @@ -820,6 +820,11 @@ func (in *ElasticIPObservation) DeepCopyInto(out *ElasticIPObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.PrivateDNS != nil { in, out := &in.PrivateDNS, &out.PrivateDNS *out = new(string) @@ -1208,6 +1213,11 @@ func (in *IPv4CIDRBlockAssociationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPv4CIDRBlockAssociationObservation) DeepCopyInto(out *IPv4CIDRBlockAssociationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4CIDRBlockAssociationObservation. @@ -1281,7 +1291,7 @@ func (in *IPv4CIDRBlockAssociationSpec) DeepCopy() *IPv4CIDRBlockAssociationSpec func (in *IPv4CIDRBlockAssociationStatus) DeepCopyInto(out *IPv4CIDRBlockAssociationStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4CIDRBlockAssociationStatus. @@ -1572,6 +1582,11 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.InstanceState != nil { in, out := &in.InstanceState, &out.InstanceState *out = new(string) @@ -2209,6 +2224,11 @@ func (in *LaunchTemplateObservation_2) DeepCopyInto(out *LaunchTemplateObservati *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.LatestVersion != nil { in, out := &in.LatestVersion, &out.LatestVersion *out = new(int64) @@ -2756,6 +2776,11 @@ func (in *NetworkInterfaceObservation) DeepCopy() *NetworkInterfaceObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkInterfaceObservation_2) DeepCopyInto(out *NetworkInterfaceObservation_2) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.MacAddress != nil { in, out := &in.MacAddress, &out.MacAddress *out = new(string) @@ -3262,6 +3287,11 @@ func (in *PeeringConnectionAccepterObservation) DeepCopyInto(out *PeeringConnect *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.PeerOwnerID != nil { in, out := &in.PeerOwnerID, &out.PeerOwnerID *out = new(string) @@ -3724,6 +3754,11 @@ func (in *RouteList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteObservation) DeepCopyInto(out *RouteObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.InstanceOwnerID != nil { in, out := &in.InstanceOwnerID, &out.InstanceOwnerID *out = new(string) @@ -4024,6 +4059,11 @@ func (in *RouteTableAssociationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteTableAssociationObservation) DeepCopyInto(out *RouteTableAssociationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteTableAssociationObservation. @@ -4112,7 +4152,7 @@ func (in *RouteTableAssociationSpec) DeepCopy() *RouteTableAssociationSpec { func (in *RouteTableAssociationStatus) DeepCopyInto(out *RouteTableAssociationStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteTableAssociationStatus. @@ -4165,6 +4205,11 @@ func (in *RouteTableObservation) DeepCopyInto(out *RouteTableObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwnerID != nil { in, out := &in.OwnerID, &out.OwnerID *out = new(string) @@ -4501,6 +4546,11 @@ func (in *SecurityGroupObservation) DeepCopyInto(out *SecurityGroupObservation) *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwnerID != nil { in, out := &in.OwnerID, &out.OwnerID *out = new(string) @@ -4679,6 +4729,11 @@ func (in *SecurityGroupRuleList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecurityGroupRuleObservation) DeepCopyInto(out *SecurityGroupRuleObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroupRuleObservation. @@ -4815,7 +4870,7 @@ func (in *SecurityGroupRuleSpec) DeepCopy() *SecurityGroupRuleSpec { func (in *SecurityGroupRuleStatus) DeepCopyInto(out *SecurityGroupRuleStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroupRuleStatus. @@ -4984,6 +5039,11 @@ func (in *SubnetObservation) DeepCopyInto(out *SubnetObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.IPv6CidrBlockAssociationID != nil { in, out := &in.IPv6CidrBlockAssociationID, &out.IPv6CidrBlockAssociationID *out = new(string) @@ -5272,6 +5332,11 @@ func (in *TransitGatewayObservation) DeepCopyInto(out *TransitGatewayObservation *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwnerID != nil { in, out := &in.OwnerID, &out.OwnerID *out = new(string) @@ -5441,6 +5506,11 @@ func (in *TransitGatewayRouteList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TransitGatewayRouteObservation) DeepCopyInto(out *TransitGatewayRouteObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitGatewayRouteObservation. @@ -5534,7 +5604,7 @@ func (in *TransitGatewayRouteSpec) DeepCopy() *TransitGatewayRouteSpec { func (in *TransitGatewayRouteStatus) DeepCopyInto(out *TransitGatewayRouteStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransitGatewayRouteStatus. @@ -5636,6 +5706,11 @@ func (in *TransitGatewayRouteTableAssociationList) DeepCopyObject() runtime.Obje // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TransitGatewayRouteTableAssociationObservation) DeepCopyInto(out *TransitGatewayRouteTableAssociationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.ResourceID != nil { in, out := &in.ResourceID, &out.ResourceID *out = new(string) @@ -5792,6 +5867,11 @@ func (in *TransitGatewayRouteTableObservation) DeepCopyInto(out *TransitGatewayR *out = new(bool) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -5931,6 +6011,11 @@ func (in *TransitGatewayRouteTablePropagationList) DeepCopyObject() runtime.Obje // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TransitGatewayRouteTablePropagationObservation) DeepCopyInto(out *TransitGatewayRouteTablePropagationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.ResourceID != nil { in, out := &in.ResourceID, &out.ResourceID *out = new(string) @@ -6204,6 +6289,11 @@ func (in *TransitGatewayVPCAttachmentAccepterObservation) DeepCopyInto(out *Tran *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.IPv6Support != nil { in, out := &in.IPv6Support, &out.IPv6Support *out = new(string) @@ -6391,6 +6481,11 @@ func (in *TransitGatewayVPCAttachmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TransitGatewayVPCAttachmentObservation) DeepCopyInto(out *TransitGatewayVPCAttachmentObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -6680,6 +6775,11 @@ func (in *VPCEndpointObservation) DeepCopyInto(out *VPCEndpointObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.NetworkInterfaceIds != nil { in, out := &in.NetworkInterfaceIds, &out.NetworkInterfaceIds *out = make([]*string, len(*in)) @@ -6970,6 +7070,11 @@ func (in *VPCObservation) DeepCopyInto(out *VPCObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.IPv6AssociationID != nil { in, out := &in.IPv6AssociationID, &out.IPv6AssociationID *out = new(string) @@ -7154,6 +7259,11 @@ func (in *VPCPeeringConnectionObservation) DeepCopyInto(out *VPCPeeringConnectio *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) diff --git a/apis/ec2/v1alpha1/zz_instance_terraformed.go b/apis/ec2/v1alpha1/zz_instance_terraformed.go index b8787103b..81c6af527 100755 --- a/apis/ec2/v1alpha1/zz_instance_terraformed.go +++ b/apis/ec2/v1alpha1/zz_instance_terraformed.go @@ -54,6 +54,14 @@ func (tr *Instance) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Instance +func (tr *Instance) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Instance func (tr *Instance) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_instance_types.go b/apis/ec2/v1alpha1/zz_instance_types.go index 00e23554d..bc69b814e 100755 --- a/apis/ec2/v1alpha1/zz_instance_types.go +++ b/apis/ec2/v1alpha1/zz_instance_types.go @@ -126,6 +126,8 @@ type EphemeralBlockDeviceParameters struct { type InstanceObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + InstanceState *string `json:"instanceState,omitempty" tf:"instance_state,omitempty"` OutpostArn *string `json:"outpostArn,omitempty" tf:"outpost_arn,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_terraformed.go b/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_terraformed.go index 9b4ea6b63..4e7d6ef34 100755 --- a/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_terraformed.go +++ b/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *IPv4CIDRBlockAssociation) SetObservation(obs map[string]interface{}) e return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this IPv4CIDRBlockAssociation +func (tr *IPv4CIDRBlockAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this IPv4CIDRBlockAssociation func (tr *IPv4CIDRBlockAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_types.go b/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_types.go index fa8a4a0a2..ce6084117 100755 --- a/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_types.go +++ b/apis/ec2/v1alpha1/zz_ipv4cidrblockassociation_types.go @@ -26,6 +26,7 @@ import ( ) type IPv4CIDRBlockAssociationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type IPv4CIDRBlockAssociationParameters struct { diff --git a/apis/ec2/v1alpha1/zz_launchtemplate_terraformed.go b/apis/ec2/v1alpha1/zz_launchtemplate_terraformed.go index 58269fdad..132bcf3db 100755 --- a/apis/ec2/v1alpha1/zz_launchtemplate_terraformed.go +++ b/apis/ec2/v1alpha1/zz_launchtemplate_terraformed.go @@ -54,6 +54,14 @@ func (tr *LaunchTemplate) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this LaunchTemplate +func (tr *LaunchTemplate) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this LaunchTemplate func (tr *LaunchTemplate) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_launchtemplate_types.go b/apis/ec2/v1alpha1/zz_launchtemplate_types.go index 1554999b8..1417b4fde 100755 --- a/apis/ec2/v1alpha1/zz_launchtemplate_types.go +++ b/apis/ec2/v1alpha1/zz_launchtemplate_types.go @@ -215,6 +215,8 @@ type LaunchTemplateMetadataOptionsParameters struct { type LaunchTemplateObservation_2 struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + LatestVersion *int64 `json:"latestVersion,omitempty" tf:"latest_version,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_networkinterface_terraformed.go b/apis/ec2/v1alpha1/zz_networkinterface_terraformed.go index 754907612..a7241981b 100755 --- a/apis/ec2/v1alpha1/zz_networkinterface_terraformed.go +++ b/apis/ec2/v1alpha1/zz_networkinterface_terraformed.go @@ -54,6 +54,14 @@ func (tr *NetworkInterface) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this NetworkInterface +func (tr *NetworkInterface) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this NetworkInterface func (tr *NetworkInterface) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_networkinterface_types.go b/apis/ec2/v1alpha1/zz_networkinterface_types.go index 6cb5199c8..bae70ebfa 100755 --- a/apis/ec2/v1alpha1/zz_networkinterface_types.go +++ b/apis/ec2/v1alpha1/zz_networkinterface_types.go @@ -46,6 +46,8 @@ type AttachmentParameters struct { } type NetworkInterfaceObservation_2 struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + MacAddress *string `json:"macAddress,omitempty" tf:"mac_address,omitempty"` OutpostArn *string `json:"outpostArn,omitempty" tf:"outpost_arn,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_terraformed.go b/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_terraformed.go index 92328c4e3..b2b25d41f 100755 --- a/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_terraformed.go +++ b/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_terraformed.go @@ -54,6 +54,14 @@ func (tr *PeeringConnectionAccepter) SetObservation(obs map[string]interface{}) return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this PeeringConnectionAccepter +func (tr *PeeringConnectionAccepter) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this PeeringConnectionAccepter func (tr *PeeringConnectionAccepter) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_types.go b/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_types.go index dababfb57..bfc3b79cc 100755 --- a/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_types.go +++ b/apis/ec2/v1alpha1/zz_peeringconnectionaccepter_types.go @@ -43,6 +43,8 @@ type PeeringConnectionAccepterAccepterParameters struct { type PeeringConnectionAccepterObservation struct { AcceptStatus *string `json:"acceptStatus,omitempty" tf:"accept_status,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + PeerOwnerID *string `json:"peerOwnerId,omitempty" tf:"peer_owner_id,omitempty"` PeerRegion *string `json:"peerRegion,omitempty" tf:"peer_region,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_route_terraformed.go b/apis/ec2/v1alpha1/zz_route_terraformed.go index 58adfd0d0..5107425a8 100755 --- a/apis/ec2/v1alpha1/zz_route_terraformed.go +++ b/apis/ec2/v1alpha1/zz_route_terraformed.go @@ -54,6 +54,14 @@ func (tr *Route) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Route +func (tr *Route) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Route func (tr *Route) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_route_types.go b/apis/ec2/v1alpha1/zz_route_types.go index 7ea1ac169..1412e35d1 100755 --- a/apis/ec2/v1alpha1/zz_route_types.go +++ b/apis/ec2/v1alpha1/zz_route_types.go @@ -26,6 +26,8 @@ import ( ) type RouteObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + InstanceOwnerID *string `json:"instanceOwnerId,omitempty" tf:"instance_owner_id,omitempty"` Origin *string `json:"origin,omitempty" tf:"origin,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_routetable_terraformed.go b/apis/ec2/v1alpha1/zz_routetable_terraformed.go index 780084a6d..052e3ca3d 100755 --- a/apis/ec2/v1alpha1/zz_routetable_terraformed.go +++ b/apis/ec2/v1alpha1/zz_routetable_terraformed.go @@ -54,6 +54,14 @@ func (tr *RouteTable) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this RouteTable +func (tr *RouteTable) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this RouteTable func (tr *RouteTable) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_routetable_types.go b/apis/ec2/v1alpha1/zz_routetable_types.go index 2221f9c06..45d20a92f 100755 --- a/apis/ec2/v1alpha1/zz_routetable_types.go +++ b/apis/ec2/v1alpha1/zz_routetable_types.go @@ -28,6 +28,8 @@ import ( type RouteTableObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_routetableassociation_terraformed.go b/apis/ec2/v1alpha1/zz_routetableassociation_terraformed.go index 2cc584a89..a7075e990 100755 --- a/apis/ec2/v1alpha1/zz_routetableassociation_terraformed.go +++ b/apis/ec2/v1alpha1/zz_routetableassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *RouteTableAssociation) SetObservation(obs map[string]interface{}) erro return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this RouteTableAssociation +func (tr *RouteTableAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this RouteTableAssociation func (tr *RouteTableAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_routetableassociation_types.go b/apis/ec2/v1alpha1/zz_routetableassociation_types.go index 3c0596664..48671052e 100755 --- a/apis/ec2/v1alpha1/zz_routetableassociation_types.go +++ b/apis/ec2/v1alpha1/zz_routetableassociation_types.go @@ -26,6 +26,7 @@ import ( ) type RouteTableAssociationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type RouteTableAssociationParameters struct { diff --git a/apis/ec2/v1alpha1/zz_securitygroup_terraformed.go b/apis/ec2/v1alpha1/zz_securitygroup_terraformed.go index b245bf6d9..27d346ec7 100755 --- a/apis/ec2/v1alpha1/zz_securitygroup_terraformed.go +++ b/apis/ec2/v1alpha1/zz_securitygroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *SecurityGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this SecurityGroup +func (tr *SecurityGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this SecurityGroup func (tr *SecurityGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_securitygroup_types.go b/apis/ec2/v1alpha1/zz_securitygroup_types.go index 1288f6b2c..eab0ae815 100755 --- a/apis/ec2/v1alpha1/zz_securitygroup_types.go +++ b/apis/ec2/v1alpha1/zz_securitygroup_types.go @@ -112,6 +112,8 @@ type IngressParameters struct { type SecurityGroupObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_securitygrouprule_terraformed.go b/apis/ec2/v1alpha1/zz_securitygrouprule_terraformed.go index 584a16ee2..4bc4db581 100755 --- a/apis/ec2/v1alpha1/zz_securitygrouprule_terraformed.go +++ b/apis/ec2/v1alpha1/zz_securitygrouprule_terraformed.go @@ -54,6 +54,14 @@ func (tr *SecurityGroupRule) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this SecurityGroupRule +func (tr *SecurityGroupRule) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this SecurityGroupRule func (tr *SecurityGroupRule) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_securitygrouprule_types.go b/apis/ec2/v1alpha1/zz_securitygrouprule_types.go index d6cba7e17..0d25c53c8 100755 --- a/apis/ec2/v1alpha1/zz_securitygrouprule_types.go +++ b/apis/ec2/v1alpha1/zz_securitygrouprule_types.go @@ -26,6 +26,7 @@ import ( ) type SecurityGroupRuleObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type SecurityGroupRuleParameters struct { diff --git a/apis/ec2/v1alpha1/zz_subnet_terraformed.go b/apis/ec2/v1alpha1/zz_subnet_terraformed.go index 7346acf2c..e038b4753 100755 --- a/apis/ec2/v1alpha1/zz_subnet_terraformed.go +++ b/apis/ec2/v1alpha1/zz_subnet_terraformed.go @@ -54,6 +54,14 @@ func (tr *Subnet) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Subnet +func (tr *Subnet) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Subnet func (tr *Subnet) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_subnet_types.go b/apis/ec2/v1alpha1/zz_subnet_types.go index 46f6447f0..d9f5fb0be 100755 --- a/apis/ec2/v1alpha1/zz_subnet_types.go +++ b/apis/ec2/v1alpha1/zz_subnet_types.go @@ -28,6 +28,8 @@ import ( type SubnetObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + IPv6CidrBlockAssociationID *string `json:"ipv6CidrBlockAssociationId,omitempty" tf:"ipv6_cidr_block_association_id,omitempty"` OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_transitgateway_terraformed.go b/apis/ec2/v1alpha1/zz_transitgateway_terraformed.go index 89857a605..4a5c2f929 100755 --- a/apis/ec2/v1alpha1/zz_transitgateway_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgateway_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGateway) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGateway +func (tr *TransitGateway) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGateway func (tr *TransitGateway) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgateway_types.go b/apis/ec2/v1alpha1/zz_transitgateway_types.go index 780da61e6..7598fef85 100755 --- a/apis/ec2/v1alpha1/zz_transitgateway_types.go +++ b/apis/ec2/v1alpha1/zz_transitgateway_types.go @@ -30,6 +30,8 @@ type TransitGatewayObservation struct { AssociationDefaultRouteTableID *string `json:"associationDefaultRouteTableId,omitempty" tf:"association_default_route_table_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` PropagationDefaultRouteTableID *string `json:"propagationDefaultRouteTableId,omitempty" tf:"propagation_default_route_table_id,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroute_terraformed.go b/apis/ec2/v1alpha1/zz_transitgatewayroute_terraformed.go index ac0b8946b..b9881f098 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroute_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroute_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGatewayRoute) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGatewayRoute +func (tr *TransitGatewayRoute) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGatewayRoute func (tr *TransitGatewayRoute) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroute_types.go b/apis/ec2/v1alpha1/zz_transitgatewayroute_types.go index 0141cb058..caeaa2a5b 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroute_types.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroute_types.go @@ -26,6 +26,7 @@ import ( ) type TransitGatewayRouteObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type TransitGatewayRouteParameters struct { diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroutetable_terraformed.go b/apis/ec2/v1alpha1/zz_transitgatewayroutetable_terraformed.go index 56556f9a5..2552a726f 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroutetable_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroutetable_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGatewayRouteTable) SetObservation(obs map[string]interface{}) e return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGatewayRouteTable +func (tr *TransitGatewayRouteTable) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGatewayRouteTable func (tr *TransitGatewayRouteTable) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroutetable_types.go b/apis/ec2/v1alpha1/zz_transitgatewayroutetable_types.go index 512e6480d..213c83496 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroutetable_types.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroutetable_types.go @@ -32,6 +32,8 @@ type TransitGatewayRouteTableObservation struct { DefaultPropagationRouteTable *bool `json:"defaultPropagationRouteTable,omitempty" tf:"default_propagation_route_table,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_terraformed.go b/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_terraformed.go index c927dc966..9f581c1d0 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGatewayRouteTableAssociation) SetObservation(obs map[string]int return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGatewayRouteTableAssociation +func (tr *TransitGatewayRouteTableAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGatewayRouteTableAssociation func (tr *TransitGatewayRouteTableAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_types.go b/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_types.go index 4029e6376..8dbc02169 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_types.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroutetableassociation_types.go @@ -26,6 +26,8 @@ import ( ) type TransitGatewayRouteTableAssociationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + ResourceID *string `json:"resourceId,omitempty" tf:"resource_id,omitempty"` ResourceType *string `json:"resourceType,omitempty" tf:"resource_type,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_terraformed.go b/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_terraformed.go index bb84827c5..4ba482230 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGatewayRouteTablePropagation) SetObservation(obs map[string]int return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGatewayRouteTablePropagation +func (tr *TransitGatewayRouteTablePropagation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGatewayRouteTablePropagation func (tr *TransitGatewayRouteTablePropagation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_types.go b/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_types.go index 35ae98438..6c3acb06d 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_types.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayroutetablepropagation_types.go @@ -26,6 +26,8 @@ import ( ) type TransitGatewayRouteTablePropagationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + ResourceID *string `json:"resourceId,omitempty" tf:"resource_id,omitempty"` ResourceType *string `json:"resourceType,omitempty" tf:"resource_type,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_terraformed.go b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_terraformed.go index 5ebea9bdd..69c636ae2 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGatewayVPCAttachment) SetObservation(obs map[string]interface{} return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGatewayVPCAttachment +func (tr *TransitGatewayVPCAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGatewayVPCAttachment func (tr *TransitGatewayVPCAttachment) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_types.go b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_types.go index 0c93d4d7c..7c249ef5d 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_types.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachment_types.go @@ -26,6 +26,8 @@ import ( ) type TransitGatewayVPCAttachmentObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` VpcOwnerID *string `json:"vpcOwnerId,omitempty" tf:"vpc_owner_id,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_terraformed.go b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_terraformed.go index 2e2fac9c4..0ed803281 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_terraformed.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_terraformed.go @@ -54,6 +54,14 @@ func (tr *TransitGatewayVPCAttachmentAccepter) SetObservation(obs map[string]int return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TransitGatewayVPCAttachmentAccepter +func (tr *TransitGatewayVPCAttachmentAccepter) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TransitGatewayVPCAttachmentAccepter func (tr *TransitGatewayVPCAttachmentAccepter) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_types.go b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_types.go index 33460a28b..ed4969c6d 100755 --- a/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_types.go +++ b/apis/ec2/v1alpha1/zz_transitgatewayvpcattachmentaccepter_types.go @@ -30,6 +30,8 @@ type TransitGatewayVPCAttachmentAccepterObservation struct { DNSSupport *string `json:"dnsSupport,omitempty" tf:"dns_support,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + IPv6Support *string `json:"ipv6Support,omitempty" tf:"ipv6_support,omitempty"` SubnetIds []*string `json:"subnetIds,omitempty" tf:"subnet_ids,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_vpc_terraformed.go b/apis/ec2/v1alpha1/zz_vpc_terraformed.go index 5708e8a68..78fb0b2fe 100755 --- a/apis/ec2/v1alpha1/zz_vpc_terraformed.go +++ b/apis/ec2/v1alpha1/zz_vpc_terraformed.go @@ -54,6 +54,14 @@ func (tr *VPC) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this VPC +func (tr *VPC) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this VPC func (tr *VPC) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_vpc_types.go b/apis/ec2/v1alpha1/zz_vpc_types.go index e943cdddf..a1b9231af 100755 --- a/apis/ec2/v1alpha1/zz_vpc_types.go +++ b/apis/ec2/v1alpha1/zz_vpc_types.go @@ -36,6 +36,8 @@ type VPCObservation struct { DhcpOptionsID *string `json:"dhcpOptionsId,omitempty" tf:"dhcp_options_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + IPv6AssociationID *string `json:"ipv6AssociationId,omitempty" tf:"ipv6_association_id,omitempty"` IPv6CidrBlock *string `json:"ipv6CidrBlock,omitempty" tf:"ipv6_cidr_block,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_vpcendpoint_terraformed.go b/apis/ec2/v1alpha1/zz_vpcendpoint_terraformed.go index 33578aac9..3b3b91fa6 100755 --- a/apis/ec2/v1alpha1/zz_vpcendpoint_terraformed.go +++ b/apis/ec2/v1alpha1/zz_vpcendpoint_terraformed.go @@ -54,6 +54,14 @@ func (tr *VPCEndpoint) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this VPCEndpoint +func (tr *VPCEndpoint) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this VPCEndpoint func (tr *VPCEndpoint) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_vpcendpoint_types.go b/apis/ec2/v1alpha1/zz_vpcendpoint_types.go index 2b6801164..b51042179 100755 --- a/apis/ec2/v1alpha1/zz_vpcendpoint_types.go +++ b/apis/ec2/v1alpha1/zz_vpcendpoint_types.go @@ -41,6 +41,8 @@ type VPCEndpointObservation struct { DNSEntry []DNSEntryObservation `json:"dnsEntry,omitempty" tf:"dns_entry,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + NetworkInterfaceIds []*string `json:"networkInterfaceIds,omitempty" tf:"network_interface_ids,omitempty"` OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` diff --git a/apis/ec2/v1alpha1/zz_vpcpeeringconnection_terraformed.go b/apis/ec2/v1alpha1/zz_vpcpeeringconnection_terraformed.go index 69e9e3fd6..c7b1fb197 100755 --- a/apis/ec2/v1alpha1/zz_vpcpeeringconnection_terraformed.go +++ b/apis/ec2/v1alpha1/zz_vpcpeeringconnection_terraformed.go @@ -54,6 +54,14 @@ func (tr *VPCPeeringConnection) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this VPCPeeringConnection +func (tr *VPCPeeringConnection) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this VPCPeeringConnection func (tr *VPCPeeringConnection) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ec2/v1alpha1/zz_vpcpeeringconnection_types.go b/apis/ec2/v1alpha1/zz_vpcpeeringconnection_types.go index 3df10e562..fcbc41738 100755 --- a/apis/ec2/v1alpha1/zz_vpcpeeringconnection_types.go +++ b/apis/ec2/v1alpha1/zz_vpcpeeringconnection_types.go @@ -58,6 +58,8 @@ type RequesterParameters struct { type VPCPeeringConnectionObservation struct { AcceptStatus *string `json:"acceptStatus,omitempty" tf:"accept_status,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/ecr/v1alpha1/zz_generated.deepcopy.go b/apis/ecr/v1alpha1/zz_generated.deepcopy.go index b554857db..d5c8af5d4 100644 --- a/apis/ecr/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ecr/v1alpha1/zz_generated.deepcopy.go @@ -177,6 +177,11 @@ func (in *RepositoryObservation) DeepCopyInto(out *RepositoryObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.RegistryID != nil { in, out := &in.RegistryID, &out.RegistryID *out = new(string) diff --git a/apis/ecr/v1alpha1/zz_repository_terraformed.go b/apis/ecr/v1alpha1/zz_repository_terraformed.go index 3f3f9c7b9..1beb43452 100755 --- a/apis/ecr/v1alpha1/zz_repository_terraformed.go +++ b/apis/ecr/v1alpha1/zz_repository_terraformed.go @@ -54,6 +54,14 @@ func (tr *Repository) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Repository +func (tr *Repository) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Repository func (tr *Repository) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ecr/v1alpha1/zz_repository_types.go b/apis/ecr/v1alpha1/zz_repository_types.go index 3dd9fa7e5..313e1b16d 100755 --- a/apis/ecr/v1alpha1/zz_repository_types.go +++ b/apis/ecr/v1alpha1/zz_repository_types.go @@ -57,6 +57,8 @@ type ImageScanningConfigurationParameters struct { type RepositoryObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + RegistryID *string `json:"registryId,omitempty" tf:"registry_id,omitempty"` RepositoryURL *string `json:"repositoryUrl,omitempty" tf:"repository_url,omitempty"` diff --git a/apis/ecrpublic/v1alpha1/zz_generated.deepcopy.go b/apis/ecrpublic/v1alpha1/zz_generated.deepcopy.go index 6aab1861a..6edf36080 100644 --- a/apis/ecrpublic/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ecrpublic/v1alpha1/zz_generated.deepcopy.go @@ -163,6 +163,11 @@ func (in *RepositoryObservation) DeepCopyInto(out *RepositoryObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.RegistryID != nil { in, out := &in.RegistryID, &out.RegistryID *out = new(string) diff --git a/apis/ecrpublic/v1alpha1/zz_repository_terraformed.go b/apis/ecrpublic/v1alpha1/zz_repository_terraformed.go index e99770f59..651ccc700 100755 --- a/apis/ecrpublic/v1alpha1/zz_repository_terraformed.go +++ b/apis/ecrpublic/v1alpha1/zz_repository_terraformed.go @@ -54,6 +54,14 @@ func (tr *Repository) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Repository +func (tr *Repository) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Repository func (tr *Repository) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ecrpublic/v1alpha1/zz_repository_types.go b/apis/ecrpublic/v1alpha1/zz_repository_types.go index ca24ecf60..6eb905e73 100755 --- a/apis/ecrpublic/v1alpha1/zz_repository_types.go +++ b/apis/ecrpublic/v1alpha1/zz_repository_types.go @@ -52,6 +52,8 @@ type CatalogDataParameters struct { type RepositoryObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + RegistryID *string `json:"registryId,omitempty" tf:"registry_id,omitempty"` RepositoryURI *string `json:"repositoryUri,omitempty" tf:"repository_uri,omitempty"` diff --git a/apis/ecs/v1alpha1/zz_capacityprovider_terraformed.go b/apis/ecs/v1alpha1/zz_capacityprovider_terraformed.go index 28942f6f1..b0a042171 100755 --- a/apis/ecs/v1alpha1/zz_capacityprovider_terraformed.go +++ b/apis/ecs/v1alpha1/zz_capacityprovider_terraformed.go @@ -54,6 +54,14 @@ func (tr *CapacityProvider) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this CapacityProvider +func (tr *CapacityProvider) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this CapacityProvider func (tr *CapacityProvider) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ecs/v1alpha1/zz_capacityprovider_types.go b/apis/ecs/v1alpha1/zz_capacityprovider_types.go index 3720e82ab..a216f76aa 100755 --- a/apis/ecs/v1alpha1/zz_capacityprovider_types.go +++ b/apis/ecs/v1alpha1/zz_capacityprovider_types.go @@ -51,6 +51,8 @@ type AutoScalingGroupProviderParameters struct { type CapacityProviderObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/ecs/v1alpha1/zz_cluster_terraformed.go b/apis/ecs/v1alpha1/zz_cluster_terraformed.go index b060e3fca..647d7f27e 100755 --- a/apis/ecs/v1alpha1/zz_cluster_terraformed.go +++ b/apis/ecs/v1alpha1/zz_cluster_terraformed.go @@ -54,6 +54,14 @@ func (tr *Cluster) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Cluster +func (tr *Cluster) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Cluster func (tr *Cluster) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ecs/v1alpha1/zz_cluster_types.go b/apis/ecs/v1alpha1/zz_cluster_types.go index 181e5103f..96dbdc018 100755 --- a/apis/ecs/v1alpha1/zz_cluster_types.go +++ b/apis/ecs/v1alpha1/zz_cluster_types.go @@ -28,6 +28,8 @@ import ( type ClusterObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/ecs/v1alpha1/zz_generated.deepcopy.go b/apis/ecs/v1alpha1/zz_generated.deepcopy.go index 74a4e94da..02f4e3fec 100644 --- a/apis/ecs/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ecs/v1alpha1/zz_generated.deepcopy.go @@ -189,6 +189,11 @@ func (in *CapacityProviderObservation) DeepCopyInto(out *CapacityProviderObserva *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -404,6 +409,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1474,6 +1484,11 @@ func (in *ServiceList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceObservation) DeepCopyInto(out *ServiceObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1878,6 +1893,11 @@ func (in *TaskDefinitionObservation) DeepCopyInto(out *TaskDefinitionObservation *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.Revision != nil { in, out := &in.Revision, &out.Revision *out = new(int64) diff --git a/apis/ecs/v1alpha1/zz_service_terraformed.go b/apis/ecs/v1alpha1/zz_service_terraformed.go index 87c7c31aa..59179b3fd 100755 --- a/apis/ecs/v1alpha1/zz_service_terraformed.go +++ b/apis/ecs/v1alpha1/zz_service_terraformed.go @@ -54,6 +54,14 @@ func (tr *Service) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Service +func (tr *Service) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Service func (tr *Service) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ecs/v1alpha1/zz_service_types.go b/apis/ecs/v1alpha1/zz_service_types.go index b14964644..2a572955b 100755 --- a/apis/ecs/v1alpha1/zz_service_types.go +++ b/apis/ecs/v1alpha1/zz_service_types.go @@ -137,6 +137,8 @@ type PlacementConstraintsParameters struct { } type ServiceObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/ecs/v1alpha1/zz_taskdefinition_terraformed.go b/apis/ecs/v1alpha1/zz_taskdefinition_terraformed.go index 30797022a..9951ade0d 100755 --- a/apis/ecs/v1alpha1/zz_taskdefinition_terraformed.go +++ b/apis/ecs/v1alpha1/zz_taskdefinition_terraformed.go @@ -54,6 +54,14 @@ func (tr *TaskDefinition) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TaskDefinition +func (tr *TaskDefinition) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TaskDefinition func (tr *TaskDefinition) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/ecs/v1alpha1/zz_taskdefinition_types.go b/apis/ecs/v1alpha1/zz_taskdefinition_types.go index 4512a94cc..1b121568a 100755 --- a/apis/ecs/v1alpha1/zz_taskdefinition_types.go +++ b/apis/ecs/v1alpha1/zz_taskdefinition_types.go @@ -145,6 +145,8 @@ type ProxyConfigurationParameters struct { type TaskDefinitionObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + Revision *int64 `json:"revision,omitempty" tf:"revision,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/eks/v1alpha1/zz_addon_terraformed.go b/apis/eks/v1alpha1/zz_addon_terraformed.go index c96fb0282..0d7337070 100755 --- a/apis/eks/v1alpha1/zz_addon_terraformed.go +++ b/apis/eks/v1alpha1/zz_addon_terraformed.go @@ -54,6 +54,14 @@ func (tr *Addon) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Addon +func (tr *Addon) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Addon func (tr *Addon) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/eks/v1alpha1/zz_addon_types.go b/apis/eks/v1alpha1/zz_addon_types.go index 44f6b98fb..2dba2ed72 100755 --- a/apis/eks/v1alpha1/zz_addon_types.go +++ b/apis/eks/v1alpha1/zz_addon_types.go @@ -30,6 +30,8 @@ type AddonObservation struct { CreatedAt *string `json:"createdAt,omitempty" tf:"created_at,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + ModifiedAt *string `json:"modifiedAt,omitempty" tf:"modified_at,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/eks/v1alpha1/zz_cluster_terraformed.go b/apis/eks/v1alpha1/zz_cluster_terraformed.go index 1eeed48d6..05636ca06 100755 --- a/apis/eks/v1alpha1/zz_cluster_terraformed.go +++ b/apis/eks/v1alpha1/zz_cluster_terraformed.go @@ -54,6 +54,14 @@ func (tr *Cluster) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Cluster +func (tr *Cluster) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Cluster func (tr *Cluster) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/eks/v1alpha1/zz_cluster_types.go b/apis/eks/v1alpha1/zz_cluster_types.go index 3ed04f771..349b29c8b 100755 --- a/apis/eks/v1alpha1/zz_cluster_types.go +++ b/apis/eks/v1alpha1/zz_cluster_types.go @@ -41,6 +41,8 @@ type ClusterObservation struct { Endpoint *string `json:"endpoint,omitempty" tf:"endpoint,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + Identity []IdentityObservation `json:"identity,omitempty" tf:"identity,omitempty"` PlatformVersion *string `json:"platformVersion,omitempty" tf:"platform_version,omitempty"` diff --git a/apis/eks/v1alpha1/zz_fargateprofile_terraformed.go b/apis/eks/v1alpha1/zz_fargateprofile_terraformed.go index 549bef2e0..50da71527 100755 --- a/apis/eks/v1alpha1/zz_fargateprofile_terraformed.go +++ b/apis/eks/v1alpha1/zz_fargateprofile_terraformed.go @@ -54,6 +54,14 @@ func (tr *FargateProfile) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this FargateProfile +func (tr *FargateProfile) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this FargateProfile func (tr *FargateProfile) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/eks/v1alpha1/zz_fargateprofile_types.go b/apis/eks/v1alpha1/zz_fargateprofile_types.go index 0d8a97337..0ce94afd2 100755 --- a/apis/eks/v1alpha1/zz_fargateprofile_types.go +++ b/apis/eks/v1alpha1/zz_fargateprofile_types.go @@ -28,6 +28,8 @@ import ( type FargateProfileObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + Status *string `json:"status,omitempty" tf:"status,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/eks/v1alpha1/zz_generated.deepcopy.go b/apis/eks/v1alpha1/zz_generated.deepcopy.go index 29914c00c..bd334ca89 100644 --- a/apis/eks/v1alpha1/zz_generated.deepcopy.go +++ b/apis/eks/v1alpha1/zz_generated.deepcopy.go @@ -97,6 +97,11 @@ func (in *AddonObservation) DeepCopyInto(out *AddonObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.ModifiedAt != nil { in, out := &in.ModifiedAt, &out.ModifiedAt *out = new(string) @@ -392,6 +397,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.Identity != nil { in, out := &in.Identity, &out.Identity *out = make([]IdentityObservation, len(*in)) @@ -672,6 +682,11 @@ func (in *FargateProfileObservation) DeepCopyInto(out *FargateProfileObservation *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.Status != nil { in, out := &in.Status, &out.Status *out = new(string) @@ -935,6 +950,11 @@ func (in *IdentityProviderConfigObservation) DeepCopyInto(out *IdentityProviderC *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.Status != nil { in, out := &in.Status, &out.Status *out = new(string) @@ -1285,6 +1305,11 @@ func (in *NodeGroupObservation) DeepCopyInto(out *NodeGroupObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.Resources != nil { in, out := &in.Resources, &out.Resources *out = make([]ResourcesObservation, len(*in)) diff --git a/apis/eks/v1alpha1/zz_identityproviderconfig_terraformed.go b/apis/eks/v1alpha1/zz_identityproviderconfig_terraformed.go index f52ed7a25..a82797120 100755 --- a/apis/eks/v1alpha1/zz_identityproviderconfig_terraformed.go +++ b/apis/eks/v1alpha1/zz_identityproviderconfig_terraformed.go @@ -54,6 +54,14 @@ func (tr *IdentityProviderConfig) SetObservation(obs map[string]interface{}) err return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this IdentityProviderConfig +func (tr *IdentityProviderConfig) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this IdentityProviderConfig func (tr *IdentityProviderConfig) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/eks/v1alpha1/zz_identityproviderconfig_types.go b/apis/eks/v1alpha1/zz_identityproviderconfig_types.go index 0a22d76d2..30b9aff52 100755 --- a/apis/eks/v1alpha1/zz_identityproviderconfig_types.go +++ b/apis/eks/v1alpha1/zz_identityproviderconfig_types.go @@ -28,6 +28,8 @@ import ( type IdentityProviderConfigObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + Status *string `json:"status,omitempty" tf:"status,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/eks/v1alpha1/zz_nodegroup_terraformed.go b/apis/eks/v1alpha1/zz_nodegroup_terraformed.go index 2b31f1818..5531c4ed5 100755 --- a/apis/eks/v1alpha1/zz_nodegroup_terraformed.go +++ b/apis/eks/v1alpha1/zz_nodegroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *NodeGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this NodeGroup +func (tr *NodeGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this NodeGroup func (tr *NodeGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/eks/v1alpha1/zz_nodegroup_types.go b/apis/eks/v1alpha1/zz_nodegroup_types.go index a5a33862d..5f045403f 100755 --- a/apis/eks/v1alpha1/zz_nodegroup_types.go +++ b/apis/eks/v1alpha1/zz_nodegroup_types.go @@ -50,6 +50,8 @@ type LaunchTemplateParameters struct { type NodeGroupObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + Resources []ResourcesObservation `json:"resources,omitempty" tf:"resources,omitempty"` Status *string `json:"status,omitempty" tf:"status,omitempty"` diff --git a/apis/elasticache/v1alpha1/zz_cluster_terraformed.go b/apis/elasticache/v1alpha1/zz_cluster_terraformed.go index 78090d287..2e7cb430b 100755 --- a/apis/elasticache/v1alpha1/zz_cluster_terraformed.go +++ b/apis/elasticache/v1alpha1/zz_cluster_terraformed.go @@ -54,6 +54,14 @@ func (tr *Cluster) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Cluster +func (tr *Cluster) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Cluster func (tr *Cluster) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticache/v1alpha1/zz_cluster_types.go b/apis/elasticache/v1alpha1/zz_cluster_types.go index fcc274d8a..b4235bca1 100755 --- a/apis/elasticache/v1alpha1/zz_cluster_types.go +++ b/apis/elasticache/v1alpha1/zz_cluster_types.go @@ -49,6 +49,8 @@ type ClusterObservation struct { EngineVersionActual *string `json:"engineVersionActual,omitempty" tf:"engine_version_actual,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/elasticache/v1alpha1/zz_generated.deepcopy.go b/apis/elasticache/v1alpha1/zz_generated.deepcopy.go index 9bdadb565..819587809 100644 --- a/apis/elasticache/v1alpha1/zz_generated.deepcopy.go +++ b/apis/elasticache/v1alpha1/zz_generated.deepcopy.go @@ -204,6 +204,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -506,6 +511,11 @@ func (in *ParameterGroupObservation) DeepCopyInto(out *ParameterGroupObservation *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -741,6 +751,11 @@ func (in *ReplicationGroupObservation) DeepCopyInto(out *ReplicationGroupObserva *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.MemberClusters != nil { in, out := &in.MemberClusters, &out.MemberClusters *out = make([]*string, len(*in)) @@ -1113,6 +1128,11 @@ func (in *UserGroupList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserGroupObservation) DeepCopyInto(out *UserGroupObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1275,6 +1295,11 @@ func (in *UserList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserObservation) DeepCopyInto(out *UserObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) diff --git a/apis/elasticache/v1alpha1/zz_parametergroup_terraformed.go b/apis/elasticache/v1alpha1/zz_parametergroup_terraformed.go index 48faf2cda..3381fdcae 100755 --- a/apis/elasticache/v1alpha1/zz_parametergroup_terraformed.go +++ b/apis/elasticache/v1alpha1/zz_parametergroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *ParameterGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ParameterGroup +func (tr *ParameterGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ParameterGroup func (tr *ParameterGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticache/v1alpha1/zz_parametergroup_types.go b/apis/elasticache/v1alpha1/zz_parametergroup_types.go index 5c3a58e7f..cc2adc38f 100755 --- a/apis/elasticache/v1alpha1/zz_parametergroup_types.go +++ b/apis/elasticache/v1alpha1/zz_parametergroup_types.go @@ -28,6 +28,8 @@ import ( type ParameterGroupObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/elasticache/v1alpha1/zz_replicationgroup_terraformed.go b/apis/elasticache/v1alpha1/zz_replicationgroup_terraformed.go index d5e9fd051..3a32ac350 100755 --- a/apis/elasticache/v1alpha1/zz_replicationgroup_terraformed.go +++ b/apis/elasticache/v1alpha1/zz_replicationgroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *ReplicationGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ReplicationGroup +func (tr *ReplicationGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ReplicationGroup func (tr *ReplicationGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticache/v1alpha1/zz_replicationgroup_types.go b/apis/elasticache/v1alpha1/zz_replicationgroup_types.go index dd9fc6ea0..84a1fdc1e 100755 --- a/apis/elasticache/v1alpha1/zz_replicationgroup_types.go +++ b/apis/elasticache/v1alpha1/zz_replicationgroup_types.go @@ -46,6 +46,8 @@ type ReplicationGroupObservation struct { EngineVersionActual *string `json:"engineVersionActual,omitempty" tf:"engine_version_actual,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + MemberClusters []*string `json:"memberClusters,omitempty" tf:"member_clusters,omitempty"` PrimaryEndpointAddress *string `json:"primaryEndpointAddress,omitempty" tf:"primary_endpoint_address,omitempty"` diff --git a/apis/elasticache/v1alpha1/zz_user_terraformed.go b/apis/elasticache/v1alpha1/zz_user_terraformed.go index 9434d86b6..1f10963e5 100755 --- a/apis/elasticache/v1alpha1/zz_user_terraformed.go +++ b/apis/elasticache/v1alpha1/zz_user_terraformed.go @@ -54,6 +54,14 @@ func (tr *User) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this User +func (tr *User) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this User func (tr *User) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticache/v1alpha1/zz_user_types.go b/apis/elasticache/v1alpha1/zz_user_types.go index 633040f5e..e6d71848e 100755 --- a/apis/elasticache/v1alpha1/zz_user_types.go +++ b/apis/elasticache/v1alpha1/zz_user_types.go @@ -26,6 +26,8 @@ import ( ) type UserObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/elasticache/v1alpha1/zz_usergroup_terraformed.go b/apis/elasticache/v1alpha1/zz_usergroup_terraformed.go index caa88468d..9b50c0a19 100755 --- a/apis/elasticache/v1alpha1/zz_usergroup_terraformed.go +++ b/apis/elasticache/v1alpha1/zz_usergroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *UserGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this UserGroup +func (tr *UserGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this UserGroup func (tr *UserGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticache/v1alpha1/zz_usergroup_types.go b/apis/elasticache/v1alpha1/zz_usergroup_types.go index dc7456915..f8d9bc3b3 100755 --- a/apis/elasticache/v1alpha1/zz_usergroup_types.go +++ b/apis/elasticache/v1alpha1/zz_usergroup_types.go @@ -26,6 +26,8 @@ import ( ) type UserGroupObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/elasticloadbalancing/v1alpha1/zz_generated.deepcopy.go b/apis/elasticloadbalancing/v1alpha1/zz_generated.deepcopy.go index 7aedc0eca..e307d76e8 100644 --- a/apis/elasticloadbalancing/v1alpha1/zz_generated.deepcopy.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_generated.deepcopy.go @@ -631,6 +631,11 @@ func (in *LoadBalancerListenerObservation) DeepCopyInto(out *LoadBalancerListene *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -792,6 +797,11 @@ func (in *LoadBalancerObservation) DeepCopyInto(out *LoadBalancerObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1258,6 +1268,11 @@ func (in *TargetGroupAttachmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TargetGroupAttachmentObservation) DeepCopyInto(out *TargetGroupAttachmentObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetGroupAttachmentObservation. @@ -1341,7 +1356,7 @@ func (in *TargetGroupAttachmentSpec) DeepCopy() *TargetGroupAttachmentSpec { func (in *TargetGroupAttachmentStatus) DeepCopyInto(out *TargetGroupAttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetGroupAttachmentStatus. @@ -1414,6 +1429,11 @@ func (in *TargetGroupObservation_2) DeepCopyInto(out *TargetGroupObservation_2) *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) diff --git a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_terraformed.go b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_terraformed.go index 7b94493ae..75e0d3554 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_terraformed.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_terraformed.go @@ -54,6 +54,14 @@ func (tr *LoadBalancer) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this LoadBalancer +func (tr *LoadBalancer) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this LoadBalancer func (tr *LoadBalancer) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_types.go b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_types.go index 1262fe2fd..5032756f1 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_types.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancer_types.go @@ -54,6 +54,8 @@ type LoadBalancerObservation struct { DNSName *string `json:"dnsName,omitempty" tf:"dns_name,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` VpcID *string `json:"vpcId,omitempty" tf:"vpc_id,omitempty"` diff --git a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_terraformed.go b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_terraformed.go index 1510ffd32..5f16a7fab 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_terraformed.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_terraformed.go @@ -54,6 +54,14 @@ func (tr *LoadBalancerListener) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this LoadBalancerListener +func (tr *LoadBalancerListener) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this LoadBalancerListener func (tr *LoadBalancerListener) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_types.go b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_types.go index b4eaad398..7140df288 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_types.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_loadbalancerlistener_types.go @@ -161,6 +161,8 @@ type ForwardParameters struct { type LoadBalancerListenerObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_terraformed.go b/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_terraformed.go index 9981a8cb9..94acbae51 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_terraformed.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *TargetGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TargetGroup +func (tr *TargetGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TargetGroup func (tr *TargetGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_types.go b/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_types.go index effd7b6c7..8c2b5ec05 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_types.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_targetgroup_types.go @@ -63,6 +63,8 @@ type TargetGroupObservation_2 struct { ArnSuffix *string `json:"arnSuffix,omitempty" tf:"arn_suffix,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_terraformed.go b/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_terraformed.go index 19056889a..7d132140c 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_terraformed.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_terraformed.go @@ -54,6 +54,14 @@ func (tr *TargetGroupAttachment) SetObservation(obs map[string]interface{}) erro return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this TargetGroupAttachment +func (tr *TargetGroupAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this TargetGroupAttachment func (tr *TargetGroupAttachment) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_types.go b/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_types.go index 79caa328d..13463e28a 100755 --- a/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_types.go +++ b/apis/elasticloadbalancing/v1alpha1/zz_targetgroupattachment_types.go @@ -26,6 +26,7 @@ import ( ) type TargetGroupAttachmentObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type TargetGroupAttachmentParameters struct { diff --git a/apis/iam/v1alpha1/zz_accesskey_terraformed.go b/apis/iam/v1alpha1/zz_accesskey_terraformed.go index 3157854e5..6872d47bd 100755 --- a/apis/iam/v1alpha1/zz_accesskey_terraformed.go +++ b/apis/iam/v1alpha1/zz_accesskey_terraformed.go @@ -54,6 +54,14 @@ func (tr *AccessKey) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this AccessKey +func (tr *AccessKey) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this AccessKey func (tr *AccessKey) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_accesskey_types.go b/apis/iam/v1alpha1/zz_accesskey_types.go index f49d5dc64..e885f20b3 100755 --- a/apis/iam/v1alpha1/zz_accesskey_types.go +++ b/apis/iam/v1alpha1/zz_accesskey_types.go @@ -32,6 +32,8 @@ type AccessKeyObservation struct { EncryptedSesSMTPPasswordV4 *string `json:"encryptedSesSmtpPasswordV4,omitempty" tf:"encrypted_ses_smtp_password_v4,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + KeyFingerprint *string `json:"keyFingerprint,omitempty" tf:"key_fingerprint,omitempty"` } diff --git a/apis/iam/v1alpha1/zz_generated.deepcopy.go b/apis/iam/v1alpha1/zz_generated.deepcopy.go index 8baefc3bb..03d477c9c 100644 --- a/apis/iam/v1alpha1/zz_generated.deepcopy.go +++ b/apis/iam/v1alpha1/zz_generated.deepcopy.go @@ -102,6 +102,11 @@ func (in *AccessKeyObservation) DeepCopyInto(out *AccessKeyObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.KeyFingerprint != nil { in, out := &in.KeyFingerprint, &out.KeyFingerprint *out = new(string) @@ -260,6 +265,11 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.UniqueID != nil { in, out := &in.UniqueID, &out.UniqueID *out = new(string) @@ -359,6 +369,11 @@ func (in *GroupPolicyAttachmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GroupPolicyAttachmentObservation) DeepCopyInto(out *GroupPolicyAttachmentObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupPolicyAttachmentObservation. @@ -437,7 +452,7 @@ func (in *GroupPolicyAttachmentSpec) DeepCopy() *GroupPolicyAttachmentSpec { func (in *GroupPolicyAttachmentStatus) DeepCopyInto(out *GroupPolicyAttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupPolicyAttachmentStatus. @@ -596,6 +611,11 @@ func (in *InstanceProfileObservation) DeepCopyInto(out *InstanceProfileObservati *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -779,6 +799,11 @@ func (in *PolicyObservation) DeepCopyInto(out *PolicyObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.PolicyID != nil { in, out := &in.PolicyID, &out.PolicyID *out = new(string) @@ -972,6 +997,11 @@ func (in *RoleObservation) DeepCopyInto(out *RoleObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1144,6 +1174,11 @@ func (in *RolePolicyAttachmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RolePolicyAttachmentObservation) DeepCopyInto(out *RolePolicyAttachmentObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolePolicyAttachmentObservation. @@ -1222,7 +1257,7 @@ func (in *RolePolicyAttachmentSpec) DeepCopy() *RolePolicyAttachmentSpec { func (in *RolePolicyAttachmentStatus) DeepCopyInto(out *RolePolicyAttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RolePolicyAttachmentStatus. @@ -1358,6 +1393,11 @@ func (in *UserGroupMembershipList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserGroupMembershipObservation) DeepCopyInto(out *UserGroupMembershipObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserGroupMembershipObservation. @@ -1442,7 +1482,7 @@ func (in *UserGroupMembershipSpec) DeepCopy() *UserGroupMembershipSpec { func (in *UserGroupMembershipStatus) DeepCopyInto(out *UserGroupMembershipStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserGroupMembershipStatus. @@ -1495,6 +1535,11 @@ func (in *UserObservation) DeepCopyInto(out *UserObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1634,6 +1679,11 @@ func (in *UserPolicyAttachmentList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserPolicyAttachmentObservation) DeepCopyInto(out *UserPolicyAttachmentObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserPolicyAttachmentObservation. @@ -1712,7 +1762,7 @@ func (in *UserPolicyAttachmentSpec) DeepCopy() *UserPolicyAttachmentSpec { func (in *UserPolicyAttachmentStatus) DeepCopyInto(out *UserPolicyAttachmentStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserPolicyAttachmentStatus. diff --git a/apis/iam/v1alpha1/zz_group_terraformed.go b/apis/iam/v1alpha1/zz_group_terraformed.go index 83d1f701c..56b48a17c 100755 --- a/apis/iam/v1alpha1/zz_group_terraformed.go +++ b/apis/iam/v1alpha1/zz_group_terraformed.go @@ -54,6 +54,14 @@ func (tr *Group) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Group +func (tr *Group) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Group func (tr *Group) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_group_types.go b/apis/iam/v1alpha1/zz_group_types.go index 1c0af3e24..8e15aec6d 100755 --- a/apis/iam/v1alpha1/zz_group_types.go +++ b/apis/iam/v1alpha1/zz_group_types.go @@ -28,6 +28,8 @@ import ( type GroupObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + UniqueID *string `json:"uniqueId,omitempty" tf:"unique_id,omitempty"` } diff --git a/apis/iam/v1alpha1/zz_grouppolicyattachment_terraformed.go b/apis/iam/v1alpha1/zz_grouppolicyattachment_terraformed.go index 4a85dde88..64fa8d5cb 100755 --- a/apis/iam/v1alpha1/zz_grouppolicyattachment_terraformed.go +++ b/apis/iam/v1alpha1/zz_grouppolicyattachment_terraformed.go @@ -54,6 +54,14 @@ func (tr *GroupPolicyAttachment) SetObservation(obs map[string]interface{}) erro return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this GroupPolicyAttachment +func (tr *GroupPolicyAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this GroupPolicyAttachment func (tr *GroupPolicyAttachment) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_grouppolicyattachment_types.go b/apis/iam/v1alpha1/zz_grouppolicyattachment_types.go index fcf7d54e2..f50a48c91 100755 --- a/apis/iam/v1alpha1/zz_grouppolicyattachment_types.go +++ b/apis/iam/v1alpha1/zz_grouppolicyattachment_types.go @@ -26,6 +26,7 @@ import ( ) type GroupPolicyAttachmentObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type GroupPolicyAttachmentParameters struct { diff --git a/apis/iam/v1alpha1/zz_instanceprofile_terraformed.go b/apis/iam/v1alpha1/zz_instanceprofile_terraformed.go index a69913c07..6fd191f09 100755 --- a/apis/iam/v1alpha1/zz_instanceprofile_terraformed.go +++ b/apis/iam/v1alpha1/zz_instanceprofile_terraformed.go @@ -54,6 +54,14 @@ func (tr *InstanceProfile) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this InstanceProfile +func (tr *InstanceProfile) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this InstanceProfile func (tr *InstanceProfile) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_instanceprofile_types.go b/apis/iam/v1alpha1/zz_instanceprofile_types.go index 24d077f99..058b9055c 100755 --- a/apis/iam/v1alpha1/zz_instanceprofile_types.go +++ b/apis/iam/v1alpha1/zz_instanceprofile_types.go @@ -30,6 +30,8 @@ type InstanceProfileObservation struct { CreateDate *string `json:"createDate,omitempty" tf:"create_date,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` UniqueID *string `json:"uniqueId,omitempty" tf:"unique_id,omitempty"` diff --git a/apis/iam/v1alpha1/zz_policy_terraformed.go b/apis/iam/v1alpha1/zz_policy_terraformed.go index 1aa3d18b5..c5f7592c4 100755 --- a/apis/iam/v1alpha1/zz_policy_terraformed.go +++ b/apis/iam/v1alpha1/zz_policy_terraformed.go @@ -54,6 +54,14 @@ func (tr *Policy) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Policy +func (tr *Policy) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Policy func (tr *Policy) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_policy_types.go b/apis/iam/v1alpha1/zz_policy_types.go index 17a16b716..638803255 100755 --- a/apis/iam/v1alpha1/zz_policy_types.go +++ b/apis/iam/v1alpha1/zz_policy_types.go @@ -28,6 +28,8 @@ import ( type PolicyObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + PolicyID *string `json:"policyId,omitempty" tf:"policy_id,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/iam/v1alpha1/zz_role_terraformed.go b/apis/iam/v1alpha1/zz_role_terraformed.go index f3d29910d..3ec57a565 100755 --- a/apis/iam/v1alpha1/zz_role_terraformed.go +++ b/apis/iam/v1alpha1/zz_role_terraformed.go @@ -54,6 +54,14 @@ func (tr *Role) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Role +func (tr *Role) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Role func (tr *Role) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_role_types.go b/apis/iam/v1alpha1/zz_role_types.go index df8ac9766..5d90c2450 100755 --- a/apis/iam/v1alpha1/zz_role_types.go +++ b/apis/iam/v1alpha1/zz_role_types.go @@ -42,6 +42,8 @@ type RoleObservation struct { CreateDate *string `json:"createDate,omitempty" tf:"create_date,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` UniqueID *string `json:"uniqueId,omitempty" tf:"unique_id,omitempty"` diff --git a/apis/iam/v1alpha1/zz_rolepolicyattachment_terraformed.go b/apis/iam/v1alpha1/zz_rolepolicyattachment_terraformed.go index fd7a41c9d..c03550091 100755 --- a/apis/iam/v1alpha1/zz_rolepolicyattachment_terraformed.go +++ b/apis/iam/v1alpha1/zz_rolepolicyattachment_terraformed.go @@ -54,6 +54,14 @@ func (tr *RolePolicyAttachment) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this RolePolicyAttachment +func (tr *RolePolicyAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this RolePolicyAttachment func (tr *RolePolicyAttachment) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_rolepolicyattachment_types.go b/apis/iam/v1alpha1/zz_rolepolicyattachment_types.go index 2c7dc332f..494268119 100755 --- a/apis/iam/v1alpha1/zz_rolepolicyattachment_types.go +++ b/apis/iam/v1alpha1/zz_rolepolicyattachment_types.go @@ -26,6 +26,7 @@ import ( ) type RolePolicyAttachmentObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type RolePolicyAttachmentParameters struct { diff --git a/apis/iam/v1alpha1/zz_user_terraformed.go b/apis/iam/v1alpha1/zz_user_terraformed.go index d403faea4..dd67ff5af 100755 --- a/apis/iam/v1alpha1/zz_user_terraformed.go +++ b/apis/iam/v1alpha1/zz_user_terraformed.go @@ -54,6 +54,14 @@ func (tr *User) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this User +func (tr *User) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this User func (tr *User) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_user_types.go b/apis/iam/v1alpha1/zz_user_types.go index a78125390..03ea478b6 100755 --- a/apis/iam/v1alpha1/zz_user_types.go +++ b/apis/iam/v1alpha1/zz_user_types.go @@ -28,6 +28,8 @@ import ( type UserObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` UniqueID *string `json:"uniqueId,omitempty" tf:"unique_id,omitempty"` diff --git a/apis/iam/v1alpha1/zz_usergroupmembership_terraformed.go b/apis/iam/v1alpha1/zz_usergroupmembership_terraformed.go index a407039bf..e0cea7ad4 100755 --- a/apis/iam/v1alpha1/zz_usergroupmembership_terraformed.go +++ b/apis/iam/v1alpha1/zz_usergroupmembership_terraformed.go @@ -54,6 +54,14 @@ func (tr *UserGroupMembership) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this UserGroupMembership +func (tr *UserGroupMembership) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this UserGroupMembership func (tr *UserGroupMembership) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_usergroupmembership_types.go b/apis/iam/v1alpha1/zz_usergroupmembership_types.go index 811b43198..4a9afa823 100755 --- a/apis/iam/v1alpha1/zz_usergroupmembership_types.go +++ b/apis/iam/v1alpha1/zz_usergroupmembership_types.go @@ -26,6 +26,7 @@ import ( ) type UserGroupMembershipObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type UserGroupMembershipParameters struct { diff --git a/apis/iam/v1alpha1/zz_userpolicyattachment_terraformed.go b/apis/iam/v1alpha1/zz_userpolicyattachment_terraformed.go index 9d09b2793..f14b4c207 100755 --- a/apis/iam/v1alpha1/zz_userpolicyattachment_terraformed.go +++ b/apis/iam/v1alpha1/zz_userpolicyattachment_terraformed.go @@ -54,6 +54,14 @@ func (tr *UserPolicyAttachment) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this UserPolicyAttachment +func (tr *UserPolicyAttachment) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this UserPolicyAttachment func (tr *UserPolicyAttachment) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/iam/v1alpha1/zz_userpolicyattachment_types.go b/apis/iam/v1alpha1/zz_userpolicyattachment_types.go index 99976d6fd..0a2b1baca 100755 --- a/apis/iam/v1alpha1/zz_userpolicyattachment_types.go +++ b/apis/iam/v1alpha1/zz_userpolicyattachment_types.go @@ -26,6 +26,7 @@ import ( ) type UserPolicyAttachmentObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type UserPolicyAttachmentParameters struct { diff --git a/apis/kms/v1alpha1/zz_generated.deepcopy.go b/apis/kms/v1alpha1/zz_generated.deepcopy.go index 7453e6ba2..8452bdddb 100644 --- a/apis/kms/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kms/v1alpha1/zz_generated.deepcopy.go @@ -91,6 +91,11 @@ func (in *KeyObservation) DeepCopyInto(out *KeyObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.KeyID != nil { in, out := &in.KeyID, &out.KeyID *out = new(string) diff --git a/apis/kms/v1alpha1/zz_key_terraformed.go b/apis/kms/v1alpha1/zz_key_terraformed.go index 4321bf080..92717bf27 100755 --- a/apis/kms/v1alpha1/zz_key_terraformed.go +++ b/apis/kms/v1alpha1/zz_key_terraformed.go @@ -54,6 +54,14 @@ func (tr *Key) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Key +func (tr *Key) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Key func (tr *Key) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/kms/v1alpha1/zz_key_types.go b/apis/kms/v1alpha1/zz_key_types.go index 1348474fe..7d58455a6 100755 --- a/apis/kms/v1alpha1/zz_key_types.go +++ b/apis/kms/v1alpha1/zz_key_types.go @@ -28,6 +28,8 @@ import ( type KeyObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/rds/v1alpha1/zz_dbcluster_terraformed.go b/apis/rds/v1alpha1/zz_dbcluster_terraformed.go index d0bf6edaa..8a8fca09c 100755 --- a/apis/rds/v1alpha1/zz_dbcluster_terraformed.go +++ b/apis/rds/v1alpha1/zz_dbcluster_terraformed.go @@ -54,6 +54,14 @@ func (tr *DBCluster) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this DBCluster +func (tr *DBCluster) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this DBCluster func (tr *DBCluster) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/rds/v1alpha1/zz_dbcluster_types.go b/apis/rds/v1alpha1/zz_dbcluster_types.go index e9a731e8c..d99c81280 100755 --- a/apis/rds/v1alpha1/zz_dbcluster_types.go +++ b/apis/rds/v1alpha1/zz_dbcluster_types.go @@ -36,6 +36,8 @@ type DBClusterObservation struct { HostedZoneID *string `json:"hostedZoneId,omitempty" tf:"hosted_zone_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + ReaderEndpoint *string `json:"readerEndpoint,omitempty" tf:"reader_endpoint,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/rds/v1alpha1/zz_dbinstance_terraformed.go b/apis/rds/v1alpha1/zz_dbinstance_terraformed.go index 8e9399841..8b66a8aa0 100755 --- a/apis/rds/v1alpha1/zz_dbinstance_terraformed.go +++ b/apis/rds/v1alpha1/zz_dbinstance_terraformed.go @@ -54,6 +54,14 @@ func (tr *DBInstance) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this DBInstance +func (tr *DBInstance) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this DBInstance func (tr *DBInstance) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/rds/v1alpha1/zz_dbinstance_types.go b/apis/rds/v1alpha1/zz_dbinstance_types.go index 3d8b21b29..53414f98d 100755 --- a/apis/rds/v1alpha1/zz_dbinstance_types.go +++ b/apis/rds/v1alpha1/zz_dbinstance_types.go @@ -34,6 +34,8 @@ type DBInstanceObservation struct { HostedZoneID *string `json:"hostedZoneId,omitempty" tf:"hosted_zone_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + LatestRestorableTime *string `json:"latestRestorableTime,omitempty" tf:"latest_restorable_time,omitempty"` Replicas []*string `json:"replicas,omitempty" tf:"replicas,omitempty"` diff --git a/apis/rds/v1alpha1/zz_dbparametergroup_terraformed.go b/apis/rds/v1alpha1/zz_dbparametergroup_terraformed.go index 0120f91b7..c24348f5a 100755 --- a/apis/rds/v1alpha1/zz_dbparametergroup_terraformed.go +++ b/apis/rds/v1alpha1/zz_dbparametergroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *DBParameterGroup) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this DBParameterGroup +func (tr *DBParameterGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this DBParameterGroup func (tr *DBParameterGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/rds/v1alpha1/zz_dbparametergroup_types.go b/apis/rds/v1alpha1/zz_dbparametergroup_types.go index d09eb4115..4775ff2d3 100755 --- a/apis/rds/v1alpha1/zz_dbparametergroup_types.go +++ b/apis/rds/v1alpha1/zz_dbparametergroup_types.go @@ -28,6 +28,8 @@ import ( type DBParameterGroupObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/rds/v1alpha1/zz_generated.deepcopy.go b/apis/rds/v1alpha1/zz_generated.deepcopy.go index c5f375362..251be95a0 100644 --- a/apis/rds/v1alpha1/zz_generated.deepcopy.go +++ b/apis/rds/v1alpha1/zz_generated.deepcopy.go @@ -112,6 +112,11 @@ func (in *DBClusterObservation) DeepCopyInto(out *DBClusterObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.ReaderEndpoint != nil { in, out := &in.ReaderEndpoint, &out.ReaderEndpoint *out = new(string) @@ -621,6 +626,11 @@ func (in *DBInstanceObservation) DeepCopyInto(out *DBInstanceObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.LatestRestorableTime != nil { in, out := &in.LatestRestorableTime, &out.LatestRestorableTime *out = new(string) @@ -1137,6 +1147,11 @@ func (in *DBParameterGroupObservation) DeepCopyInto(out *DBParameterGroupObserva *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) diff --git a/apis/route53/v1alpha1/zz_delegationset_terraformed.go b/apis/route53/v1alpha1/zz_delegationset_terraformed.go index 36cc9f553..e8c9e167b 100755 --- a/apis/route53/v1alpha1/zz_delegationset_terraformed.go +++ b/apis/route53/v1alpha1/zz_delegationset_terraformed.go @@ -54,6 +54,14 @@ func (tr *DelegationSet) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this DelegationSet +func (tr *DelegationSet) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this DelegationSet func (tr *DelegationSet) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_delegationset_types.go b/apis/route53/v1alpha1/zz_delegationset_types.go index 0d9d2e82c..431a5d143 100755 --- a/apis/route53/v1alpha1/zz_delegationset_types.go +++ b/apis/route53/v1alpha1/zz_delegationset_types.go @@ -26,6 +26,8 @@ import ( ) type DelegationSetObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + NameServers []*string `json:"nameServers,omitempty" tf:"name_servers,omitempty"` } diff --git a/apis/route53/v1alpha1/zz_generated.deepcopy.go b/apis/route53/v1alpha1/zz_generated.deepcopy.go index 5a869d5fb..991c9e9d0 100644 --- a/apis/route53/v1alpha1/zz_generated.deepcopy.go +++ b/apis/route53/v1alpha1/zz_generated.deepcopy.go @@ -132,6 +132,11 @@ func (in *DelegationSetList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DelegationSetObservation) DeepCopyInto(out *DelegationSetObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.NameServers != nil { in, out := &in.NameServers, &out.NameServers *out = make([]*string, len(*in)) @@ -356,6 +361,11 @@ func (in *HealthCheckList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthCheckObservation) DeepCopyInto(out *HealthCheckObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -621,6 +631,11 @@ func (in *HostedZoneDnssecList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HostedZoneDnssecObservation) DeepCopyInto(out *HostedZoneDnssecObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostedZoneDnssecObservation. @@ -694,7 +709,7 @@ func (in *HostedZoneDnssecSpec) DeepCopy() *HostedZoneDnssecSpec { func (in *HostedZoneDnssecStatus) DeepCopyInto(out *HostedZoneDnssecStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostedZoneDnssecStatus. @@ -844,6 +859,11 @@ func (in *KeySigningKeyObservation) DeepCopyInto(out *KeySigningKeyObservation) *out = new(int64) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.KeyTag != nil { in, out := &in.KeyTag, &out.KeyTag *out = new(int64) @@ -1067,6 +1087,11 @@ func (in *QueryLogList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *QueryLogObservation) DeepCopyInto(out *QueryLogObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryLogObservation. @@ -1130,7 +1155,7 @@ func (in *QueryLogSpec) DeepCopy() *QueryLogSpec { func (in *QueryLogStatus) DeepCopyInto(out *QueryLogStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryLogStatus. @@ -1210,6 +1235,11 @@ func (in *RecordObservation) DeepCopyInto(out *RecordObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RecordObservation. @@ -1607,6 +1637,11 @@ func (in *ResolverEndpointObservation) DeepCopyInto(out *ResolverEndpointObserva *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -1793,6 +1828,11 @@ func (in *ResolverFirewallConfigList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolverFirewallConfigObservation) DeepCopyInto(out *ResolverFirewallConfigObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwnerID != nil { in, out := &in.OwnerID, &out.OwnerID *out = new(string) @@ -1941,6 +1981,11 @@ func (in *ResolverFirewallDomainListObservation) DeepCopyInto(out *ResolverFirew *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -2174,6 +2219,11 @@ func (in *ResolverFirewallRuleGroupAssociationObservation) DeepCopyInto(out *Res *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) @@ -2486,6 +2536,11 @@ func (in *ResolverFirewallRuleList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolverFirewallRuleObservation) DeepCopyInto(out *ResolverFirewallRuleObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolverFirewallRuleObservation. @@ -2584,7 +2639,7 @@ func (in *ResolverFirewallRuleSpec) DeepCopy() *ResolverFirewallRuleSpec { func (in *ResolverFirewallRuleStatus) DeepCopyInto(out *ResolverFirewallRuleStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolverFirewallRuleStatus. @@ -2686,6 +2741,11 @@ func (in *ResolverQueryLogConfigAssociationList) DeepCopyObject() runtime.Object // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolverQueryLogConfigAssociationObservation) DeepCopyInto(out *ResolverQueryLogConfigAssociationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolverQueryLogConfigAssociationObservation. @@ -2749,7 +2809,7 @@ func (in *ResolverQueryLogConfigAssociationSpec) DeepCopy() *ResolverQueryLogCon func (in *ResolverQueryLogConfigAssociationStatus) DeepCopyInto(out *ResolverQueryLogConfigAssociationStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolverQueryLogConfigAssociationStatus. @@ -2802,6 +2862,11 @@ func (in *ResolverQueryLogConfigObservation) DeepCopyInto(out *ResolverQueryLogC *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwnerID != nil { in, out := &in.OwnerID, &out.OwnerID *out = new(string) @@ -3007,6 +3072,11 @@ func (in *ResolverRuleAssociationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResolverRuleAssociationObservation) DeepCopyInto(out *ResolverRuleAssociationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolverRuleAssociationObservation. @@ -3075,7 +3145,7 @@ func (in *ResolverRuleAssociationSpec) DeepCopy() *ResolverRuleAssociationSpec { func (in *ResolverRuleAssociationStatus) DeepCopyInto(out *ResolverRuleAssociationStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolverRuleAssociationStatus. @@ -3128,6 +3198,11 @@ func (in *ResolverRuleObservation) DeepCopyInto(out *ResolverRuleObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwnerID != nil { in, out := &in.OwnerID, &out.OwnerID *out = new(string) @@ -3363,6 +3438,11 @@ func (in *VpcAssociationAuthorizationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VpcAssociationAuthorizationObservation) DeepCopyInto(out *VpcAssociationAuthorizationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VpcAssociationAuthorizationObservation. @@ -3451,7 +3531,7 @@ func (in *VpcAssociationAuthorizationSpec) DeepCopy() *VpcAssociationAuthorizati func (in *VpcAssociationAuthorizationStatus) DeepCopyInto(out *VpcAssociationAuthorizationStatus) { *out = *in in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) - out.AtProvider = in.AtProvider + in.AtProvider.DeepCopyInto(&out.AtProvider) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VpcAssociationAuthorizationStatus. @@ -3638,6 +3718,11 @@ func (in *ZoneAssociationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ZoneAssociationObservation) DeepCopyInto(out *ZoneAssociationObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.OwningAccount != nil { in, out := &in.OwningAccount, &out.OwningAccount *out = new(string) @@ -3779,6 +3864,11 @@ func (in *ZoneList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ZoneObservation) DeepCopyInto(out *ZoneObservation) { *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.NameServers != nil { in, out := &in.NameServers, &out.NameServers *out = make([]*string, len(*in)) diff --git a/apis/route53/v1alpha1/zz_healthcheck_terraformed.go b/apis/route53/v1alpha1/zz_healthcheck_terraformed.go index 9b5644927..e9c8e7de2 100755 --- a/apis/route53/v1alpha1/zz_healthcheck_terraformed.go +++ b/apis/route53/v1alpha1/zz_healthcheck_terraformed.go @@ -54,6 +54,14 @@ func (tr *HealthCheck) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this HealthCheck +func (tr *HealthCheck) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this HealthCheck func (tr *HealthCheck) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_healthcheck_types.go b/apis/route53/v1alpha1/zz_healthcheck_types.go index b35e2407c..13459eb44 100755 --- a/apis/route53/v1alpha1/zz_healthcheck_types.go +++ b/apis/route53/v1alpha1/zz_healthcheck_types.go @@ -26,6 +26,8 @@ import ( ) type HealthCheckObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/route53/v1alpha1/zz_hostedzonednssec_terraformed.go b/apis/route53/v1alpha1/zz_hostedzonednssec_terraformed.go index b5b0b4681..766d69e3f 100755 --- a/apis/route53/v1alpha1/zz_hostedzonednssec_terraformed.go +++ b/apis/route53/v1alpha1/zz_hostedzonednssec_terraformed.go @@ -54,6 +54,14 @@ func (tr *HostedZoneDnssec) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this HostedZoneDnssec +func (tr *HostedZoneDnssec) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this HostedZoneDnssec func (tr *HostedZoneDnssec) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_hostedzonednssec_types.go b/apis/route53/v1alpha1/zz_hostedzonednssec_types.go index 3fb37e7f0..a0c7b28c3 100755 --- a/apis/route53/v1alpha1/zz_hostedzonednssec_types.go +++ b/apis/route53/v1alpha1/zz_hostedzonednssec_types.go @@ -26,6 +26,7 @@ import ( ) type HostedZoneDnssecObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type HostedZoneDnssecParameters struct { diff --git a/apis/route53/v1alpha1/zz_keysigningkey_terraformed.go b/apis/route53/v1alpha1/zz_keysigningkey_terraformed.go index 8057eb84c..8b741a570 100755 --- a/apis/route53/v1alpha1/zz_keysigningkey_terraformed.go +++ b/apis/route53/v1alpha1/zz_keysigningkey_terraformed.go @@ -54,6 +54,14 @@ func (tr *KeySigningKey) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this KeySigningKey +func (tr *KeySigningKey) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this KeySigningKey func (tr *KeySigningKey) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_keysigningkey_types.go b/apis/route53/v1alpha1/zz_keysigningkey_types.go index 6727552f2..f9aa3285f 100755 --- a/apis/route53/v1alpha1/zz_keysigningkey_types.go +++ b/apis/route53/v1alpha1/zz_keysigningkey_types.go @@ -38,6 +38,8 @@ type KeySigningKeyObservation struct { Flag *int64 `json:"flag,omitempty" tf:"flag,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + KeyTag *int64 `json:"keyTag,omitempty" tf:"key_tag,omitempty"` PublicKey *string `json:"publicKey,omitempty" tf:"public_key,omitempty"` diff --git a/apis/route53/v1alpha1/zz_querylog_terraformed.go b/apis/route53/v1alpha1/zz_querylog_terraformed.go index 926927a32..4f710863a 100755 --- a/apis/route53/v1alpha1/zz_querylog_terraformed.go +++ b/apis/route53/v1alpha1/zz_querylog_terraformed.go @@ -54,6 +54,14 @@ func (tr *QueryLog) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this QueryLog +func (tr *QueryLog) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this QueryLog func (tr *QueryLog) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_querylog_types.go b/apis/route53/v1alpha1/zz_querylog_types.go index c2ee885a8..9f18c1cd9 100755 --- a/apis/route53/v1alpha1/zz_querylog_types.go +++ b/apis/route53/v1alpha1/zz_querylog_types.go @@ -26,6 +26,7 @@ import ( ) type QueryLogObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type QueryLogParameters struct { diff --git a/apis/route53/v1alpha1/zz_record_terraformed.go b/apis/route53/v1alpha1/zz_record_terraformed.go index 1e6404d9b..f003a179c 100755 --- a/apis/route53/v1alpha1/zz_record_terraformed.go +++ b/apis/route53/v1alpha1/zz_record_terraformed.go @@ -54,6 +54,14 @@ func (tr *Record) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Record +func (tr *Record) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Record func (tr *Record) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_record_types.go b/apis/route53/v1alpha1/zz_record_types.go index e4ef50840..8b61962fe 100755 --- a/apis/route53/v1alpha1/zz_record_types.go +++ b/apis/route53/v1alpha1/zz_record_types.go @@ -75,6 +75,8 @@ type LatencyRoutingPolicyParameters struct { type RecordObservation struct { Fqdn *string `json:"fqdn,omitempty" tf:"fqdn,omitempty"` + + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type RecordParameters struct { diff --git a/apis/route53/v1alpha1/zz_resolverdnssecconfig_terraformed.go b/apis/route53/v1alpha1/zz_resolverdnssecconfig_terraformed.go index 8053fdc81..a786a435b 100755 --- a/apis/route53/v1alpha1/zz_resolverdnssecconfig_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverdnssecconfig_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverDnssecConfig) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverDnssecConfig +func (tr *ResolverDnssecConfig) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverDnssecConfig func (tr *ResolverDnssecConfig) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverendpoint_terraformed.go b/apis/route53/v1alpha1/zz_resolverendpoint_terraformed.go index afd6e106a..b64b11e94 100755 --- a/apis/route53/v1alpha1/zz_resolverendpoint_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverendpoint_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverEndpoint) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverEndpoint +func (tr *ResolverEndpoint) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverEndpoint func (tr *ResolverEndpoint) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverendpoint_types.go b/apis/route53/v1alpha1/zz_resolverendpoint_types.go index 01bcc7302..b7f0c46bf 100755 --- a/apis/route53/v1alpha1/zz_resolverendpoint_types.go +++ b/apis/route53/v1alpha1/zz_resolverendpoint_types.go @@ -43,6 +43,8 @@ type ResolverEndpointObservation struct { HostVpcID *string `json:"hostVpcId,omitempty" tf:"host_vpc_id,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/route53/v1alpha1/zz_resolverfirewallconfig_terraformed.go b/apis/route53/v1alpha1/zz_resolverfirewallconfig_terraformed.go index 3332b8c4c..8a9b0913d 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallconfig_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallconfig_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverFirewallConfig) SetObservation(obs map[string]interface{}) err return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverFirewallConfig +func (tr *ResolverFirewallConfig) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverFirewallConfig func (tr *ResolverFirewallConfig) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverfirewallconfig_types.go b/apis/route53/v1alpha1/zz_resolverfirewallconfig_types.go index afbfce4a4..e00719c9e 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallconfig_types.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallconfig_types.go @@ -26,6 +26,8 @@ import ( ) type ResolverFirewallConfigObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` } diff --git a/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_terraformed.go b/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_terraformed.go index 09e1b98e8..e5166dc34 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverFirewallDomainList) SetObservation(obs map[string]interface{}) return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverFirewallDomainList +func (tr *ResolverFirewallDomainList) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverFirewallDomainList func (tr *ResolverFirewallDomainList) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_types.go b/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_types.go index ea59f58e4..27b1aba10 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_types.go +++ b/apis/route53/v1alpha1/zz_resolverfirewalldomainlist_types.go @@ -28,6 +28,8 @@ import ( type ResolverFirewallDomainListObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/route53/v1alpha1/zz_resolverfirewallrule_terraformed.go b/apis/route53/v1alpha1/zz_resolverfirewallrule_terraformed.go index e61fd77b4..bed2bc009 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallrule_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallrule_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverFirewallRule) SetObservation(obs map[string]interface{}) error return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverFirewallRule +func (tr *ResolverFirewallRule) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverFirewallRule func (tr *ResolverFirewallRule) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverfirewallrule_types.go b/apis/route53/v1alpha1/zz_resolverfirewallrule_types.go index 15f013003..6944cbc36 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallrule_types.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallrule_types.go @@ -26,6 +26,7 @@ import ( ) type ResolverFirewallRuleObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type ResolverFirewallRuleParameters struct { diff --git a/apis/route53/v1alpha1/zz_resolverfirewallrulegroup_terraformed.go b/apis/route53/v1alpha1/zz_resolverfirewallrulegroup_terraformed.go index be0f16a3e..58c19f545 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallrulegroup_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallrulegroup_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverFirewallRuleGroup) SetObservation(obs map[string]interface{}) return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverFirewallRuleGroup +func (tr *ResolverFirewallRuleGroup) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverFirewallRuleGroup func (tr *ResolverFirewallRuleGroup) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_terraformed.go b/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_terraformed.go index 5fd4268db..30320b4ad 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverFirewallRuleGroupAssociation) SetObservation(obs map[string]in return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverFirewallRuleGroupAssociation +func (tr *ResolverFirewallRuleGroupAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverFirewallRuleGroupAssociation func (tr *ResolverFirewallRuleGroupAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_types.go b/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_types.go index 1a7863f67..df40e9334 100755 --- a/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_types.go +++ b/apis/route53/v1alpha1/zz_resolverfirewallrulegroupassociation_types.go @@ -28,6 +28,8 @@ import ( type ResolverFirewallRuleGroupAssociationObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/route53/v1alpha1/zz_resolverquerylogconfig_terraformed.go b/apis/route53/v1alpha1/zz_resolverquerylogconfig_terraformed.go index 0b98da7da..1fe14127d 100755 --- a/apis/route53/v1alpha1/zz_resolverquerylogconfig_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverquerylogconfig_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverQueryLogConfig) SetObservation(obs map[string]interface{}) err return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverQueryLogConfig +func (tr *ResolverQueryLogConfig) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverQueryLogConfig func (tr *ResolverQueryLogConfig) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverquerylogconfig_types.go b/apis/route53/v1alpha1/zz_resolverquerylogconfig_types.go index 489160d03..c049ea658 100755 --- a/apis/route53/v1alpha1/zz_resolverquerylogconfig_types.go +++ b/apis/route53/v1alpha1/zz_resolverquerylogconfig_types.go @@ -28,6 +28,8 @@ import ( type ResolverQueryLogConfigObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` ShareStatus *string `json:"shareStatus,omitempty" tf:"share_status,omitempty"` diff --git a/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_terraformed.go b/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_terraformed.go index 0d9cc9205..c11a3180a 100755 --- a/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverQueryLogConfigAssociation) SetObservation(obs map[string]inter return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverQueryLogConfigAssociation +func (tr *ResolverQueryLogConfigAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverQueryLogConfigAssociation func (tr *ResolverQueryLogConfigAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_types.go b/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_types.go index e5578966d..850835cbd 100755 --- a/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_types.go +++ b/apis/route53/v1alpha1/zz_resolverquerylogconfigassociation_types.go @@ -26,6 +26,7 @@ import ( ) type ResolverQueryLogConfigAssociationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type ResolverQueryLogConfigAssociationParameters struct { diff --git a/apis/route53/v1alpha1/zz_resolverrule_terraformed.go b/apis/route53/v1alpha1/zz_resolverrule_terraformed.go index 10a3723fd..020ff4c67 100755 --- a/apis/route53/v1alpha1/zz_resolverrule_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverrule_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverRule) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverRule +func (tr *ResolverRule) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverRule func (tr *ResolverRule) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverrule_types.go b/apis/route53/v1alpha1/zz_resolverrule_types.go index 82fa39544..134d12897 100755 --- a/apis/route53/v1alpha1/zz_resolverrule_types.go +++ b/apis/route53/v1alpha1/zz_resolverrule_types.go @@ -28,6 +28,8 @@ import ( type ResolverRuleObservation struct { Arn *string `json:"arn,omitempty" tf:"arn,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwnerID *string `json:"ownerId,omitempty" tf:"owner_id,omitempty"` ShareStatus *string `json:"shareStatus,omitempty" tf:"share_status,omitempty"` diff --git a/apis/route53/v1alpha1/zz_resolverruleassociation_terraformed.go b/apis/route53/v1alpha1/zz_resolverruleassociation_terraformed.go index 81eeb9d38..093c12cd3 100755 --- a/apis/route53/v1alpha1/zz_resolverruleassociation_terraformed.go +++ b/apis/route53/v1alpha1/zz_resolverruleassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *ResolverRuleAssociation) SetObservation(obs map[string]interface{}) er return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ResolverRuleAssociation +func (tr *ResolverRuleAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ResolverRuleAssociation func (tr *ResolverRuleAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_resolverruleassociation_types.go b/apis/route53/v1alpha1/zz_resolverruleassociation_types.go index 4b4534b01..063f8d6ca 100755 --- a/apis/route53/v1alpha1/zz_resolverruleassociation_types.go +++ b/apis/route53/v1alpha1/zz_resolverruleassociation_types.go @@ -26,6 +26,7 @@ import ( ) type ResolverRuleAssociationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type ResolverRuleAssociationParameters struct { diff --git a/apis/route53/v1alpha1/zz_vpcassociationauthorization_terraformed.go b/apis/route53/v1alpha1/zz_vpcassociationauthorization_terraformed.go index b11119ee3..cf21fbee9 100755 --- a/apis/route53/v1alpha1/zz_vpcassociationauthorization_terraformed.go +++ b/apis/route53/v1alpha1/zz_vpcassociationauthorization_terraformed.go @@ -54,6 +54,14 @@ func (tr *VpcAssociationAuthorization) SetObservation(obs map[string]interface{} return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this VpcAssociationAuthorization +func (tr *VpcAssociationAuthorization) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this VpcAssociationAuthorization func (tr *VpcAssociationAuthorization) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_vpcassociationauthorization_types.go b/apis/route53/v1alpha1/zz_vpcassociationauthorization_types.go index 9ef8d16f0..08a714648 100755 --- a/apis/route53/v1alpha1/zz_vpcassociationauthorization_types.go +++ b/apis/route53/v1alpha1/zz_vpcassociationauthorization_types.go @@ -26,6 +26,7 @@ import ( ) type VpcAssociationAuthorizationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` } type VpcAssociationAuthorizationParameters struct { diff --git a/apis/route53/v1alpha1/zz_zone_terraformed.go b/apis/route53/v1alpha1/zz_zone_terraformed.go index 806c8350d..1d1eb46dd 100755 --- a/apis/route53/v1alpha1/zz_zone_terraformed.go +++ b/apis/route53/v1alpha1/zz_zone_terraformed.go @@ -54,6 +54,14 @@ func (tr *Zone) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Zone +func (tr *Zone) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Zone func (tr *Zone) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_zone_types.go b/apis/route53/v1alpha1/zz_zone_types.go index 338d3ab3d..18d2da526 100755 --- a/apis/route53/v1alpha1/zz_zone_types.go +++ b/apis/route53/v1alpha1/zz_zone_types.go @@ -45,6 +45,8 @@ type VpcParameters struct { } type ZoneObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + NameServers []*string `json:"nameServers,omitempty" tf:"name_servers,omitempty"` TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` diff --git a/apis/route53/v1alpha1/zz_zoneassociation_terraformed.go b/apis/route53/v1alpha1/zz_zoneassociation_terraformed.go index 1c0aea978..370e796d3 100755 --- a/apis/route53/v1alpha1/zz_zoneassociation_terraformed.go +++ b/apis/route53/v1alpha1/zz_zoneassociation_terraformed.go @@ -54,6 +54,14 @@ func (tr *ZoneAssociation) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this ZoneAssociation +func (tr *ZoneAssociation) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this ZoneAssociation func (tr *ZoneAssociation) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/route53/v1alpha1/zz_zoneassociation_types.go b/apis/route53/v1alpha1/zz_zoneassociation_types.go index 8253129b7..b9e350c37 100755 --- a/apis/route53/v1alpha1/zz_zoneassociation_types.go +++ b/apis/route53/v1alpha1/zz_zoneassociation_types.go @@ -26,6 +26,8 @@ import ( ) type ZoneAssociationObservation struct { + ID *string `json:"id,omitempty" tf:"id,omitempty"` + OwningAccount *string `json:"owningAccount,omitempty" tf:"owning_account,omitempty"` } diff --git a/apis/s3/v1alpha1/zz_bucket_terraformed.go b/apis/s3/v1alpha1/zz_bucket_terraformed.go index 2f6e9a973..8470d2d55 100755 --- a/apis/s3/v1alpha1/zz_bucket_terraformed.go +++ b/apis/s3/v1alpha1/zz_bucket_terraformed.go @@ -54,6 +54,14 @@ func (tr *Bucket) SetObservation(obs map[string]interface{}) error { return json.TFParser.Unmarshal(p, &tr.Status.AtProvider) } +// GetID returns ID of underlying Terraform resource of this Bucket +func (tr *Bucket) GetID() string { + if tr.Status.AtProvider.ID == nil { + return "" + } + return *tr.Status.AtProvider.ID +} + // GetParameters of this Bucket func (tr *Bucket) GetParameters() (map[string]interface{}, error) { p, err := json.TFParser.Marshal(tr.Spec.ForProvider) diff --git a/apis/s3/v1alpha1/zz_bucket_types.go b/apis/s3/v1alpha1/zz_bucket_types.go index 236387560..5d6d3fcaa 100755 --- a/apis/s3/v1alpha1/zz_bucket_types.go +++ b/apis/s3/v1alpha1/zz_bucket_types.go @@ -51,6 +51,8 @@ type BucketObservation struct { BucketRegionalDomainName *string `json:"bucketRegionalDomainName,omitempty" tf:"bucket_regional_domain_name,omitempty"` + ID *string `json:"id,omitempty" tf:"id,omitempty"` + TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"` } diff --git a/apis/s3/v1alpha1/zz_generated.deepcopy.go b/apis/s3/v1alpha1/zz_generated.deepcopy.go index d187a8d02..a4b531861 100644 --- a/apis/s3/v1alpha1/zz_generated.deepcopy.go +++ b/apis/s3/v1alpha1/zz_generated.deepcopy.go @@ -171,6 +171,11 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { *out = new(string) **out = **in } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } if in.TagsAll != nil { in, out := &in.TagsAll, &out.TagsAll *out = make(map[string]*string, len(*in)) diff --git a/config/provider.go b/config/provider.go index 1c7b5942a..1aa452b2d 100644 --- a/config/provider.go +++ b/config/provider.go @@ -165,6 +165,7 @@ func GetProvider(tfProvider *schema.Provider) *tjconfig.Provider { IdentifierAssignedByAWS(), NamePrefixRemoval(), )), + tjconfig.WithProviderMetadata("./hack/provider-metadata.yaml"), ) for _, configure := range []func(provider *tjconfig.Provider){ diff --git a/examples-generated/autoscaling/attachment.yaml b/examples-generated/autoscaling/attachment.yaml new file mode 100644 index 000000000..29b181d82 --- /dev/null +++ b/examples-generated/autoscaling/attachment.yaml @@ -0,0 +1,11 @@ +apiVersion: autoscaling.aws.jet.crossplane.io/v1alpha1 +kind: Attachment +metadata: + name: example +spec: + forProvider: + autoscalingGroupNameRef: + name: example + elb: ${aws_elb.bar.id} + providerConfigRef: + name: example diff --git a/examples-generated/autoscaling/autoscalinggroup.yaml b/examples-generated/autoscaling/autoscalinggroup.yaml new file mode 100644 index 000000000..c457d93d4 --- /dev/null +++ b/examples-generated/autoscaling/autoscalinggroup.yaml @@ -0,0 +1,38 @@ +apiVersion: autoscaling.aws.jet.crossplane.io/v1alpha1 +kind: AutoscalingGroup +metadata: + name: example +spec: + forProvider: + desiredCapacity: 4 + forceDelete: true + healthCheckGracePeriod: 300 + healthCheckType: ELB + initialLifecycleHook: + - defaultResult: CONTINUE + heartbeatTimeout: 2000 + lifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING + name: foobar + notificationMetadata: | + { + "foo": "bar" + } + notificationTargetArn: arn:aws:sqs:us-east-1:444455556666:queue1* + roleArn: arn:aws:iam::123456789012:role/S3Access + launchConfiguration: ${aws_launch_configuration.foobar.name} + maxSize: 5 + minSize: 2 + placementGroup: ${aws_placement_group.test.id} + tag: + - key: foo + propagateAtLaunch: true + value: bar + - key: lorem + propagateAtLaunch: false + value: ipsum + timeouts: + - delete: 15m + vpcZoneIdentifierRefs: + - name: example + providerConfigRef: + name: example diff --git a/examples-generated/ebs/volume.yaml b/examples-generated/ebs/volume.yaml new file mode 100644 index 000000000..9f6368e57 --- /dev/null +++ b/examples-generated/ebs/volume.yaml @@ -0,0 +1,12 @@ +apiVersion: ebs.aws.jet.crossplane.io/v1alpha1 +kind: Volume +metadata: + name: example +spec: + forProvider: + availabilityZone: us-west-2a + size: 40 + tags: + Name: HelloWorld + providerConfigRef: + name: example diff --git a/examples-generated/ec2/elasticip.yaml b/examples-generated/ec2/elasticip.yaml new file mode 100644 index 000000000..d74261d39 --- /dev/null +++ b/examples-generated/ec2/elasticip.yaml @@ -0,0 +1,11 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: ElasticIP +metadata: + name: example +spec: + forProvider: + instanceRef: + name: example + vpc: true + providerConfigRef: + name: example diff --git a/examples-generated/ec2/instance.yaml b/examples-generated/ec2/instance.yaml new file mode 100644 index 000000000..717d69435 --- /dev/null +++ b/examples-generated/ec2/instance.yaml @@ -0,0 +1,12 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: Instance +metadata: + name: example +spec: + forProvider: + ami: ${data.aws_ami.ubuntu.id} + instanceType: t3.micro + tags: + Name: HelloWorld + providerConfigRef: + name: example diff --git a/examples-generated/ec2/ipv4cidrblockassociation.yaml b/examples-generated/ec2/ipv4cidrblockassociation.yaml new file mode 100644 index 000000000..0481f409e --- /dev/null +++ b/examples-generated/ec2/ipv4cidrblockassociation.yaml @@ -0,0 +1,11 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: IPv4CIDRBlockAssociation +metadata: + name: example +spec: + forProvider: + cidrBlock: 172.2.0.0/16 + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/launchtemplate.yaml b/examples-generated/ec2/launchtemplate.yaml new file mode 100644 index 000000000..a561a4504 --- /dev/null +++ b/examples-generated/ec2/launchtemplate.yaml @@ -0,0 +1,56 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: LaunchTemplate +metadata: + name: example +spec: + forProvider: + blockDeviceMappings: + - deviceName: /dev/sda1 + ebs: + - volumeSize: 20 + capacityReservationSpecification: + - capacityReservationPreference: open + cpuOptions: + - coreCount: 4 + threadsPerCore: 2 + creditSpecification: + - cpuCredits: standard + disableApiTermination: true + ebsOptimized: true + elasticGpuSpecifications: + - type: test + elasticInferenceAccelerator: + - type: eia1.medium + iamInstanceProfile: + - nameRef: + name: example + imageId: ami-test + instanceInitiatedShutdownBehavior: terminate + instanceMarketOptions: + - marketType: spot + instanceType: t2.micro + kernelId: test + keyName: test + licenseSpecification: + - licenseConfigurationArn: arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef + metadataOptions: + - httpEndpoint: enabled + httpPutResponseHopLimit: 1 + httpTokens: required + monitoring: + - enabled: true + name: foo + networkInterfaces: + - associatePublicIpAddress: true + placement: + - availabilityZone: us-west-2a + ramDiskId: test + tagSpecifications: + - resourceType: instance + tags: + Name: test + userData: ${filebase64("${path.module}/example.sh")} + vpcSecurityGroupIdRefs: + - name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/networkinterface.yaml b/examples-generated/ec2/networkinterface.yaml new file mode 100644 index 000000000..bf8faaf59 --- /dev/null +++ b/examples-generated/ec2/networkinterface.yaml @@ -0,0 +1,18 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: NetworkInterface +metadata: + name: example +spec: + forProvider: + attachment: + - deviceIndex: 1 + instanceRef: + name: example + privateIps: + - 10.0.0.50 + securityGroupRefs: + - name: example + subnetIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/peeringconnectionaccepter.yaml b/examples-generated/ec2/peeringconnectionaccepter.yaml new file mode 100644 index 000000000..b52a41f71 --- /dev/null +++ b/examples-generated/ec2/peeringconnectionaccepter.yaml @@ -0,0 +1,13 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: PeeringConnectionAccepter +metadata: + name: example +spec: + forProvider: + autoAccept: true + provider: ${aws.peer} + tags: + Side: Accepter + vpcPeeringConnectionId: ${aws_vpc_peering_connection.peer.id} + providerConfigRef: + name: example diff --git a/examples-generated/ec2/route.yaml b/examples-generated/ec2/route.yaml new file mode 100644 index 000000000..065242b0b --- /dev/null +++ b/examples-generated/ec2/route.yaml @@ -0,0 +1,15 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: Route +metadata: + name: example +spec: + forProvider: + depends_on: + - ${aws_route_table.testing} + destinationCidrBlock: 10.0.1.0/22 + routeTableIdRef: + name: example + vpcPeeringConnectionIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/routetable.yaml b/examples-generated/ec2/routetable.yaml new file mode 100644 index 000000000..658538192 --- /dev/null +++ b/examples-generated/ec2/routetable.yaml @@ -0,0 +1,17 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: RouteTable +metadata: + name: example +spec: + forProvider: + route: + - cidrBlock: 10.0.1.0/24 + gatewayId: ${aws_internet_gateway.example.id} + - egressOnlyGatewayId: ${aws_egress_only_internet_gateway.example.id} + ipv6CidrBlock: ::/0 + tags: + Name: example + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/routetableassociation.yaml b/examples-generated/ec2/routetableassociation.yaml new file mode 100644 index 000000000..8cc355ddd --- /dev/null +++ b/examples-generated/ec2/routetableassociation.yaml @@ -0,0 +1,12 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: RouteTableAssociation +metadata: + name: example +spec: + forProvider: + routeTableIdRef: + name: example + subnetIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/securitygroup.yaml b/examples-generated/ec2/securitygroup.yaml new file mode 100644 index 000000000..a9d41df30 --- /dev/null +++ b/examples-generated/ec2/securitygroup.yaml @@ -0,0 +1,31 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: SecurityGroup +metadata: + name: example +spec: + forProvider: + description: Allow TLS inbound traffic + egress: + - cidrBlocks: + - 0.0.0.0/0 + fromPort: 0 + ipv6CidrBlocks: + - ::/0 + protocol: "-1" + toPort: 0 + ingress: + - cidrBlocks: + - ${aws_vpc.main.cidr_block} + description: TLS from VPC + fromPort: 443 + ipv6CidrBlocks: + - ${aws_vpc.main.ipv6_cidr_block} + protocol: tcp + toPort: 443 + name: allow_tls + tags: + Name: allow_tls + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/securitygrouprule.yaml b/examples-generated/ec2/securitygrouprule.yaml new file mode 100644 index 000000000..de869efdc --- /dev/null +++ b/examples-generated/ec2/securitygrouprule.yaml @@ -0,0 +1,18 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: SecurityGroupRule +metadata: + name: example +spec: + forProvider: + cidrBlocks: + - ${aws_vpc.example.cidr_block} + fromPort: 0 + ipv6CidrBlocks: + - ${aws_vpc.example.ipv6_cidr_block} + protocol: tcp + securityGroupIdRef: + name: example + toPort: 65535 + type: ingress + providerConfigRef: + name: example diff --git a/examples-generated/ec2/subnet.yaml b/examples-generated/ec2/subnet.yaml new file mode 100644 index 000000000..04ce8cd69 --- /dev/null +++ b/examples-generated/ec2/subnet.yaml @@ -0,0 +1,13 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: Subnet +metadata: + name: example +spec: + forProvider: + cidrBlock: 10.0.1.0/24 + tags: + Name: Main + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/transitgateway.yaml b/examples-generated/ec2/transitgateway.yaml new file mode 100644 index 000000000..2b24960cb --- /dev/null +++ b/examples-generated/ec2/transitgateway.yaml @@ -0,0 +1,9 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: TransitGateway +metadata: + name: example +spec: + forProvider: + description: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/transitgatewayroute.yaml b/examples-generated/ec2/transitgatewayroute.yaml new file mode 100644 index 000000000..6afd7b2e1 --- /dev/null +++ b/examples-generated/ec2/transitgatewayroute.yaml @@ -0,0 +1,13 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: TransitGatewayRoute +metadata: + name: example +spec: + forProvider: + destinationCidrBlock: 0.0.0.0/0 + transitGatewayAttachmentIdRef: + name: example + transitGatewayRouteTableIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/transitgatewayroutetable.yaml b/examples-generated/ec2/transitgatewayroutetable.yaml new file mode 100644 index 000000000..fc86ab0c7 --- /dev/null +++ b/examples-generated/ec2/transitgatewayroutetable.yaml @@ -0,0 +1,10 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: TransitGatewayRouteTable +metadata: + name: example +spec: + forProvider: + transitGatewayIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/transitgatewayvpcattachment.yaml b/examples-generated/ec2/transitgatewayvpcattachment.yaml new file mode 100644 index 000000000..a82e9d6e0 --- /dev/null +++ b/examples-generated/ec2/transitgatewayvpcattachment.yaml @@ -0,0 +1,14 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: TransitGatewayVPCAttachment +metadata: + name: example +spec: + forProvider: + subnetIdRefs: + - name: example + transitGatewayIdRef: + name: example + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/transitgatewayvpcattachmentaccepter.yaml b/examples-generated/ec2/transitgatewayvpcattachmentaccepter.yaml new file mode 100644 index 000000000..b7d7ee5b3 --- /dev/null +++ b/examples-generated/ec2/transitgatewayvpcattachmentaccepter.yaml @@ -0,0 +1,12 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: TransitGatewayVPCAttachmentAccepter +metadata: + name: example +spec: + forProvider: + tags: + Name: Example cross-account attachment + transitGatewayAttachmentIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/vpc.yaml b/examples-generated/ec2/vpc.yaml new file mode 100644 index 000000000..85563dc12 --- /dev/null +++ b/examples-generated/ec2/vpc.yaml @@ -0,0 +1,9 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: VPC +metadata: + name: example +spec: + forProvider: + cidrBlock: 10.0.0.0/16 + providerConfigRef: + name: example diff --git a/examples-generated/ec2/vpcendpoint.yaml b/examples-generated/ec2/vpcendpoint.yaml new file mode 100644 index 000000000..89ccb1fdc --- /dev/null +++ b/examples-generated/ec2/vpcendpoint.yaml @@ -0,0 +1,11 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: VPCEndpoint +metadata: + name: example +spec: + forProvider: + serviceName: com.amazonaws.us-west-2.s3 + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ec2/vpcpeeringconnection.yaml b/examples-generated/ec2/vpcpeeringconnection.yaml new file mode 100644 index 000000000..546f80ed9 --- /dev/null +++ b/examples-generated/ec2/vpcpeeringconnection.yaml @@ -0,0 +1,13 @@ +apiVersion: ec2.aws.jet.crossplane.io/v1alpha1 +kind: VPCPeeringConnection +metadata: + name: example +spec: + forProvider: + peerOwnerId: ${var.peer_owner_id} + peerVpcIdRef: + name: example + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/ecr/repository.yaml b/examples-generated/ecr/repository.yaml new file mode 100644 index 000000000..7a21439f5 --- /dev/null +++ b/examples-generated/ecr/repository.yaml @@ -0,0 +1,11 @@ +apiVersion: ecr.aws.jet.crossplane.io/v1alpha1 +kind: Repository +metadata: + name: example +spec: + forProvider: + imageScanningConfiguration: + - scanOnPush: true + imageTagMutability: MUTABLE + providerConfigRef: + name: example diff --git a/examples-generated/ecrpublic/repository.yaml b/examples-generated/ecrpublic/repository.yaml new file mode 100644 index 000000000..b2ebcd68b --- /dev/null +++ b/examples-generated/ecrpublic/repository.yaml @@ -0,0 +1,18 @@ +apiVersion: ecrpublic.aws.jet.crossplane.io/v1alpha1 +kind: Repository +metadata: + name: example +spec: + forProvider: + catalogData: + - aboutText: About Text + architectures: + - ARM + description: Description + logoImageBlob: ${filebase64(image.png)} + operatingSystems: + - Linux + usageText: Usage Text + provider: ${aws.us_east_1} + providerConfigRef: + name: example diff --git a/examples-generated/ecs/capacityprovider.yaml b/examples-generated/ecs/capacityprovider.yaml new file mode 100644 index 000000000..450891c14 --- /dev/null +++ b/examples-generated/ecs/capacityprovider.yaml @@ -0,0 +1,17 @@ +apiVersion: ecs.aws.jet.crossplane.io/v1alpha1 +kind: CapacityProvider +metadata: + name: example +spec: + forProvider: + autoScalingGroupProvider: + - autoScalingGroupArnRef: + name: example + managedScaling: + - maximumScalingStepSize: 1000 + minimumScalingStepSize: 1 + status: ENABLED + targetCapacity: 10 + managedTerminationProtection: ENABLED + providerConfigRef: + name: example diff --git a/examples-generated/ecs/cluster.yaml b/examples-generated/ecs/cluster.yaml new file mode 100644 index 000000000..5c3d3692c --- /dev/null +++ b/examples-generated/ecs/cluster.yaml @@ -0,0 +1,11 @@ +apiVersion: ecs.aws.jet.crossplane.io/v1alpha1 +kind: Cluster +metadata: + name: example +spec: + forProvider: + setting: + - name: containerInsights + value: enabled + providerConfigRef: + name: example diff --git a/examples-generated/ecs/service.yaml b/examples-generated/ecs/service.yaml new file mode 100644 index 000000000..6695ee477 --- /dev/null +++ b/examples-generated/ecs/service.yaml @@ -0,0 +1,26 @@ +apiVersion: ecs.aws.jet.crossplane.io/v1alpha1 +kind: Service +metadata: + name: example +spec: + forProvider: + clusterRef: + name: example + depends_on: + - ${aws_iam_role_policy.foo} + desiredCount: 3 + iamRoleRef: + name: example + loadBalancer: + - containerName: mongo + containerPort: 8080 + targetGroupArn: ${aws_lb_target_group.foo.arn} + orderedPlacementStrategy: + - field: cpu + type: binpack + placementConstraints: + - expression: attribute:ecs.availability-zone in [us-west-2a, us-west-2b] + type: memberOf + taskDefinition: ${aws_ecs_task_definition.mongo.arn} + providerConfigRef: + name: example diff --git a/examples-generated/ecs/taskdefinition.yaml b/examples-generated/ecs/taskdefinition.yaml new file mode 100644 index 000000000..39d26ab8c --- /dev/null +++ b/examples-generated/ecs/taskdefinition.yaml @@ -0,0 +1,44 @@ +apiVersion: ecs.aws.jet.crossplane.io/v1alpha1 +kind: TaskDefinition +metadata: + name: example +spec: + forProvider: + containerDefinitions: |- + ${jsonencode([ + { + name = "first" + image = "service-first" + cpu = 10 + memory = 512 + essential = true + portMappings = [ + { + containerPort = 80 + hostPort = 80 + } + ] + }, + { + name = "second" + image = "service-second" + cpu = 10 + memory = 256 + essential = true + portMappings = [ + { + containerPort = 443 + hostPort = 443 + } + ] + } + ])} + family: service + placementConstraints: + - expression: attribute:ecs.availability-zone in [us-west-2a, us-west-2b] + type: memberOf + volume: + - hostPath: /ecs/service-storage + name: service-storage + providerConfigRef: + name: example diff --git a/examples-generated/eks/addon.yaml b/examples-generated/eks/addon.yaml new file mode 100644 index 000000000..b8e2765b7 --- /dev/null +++ b/examples-generated/eks/addon.yaml @@ -0,0 +1,10 @@ +apiVersion: eks.aws.jet.crossplane.io/v1alpha1 +kind: Addon +metadata: + name: example +spec: + forProvider: + clusterNameRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/eks/cluster.yaml b/examples-generated/eks/cluster.yaml new file mode 100644 index 000000000..754bb7721 --- /dev/null +++ b/examples-generated/eks/cluster.yaml @@ -0,0 +1,16 @@ +apiVersion: eks.aws.jet.crossplane.io/v1alpha1 +kind: Cluster +metadata: + name: example +spec: + forProvider: + depends_on: + - ${aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy} + - ${aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController} + roleArnRef: + name: example + vpcConfig: + - subnetIdRefs: + - name: example + providerConfigRef: + name: example diff --git a/examples-generated/eks/fargateprofile.yaml b/examples-generated/eks/fargateprofile.yaml new file mode 100644 index 000000000..02fa4a800 --- /dev/null +++ b/examples-generated/eks/fargateprofile.yaml @@ -0,0 +1,16 @@ +apiVersion: eks.aws.jet.crossplane.io/v1alpha1 +kind: FargateProfile +metadata: + name: example +spec: + forProvider: + clusterNameRef: + name: example + podExecutionRoleArnRef: + name: example + selector: + - namespace: example + subnetIdRefs: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/eks/identityproviderconfig.yaml b/examples-generated/eks/identityproviderconfig.yaml new file mode 100644 index 000000000..16cca9880 --- /dev/null +++ b/examples-generated/eks/identityproviderconfig.yaml @@ -0,0 +1,14 @@ +apiVersion: eks.aws.jet.crossplane.io/v1alpha1 +kind: IdentityProviderConfig +metadata: + name: example +spec: + forProvider: + clusterNameRef: + name: example + oidc: + - clientId: your client_id + identityProviderConfigName: example + issuerUrl: your issuer_url + providerConfigRef: + name: example diff --git a/examples-generated/eks/nodegroup.yaml b/examples-generated/eks/nodegroup.yaml new file mode 100644 index 000000000..30f1c07ab --- /dev/null +++ b/examples-generated/eks/nodegroup.yaml @@ -0,0 +1,24 @@ +apiVersion: eks.aws.jet.crossplane.io/v1alpha1 +kind: NodeGroup +metadata: + name: example +spec: + forProvider: + clusterNameRef: + name: example + depends_on: + - ${aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy} + - ${aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy} + - ${aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly} + nodeRoleArnRef: + name: example + scalingConfig: + - desiredSize: 1 + maxSize: 1 + minSize: 1 + subnetIdRefs: + name: example + update_config: + - max_unavailable: 2 + providerConfigRef: + name: example diff --git a/examples-generated/elasticache/cluster.yaml b/examples-generated/elasticache/cluster.yaml new file mode 100644 index 000000000..9fa7a3bff --- /dev/null +++ b/examples-generated/elasticache/cluster.yaml @@ -0,0 +1,14 @@ +apiVersion: elasticache.aws.jet.crossplane.io/v1alpha1 +kind: Cluster +metadata: + name: example +spec: + forProvider: + engine: memcached + nodeType: cache.m4.large + numCacheNodes: 2 + parameterGroupNameRef: + name: example + port: 11211 + providerConfigRef: + name: example diff --git a/examples-generated/elasticache/parametergroup.yaml b/examples-generated/elasticache/parametergroup.yaml new file mode 100644 index 000000000..0fd9de6d4 --- /dev/null +++ b/examples-generated/elasticache/parametergroup.yaml @@ -0,0 +1,14 @@ +apiVersion: elasticache.aws.jet.crossplane.io/v1alpha1 +kind: ParameterGroup +metadata: + name: example +spec: + forProvider: + family: redis2.8 + parameter: + - name: activerehashing + value: "yes" + - name: min-slaves-to-write + value: "2" + providerConfigRef: + name: example diff --git a/examples-generated/elasticache/replicationgroup.yaml b/examples-generated/elasticache/replicationgroup.yaml new file mode 100644 index 000000000..92816e2ee --- /dev/null +++ b/examples-generated/elasticache/replicationgroup.yaml @@ -0,0 +1,17 @@ +apiVersion: elasticache.aws.jet.crossplane.io/v1alpha1 +kind: ReplicationGroup +metadata: + name: example +spec: + forProvider: + automaticFailoverEnabled: true + availabilityZones: + - us-west-2a + - us-west-2b + nodeType: cache.m4.large + numberCacheClusters: 2 + parameterGroupName: default.redis3.2 + port: 6379 + replicationGroupDescription: test description + providerConfigRef: + name: example diff --git a/examples-generated/elasticache/user.yaml b/examples-generated/elasticache/user.yaml new file mode 100644 index 000000000..3c96f2e5a --- /dev/null +++ b/examples-generated/elasticache/user.yaml @@ -0,0 +1,15 @@ +apiVersion: elasticache.aws.jet.crossplane.io/v1alpha1 +kind: User +metadata: + name: example +spec: + forProvider: + accessString: on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield + -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius + -georadiusbymember + engine: REDIS + passwords: + - password123456789 + userName: testUserName + providerConfigRef: + name: example diff --git a/examples-generated/elasticache/usergroup.yaml b/examples-generated/elasticache/usergroup.yaml new file mode 100644 index 000000000..182814831 --- /dev/null +++ b/examples-generated/elasticache/usergroup.yaml @@ -0,0 +1,11 @@ +apiVersion: elasticache.aws.jet.crossplane.io/v1alpha1 +kind: UserGroup +metadata: + name: example +spec: + forProvider: + engine: REDIS + userIdRefs: + - name: example + providerConfigRef: + name: example diff --git a/examples-generated/elasticloadbalancing/loadbalancer.yaml b/examples-generated/elasticloadbalancing/loadbalancer.yaml new file mode 100644 index 000000000..b23fc4fe1 --- /dev/null +++ b/examples-generated/elasticloadbalancing/loadbalancer.yaml @@ -0,0 +1,23 @@ +apiVersion: elasticloadbalancing.aws.jet.crossplane.io/v1alpha1 +kind: LoadBalancer +metadata: + name: example +spec: + forProvider: + accessLogs: + - bucketRef: + name: example + enabled: true + prefix: test-lb + enableDeletionProtection: true + internal: false + loadBalancerType: application + name: test-lb-tf + securityGroupRefs: + - name: example + subnetRefs: + name: example + tags: + Environment: production + providerConfigRef: + name: example diff --git a/examples-generated/elasticloadbalancing/loadbalancerlistener.yaml b/examples-generated/elasticloadbalancing/loadbalancerlistener.yaml new file mode 100644 index 000000000..d3ca95b09 --- /dev/null +++ b/examples-generated/elasticloadbalancing/loadbalancerlistener.yaml @@ -0,0 +1,18 @@ +apiVersion: elasticloadbalancing.aws.jet.crossplane.io/v1alpha1 +kind: LoadBalancerListener +metadata: + name: example +spec: + forProvider: + certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4 + defaultAction: + - targetGroupArnRef: + name: example + type: forward + loadBalancerArnRef: + name: example + port: "443" + protocol: HTTPS + sslPolicy: ELBSecurityPolicy-2016-08 + providerConfigRef: + name: example diff --git a/examples-generated/elasticloadbalancing/targetgroup.yaml b/examples-generated/elasticloadbalancing/targetgroup.yaml new file mode 100644 index 000000000..ec4b9d45d --- /dev/null +++ b/examples-generated/elasticloadbalancing/targetgroup.yaml @@ -0,0 +1,13 @@ +apiVersion: elasticloadbalancing.aws.jet.crossplane.io/v1alpha1 +kind: TargetGroup +metadata: + name: example +spec: + forProvider: + name: tf-example-lb-tg + port: 80 + protocol: HTTP + vpcIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/elasticloadbalancing/targetgroupattachment.yaml b/examples-generated/elasticloadbalancing/targetgroupattachment.yaml new file mode 100644 index 000000000..efa668784 --- /dev/null +++ b/examples-generated/elasticloadbalancing/targetgroupattachment.yaml @@ -0,0 +1,12 @@ +apiVersion: elasticloadbalancing.aws.jet.crossplane.io/v1alpha1 +kind: TargetGroupAttachment +metadata: + name: example +spec: + forProvider: + port: 80 + targetGroupArnRef: + name: example + targetId: ${aws_instance.test.id} + providerConfigRef: + name: example diff --git a/examples-generated/iam/accesskey.yaml b/examples-generated/iam/accesskey.yaml new file mode 100644 index 000000000..b3e32c030 --- /dev/null +++ b/examples-generated/iam/accesskey.yaml @@ -0,0 +1,11 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: AccessKey +metadata: + name: example +spec: + forProvider: + pgpKey: keybase:some_person_that_exists + userRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/iam/group.yaml b/examples-generated/iam/group.yaml new file mode 100644 index 000000000..a112d8392 --- /dev/null +++ b/examples-generated/iam/group.yaml @@ -0,0 +1,9 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: Group +metadata: + name: example +spec: + forProvider: + path: /users/ + providerConfigRef: + name: example diff --git a/examples-generated/iam/grouppolicyattachment.yaml b/examples-generated/iam/grouppolicyattachment.yaml new file mode 100644 index 000000000..2f36fe297 --- /dev/null +++ b/examples-generated/iam/grouppolicyattachment.yaml @@ -0,0 +1,12 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: GroupPolicyAttachment +metadata: + name: example +spec: + forProvider: + groupRef: + name: example + policyArnRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/iam/instanceprofile.yaml b/examples-generated/iam/instanceprofile.yaml new file mode 100644 index 000000000..c6fb5fedf --- /dev/null +++ b/examples-generated/iam/instanceprofile.yaml @@ -0,0 +1,10 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: InstanceProfile +metadata: + name: example +spec: + forProvider: + roleRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/iam/policy.yaml b/examples-generated/iam/policy.yaml new file mode 100644 index 000000000..493e25908 --- /dev/null +++ b/examples-generated/iam/policy.yaml @@ -0,0 +1,24 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: Policy +metadata: + name: example +spec: + forProvider: + description: My test policy + name: test_policy + path: / + policy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "ec2:Describe*", + ] + Effect = "Allow" + Resource = "*" + }, + ] + })} + providerConfigRef: + name: example diff --git a/examples-generated/iam/role.yaml b/examples-generated/iam/role.yaml new file mode 100644 index 000000000..0f4439ba3 --- /dev/null +++ b/examples-generated/iam/role.yaml @@ -0,0 +1,24 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: Role +metadata: + name: example +spec: + forProvider: + assumeRolePolicy: |- + ${jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" + Principal = { + Service = "ec2.amazonaws.com" + } + }, + ] + })} + tags: + tag-key: tag-value + providerConfigRef: + name: example diff --git a/examples-generated/iam/rolepolicyattachment.yaml b/examples-generated/iam/rolepolicyattachment.yaml new file mode 100644 index 000000000..f7c30ae1b --- /dev/null +++ b/examples-generated/iam/rolepolicyattachment.yaml @@ -0,0 +1,12 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: RolePolicyAttachment +metadata: + name: example +spec: + forProvider: + policyArnRef: + name: example + roleRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/iam/user.yaml b/examples-generated/iam/user.yaml new file mode 100644 index 000000000..93a9a8951 --- /dev/null +++ b/examples-generated/iam/user.yaml @@ -0,0 +1,11 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: User +metadata: + name: example +spec: + forProvider: + path: /system/ + tags: + tag-key: tag-value + providerConfigRef: + name: example diff --git a/examples-generated/iam/usergroupmembership.yaml b/examples-generated/iam/usergroupmembership.yaml new file mode 100644 index 000000000..25137f2ab --- /dev/null +++ b/examples-generated/iam/usergroupmembership.yaml @@ -0,0 +1,12 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: UserGroupMembership +metadata: + name: example +spec: + forProvider: + groupRefs: + - name: example + userRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/iam/userpolicyattachment.yaml b/examples-generated/iam/userpolicyattachment.yaml new file mode 100644 index 000000000..13aec7f02 --- /dev/null +++ b/examples-generated/iam/userpolicyattachment.yaml @@ -0,0 +1,12 @@ +apiVersion: iam.aws.jet.crossplane.io/v1alpha1 +kind: UserPolicyAttachment +metadata: + name: example +spec: + forProvider: + policyArnRef: + name: example + userRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/kms/key.yaml b/examples-generated/kms/key.yaml new file mode 100644 index 000000000..8abcff430 --- /dev/null +++ b/examples-generated/kms/key.yaml @@ -0,0 +1,10 @@ +apiVersion: kms.aws.jet.crossplane.io/v1alpha1 +kind: Key +metadata: + name: example +spec: + forProvider: + deletionWindowInDays: 10 + description: KMS key 1 + providerConfigRef: + name: example diff --git a/examples-generated/rds/dbcluster.yaml b/examples-generated/rds/dbcluster.yaml new file mode 100644 index 000000000..7920d2f65 --- /dev/null +++ b/examples-generated/rds/dbcluster.yaml @@ -0,0 +1,23 @@ +apiVersion: rds.aws.jet.crossplane.io/v1alpha1 +kind: DBCluster +metadata: + name: example +spec: + forProvider: + availabilityZones: + - us-west-2a + - us-west-2b + - us-west-2c + backupRetentionPeriod: 5 + clusterIdentifier: aurora-cluster-demo + databaseName: mydb + engine: aurora-mysql + engineVersion: 5.7.mysql_aurora.2.03.2 + masterPasswordSecretRef: + key: example-key + name: example-secret + namespace: crossplane-system + masterUsername: foo + preferredBackupWindow: 07:00-09:00 + providerConfigRef: + name: example diff --git a/examples-generated/rds/dbinstance.yaml b/examples-generated/rds/dbinstance.yaml new file mode 100644 index 000000000..9488d5679 --- /dev/null +++ b/examples-generated/rds/dbinstance.yaml @@ -0,0 +1,21 @@ +apiVersion: rds.aws.jet.crossplane.io/v1alpha1 +kind: DBInstance +metadata: + name: example +spec: + forProvider: + allocatedStorage: 10 + engine: mysql + engineVersion: "5.7" + instanceClass: db.t3.micro + name: mydb + parameterGroupNameRef: + name: example + passwordSecretRef: + key: example-key + name: example-secret + namespace: crossplane-system + skipFinalSnapshot: true + username: foo + providerConfigRef: + name: example diff --git a/examples-generated/rds/dbparametergroup.yaml b/examples-generated/rds/dbparametergroup.yaml new file mode 100644 index 000000000..b48940667 --- /dev/null +++ b/examples-generated/rds/dbparametergroup.yaml @@ -0,0 +1,14 @@ +apiVersion: rds.aws.jet.crossplane.io/v1alpha1 +kind: DBParameterGroup +metadata: + name: example +spec: + forProvider: + family: mysql5.6 + parameter: + - name: character_set_server + value: utf8 + - name: character_set_client + value: utf8 + providerConfigRef: + name: example diff --git a/examples-generated/route53/delegationset.yaml b/examples-generated/route53/delegationset.yaml new file mode 100644 index 000000000..fd5e34440 --- /dev/null +++ b/examples-generated/route53/delegationset.yaml @@ -0,0 +1,9 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: DelegationSet +metadata: + name: example +spec: + forProvider: + referenceName: DynDNS + providerConfigRef: + name: example diff --git a/examples-generated/route53/healthcheck.yaml b/examples-generated/route53/healthcheck.yaml new file mode 100644 index 000000000..92c99943f --- /dev/null +++ b/examples-generated/route53/healthcheck.yaml @@ -0,0 +1,16 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: HealthCheck +metadata: + name: example +spec: + forProvider: + failureThreshold: "5" + fqdn: example.com + port: 80 + requestInterval: "30" + resourcePath: / + tags: + Name: tf-test-health-check + type: HTTP + providerConfigRef: + name: example diff --git a/examples-generated/route53/hostedzonednssec.yaml b/examples-generated/route53/hostedzonednssec.yaml new file mode 100644 index 000000000..53244a6f2 --- /dev/null +++ b/examples-generated/route53/hostedzonednssec.yaml @@ -0,0 +1,12 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: HostedZoneDnssec +metadata: + name: example +spec: + forProvider: + depends_on: + - ${aws_route53_key_signing_key.example} + hostedZoneIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/route53/keysigningkey.yaml b/examples-generated/route53/keysigningkey.yaml new file mode 100644 index 000000000..7a02ff511 --- /dev/null +++ b/examples-generated/route53/keysigningkey.yaml @@ -0,0 +1,13 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: KeySigningKey +metadata: + name: example +spec: + forProvider: + hostedZoneIdRef: + name: example + keyManagementServiceArnRef: + name: example + name: example + providerConfigRef: + name: example diff --git a/examples-generated/route53/querylog.yaml b/examples-generated/route53/querylog.yaml new file mode 100644 index 000000000..9c1448e3f --- /dev/null +++ b/examples-generated/route53/querylog.yaml @@ -0,0 +1,12 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: QueryLog +metadata: + name: example +spec: + forProvider: + cloudwatchLogGroupArn: ${aws_cloudwatch_log_group.aws_route53_example_com.arn} + depends_on: + - ${aws_cloudwatch_log_resource_policy.route53-query-logging-policy} + zoneId: ${aws_route53_zone.example_com.zone_id} + providerConfigRef: + name: example diff --git a/examples-generated/route53/record.yaml b/examples-generated/route53/record.yaml new file mode 100644 index 000000000..8e528c3bd --- /dev/null +++ b/examples-generated/route53/record.yaml @@ -0,0 +1,15 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: Record +metadata: + name: example +spec: + forProvider: + name: www.example.com + records: + - ${aws_eip.lb.public_ip} + ttl: "300" + type: A + zoneIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverdnssecconfig.yaml b/examples-generated/route53/resolverdnssecconfig.yaml new file mode 100644 index 000000000..1efdd4aad --- /dev/null +++ b/examples-generated/route53/resolverdnssecconfig.yaml @@ -0,0 +1,9 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverDnssecConfig +metadata: + name: example +spec: + forProvider: + resourceId: ${aws_vpc.example.id} + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverendpoint.yaml b/examples-generated/route53/resolverendpoint.yaml new file mode 100644 index 000000000..aa81b0f24 --- /dev/null +++ b/examples-generated/route53/resolverendpoint.yaml @@ -0,0 +1,19 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverEndpoint +metadata: + name: example +spec: + forProvider: + direction: INBOUND + ipAddress: + - subnetId: ${aws_subnet.sn1.id} + - ip: 10.0.64.4 + subnetId: ${aws_subnet.sn2.id} + name: foo + securityGroupIds: + - ${aws_security_group.sg1.id} + - ${aws_security_group.sg2.id} + tags: + Environment: Prod + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverfirewallconfig.yaml b/examples-generated/route53/resolverfirewallconfig.yaml new file mode 100644 index 000000000..b352872f4 --- /dev/null +++ b/examples-generated/route53/resolverfirewallconfig.yaml @@ -0,0 +1,10 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverFirewallConfig +metadata: + name: example +spec: + forProvider: + firewallFailOpen: ENABLED + resourceId: ${aws_vpc.example.id} + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverfirewalldomainlist.yaml b/examples-generated/route53/resolverfirewalldomainlist.yaml new file mode 100644 index 000000000..7acccf631 --- /dev/null +++ b/examples-generated/route53/resolverfirewalldomainlist.yaml @@ -0,0 +1,9 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverFirewallDomainList +metadata: + name: example +spec: + forProvider: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverfirewallrule.yaml b/examples-generated/route53/resolverfirewallrule.yaml new file mode 100644 index 000000000..1a9a99234 --- /dev/null +++ b/examples-generated/route53/resolverfirewallrule.yaml @@ -0,0 +1,17 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverFirewallRule +metadata: + name: example +spec: + forProvider: + action: BLOCK + blockOverrideDnsType: CNAME + blockOverrideDomain: example.com + blockOverrideTtl: 1 + blockResponse: OVERRIDE + firewallDomainListId: ${aws_route53_resolver_firewall_domain_list.example.id} + firewallRuleGroupId: ${aws_route53_resolver_firewall_rule_group.example.id} + name: example + priority: 100 + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverfirewallrulegroup.yaml b/examples-generated/route53/resolverfirewallrulegroup.yaml new file mode 100644 index 000000000..09553233d --- /dev/null +++ b/examples-generated/route53/resolverfirewallrulegroup.yaml @@ -0,0 +1,9 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverFirewallRuleGroup +metadata: + name: example +spec: + forProvider: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverfirewallrulegroupassociation.yaml b/examples-generated/route53/resolverfirewallrulegroupassociation.yaml new file mode 100644 index 000000000..972522ae2 --- /dev/null +++ b/examples-generated/route53/resolverfirewallrulegroupassociation.yaml @@ -0,0 +1,12 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverFirewallRuleGroupAssociation +metadata: + name: example +spec: + forProvider: + firewallRuleGroupId: ${aws_route53_resolver_firewall_rule_group.example.id} + name: example + priority: 100 + vpcId: ${aws_vpc.example.id} + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverquerylogconfig.yaml b/examples-generated/route53/resolverquerylogconfig.yaml new file mode 100644 index 000000000..89b6fa4e8 --- /dev/null +++ b/examples-generated/route53/resolverquerylogconfig.yaml @@ -0,0 +1,12 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverQueryLogConfig +metadata: + name: example +spec: + forProvider: + destinationArn: ${aws_s3_bucket.example.arn} + name: example + tags: + Environment: Prod + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverquerylogconfigassociation.yaml b/examples-generated/route53/resolverquerylogconfigassociation.yaml new file mode 100644 index 000000000..a22174cf7 --- /dev/null +++ b/examples-generated/route53/resolverquerylogconfigassociation.yaml @@ -0,0 +1,10 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverQueryLogConfigAssociation +metadata: + name: example +spec: + forProvider: + resolverQueryLogConfigId: ${aws_route53_resolver_query_log_config.example.id} + resourceId: ${aws_vpc.example.id} + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverrule.yaml b/examples-generated/route53/resolverrule.yaml new file mode 100644 index 000000000..2b8efb2ca --- /dev/null +++ b/examples-generated/route53/resolverrule.yaml @@ -0,0 +1,10 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverRule +metadata: + name: example +spec: + forProvider: + domainName: subdomain.example.com + ruleType: SYSTEM + providerConfigRef: + name: example diff --git a/examples-generated/route53/resolverruleassociation.yaml b/examples-generated/route53/resolverruleassociation.yaml new file mode 100644 index 000000000..480b45ff1 --- /dev/null +++ b/examples-generated/route53/resolverruleassociation.yaml @@ -0,0 +1,10 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ResolverRuleAssociation +metadata: + name: example +spec: + forProvider: + resolverRuleId: ${aws_route53_resolver_rule.sys.id} + vpcId: ${aws_vpc.foo.id} + providerConfigRef: + name: example diff --git a/examples-generated/route53/vpcassociationauthorization.yaml b/examples-generated/route53/vpcassociationauthorization.yaml new file mode 100644 index 000000000..0ff033db1 --- /dev/null +++ b/examples-generated/route53/vpcassociationauthorization.yaml @@ -0,0 +1,12 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: VpcAssociationAuthorization +metadata: + name: example +spec: + forProvider: + vpcIdRef: + name: example + zoneIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/route53/zone.yaml b/examples-generated/route53/zone.yaml new file mode 100644 index 000000000..2196d52de --- /dev/null +++ b/examples-generated/route53/zone.yaml @@ -0,0 +1,9 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: Zone +metadata: + name: example +spec: + forProvider: + name: example.com + providerConfigRef: + name: example diff --git a/examples-generated/route53/zoneassociation.yaml b/examples-generated/route53/zoneassociation.yaml new file mode 100644 index 000000000..9e2a9e654 --- /dev/null +++ b/examples-generated/route53/zoneassociation.yaml @@ -0,0 +1,12 @@ +apiVersion: route53.aws.jet.crossplane.io/v1alpha1 +kind: ZoneAssociation +metadata: + name: example +spec: + forProvider: + vpcIdRef: + name: example + zoneIdRef: + name: example + providerConfigRef: + name: example diff --git a/examples-generated/s3/bucket.yaml b/examples-generated/s3/bucket.yaml new file mode 100644 index 000000000..332609924 --- /dev/null +++ b/examples-generated/s3/bucket.yaml @@ -0,0 +1,13 @@ +apiVersion: s3.aws.jet.crossplane.io/v1alpha1 +kind: Bucket +metadata: + name: example +spec: + forProvider: + acl: private + bucket: my-tf-test-bucket + tags: + Environment: Dev + Name: My bucket + providerConfigRef: + name: example diff --git a/go.mod b/go.mod index 4aab050f5..acc87bc04 100644 --- a/go.mod +++ b/go.mod @@ -20,3 +20,5 @@ require ( ) replace github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/gdavison/terraform-plugin-sdk/v2 v2.0.2-0.20210714181518-b5a3dc95a675 + +replace github.com/crossplane-contrib/terrajet => github.com/ulucinar/terrajet v0.0.0-20211214071941-f444f6e65332 diff --git a/go.sum b/go.sum index 63f7dc4a7..9460ea10a 100644 --- a/go.sum +++ b/go.sum @@ -82,8 +82,9 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= +github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 h1:w1UutsfOrms1J05zt7ISrnJIXKzwaspym5BTKGx93EI= github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= @@ -95,11 +96,16 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alecthomas/units v0.0.0-20210912230133-d1bdfacee922 h1:8ypNbf5sd3Sm3cKJ9waOGoQv6dKAFiFty9L6NP1AqJ4= github.com/alecthomas/units v0.0.0-20210912230133-d1bdfacee922/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a h1:E/8AP5dFtMhl5KPJz66Kt9G0n+7Sn41Fy1wv9/jHOrc= +github.com/alecthomas/units v0.0.0-20210927113745-59d0afb8317a/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/crlf v0.0.0-20171020200849-670099aa064f/go.mod h1:k8feO4+kXDxro6ErPXBRTJ/ro2mf0SsFG8s7doP9kJE= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/antchfx/htmlquery v1.2.4 h1:qLteofCMe/KGovBI6SQgmou2QNyedFUW+pE+BpeZ494= +github.com/antchfx/htmlquery v1.2.4/go.mod h1:2xO6iu3EVWs7R2JYqBbp8YzG50gj/ofqs5/0VZoDZLc= +github.com/antchfx/xpath v1.2.0 h1:mbwv7co+x0RwgeGAOHdrKy89GvHaGvxxBtPK0uF9Zr8= +github.com/antchfx/xpath v1.2.0/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= @@ -109,7 +115,6 @@ github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFU github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= -github.com/apparentlymart/go-textseg/v12 v12.0.0 h1:bNEQyAGak9tojivJNkoqWErVCQbjdL7GzRt3F8NvfJ0= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= @@ -181,8 +186,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane-contrib/terrajet v0.2.1 h1:oTdBSYyHlKfWiwGBM9hClYU/BdWhMz490xwfQBDv11Q= -github.com/crossplane-contrib/terrajet v0.2.1/go.mod h1:RUsskXE63KZE7EcvZ7WK4UzBQjc1+7IhelK+/gIa/Go= github.com/crossplane/crossplane-runtime v0.14.0/go.mod h1:Bc54/KBvV9ld/tvervcnhcSzk13FYguTqmYt72Mybps= github.com/crossplane/crossplane-runtime v0.15.1-0.20211004150827-579c1833b513 h1:Sk3QurYYpy8x3c0DvTh9iGYFSv8WgdhnjCalNqNqlRI= github.com/crossplane/crossplane-runtime v0.15.1-0.20211004150827-579c1833b513/go.mod h1:gKix9Gq5kRzVe/4XOpwlFgG7OurzrYayviJxWZakhw0= @@ -323,8 +326,9 @@ github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85n github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= +github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/gobuffalo/flect v0.2.3 h1:f/ZukRnSNA/DUpSNDadko7Qc0PhGvsew35p/2tu+CRY= @@ -493,8 +497,10 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8= -github.com/hashicorp/hcl/v2 v2.8.2 h1:wmFle3D1vu0okesm8BTLVDyJ6/OL9DCLUwn0b2OptiY= github.com/hashicorp/hcl/v2 v2.8.2/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY= +github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= +github.com/hashicorp/hcl/v2 v2.11.1 h1:yTyWcXcm9XB0TEkyU/JCRU6rYy4K+mgLtzn2wlrJbcc= +github.com/hashicorp/hcl/v2 v2.11.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= @@ -632,8 +638,9 @@ github.com/mitchellh/go-testing-interface v1.0.4/go.mod h1:kRemZodwjscx+RGhAo8eI github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= -github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -807,11 +814,17 @@ github.com/terraform-providers/terraform-provider-aws v1.60.1-0.20210811232925-d github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= +github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulucinar/terraform-registry-scraper v0.0.0-20211214062411-d8069934e39f h1:VAXMj9ELbReAmxYhBptAXomIppy5Pvw0IcD2KOdxKXU= +github.com/ulucinar/terraform-registry-scraper v0.0.0-20211214062411-d8069934e39f/go.mod h1:4V+MUSDJa71rHPpTZmVIkSItt8LQo31r4l5Rf0Y/J5w= +github.com/ulucinar/terrajet v0.0.0-20211214071941-f444f6e65332 h1:sHgXiQXbnMhS/qcEFmN7JWI1QsMLQkZH82ZHk1E74bk= +github.com/ulucinar/terrajet v0.0.0-20211214071941-f444f6e65332/go.mod h1:QyXoSEFlyAjTFIe25e+YaESTfRBRBCG92MSRcvAjum4= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= @@ -829,10 +842,14 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.4 h1:zNWRjYUW32G9KirMXYHQHVNFkXvMI7LpgNW2AgYAoIs= +github.com/yuin/goldmark v1.4.4/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= +github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.8.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= github.com/zclconf/go-cty v1.8.4 h1:pwhhz5P+Fjxse7S7UriBrMu6AUJSZM5pKqGem1PjGAs= github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= @@ -976,6 +993,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= diff --git a/hack/provider-metadata.yaml b/hack/provider-metadata.yaml new file mode 100644 index 000000000..5718e80ed --- /dev/null +++ b/hack/provider-metadata.yaml @@ -0,0 +1,35301 @@ +name: hashicorp/terraform-provider-aws +resources: + aws_accessanalyzer_analyzer: + subCategory: Access Analyzer + description: Manages an Access Analyzer Analyzer + name: aws_accessanalyzer_analyzer + titleName: aws_accessanalyzer_analyzer + examples: + - manifest: |- + { + "analyzer_name": "example" + } + - manifest: |- + { + "analyzer_name": "example", + "depends_on": [ + "${aws_organizations_organization.example}" + ], + "type": "ORGANIZATION" + } + argumentDocs: + analyzer_name: '- (Required) Name of the Analyzer.' + id: '- Analyzer name.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) Type of Analyzer. Valid values are ACCOUNT or ORGANIZATION. Defaults to ACCOUNT.' + aws_acm_certificate: + subCategory: ACM + description: Requests and manages a certificate from Amazon Certificate Manager (ACM). + name: aws_acm_certificate + titleName: aws_acm_certificate + examples: + - manifest: |- + { + "domain_name": "example.com", + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "tags": { + "Environment": "test" + }, + "validation_method": "DNS" + } + - manifest: |- + { + "certificate_body": "${tls_self_signed_cert.example.cert_pem}", + "private_key": "${tls_private_key.example.private_key_pem}" + } + references: + certificate_body: tls_self_signed_cert.cert_pem + private_key: tls_private_key.private_key_pem + argumentDocs: + arn: '- The ARN of the certificate' + certificate_authority_arn: '- (Required) ARN of an ACM PCA' + certificate_body: '- (Required) The certificate''s PEM-formatted public key' + certificate_chain: '- (Optional) The certificate''s PEM-formatted chain' + certificate_transparency_logging_preference: '- (Optional) Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.' + domain_name: '- The domain to be validated' + domain_validation_options: '- Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used.' + id: '- The ARN of the certificate' + options: '- (Optional) Configuration block used to set certificate options. Detailed below.' + private_key: '- (Required) The certificate''s PEM-formatted private key' + resource_record_name: '- The name of the DNS record to create to validate the certificate' + resource_record_type: '- The type of DNS record to create' + resource_record_value: '- The value the DNS record needs to have' + status: '- Status of the certificate.' + subject_alternative_names: '- (Optional) Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]) or use the terraform taint command to trigger recreation.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + validation_emails: '- A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.' + validation_method: '- (Required) Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform.' + aws_acm_certificate_validation: + subCategory: ACM + description: Waits for and checks successful validation of an ACM certificate. + name: aws_acm_certificate_validation + titleName: aws_acm_certificate_validation + examples: + - manifest: |- + { + "certificate_arn": "${aws_acm_certificate.example.arn}", + "validation_record_fqdns": "${[for record in aws_route53_record.example : record.fqdn]}" + } + references: + certificate_arn: aws_acm_certificate.arn + - manifest: |- + { + "certificate_arn": "${aws_acm_certificate.example.arn}", + "validation_record_fqdns": "${[for record in aws_route53_record.example : record.fqdn]}" + } + references: + certificate_arn: aws_acm_certificate.arn + - manifest: |- + { + "certificate_arn": "${aws_acm_certificate.example.arn}" + } + references: + certificate_arn: aws_acm_certificate.arn + argumentDocs: + certificate_arn: '- (Required) The ARN of the certificate that is being validated.' + create: '- (Default 45m) How long to wait for a certificate to be issued.' + id: '- The time at which the certificate was issued' + validation_record_fqdns: '- (Optional) List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation' + aws_acmpca_certificate: + subCategory: ACM PCA + description: Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA) + name: aws_acmpca_certificate + titleName: aws_acmpca_certificate + examples: + - manifest: |- + { + "certificate_authority_arn": "${aws_acmpca_certificate_authority.example.arn}", + "certificate_signing_request": "${tls_cert_request.csr.cert_request_pem}", + "signing_algorithm": "SHA256WITHRSA", + "validity": [ + { + "type": "YEARS", + "value": 1 + } + ] + } + references: + certificate_authority_arn: aws_acmpca_certificate_authority.arn + certificate_signing_request: tls_cert_request.cert_request_pem + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the certificate.' + certificate: '- The PEM-encoded certificate value.' + certificate_authority_arn: '- (Required) Amazon Resource Name (ARN) of the certificate authority.' + certificate_chain: '- The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.' + certificate_signing_request: '- (Required) Certificate Signing Request in PEM format.' + signing_algorithm: '- (Required) Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA' + template_arn: '- (Optional) The template to use when issuing a certificate. See ACM PCA Documentation for more information.' + type: '- (Required) Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.' + validity: '- (Required) Configures end of the validity period for the certificate. See validity block below.' + value: '- (Required) If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.' + aws_acmpca_certificate_authority: + subCategory: ACM PCA + description: Provides a resource to manage AWS Certificate Manager Private Certificate Authorities + name: aws_acmpca_certificate_authority + titleName: aws_acmpca_certificate_authority + examples: + - manifest: |- + { + "certificate_authority_configuration": [ + { + "key_algorithm": "RSA_4096", + "signing_algorithm": "SHA512WITHRSA", + "subject": [ + { + "common_name": "example.com" + } + ] + } + ], + "permanent_deletion_time_in_days": 7 + } + - manifest: |- + { + "certificate_authority_configuration": [ + { + "key_algorithm": "RSA_4096", + "signing_algorithm": "SHA512WITHRSA", + "subject": [ + { + "common_name": "example.com" + } + ] + } + ], + "depends_on": [ + "${aws_s3_bucket_policy.example}" + ], + "revocation_configuration": [ + { + "crl_configuration": [ + { + "custom_cname": "crl.example.com", + "enabled": true, + "expiration_in_days": 7, + "s3_bucket_name": "${aws_s3_bucket.example.id}" + } + ] + } + ] + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the certificate authority.' + certificate: '- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.' + certificate_authority_configuration: '- (Required) Nested argument containing algorithms and certificate subject information. Defined below.' + certificate_chain: '- Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.' + certificate_signing_request: '- The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.' + common_name: '- (Optional) Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.' + country: '- (Optional) Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.' + create: '- (Default 1m) How long to wait for a certificate authority to be created.' + crl_configuration: '- (Optional) Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.' + custom_cname: '- (Optional) Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don''t want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.' + distinguished_name_qualifier: '- (Optional) Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.' + enabled: '- (Optional) Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.' + expiration_in_days: '- (Required) Number of days until a certificate expires. Must be between 1 and 5000.' + generation_qualifier: '- (Optional) Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.' + given_name: '- (Optional) First name. Must be less than or equal to 16 characters in length.' + id: '- Amazon Resource Name (ARN) of the certificate authority.' + initials: '- (Optional) Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.' + key_algorithm: '- (Required) Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.' + locality: '- (Optional) The locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.' + not_after: '- Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.' + not_before: '- Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.' + organization: '- (Optional) Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.' + organizational_unit: '- (Optional) A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.' + permanent_deletion_time_in_days: '- (Optional) The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.' + pseudonym: '- (Optional) Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.' + revocation_configuration: '- (Optional) Nested argument containing revocation configuration. Defined below.' + s3_bucket_name: '- (Optional) Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be less than or equal to 255 characters in length.' + s3_object_acl: '- (Optional) Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.' + serial: '- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.' + signing_algorithm: '- (Required) Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.' + state: '- (Optional) State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.' + status: '- Status of the certificate authority.' + subject: '- (Required) Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.' + surname: '- (Optional) Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.' + tags: '- (Optional) Specifies a key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + title: '- (Optional) A title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.' + type: '- (Optional) The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.' + aws_acmpca_certificate_authority_certificate: + subCategory: ACM PCA + description: Associates a certificate with an AWS Certificate Manager Private Certificate Authority + name: aws_acmpca_certificate_authority_certificate + titleName: aws_acmpca_certificate_authority_certificate + examples: + - manifest: |- + { + "certificate": "${aws_acmpca_certificate.example.certificate}", + "certificate_authority_arn": "${aws_acmpca_certificate_authority.example.arn}", + "certificate_chain": "${aws_acmpca_certificate.example.certificate_chain}" + } + references: + certificate: aws_acmpca_certificate.certificate + certificate_authority_arn: aws_acmpca_certificate_authority.arn + certificate_chain: aws_acmpca_certificate.certificate_chain + - manifest: |- + { + "certificate": "${aws_acmpca_certificate.subordinate.certificate}", + "certificate_authority_arn": "${aws_acmpca_certificate_authority.subordinate.arn}", + "certificate_chain": "${aws_acmpca_certificate.subordinate.certificate_chain}" + } + references: + certificate: aws_acmpca_certificate.certificate + certificate_authority_arn: aws_acmpca_certificate_authority.arn + certificate_chain: aws_acmpca_certificate.certificate_chain + - manifest: '{}' + argumentDocs: + certificate: '- (Required) The PEM-encoded certificate for the Certificate Authority.' + certificate_authority_arn: '- (Required) Amazon Resource Name (ARN) of the Certificate Authority.' + certificate_chain: '- (Optional) The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.' + aws_ami: + subCategory: EC2 + description: Creates and manages a custom Amazon Machine Image (AMI). + name: aws_ami + titleName: aws_ami + examples: + - manifest: |- + { + "ebs_block_device": [ + { + "device_name": "/dev/xvda", + "snapshot_id": "snap-xxxxxxxx", + "volume_size": 8 + } + ], + "name": "terraform-example", + "root_device_name": "/dev/xvda", + "virtualization_type": "hvm" + } + argumentDocs: + architecture: '- (Optional) Machine architecture for created instances. Defaults to "x86_64".' + arn: '- The ARN of the AMI.' + create: '- (Defaults to 40 mins) Used when creating the AMI' + delete: '- (Defaults to 90 mins) Used when deregistering the AMI' + delete_on_termination: |- + - (Optional) Boolean controlling whether the EBS volumes created to + support each created instance will be deleted once that instance is terminated. + description: '- (Optional) A longer, human-readable description for the AMI.' + device_name: '- (Required) The path at which the device is exposed to created instances.' + ebs_block_device: |- + - (Optional) Nested block describing an EBS block device that should be + attached to created instances. The structure of this block is described below. + ena_support: '- (Optional) Specifies whether enhanced networking with ENA is enabled. Defaults to false.' + encrypted: '- (Optional) Boolean controlling whether the created EBS volumes will be encrypted. Can''t be used with snapshot_id.' + ephemeral_block_device: |- + - (Optional) Nested block describing an ephemeral block device that + should be attached to created instances. The structure of this block is described below. + hypervisor: '- The hypervisor type of the image.' + id: '- The ID of the created AMI.' + image_location: |- + - (Required) Path to an S3 object containing an image manifest, e.g. created + by the ec2-upload-bundle command in the EC2 command line tools. + image_owner_alias: '- The AWS account alias (for example, amazon, self) or the AWS account ID of the AMI owner.' + image_type: '- The type of image.' + iops: |- + - (Required only when volume_type is io1 or io2) Number of I/O operations per second the + created volumes will support. + kernel_id: |- + - (Required) The id of the kernel image (AKI) that will be used as the paravirtual + kernel in created instances. + kms_key_id: |- + - (Optional) The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when encrypting the snapshots of + an image during a copy operation. This parameter is only required if you want to use a non-default CMK; + if this parameter is not specified, the default CMK for EBS is used + name: '- (Required) A region-unique name for the AMI.' + owner_id: '- The AWS account ID of the image owner.' + platform: '- This value is set to windows for Windows AMIs; otherwise, it is blank.' + platform_details: '- The platform details associated with the billing code of the AMI.' + public: '- Indicates whether the image has public launch permissions.' + ramdisk_id: |- + - (Optional) The id of an initrd image (ARI) that will be used when booting the + created instances. + root_device_name: '- (Optional) The name of the root device (for example, /dev/sda1, or /dev/xvda).' + root_snapshot_id: '- The Snapshot ID for the root volume (for EBS-backed AMIs)' + snapshot_id: |- + - (Optional) The id of an EBS snapshot that will be used to initialize the created + EBS volumes. If set, the volume_size attribute must be at least as large as the referenced + snapshot. + sriov_net_support: |- + - (Optional) When set to "simple" (the default), enables enhanced networking + for created instances. No other value is supported at this time. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + throughput: '- (Optional) The throughput that the EBS volume supports, in MiB/s. Only valid for volume_type of gp3.' + update: '- (Defaults to 40 mins) Used when updating the AMI' + usage_operation: '- The operation of the Amazon EC2 instance and the billing code that is associated with the AMI.' + virtual_name: |- + - (Required) A name for the ephemeral device, of the form "ephemeralN" where + N is a volume number starting from zero. + virtualization_type: |- + - (Optional) Keyword to choose what virtualization mode created instances + will use. Can be either "paravirtual" (the default) or "hvm". The choice of virtualization type + changes the set of further arguments that are required, as described below. + volume_size: |- + - (Required unless snapshot_id is set) The size of created volumes in GiB. + If snapshot_id is set and volume_size is omitted then the volume will have the same size + as the selected snapshot. + volume_type: '- (Optional) The type of EBS volume to create. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: standard).' + aws_ami_copy: + subCategory: EC2 + description: Duplicates an existing Amazon Machine Image (AMI) + name: aws_ami_copy + titleName: aws_ami_copy + examples: + - manifest: |- + { + "description": "A copy of ami-xxxxxxxx", + "name": "terraform-example", + "source_ami_id": "ami-xxxxxxxx", + "source_ami_region": "us-west-1", + "tags": { + "Name": "HelloWorld" + } + } + argumentDocs: + arn: '- The ARN of the AMI.' + create: '- (Defaults to 40 mins) Used when creating the AMI' + delete: '- (Defaults to 90 mins) Used when deregistering the AMI' + destination_outpost_arn: |- + - (Optional) The ARN of the Outpost to which to copy the AMI. + Only specify this parameter when copying an AMI from an AWS Region to an Outpost. The AMI must be in the Region of the destination Outpost. + encrypted: '- (Optional) Specifies whether the destination snapshots of the copied image should be encrypted. Defaults to false' + id: '- The ID of the created AMI.' + kms_key_id: '- (Optional) The full ARN of the KMS Key to use when encrypting the snapshots of an image during a copy operation. If not specified, then the default AWS KMS Key will be used' + name: '- (Required) A region-unique name for the AMI.' + source_ami_id: |- + - (Required) The id of the AMI to copy. This id must be valid in the region + given by source_ami_region. + source_ami_region: |- + - (Required) The region from which the AMI will be copied. This may be the + same as the AWS provider region in order to create a copy within the same region. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + update: '- (Defaults to 40 mins) Used when updating the AMI' + aws_ami_from_instance: + subCategory: EC2 + description: Creates an Amazon Machine Image (AMI) from an EBS-backed EC2 instance + name: aws_ami_from_instance + titleName: aws_ami_from_instance + examples: + - manifest: |- + { + "name": "terraform-example", + "source_instance_id": "i-xxxxxxxx" + } + argumentDocs: + arn: '- The ARN of the AMI.' + create: '- (Defaults to 40 mins) Used when creating the AMI' + delete: '- (Defaults to 90 mins) Used when deregistering the AMI' + id: '- The ID of the created AMI.' + name: '- (Required) A region-unique name for the AMI.' + snapshot_without_reboot: |- + - (Optional) Boolean that overrides the behavior of stopping + the instance before snapshotting. This is risky since it may cause a snapshot of an + inconsistent filesystem state, but can be used to avoid downtime if the user otherwise + guarantees that no filesystem writes will be underway at the time of snapshot. + source_instance_id: '- (Required) The id of the instance to use as the basis of the AMI.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + update: '- (Defaults to 40 mins) Used when updating the AMI' + aws_ami_launch_permission: + subCategory: EC2 + description: Adds launch permission to Amazon Machine Image (AMI). + name: aws_ami_launch_permission + titleName: aws_ami_launch_permission + examples: + - manifest: |- + { + "account_id": "123456789012", + "image_id": "ami-12345678" + } + argumentDocs: + account_id: '- (required) An AWS Account ID to add launch permissions.' + id: '- A combination of "image_id-account_id".' + image_id: '- (required) A region-unique name for the AMI.' + aws_amplify_app: + subCategory: Amplify Console + description: Provides an Amplify App resource. + name: aws_amplify_app + titleName: aws_amplify_app + examples: + - manifest: |- + { + "build_spec": "version: 0.1\nfrontend:\n phases:\n preBuild:\n commands:\n - yarn install\n build:\n commands:\n - yarn run build\n artifacts:\n baseDirectory: build\n files:\n - '**/*'\n cache:\n paths:\n - node_modules/**/*\n", + "custom_rule": [ + { + "source": "/\u003c*\u003e", + "status": "404", + "target": "/index.html" + } + ], + "environment_variables": { + "ENV": "test" + }, + "name": "example", + "repository": "https://github.com/example/app" + } + - manifest: |- + { + "access_token": "...", + "name": "example", + "repository": "https://github.com/example/app" + } + - manifest: |- + { + "auto_branch_creation_config": [ + { + "enable_auto_build": true + } + ], + "auto_branch_creation_patterns": [ + "*", + "*/**" + ], + "enable_auto_branch_creation": true, + "name": "example" + } + - manifest: |- + { + "basic_auth_credentials": "${base64encode(\"username1:password1\")}", + "enable_basic_auth": true, + "name": "example" + } + - manifest: |- + { + "custom_rule": [ + { + "source": "/api/\u003c*\u003e", + "status": "200", + "target": "https://api.example.com/api/\u003c*\u003e" + }, + { + "source": "\u003c/^[^.]+$|\\.(?!(css|gif|ico|jpg|js|png|txt|svg|woff|ttf|map|json)$)([^.]+$)/\u003e", + "status": "200", + "target": "/index.html" + } + ], + "name": "example" + } + argumentDocs: + access_token: '- (Optional) The personal access token for a third-party source control system for an Amplify app. The personal access token is used to create a webhook and a read-only deploy key. The token is not stored.' + arn: '- The Amazon Resource Name (ARN) of the Amplify app.' + auto_branch_creation_config: '- (Optional) The automated branch creation configuration for an Amplify app. An auto_branch_creation_config block is documented below.' + auto_branch_creation_patterns: '- (Optional) The automated branch creation glob patterns for an Amplify app.' + basic_auth_credentials: '- (Optional) The basic authorization credentials for the autocreated branch.' + branch_name: '- The branch name for the production branch.' + build_spec: '- (Optional) The build specification (build spec) for the autocreated branch.' + condition: '- (Optional) The condition for a URL rewrite or redirect rule, such as a country code.' + custom_rule: '- (Optional) The custom rewrite and redirect rules for an Amplify app. A custom_rule block is documented below.' + default_domain: '- The default domain for the Amplify app.' + description: '- (Optional) The description for an Amplify app.' + enable_auto_branch_creation: '- (Optional) Enables automated branch creation for an Amplify app.' + enable_auto_build: '- (Optional) Enables auto building for the autocreated branch.' + enable_basic_auth: '- (Optional) Enables basic authorization for the autocreated branch.' + enable_branch_auto_build: '- (Optional) Enables auto-building of branches for the Amplify App.' + enable_branch_auto_deletion: '- (Optional) Automatically disconnects a branch in the Amplify Console when you delete a branch from your Git repository.' + enable_performance_mode: '- (Optional) Enables performance mode for the branch.' + enable_pull_request_preview: '- (Optional) Enables pull request previews for the autocreated branch.' + environment_variables: '- (Optional) The environment variables for the autocreated branch.' + framework: '- (Optional) The framework for the autocreated branch.' + iam_service_role_arn: '- (Optional) The AWS Identity and Access Management (IAM) service role for an Amplify app.' + id: '- The unique ID of the Amplify app.' + last_deploy_time: '- The last deploy time of the production branch.' + name: '- (Required) The name for an Amplify app.' + oauth_token: '- (Optional) The OAuth token for a third-party source control system for an Amplify app. The OAuth token is used to create a webhook and a read-only deploy key. The OAuth token is not stored.' + platform: '- (Optional) The platform or framework for an Amplify app. Valid values: WEB.' + production_branch: '- Describes the information about a production branch for an Amplify app. A production_branch block is documented below.' + pull_request_environment_name: '- (Optional) The Amplify environment name for the pull request.' + repository: '- (Optional) The repository for an Amplify app.' + source: '- (Required) The source pattern for a URL rewrite or redirect rule.' + stage: '- (Optional) Describes the current stage for the autocreated branch. Valid values: PRODUCTION, BETA, DEVELOPMENT, EXPERIMENTAL, PULL_REQUEST.' + status: '- The status of the production branch.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target: '- (Required) The target pattern for a URL rewrite or redirect rule.' + thumbnail_url: '- The thumbnail URL for the production branch.' + aws_amplify_backend_environment: + subCategory: Amplify Console + description: Provides an Amplify Backend Environment resource. + name: aws_amplify_backend_environment + titleName: aws_amplify_backend_environment + examples: + - manifest: |- + { + "app_id": "${aws_amplify_app.example.id}", + "deployment_artifacts": "app-example-deployment", + "environment_name": "example", + "stack_name": "amplify-app-example" + } + references: + app_id: aws_amplify_app.id + argumentDocs: + app_id: '- (Required) The unique ID for an Amplify app.' + arn: '- The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.' + deployment_artifacts: '- (Optional) The name of deployment artifacts.' + environment_name: '- (Required) The name for the backend environment.' + id: '- The unique ID of the Amplify backend environment.' + stack_name: '- (Optional) The AWS CloudFormation stack name of a backend environment.' + aws_amplify_branch: + subCategory: Amplify Console + description: Provides an Amplify Branch resource. + name: aws_amplify_branch + titleName: aws_amplify_branch + examples: + - manifest: |- + { + "app_id": "${aws_amplify_app.example.id}", + "branch_name": "master", + "environment_variables": { + "REACT_APP_API_SERVER": "https://api.example.com" + }, + "framework": "React", + "stage": "PRODUCTION" + } + references: + app_id: aws_amplify_app.id + - manifest: |- + { + "app_id": "${aws_amplify_app.example.id}", + "basic_auth_config": [ + { + "enable_basic_auth": true, + "password": "password", + "username": "username" + } + ], + "branch_name": "master" + } + references: + app_id: aws_amplify_app.id + - manifest: |- + { + "app_id": "${aws_amplify_app.example.id}", + "branch_name": "master", + "enable_notification": true + } + references: + app_id: aws_amplify_app.id + argumentDocs: + app_id: '- (Required) The unique ID for an Amplify app.' + arn: '- The Amazon Resource Name (ARN) for the branch.' + associated_resources: '- A list of custom resources that are linked to this branch.' + backend_environment_arn: '- (Optional) The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.' + basic_auth_credentials: '- (Optional) The basic authorization credentials for the branch.' + branch_name: '- (Required) The name for the branch.' + custom_domains: '- The custom domains for the branch.' + description: '- (Optional) The description for the branch.' + destination_branch: '- The destination branch if the branch is a pull request branch.' + display_name: '- (Optional) The display name for a branch. This is used as the default domain prefix.' + enable_auto_build: '- (Optional) Enables auto building for the branch.' + enable_basic_auth: '- (Optional) Enables basic authorization for the branch.' + enable_notification: '- (Optional) Enables notifications for the branch.' + enable_performance_mode: '- (Optional) Enables performance mode for the branch.' + enable_pull_request_preview: '- (Optional) Enables pull request previews for this branch.' + environment_variables: '- (Optional) The environment variables for the branch.' + framework: '- (Optional) The framework for the branch.' + pull_request_environment_name: '- (Optional) The Amplify environment name for the pull request.' + source_branch: '- The source branch if the branch is a pull request branch.' + stage: '- (Optional) Describes the current stage for the branch. Valid values: PRODUCTION, BETA, DEVELOPMENT, EXPERIMENTAL, PULL_REQUEST.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + ttl: '- (Optional) The content Time To Live (TTL) for the website in seconds.' + aws_amplify_domain_association: + subCategory: Amplify Console + description: Provides an Amplify Domain Association resource. + name: aws_amplify_domain_association + titleName: aws_amplify_domain_association + examples: + - manifest: |- + { + "app_id": "${aws_amplify_app.example.id}", + "domain_name": "example.com", + "sub_domain": [ + { + "branch_name": "${aws_amplify_branch.master.branch_name}", + "prefix": "" + }, + { + "branch_name": "${aws_amplify_branch.master.branch_name}", + "prefix": "www" + } + ] + } + references: + app_id: aws_amplify_app.id + argumentDocs: + app_id: '- (Required) The unique ID for an Amplify app.' + arn: '- The Amazon Resource Name (ARN) for the domain association.' + branch_name: '- (Required) The branch name setting for the subdomain.' + certificate_verification_dns_record: '- The DNS record for certificate verification.' + dns_record: '- The DNS record for the subdomain.' + domain_name: '- (Required) The domain name for the domain association.' + prefix: '- (Required) The prefix setting for the subdomain.' + sub_domain: '- (Required) The setting for the subdomain. Documented below.' + verified: '- The verified status of the subdomain.' + wait_for_verification: '- (Optional) If enabled, the resource will wait for the domain association status to change to PENDING_DEPLOYMENT or AVAILABLE. Setting this to false will skip the process. Default: true.' + aws_amplify_webhook: + subCategory: Amplify Console + description: Provides an Amplify Webhook resource. + name: aws_amplify_webhook + titleName: aws_amplify_webhook + examples: + - manifest: |- + { + "app_id": "${aws_amplify_app.example.id}", + "branch_name": "${aws_amplify_branch.master.branch_name}", + "description": "triggermaster" + } + references: + app_id: aws_amplify_app.id + branch_name: aws_amplify_branch.branch_name + argumentDocs: + app_id: '- (Required) The unique ID for an Amplify app.' + arn: '- The Amazon Resource Name (ARN) for the webhook.' + branch_name: '- (Required) The name for a branch that is part of the Amplify app.' + description: '- (Optional) The description for a webhook.' + url: '- The URL of the webhook.' + aws_api_gateway_account: + subCategory: API Gateway (REST APIs) + description: Provides a settings of an API Gateway Account. + name: aws_api_gateway_account + titleName: aws_api_gateway_account + examples: + - manifest: |- + { + "cloudwatch_role_arn": "${aws_iam_role.cloudwatch.arn}" + } + references: + cloudwatch_role_arn: aws_iam_role.arn + argumentDocs: + burst_limit: '- The absolute maximum number of times API Gateway allows the API to be called per second (RPS).' + cloudwatch_role_arn: '- (Optional) The ARN of an IAM role for CloudWatch (to allow logging & monitoring). See more in AWS Docs. Logging & monitoring can be enabled/disabled and otherwise tuned on the API Gateway Stage level.' + rate_limit: '- The number of times API Gateway allows the API to be called per second on average (RPS).' + throttle_settings: '- Account-Level throttle settings. See exported fields below.' + aws_api_gateway_api_key: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway API Key. + name: aws_api_gateway_api_key + titleName: aws_api_gateway_api_key + examples: + - manifest: |- + { + "name": "demo" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + created_date: '- The creation date of the API key' + description: '- (Optional) The API key description. Defaults to "Managed by Terraform".' + enabled: '- (Optional) Specifies whether the API key can be used by callers. Defaults to true.' + id: '- The ID of the API key' + last_updated_date: '- The last update date of the API key' + name: '- (Required) The name of the API key' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- The value of the API key' + aws_api_gateway_authorizer: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway Authorizer. + name: aws_api_gateway_authorizer + titleName: aws_api_gateway_authorizer + examples: + - manifest: |- + { + "authorizer_credentials": "${aws_iam_role.invocation_role.arn}", + "authorizer_uri": "${aws_lambda_function.authorizer.invoke_arn}", + "name": "demo", + "rest_api_id": "${aws_api_gateway_rest_api.demo.id}" + } + references: + authorizer_credentials: aws_iam_role.arn + authorizer_uri: aws_lambda_function.invoke_arn + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + authorizer_credentials: '- (Optional) The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.' + authorizer_result_ttl_in_seconds: '- (Optional) The TTL of cached authorizer results in seconds. Defaults to 300.' + authorizer_uri: |- + - (Optional, required for type TOKEN/REQUEST) The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, + e.g. arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations + id: '- The Authorizer identifier.' + identity_source: '- (Optional) The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"' + identity_validation_expression: '- (Optional) A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn''t match, the client receives a 401 Unauthorized response.' + name: '- (Required) The name of the authorizer' + provider_arns: '- (Optional, required for type COGNITO_USER_POOLS) A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.' + rest_api_id: '- (Required) The ID of the associated REST API' + type: '- (Optional) The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.' + aws_api_gateway_base_path_mapping: + subCategory: API Gateway (REST APIs) + description: Connects a custom domain with a deployed API + name: aws_api_gateway_base_path_mapping + titleName: aws_api_gateway_base_path_mapping + examples: + - manifest: |- + { + "api_id": "${aws_api_gateway_rest_api.example.id}", + "domain_name": "${aws_api_gateway_domain_name.example.domain_name}", + "stage_name": "${aws_api_gateway_stage.example.stage_name}" + } + references: + api_id: aws_api_gateway_rest_api.id + domain_name: aws_api_gateway_domain_name.domain_name + stage_name: aws_api_gateway_stage.stage_name + argumentDocs: + api_id: '- (Required) The id of the API to connect.' + base_path: '- (Optional) Path segment that must be prepended to the path when accessing the API via this mapping. If omitted, the API is exposed at the root of the given domain.' + domain_name: '- (Required) The already-registered domain name to connect the API to.' + stage_name: '- (Optional) The name of a specific deployment stage to expose at the given path. If omitted, callers may select any stage by including its name as a path element after the base path.' + aws_api_gateway_client_certificate: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway Client Certificate. + name: aws_api_gateway_client_certificate + titleName: aws_api_gateway_client_certificate + examples: + - manifest: |- + { + "description": "My client certificate" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + created_date: '- The date when the client certificate was created.' + description: '- (Optional) The description of the client certificate.' + expiration_date: '- The date when the client certificate will expire.' + id: '- The identifier of the client certificate.' + pem_encoded_certificate: '- The PEM-encoded public key of the client certificate.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_api_gateway_deployment: + subCategory: API Gateway (REST APIs) + description: Manages an API Gateway REST Deployment. + name: aws_api_gateway_deployment + titleName: aws_api_gateway_deployment + examples: + - manifest: |- + { + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "triggers": { + "redeployment": "${sha1(jsonencode(aws_api_gateway_rest_api.example.body))}" + } + } + references: + rest_api_id: aws_api_gateway_rest_api.id + - manifest: |- + { + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "triggers": { + "redeployment": "${sha1(jsonencode([\n aws_api_gateway_resource.example.id,\n aws_api_gateway_method.example.id,\n aws_api_gateway_integration.example.id,\n ]))}" + } + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + aws_api_gateway_integration: resource + aws_api_gateway_rest_api: resource + body: argument), no special dependency setup is needed beyond referencing the id attribute of that resource unless additional Terraform resources have further customized the REST API. + created_date: '- The creation date of the deployment' + depends_on: meta-argument + description: '- (Optional) Description of the deployment' + execution_arn: |- + - The execution ARN to be used in lambda_permission's source_arn + when allowing API Gateway to invoke a Lambda function, + e.g. arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod + id: '- The ID of the deployment' + invoke_url: |- + - The URL to invoke the API pointing to the stage, + e.g. https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod + rest_api_id: '- (Required) REST API identifier.' + stage_description: '- (Optional) Description to set on the stage managed by the stage_name argument.' + stage_name: '- (Optional) Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment. It is recommended to use the aws_api_gateway_stage resource instead to manage stages.' + triggers: '- (Optional) Map of arbitrary keys and values that, when changed, will trigger a redeployment. To force a redeployment without changing these keys/values, use the terraform taint command.' + variables: '- (Optional) Map to set on the stage managed by the stage_name argument.' + aws_api_gateway_documentation_part: + subCategory: API Gateway (REST APIs) + description: Provides a settings of an API Gateway Documentation Part. + name: aws_api_gateway_documentation_part + titleName: aws_api_gateway_documentation_part + examples: + - manifest: |- + { + "location": [ + { + "method": "GET", + "path": "/example", + "type": "METHOD" + } + ], + "properties": "{\"description\":\"Example description\"}", + "rest_api_id": "${aws_api_gateway_rest_api.example.id}" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + id: '- The unique ID of the Documentation Part' + location: '- (Required) The location of the targeted API entity of the to-be-created documentation part. See below.' + method: '- (Optional) The HTTP verb of a method. The default value is * for any method.' + name: '- (Optional) The name of the targeted API entity.' + path: '- (Optional) The URL path of the target. The default value is / for the root resource.' + properties: '- (Required) A content map of API-specific key-value pairs describing the targeted API entity. The map must be encoded as a JSON string, e.g., "{ "description": "The API does ..." }". Only Swagger-compliant key-value pairs can be exported and, hence, published.' + rest_api_id: '- (Required) The ID of the associated Rest API' + status_code: '- (Optional) The HTTP status code of a response. The default value is * for any status code.' + type: '- (Required) The type of API entity to which the documentation content applies. e.g. API, METHOD or REQUEST_BODY' + aws_api_gateway_documentation_version: + subCategory: API Gateway (REST APIs) + description: Provides a resource to manage an API Gateway Documentation Version. + name: aws_api_gateway_documentation_version + titleName: aws_api_gateway_documentation_version + examples: + - manifest: |- + { + "depends_on": [ + "${aws_api_gateway_documentation_part.example}" + ], + "description": "Example description", + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "version": "example_version" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + description: '- (Optional) The description of the API documentation version.' + rest_api_id: '- (Required) The ID of the associated Rest API' + version: '- (Required) The version identifier of the API documentation snapshot.' + aws_api_gateway_domain_name: + subCategory: API Gateway (REST APIs) + description: Registers a custom domain name for use with AWS API Gateway. + name: aws_api_gateway_domain_name + titleName: aws_api_gateway_domain_name + examples: + - manifest: |- + { + "certificate_arn": "${aws_acm_certificate_validation.example.certificate_arn}", + "domain_name": "api.example.com" + } + references: + certificate_arn: aws_acm_certificate_validation.certificate_arn + - manifest: |- + { + "certificate_body": "${file(\"${path.module}/example.com/example.crt\")}", + "certificate_chain": "${file(\"${path.module}/example.com/ca.crt\")}", + "certificate_name": "example-api", + "certificate_private_key": "${file(\"${path.module}/example.com/example.key\")}", + "domain_name": "api.example.com" + } + - manifest: |- + { + "domain_name": "api.example.com", + "endpoint_configuration": [ + { + "types": [ + "REGIONAL" + ] + } + ], + "regional_certificate_arn": "${aws_acm_certificate_validation.example.certificate_arn}" + } + references: + regional_certificate_arn: aws_acm_certificate_validation.certificate_arn + - manifest: |- + { + "certificate_body": "${file(\"${path.module}/example.com/example.crt\")}", + "certificate_chain": "${file(\"${path.module}/example.com/ca.crt\")}", + "certificate_private_key": "${file(\"${path.module}/example.com/example.key\")}", + "domain_name": "api.example.com", + "endpoint_configuration": [ + { + "types": [ + "REGIONAL" + ] + } + ], + "regional_certificate_name": "example-api" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + certificate_arn: '- (Optional) The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with certificate_name, certificate_body, certificate_chain, certificate_private_key, regional_certificate_arn, and regional_certificate_name.' + certificate_body: |- + - (Optional) The certificate issued for the domain name + being registered, in PEM format. Only valid for EDGE endpoint configuration type. Conflicts with certificate_arn, regional_certificate_arn, and + regional_certificate_name. + certificate_chain: |- + - (Optional) The certificate for the CA that issued the + certificate, along with any intermediate CA certificates required to + create an unbroken chain to a certificate trusted by the intended API clients. Only valid for EDGE endpoint configuration type. Conflicts with certificate_arn, + regional_certificate_arn, and regional_certificate_name. + certificate_name: |- + - (Optional) The unique name to use when registering this + certificate as an IAM server certificate. Conflicts with certificate_arn, regional_certificate_arn, and + regional_certificate_name. Required if certificate_arn is not set. + certificate_private_key: |- + - (Optional) The private key associated with the + domain certificate given in certificate_body. Only valid for EDGE endpoint configuration type. Conflicts with certificate_arn, regional_certificate_arn, and regional_certificate_name. + certificate_upload_date: '- The upload date associated with the domain certificate.' + cloudfront_domain_name: |- + - The hostname created by Cloudfront to represent + the distribution that implements this domain name mapping. + cloudfront_zone_id: |- + - For convenience, the hosted zone ID (Z2FDTNDATAQYW2) + that can be used to create a Route53 alias record for the distribution. + domain_name: '- (Required) The fully-qualified domain name to register' + endpoint_configuration: '- (Optional) Configuration block defining API endpoint information including type. Defined below.' + id: '- The internal id assigned to this domain name by API Gateway.' + mutual_tls_authentication: '- (Optional) The mutual TLS authentication configuration for the domain name. Defined below.' + regional_certificate_arn: '- (Optional) The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with certificate_arn, certificate_name, certificate_body, certificate_chain, and certificate_private_key.' + regional_certificate_name: |- + - (Optional) The user-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with certificate_arn, certificate_name, certificate_body, certificate_chain, and + certificate_private_key. + regional_domain_name: '- The hostname for the custom domain''s regional endpoint.' + regional_zone_id: '- The hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.' + security_policy: '- (Optional) The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are TLS_1_0 and TLS_1_2. Must be configured to perform drift detection.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + truststore_uri: |- + - (Required) An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. + The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. + truststore_version: '- (Optional) The version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.' + types: '- (Required) A list of endpoint types. This resource currently only supports managing a single value. Valid values: EDGE or REGIONAL. If unspecified, defaults to EDGE. Must be declared as REGIONAL in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.' + aws_api_gateway_gateway_response: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway Gateway Response for a REST API Gateway. + name: aws_api_gateway_gateway_response + titleName: aws_api_gateway_gateway_response + examples: + - manifest: |- + { + "response_parameters": { + "gatewayresponse.header.Authorization": "'Basic'" + }, + "response_templates": { + "application/json": "{\"message\":$context.error.messageString}" + }, + "response_type": "UNAUTHORIZED", + "rest_api_id": "${aws_api_gateway_rest_api.main.id}", + "status_code": "401" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + response_parameters: '- (Optional) A map specifying the parameters (paths, query strings and headers) of the Gateway Response.' + response_templates: '- (Optional) A map specifying the templates used to transform the response body.' + response_type: '- (Required) The response type of the associated GatewayResponse.' + rest_api_id: '- (Required) The string identifier of the associated REST API.' + status_code: '- (Optional) The HTTP status code of the Gateway Response.' + aws_api_gateway_integration: + subCategory: API Gateway (REST APIs) + description: Provides an HTTP Method Integration for an API Gateway Integration. + name: aws_api_gateway_integration + titleName: aws_api_gateway_integration + examples: + - manifest: |- + { + "cache_key_parameters": [ + "method.request.path.param" + ], + "cache_namespace": "foobar", + "http_method": "${aws_api_gateway_method.MyDemoMethod.http_method}", + "request_parameters": { + "integration.request.header.X-Authorization": "'static'" + }, + "request_templates": { + "application/xml": "{\n \"body\" : $input.json('$')\n}\n" + }, + "resource_id": "${aws_api_gateway_resource.MyDemoResource.id}", + "rest_api_id": "${aws_api_gateway_rest_api.MyDemoAPI.id}", + "timeout_milliseconds": 29000, + "type": "MOCK" + } + references: + http_method: aws_api_gateway_method.http_method + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + - manifest: |- + { + "http_method": "${aws_api_gateway_method.method.http_method}", + "integration_http_method": "POST", + "resource_id": "${aws_api_gateway_resource.resource.id}", + "rest_api_id": "${aws_api_gateway_rest_api.api.id}", + "type": "AWS_PROXY", + "uri": "${aws_lambda_function.lambda.invoke_arn}" + } + references: + http_method: aws_api_gateway_method.http_method + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + uri: aws_lambda_function.invoke_arn + - manifest: |- + { + "connection_id": "${aws_api_gateway_vpc_link.test.id}", + "connection_type": "VPC_LINK", + "content_handling": "CONVERT_TO_TEXT", + "http_method": "${aws_api_gateway_method.test.http_method}", + "integration_http_method": "GET", + "passthrough_behavior": "WHEN_NO_MATCH", + "request_parameters": { + "integration.request.header.X-Authorization": "'static'", + "integration.request.header.X-Foo": "'Bar'" + }, + "request_templates": { + "application/json": "", + "application/xml": "#set($inputRoot = $input.path('$'))\n{ }" + }, + "resource_id": "${aws_api_gateway_resource.test.id}", + "rest_api_id": "${aws_api_gateway_rest_api.test.id}", + "type": "HTTP", + "uri": "https://www.google.de" + } + references: + connection_id: aws_api_gateway_vpc_link.id + http_method: aws_api_gateway_method.http_method + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + cache_key_parameters: '- (Optional) A list of cache key parameters for the integration.' + cache_namespace: '- (Optional) The integration''s cache namespace.' + connection_id: '- (Optional) The id of the VpcLink used for the integration. Required if connection_type is VPC_LINK' + connection_type: '- (Optional) The integration input''s connectionType. Valid values are INTERNET (default for connections through the public routable internet), and VPC_LINK (for private connections between API Gateway and a network load balancer in a VPC).' + content_handling: '- (Optional) Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.' + credentials: '- (Optional) The credentials required for the integration. For AWS integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role''s ARN. To require that the caller''s identity be passed through from the request, specify the string arn:aws:iam::\*:user/\*.' + http_method: |- + - (Required) The HTTP method (GET, POST, PUT, DELETE, HEAD, OPTION, ANY) + when calling the associated resource. + insecure_skip_verification: '- (Optional) Specifies whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a supported certificate authority. This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate''s expiration date, hostname, and presence of a root certificate authority. Supported only for HTTP and HTTP_PROXY integrations.' + integration_http_method: |- + - (Optional) The integration HTTP method + (GET, POST, PUT, DELETE, HEAD, OPTIONs, ANY, PATCH) specifying how API Gateway will interact with the back end. + Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. + Not all methods are compatible with all AWS integrations. + e.g. Lambda function can only be invoked via POST. + passthrough_behavior: '- (Optional) The integration passthrough behavior (WHEN_NO_MATCH, WHEN_NO_TEMPLATES, NEVER). Required if request_templates is used.' + request_parameters: |- + - (Optional) A map of request query string parameters and headers that should be passed to the backend responder. + For example: request_parameters = { "integration.request.header.X-Some-Other-Header" = "method.request.header.X-Some-Header" } + request_templates: '- (Optional) A map of the integration''s request templates.' + resource_id: '- (Required) The API resource ID.' + rest_api_id: '- (Required) The ID of the associated REST API.' + timeout_milliseconds: '- (Optional) Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds.' + tls_config: '- (Optional) Configuration block specifying the TLS configuration for an integration. Defined below.' + type: '- (Required) The integration input''s type. Valid values are HTTP (for HTTP backends), MOCK (not calling any real backend), AWS (for AWS services), AWS_PROXY (for Lambda proxy integration) and HTTP_PROXY (for HTTP proxy integration). An HTTP or HTTP_PROXY integration with a connection_type of VPC_LINK is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.' + uri: |- + - (Optional) The input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. + For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}. region, subdomain and service are used to determine the right endpoint. + e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation. + aws_api_gateway_integration_response: + subCategory: API Gateway (REST APIs) + description: Provides an HTTP Method Integration Response for an API Gateway Resource. + name: aws_api_gateway_integration_response + titleName: aws_api_gateway_integration_response + examples: + - manifest: |- + { + "http_method": "${aws_api_gateway_method.MyDemoMethod.http_method}", + "resource_id": "${aws_api_gateway_resource.MyDemoResource.id}", + "response_templates": { + "application/xml": "#set($inputRoot = $input.path('$'))\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003cmessage\u003e\n $inputRoot.body\n\u003c/message\u003e\n" + }, + "rest_api_id": "${aws_api_gateway_rest_api.MyDemoAPI.id}", + "status_code": "${aws_api_gateway_method_response.response_200.status_code}" + } + references: + http_method: aws_api_gateway_method.http_method + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + status_code: aws_api_gateway_method_response.status_code + argumentDocs: + content_handling: '- (Optional) Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification.' + http_method: '- (Required) The HTTP method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY)' + resource_id: '- (Required) The API resource ID' + response_parameters: |- + - (Optional) A map of response parameters that can be read from the backend response. + For example: response_parameters = { "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" } + response_templates: '- (Optional) A map specifying the templates used to transform the integration response body' + rest_api_id: '- (Required) The ID of the associated REST API' + selection_pattern: |- + - (Optional) Specifies the regular expression pattern used to choose + an integration response based on the response from the backend. Omit configuring this to make the integration the default one. + If the backend is an AWS Lambda function, the AWS Lambda function error header is matched. + For all other HTTP and AWS backends, the HTTP status code is matched. + status_code: '- (Required) The HTTP status code' + aws_api_gateway_method: + subCategory: API Gateway (REST APIs) + description: Provides a HTTP Method for an API Gateway Resource. + name: aws_api_gateway_method + titleName: aws_api_gateway_method + examples: + - manifest: |- + { + "authorization": "NONE", + "http_method": "GET", + "resource_id": "${aws_api_gateway_resource.MyDemoResource.id}", + "rest_api_id": "${aws_api_gateway_rest_api.MyDemoAPI.id}" + } + references: + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + - manifest: |- + { + "authorization": "COGNITO_USER_POOLS", + "authorizer_id": "${aws_api_gateway_authorizer.this.id}", + "http_method": "ANY", + "request_parameters": { + "method.request.path.proxy": true + }, + "resource_id": "${aws_api_gateway_resource.this.id}", + "rest_api_id": "${aws_api_gateway_rest_api.this.id}" + } + references: + authorizer_id: aws_api_gateway_authorizer.id + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + api_key_required: '- (Optional) Specify if the method requires an API key' + authorization: '- (Required) The type of authorization used for the method (NONE, CUSTOM, AWS_IAM, COGNITO_USER_POOLS)' + authorization_scopes: '- (Optional) The authorization scopes used when the authorization is COGNITO_USER_POOLS' + authorizer_id: '- (Optional) The authorizer id to be used when the authorization is CUSTOM or COGNITO_USER_POOLS' + http_method: '- (Required) The HTTP Method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY)' + operation_name: '- (Optional) The function name that will be given to the method when generating an SDK through API Gateway. If omitted, API Gateway will generate a function name based on the resource path and HTTP verb.' + request_models: |- + - (Optional) A map of the API models used for the request's content type + where key is the content type (e.g. application/json) + and value is either Error, Empty (built-in models) or aws_api_gateway_model's name. + request_parameters: |- + - (Optional) A map of request parameters (from the path, query string and headers) that should be passed to the integration. The boolean value indicates whether the parameter is required (true) or optional (false). + For example: request_parameters = {"method.request.header.X-Some-Header" = true "method.request.querystring.some-query-param" = true} would define that the header X-Some-Header and the query string some-query-param must be provided in the request. + request_validator_id: '- (Optional) The ID of a aws_api_gateway_request_validator' + resource_id: '- (Required) The API resource ID' + rest_api_id: '- (Required) The ID of the associated REST API' + aws_api_gateway_method_response: + subCategory: API Gateway (REST APIs) + description: Provides an HTTP Method Response for an API Gateway Resource. + name: aws_api_gateway_method_response + titleName: aws_api_gateway_method_response + examples: + - manifest: |- + { + "http_method": "${aws_api_gateway_method.MyDemoMethod.http_method}", + "resource_id": "${aws_api_gateway_resource.MyDemoResource.id}", + "rest_api_id": "${aws_api_gateway_rest_api.MyDemoAPI.id}", + "status_code": "200" + } + references: + http_method: aws_api_gateway_method.http_method + resource_id: aws_api_gateway_resource.id + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + http_method: '- (Required) The HTTP Method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY)' + resource_id: '- (Required) The API resource ID' + response_models: '- (Optional) A map of the API models used for the response''s content type' + response_parameters: |- + - (Optional) A map of response parameters that can be sent to the caller. + For example: response_parameters = { "method.response.header.X-Some-Header" = true } + would define that the header X-Some-Header can be provided on the response. + rest_api_id: '- (Required) The ID of the associated REST API' + status_code: '- (Required) The HTTP status code' + aws_api_gateway_method_settings: + subCategory: API Gateway (REST APIs) + description: Manages API Gateway Stage Method Settings + name: aws_api_gateway_method_settings + titleName: aws_api_gateway_method_settings + examples: + - manifest: |- + { + "method_path": "*/*", + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "settings": [ + { + "logging_level": "ERROR", + "metrics_enabled": true + } + ], + "stage_name": "${aws_api_gateway_stage.example.stage_name}" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + stage_name: aws_api_gateway_stage.stage_name + - manifest: |- + { + "method_path": "path1/GET", + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "settings": [ + { + "logging_level": "INFO", + "metrics_enabled": true + } + ], + "stage_name": "${aws_api_gateway_stage.example.stage_name}" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + stage_name: aws_api_gateway_stage.stage_name + argumentDocs: + cache_data_encrypted: '- (Optional) Specifies whether the cached responses are encrypted.' + cache_ttl_in_seconds: '- (Optional) Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached.' + caching_enabled: '- (Optional) Specifies whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached.' + data_trace_enabled: '- (Optional) Specifies whether data trace logging is enabled for this method, which effects the log entries pushed to Amazon CloudWatch Logs.' + logging_level: '- (Optional) Specifies the logging level for this method, which effects the log entries pushed to Amazon CloudWatch Logs. The available levels are OFF, ERROR, and INFO.' + method_path: '- (Required) Method path defined as {resource_path}/{http_method} for an individual method override, or */* for overriding all methods in the stage. Ensure to trim any leading forward slashes in the path (e.g. trimprefix(aws_api_gateway_resource.example.path, "/")).' + metrics_enabled: '- (Optional) Specifies whether Amazon CloudWatch metrics are enabled for this method.' + require_authorization_for_cache_control: '- (Optional) Specifies whether authorization is required for a cache invalidation request.' + rest_api_id: '- (Required) The ID of the REST API' + settings: '- (Required) The settings block, see below.' + stage_name: '- (Required) The name of the stage' + throttling_burst_limit: '- (Optional) Specifies the throttling burst limit. Default: -1 (throttling disabled).' + throttling_rate_limit: '- (Optional) Specifies the throttling rate limit. Default: -1 (throttling disabled).' + unauthorized_cache_control_header_strategy: '- (Optional) Specifies how to handle unauthorized requests for cache invalidation. The available values are FAIL_WITH_403, SUCCEED_WITH_RESPONSE_HEADER, SUCCEED_WITHOUT_RESPONSE_HEADER.' + aws_api_gateway_model: + subCategory: API Gateway (REST APIs) + description: Provides a Model for a REST API Gateway. + name: aws_api_gateway_model + titleName: aws_api_gateway_model + examples: + - manifest: |- + { + "content_type": "application/json", + "description": "a JSON schema", + "name": "user", + "rest_api_id": "${aws_api_gateway_rest_api.MyDemoAPI.id}", + "schema": "{\n \"type\": \"object\"\n}\n" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + content_type: '- (Required) The content type of the model' + description: '- (Optional) The description of the model' + id: '- The ID of the model' + name: '- (Required) The name of the model' + rest_api_id: '- (Required) The ID of the associated REST API' + schema: '- (Required) The schema of the model in a JSON form' + aws_api_gateway_request_validator: + subCategory: API Gateway (REST APIs) + description: Manages an API Gateway Request Validator. + name: aws_api_gateway_request_validator + titleName: aws_api_gateway_request_validator + examples: + - manifest: |- + { + "name": "example", + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "validate_request_body": true, + "validate_request_parameters": true + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + id: '- The unique ID of the request validator' + name: '- (Required) The name of the request validator' + rest_api_id: '- (Required) The ID of the associated Rest API' + validate_request_body: '- (Optional) Boolean whether to validate request body. Defaults to false.' + validate_request_parameters: '- (Optional) Boolean whether to validate request parameters. Defaults to false.' + aws_api_gateway_resource: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway Resource. + name: aws_api_gateway_resource + titleName: aws_api_gateway_resource + examples: + - manifest: |- + { + "parent_id": "${aws_api_gateway_rest_api.MyDemoAPI.root_resource_id}", + "path_part": "mydemoresource", + "rest_api_id": "${aws_api_gateway_rest_api.MyDemoAPI.id}" + } + references: + parent_id: aws_api_gateway_rest_api.root_resource_id + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + id: '- The resource''s identifier.' + parent_id: '- (Required) The ID of the parent API resource' + path: '- The complete path for this API resource, including all parent paths.' + path_part: '- (Required) The last path segment of this API resource.' + rest_api_id: '- (Required) The ID of the associated REST API' + aws_api_gateway_rest_api: + subCategory: API Gateway (REST APIs) + description: Manages an API Gateway REST API. + name: aws_api_gateway_rest_api + titleName: aws_api_gateway_rest_api + examples: + - manifest: |- + { + "body": "${jsonencode({\n openapi = \"3.0.1\"\n info = {\n title = \"example\"\n version = \"1.0\"\n }\n paths = {\n \"/path1\" = {\n get = {\n x-amazon-apigateway-integration = {\n httpMethod = \"GET\"\n payloadFormatVersion = \"1.0\"\n type = \"HTTP_PROXY\"\n uri = \"https://ip-ranges.amazonaws.com/ip-ranges.json\"\n }\n }\n }\n }\n })}", + "endpoint_configuration": [ + { + "types": [ + "REGIONAL" + ] + } + ], + "name": "example" + } + - manifest: |- + { + "name": "example" + } + argumentDocs: + api_key_source: '- (Optional) Source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER. If importing an OpenAPI specification via the body argument, this corresponds to the x-amazon-apigateway-api-key-source extension. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + arn: '- Amazon Resource Name (ARN)' + binary_media_types: '- (Optional) List of binary media types supported by the REST API. By default, the REST API supports only UTF-8-encoded text payloads. If importing an OpenAPI specification via the body argument, this corresponds to the x-amazon-apigateway-binary-media-types extension. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + body: '- (Optional) OpenAPI specification that defines the set of routes and integrations to create as part of the REST API. This configuration, and any updates to it, will replace all REST API configuration except values overridden in this resource configuration and other resource updates applied after this resource but before any aws_api_gateway_deployment creation. More information about REST API OpenAPI support can be found in the API Gateway Developer Guide.' + created_date: '- The creation date of the REST API' + description: '- (Optional) Description of the REST API. If importing an OpenAPI specification via the body argument, this corresponds to the info.description field. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + disable_execute_api_endpoint: '- (Optional) Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. Defaults to false. If importing an OpenAPI specification via the body argument, this corresponds to the x-amazon-apigateway-endpoint-configuration extension disableExecuteApiEndpoint property. If the argument value is true and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + endpoint_configuration: '- (Optional) Configuration block defining API endpoint configuration including endpoint type. Defined below.' + execution_arn: |- + - The execution ARN part to be used in lambda_permission's source_arn + when allowing API Gateway to invoke a Lambda function, + e.g. arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j, which can be concatenated with allowed stage, method and resource path. + id: '- The ID of the REST API' + minimum_compression_size: '- (Optional) Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default). If importing an OpenAPI specification via the body argument, this corresponds to the x-amazon-apigateway-minimum-compression-size extension. If the argument value (except -1) is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + name: '- (Required) Name of the REST API. If importing an OpenAPI specification via the body argument, this corresponds to the info.title field. If the argument value is different than the OpenAPI value, the argument value will override the OpenAPI value.' + parameters: '- (Optional) Map of customizations for importing the specification in the body argument. For example, to exclude DocumentationParts from an imported API, set ignore equal to documentation. Additional documentation, including other parameters such as basepath, can be found in the API Gateway Developer Guide.' + policy: '- (Optional) JSON formatted policy document that controls access to the API Gateway. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. Terraform will only perform drift detection of its value when present in a configuration. It is recommended to use the aws_api_gateway_rest_api_policy resource instead. If importing an OpenAPI specification via the body argument, this corresponds to the x-amazon-apigateway-policy extension. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + root_resource_id: '- The resource ID of the REST API''s root' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + types: '- (Required) A list of endpoint types. This resource currently only supports managing a single value. Valid values: EDGE, REGIONAL or PRIVATE. If unspecified, defaults to EDGE. Must be declared as REGIONAL in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.' + vpc_endpoint_ids: '- (Optional) Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type. If importing an OpenAPI specification via the body argument, this corresponds to the x-amazon-apigateway-endpoint-configuration extension vpcEndpointIds property. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.' + aws_api_gateway_rest_api_policy: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway REST API Policy. + name: aws_api_gateway_rest_api_policy + titleName: aws_api_gateway_rest_api_policy + examples: + - manifest: |- + { + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"execute-api:Invoke\",\n \"Resource\": \"${aws_api_gateway_rest_api.test.execution_arn}\",\n \"Condition\": {\n \"IpAddress\": {\n \"aws:SourceIp\": \"123.123.123.123/32\"\n }\n }\n }\n ]\n}\n", + "rest_api_id": "${aws_api_gateway_rest_api.test.id}" + } + references: + rest_api_id: aws_api_gateway_rest_api.id + argumentDocs: + id: '- The ID of the REST API' + policy: '- (Required) JSON formatted policy document that controls access to the API Gateway. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide' + rest_api_id: '- (Required) The ID of the REST API.' + aws_api_gateway_stage: + subCategory: API Gateway (REST APIs) + description: Manages an API Gateway Stage. + name: aws_api_gateway_stage + titleName: aws_api_gateway_stage + examples: + - manifest: |- + { + "deployment_id": "${aws_api_gateway_deployment.example.id}", + "rest_api_id": "${aws_api_gateway_rest_api.example.id}", + "stage_name": "example" + } + references: + deployment_id: aws_api_gateway_deployment.id + rest_api_id: aws_api_gateway_rest_api.id + - manifest: |- + { + "depends_on": [ + "${aws_cloudwatch_log_group.example}" + ], + "stage_name": "${var.stage_name}" + } + references: + stage_name: var.stage_name + argumentDocs: + access_log_settings: '- (Optional) Enables access logs for the API stage. Detailed below.' + arn: '- Amazon Resource Name (ARN)' + cache_cluster_enabled: '- (Optional) Specifies whether a cache cluster is enabled for the stage' + cache_cluster_size: '- (Optional) The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237.' + client_certificate_id: '- (Optional) The identifier of a client certificate for the stage.' + deployment_id: '- (Required) The ID of the deployment that the stage points to' + description: '- (Optional) The description of the stage' + destination_arn: '- (Required) The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with amazon-apigateway-. Automatically removes trailing :* if present.' + documentation_version: '- (Optional) The version of the associated API documentation' + execution_arn: |- + - The execution ARN to be used in lambda_permission's source_arn + when allowing API Gateway to invoke a Lambda function, + e.g. arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod + format: |- + - (Required) The formatting and values recorded in the logs. + For more information on configuring the log format rules visit the AWS documentation + id: '- The ID of the stage' + invoke_url: |- + - The URL to invoke the API pointing to the stage, + e.g. https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod + rest_api_id: '- (Required) The ID of the associated REST API' + stage_name: '- (Required) The name of the stage' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + variables: '- (Optional) A map that defines the stage variables' + xray_tracing_enabled: '- (Optional) Whether active tracing with X-ray is enabled. Defaults to false.' + aws_api_gateway_usage_plan: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway Usage Plan. + name: aws_api_gateway_usage_plan + titleName: aws_api_gateway_usage_plan + examples: + - manifest: |- + { + "api_stages": [ + { + "api_id": "${aws_api_gateway_rest_api.example.id}", + "stage": "${aws_api_gateway_stage.development.stage_name}" + }, + { + "api_id": "${aws_api_gateway_rest_api.example.id}", + "stage": "${aws_api_gateway_stage.production.stage_name}" + } + ], + "description": "my description", + "name": "my-usage-plan", + "product_code": "MYCODE", + "quota_settings": [ + { + "limit": 20, + "offset": 2, + "period": "WEEK" + } + ], + "throttle_settings": [ + { + "burst_limit": 5, + "rate_limit": 10 + } + ] + } + argumentDocs: + api_id: (Required) - API Id of the associated API stage in a usage plan. + api_stages: '- The associated API stages of the usage plan.' + arn: '- Amazon Resource Name (ARN)' + burst_limit: (Optional) - The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity. + description: '- The description of a usage plan.' + id: '- The ID of the API resource' + limit: (Optional) - The maximum number of requests that can be made in a given time period. + name: '- The name of the usage plan.' + offset: (Optional) - The number of requests subtracted from the given limit in the initial time period. + period: (Optional) - The time period in which the limit applies. Valid values are "DAY", "WEEK" or "MONTH". + product_code: '- The AWS Marketplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace.' + quota_settings: '- The quota of the usage plan.' + rate_limit: (Optional) - The API request steady-state rate limit. + stage: (Required) - API stage name of the associated API stage in a usage plan. + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + throttle_settings: '- The throttling limits of the usage plan.' + aws_api_gateway_usage_plan_key: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway Usage Plan Key. + name: aws_api_gateway_usage_plan_key + titleName: aws_api_gateway_usage_plan_key + examples: + - manifest: |- + { + "key_id": "${aws_api_gateway_api_key.mykey.id}", + "key_type": "API_KEY", + "usage_plan_id": "${aws_api_gateway_usage_plan.myusageplan.id}" + } + references: + key_id: aws_api_gateway_api_key.id + usage_plan_id: aws_api_gateway_usage_plan.id + argumentDocs: + id: '- The Id of a usage plan key.' + key_id: '- The identifier of the API gateway key resource.' + key_type: '- The type of a usage plan key. Currently, the valid key type is API_KEY.' + name: '- The name of a usage plan key.' + usage_plan_id: '- The ID of the API resource' + value: '- The value of a usage plan key.' + aws_api_gateway_vpc_link: + subCategory: API Gateway (REST APIs) + description: Provides an API Gateway VPC Link. + name: aws_api_gateway_vpc_link + titleName: aws_api_gateway_vpc_link + examples: + - manifest: |- + { + "description": "example description", + "name": "example", + "target_arns": [ + "${aws_lb.example.arn}" + ] + } + argumentDocs: + description: '- (Optional) The description of the VPC link.' + id: '- The identifier of the VpcLink.' + name: '- (Required) The name used to label and identify the VPC link.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_arns: '- (Required, ForceNew) The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target.' + aws_apigatewayv2_api: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 API. + name: aws_apigatewayv2_api + titleName: aws_apigatewayv2_api + examples: + - manifest: |- + { + "name": "example-websocket-api", + "protocol_type": "WEBSOCKET", + "route_selection_expression": "$request.body.action" + } + - manifest: |- + { + "name": "example-http-api", + "protocol_type": "HTTP" + } + argumentDocs: + allow_credentials: '- (Optional) Whether credentials are included in the CORS request.' + allow_headers: '- (Optional) The set of allowed HTTP headers.' + allow_methods: '- (Optional) The set of allowed HTTP methods.' + allow_origins: '- (Optional) The set of allowed origins.' + api_endpoint: '- The URI of the API, of the form https://{api-id}.execute-api.{region}.amazonaws.com for HTTP APIs and wss://{api-id}.execute-api.{region}.amazonaws.com for WebSocket APIs.' + api_key_selection_expression: |- + - (Optional) An API key selection expression. + Valid values: $context.authorizer.usageIdentifierKey, $request.header.x-api-key. Defaults to $request.header.x-api-key. + Applicable for WebSocket APIs. + arn: '- The ARN of the API.' + body: '- (Optional) An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs.' + cors_configuration: '- (Optional) The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs.' + credentials_arn: '- (Optional) Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs.' + description: '- (Optional) The description of the API. Must be less than or equal to 1024 characters in length.' + disable_execute_api_endpoint: |- + - (Optional) Whether clients can invoke the API by using the default execute-api endpoint. + By default, clients can invoke the API with the default {api_id}.execute-api.{region}.amazonaws.com endpoint. + To require that clients use a custom domain name to invoke the API, disable the default endpoint. + execution_arn: |- + - The ARN prefix to be used in an aws_lambda_permission's source_arn attribute + or in an aws_iam_policy to authorize access to the @connections API. + See the Amazon API Gateway Developer Guide for details. + expose_headers: '- (Optional) The set of exposed HTTP headers.' + fail_on_warnings: '- (Optional) Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to false. Applicable for HTTP APIs.' + id: '- The API identifier.' + max_age: '- (Optional) The number of seconds that the browser should cache preflight request results.' + name: '- (Required) The name of the API. Must be less than or equal to 128 characters in length.' + protocol_type: '- (Required) The API protocol. Valid values: HTTP, WEBSOCKET.' + route_key: '- (Optional) Part of quick create. Specifies any route key. Applicable for HTTP APIs.' + route_selection_expression: |- + - (Optional) The route selection expression for the API. + Defaults to $request.method $request.path. + tags: '- (Optional) A map of tags to assign to the API. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target: |- + - (Optional) Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. + For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. + The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Applicable for HTTP APIs. + version: '- (Optional) A version identifier for the API. Must be between 1 and 64 characters in length.' + aws_apigatewayv2_api_mapping: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 API mapping. + name: aws_apigatewayv2_api_mapping + titleName: aws_apigatewayv2_api_mapping + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "domain_name": "${aws_apigatewayv2_domain_name.example.id}", + "stage": "${aws_apigatewayv2_stage.example.id}" + } + references: + api_id: aws_apigatewayv2_api.id + domain_name: aws_apigatewayv2_domain_name.id + stage: aws_apigatewayv2_stage.id + argumentDocs: + api_id: '- (Required) The API identifier.' + api_mapping_key: '- (Optional) The API mapping key.' + domain_name: '- (Required) The domain name. Use the aws_apigatewayv2_domain_name resource to configure a domain name.' + id: '- The API mapping identifier.' + stage: '- (Required) The API stage. Use the aws_apigatewayv2_stage resource to configure an API stage.' + aws_apigatewayv2_authorizer: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 authorizer. + name: aws_apigatewayv2_authorizer + titleName: aws_apigatewayv2_authorizer + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "authorizer_type": "REQUEST", + "authorizer_uri": "${aws_lambda_function.example.invoke_arn}", + "identity_sources": [ + "route.request.header.Auth" + ], + "name": "example-authorizer" + } + references: + api_id: aws_apigatewayv2_api.id + authorizer_uri: aws_lambda_function.invoke_arn + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "authorizer_type": "JWT", + "identity_sources": [ + "$request.header.Authorization" + ], + "jwt_configuration": [ + { + "audience": [ + "example" + ], + "issuer": "https://${aws_cognito_user_pool.example.endpoint}" + } + ], + "name": "example-authorizer" + } + references: + api_id: aws_apigatewayv2_api.id + argumentDocs: + api_id: '- (Required) The API identifier.' + audience: '- (Optional) A list of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.' + authorizer_credentials_arn: |- + - (Optional) The required credentials as an IAM role for API Gateway to invoke the authorizer. + Supported only for REQUEST authorizers. + authorizer_payload_format_version: |- + - (Optional) The format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. + Valid values: 1.0, 2.0. + authorizer_result_ttl_in_seconds: |- + - (Optional) The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. + If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. + Supported only for HTTP API Lambda authorizers. + authorizer_type: |- + - (Required) The authorizer type. Valid values: JWT, REQUEST. + Specify REQUEST for a Lambda function using incoming request parameters. + For HTTP APIs, specify JWT to use JSON Web Tokens. + authorizer_uri: |- + - (Optional) The authorizer's Uniform Resource Identifier (URI). + For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws_lambda_function resource. + Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length. + enable_simple_responses: |- + - (Optional) Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. + Supported only for HTTP APIs. + id: '- The authorizer identifier.' + identity_sources: |- + - (Optional) The identity sources for which authorization is requested. + For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. + For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests. + issuer: '- (Optional) The base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws_cognito_user_pool resource.' + jwt_configuration: |- + - (Optional) The configuration of a JWT authorizer. Required for the JWT authorizer type. + Supported only for HTTP APIs. + name: '- (Required) The name of the authorizer. Must be between 1 and 128 characters in length.' + aws_apigatewayv2_deployment: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 deployment. + name: aws_apigatewayv2_deployment + titleName: aws_apigatewayv2_deployment + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_route.example.api_id}", + "description": "Example deployment", + "lifecycle": [ + { + "create_before_destroy": true + } + ] + } + references: + api_id: aws_apigatewayv2_route.api_id + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "description": "Example deployment", + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "triggers": { + "redeployment": "${sha1(join(\",\", list(\n jsonencode(aws_apigatewayv2_integration.example),\n jsonencode(aws_apigatewayv2_route.example),\n )))}" + } + } + references: + api_id: aws_apigatewayv2_api.id + argumentDocs: + api_id: '- (Required) The API identifier.' + auto_deployed: '- Whether the deployment was automatically released.' + description: '- (Optional) The description for the deployment resource. Must be less than or equal to 1024 characters in length.' + id: '- The deployment identifier.' + triggers: '- (Optional) A map of arbitrary keys and values that, when changed, will trigger a redeployment. To force a redeployment without changing these keys/values, use the terraform taint command.' + aws_apigatewayv2_domain_name: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 domain name. + name: aws_apigatewayv2_domain_name + titleName: aws_apigatewayv2_domain_name + examples: + - manifest: |- + { + "domain_name": "ws-api.example.com", + "domain_name_configuration": [ + { + "certificate_arn": "${aws_acm_certificate.example.arn}", + "endpoint_type": "REGIONAL", + "security_policy": "TLS_1_2" + } + ] + } + - manifest: |- + { + "domain_name": "http-api.example.com", + "domain_name_configuration": [ + { + "certificate_arn": "${aws_acm_certificate.example.arn}", + "endpoint_type": "REGIONAL", + "security_policy": "TLS_1_2" + } + ] + } + argumentDocs: + api_mapping_selection_expression: '- The API mapping selection expression for the domain name.' + arn: '- The ARN of the domain name.' + certificate_arn: |- + - (Required) The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source. + Use the aws_acm_certificate resource to configure an ACM certificate. + create: '- (Default 10 minutes) Used for creating the domain name' + domain_name: '- (Required) The domain name. Must be between 1 and 512 characters in length.' + domain_name_configuration: '- (Required) The domain name configuration.' + endpoint_type: '- (Required) The endpoint type. Valid values: REGIONAL.' + hosted_zone_id: '- (Computed) The Amazon Route 53 Hosted Zone ID of the endpoint.' + id: '- The domain name identifier.' + mutual_tls_authentication: '- (Optional) The mutual TLS authentication configuration for the domain name.' + security_policy: '- (Required) The Transport Layer Security (TLS) version of the security policy for the domain name. Valid values: TLS_1_2.' + tags: '- (Optional) A map of tags to assign to the domain name. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_domain_name: '- (Computed) The target domain name.' + truststore_uri: |- + - (Required) An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, s3://bucket-name/key-name. + The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. + truststore_version: '- (Optional) The version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.' + update: '- (Default 60 minutes) Used for updating the domain name' + aws_apigatewayv2_integration: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 integration. + name: aws_apigatewayv2_integration + titleName: aws_apigatewayv2_integration + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "integration_type": "MOCK" + } + references: + api_id: aws_apigatewayv2_api.id + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "connection_type": "INTERNET", + "content_handling_strategy": "CONVERT_TO_TEXT", + "description": "Lambda example", + "integration_method": "POST", + "integration_type": "AWS", + "integration_uri": "${aws_lambda_function.example.invoke_arn}", + "passthrough_behavior": "WHEN_NO_MATCH" + } + references: + api_id: aws_apigatewayv2_api.id + integration_uri: aws_lambda_function.invoke_arn + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "credentials_arn": "${aws_iam_role.example.arn}", + "description": "SQS example", + "integration_subtype": "SQS-SendMessage", + "integration_type": "AWS_PROXY", + "request_parameters": { + "MessageBody": "$request.body.message", + "QueueUrl": "$request.header.queueUrl" + } + } + references: + api_id: aws_apigatewayv2_api.id + credentials_arn: aws_iam_role.arn + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "connection_id": "${aws_apigatewayv2_vpc_link.example.id}", + "connection_type": "VPC_LINK", + "credentials_arn": "${aws_iam_role.example.arn}", + "description": "Example with a load balancer", + "integration_method": "ANY", + "integration_type": "HTTP_PROXY", + "integration_uri": "${aws_lb_listener.example.arn}", + "request_parameters": { + "append:header.authforintegration": "$context.authorizer.authorizerResponse", + "overwrite:path": "staticValueForIntegration" + }, + "response_parameters": [ + { + "mappings": { + "append:header.auth": "$context.authorizer.authorizerResponse" + }, + "status_code": 403 + }, + { + "mappings": { + "overwrite:statuscode": "204" + }, + "status_code": 200 + } + ], + "tls_config": [ + { + "server_name_to_verify": "example.com" + } + ] + } + references: + api_id: aws_apigatewayv2_api.id + connection_id: aws_apigatewayv2_vpc_link.id + credentials_arn: aws_iam_role.arn + integration_uri: aws_lb_listener.arn + argumentDocs: + api_id: '- (Required) The API identifier.' + connection_id: '- (Optional) The ID of the VPC link for a private integration. Supported only for HTTP APIs. Must be between 1 and 1024 characters in length.' + connection_type: '- (Optional) The type of the network connection to the integration endpoint. Valid values: INTERNET, VPC_LINK. Default is INTERNET.' + content_handling_strategy: '- (Optional) How to handle response payload content type conversions. Valid values: CONVERT_TO_BINARY, CONVERT_TO_TEXT. Supported only for WebSocket APIs.' + credentials_arn: '- (Optional) The credentials required for the integration, if any.' + description: '- (Optional) The description of the integration.' + id: '- The integration identifier.' + integration_method: '- (Optional) The integration''s HTTP method. Must be specified if integration_type is not MOCK.' + integration_response_selection_expression: '- The integration response selection expression for the integration.' + integration_subtype: '- (Optional) Specifies the AWS service action to invoke. Supported only for HTTP APIs when integration_type is AWS_PROXY. See the AWS service integration reference documentation for supported values. Must be between 1 and 128 characters in length.' + integration_type: |- + - (Required) The integration type of an integration. + Valid values: AWS (supported only for WebSocket APIs), AWS_PROXY, HTTP (supported only for WebSocket APIs), HTTP_PROXY, MOCK (supported only for WebSocket APIs). For an HTTP API private integration, use HTTP_PROXY. + integration_uri: |- + - (Optional) The URI of the Lambda function for a Lambda proxy integration, when integration_type is AWS_PROXY. + For an HTTP integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. + mappings: |- + - (Required) A key-value map. The key of ths map identifies the location of the request parameter to change, and how to change it. The corresponding value specifies the new data for the parameter. + See the Amazon API Gateway Developer Guide for details. + passthrough_behavior: |- + - (Optional) The pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the request_templates attribute. + Valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, NEVER. Default is WHEN_NO_MATCH. Supported only for WebSocket APIs. + payload_format_version: '- (Optional) The format of the payload sent to an integration. Valid values: 1.0, 2.0. Default is 1.0.' + request_parameters: |- + - (Optional) For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. + For HTTP APIs with a specified integration_subtype, a key-value map specifying parameters that are passed to AWS_PROXY integrations. + For HTTP APIs without a specified integration_subtype, a key-value map specifying how to transform HTTP requests before sending them to the backend. + See the Amazon API Gateway Developer Guide for details. + request_templates: '- (Optional) A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. Supported only for WebSocket APIs.' + response_parameters: '- (Optional) Mappings to transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs.' + server_name_to_verify: '- (Optional) If you specify a server name, API Gateway uses it to verify the hostname on the integration''s certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting.' + status_code: '- (Required) The HTTP status code in the range 200-599.' + template_selection_expression: '- (Optional) The template selection expression for the integration.' + timeout_milliseconds: |- + - (Optional) Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. + The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs. + Terraform will only perform drift detection of its value when present in a configuration. + tls_config: '- (Optional) The TLS configuration for a private integration. Supported only for HTTP APIs.' + aws_apigatewayv2_integration_response: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 integration response. + name: aws_apigatewayv2_integration_response + titleName: aws_apigatewayv2_integration_response + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "integration_id": "${aws_apigatewayv2_integration.example.id}", + "integration_response_key": "/200/" + } + references: + api_id: aws_apigatewayv2_api.id + integration_id: aws_apigatewayv2_integration.id + argumentDocs: + api_id: '- (Required) The API identifier.' + content_handling_strategy: '- (Optional) How to handle response payload content type conversions. Valid values: CONVERT_TO_BINARY, CONVERT_TO_TEXT.' + id: '- The integration response identifier.' + integration_id: '- (Required) The identifier of the aws_apigatewayv2_integration.' + integration_response_key: '- (Required) The integration response key.' + response_templates: '- (Optional) A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client.' + template_selection_expression: '- (Optional) The template selection expression for the integration response.' + aws_apigatewayv2_model: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 model. + name: aws_apigatewayv2_model + titleName: aws_apigatewayv2_model + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "content_type": "application/json", + "name": "example", + "schema": "{\n \"$schema\": \"http://json-schema.org/draft-04/schema#\",\n \"title\": \"ExampleModel\",\n \"type\": \"object\",\n \"properties\": {\n \"id\": { \"type\": \"string\" }\n }\n}\n" + } + references: + api_id: aws_apigatewayv2_api.id + argumentDocs: + api_id: '- (Required) The API identifier.' + content_type: '- (Required) The content-type for the model, for example, application/json. Must be between 1 and 256 characters in length.' + description: '- (Optional) The description of the model. Must be between 1 and 128 characters in length.' + id: '- The model identifier.' + name: '- (Required) The name of the model. Must be alphanumeric. Must be between 1 and 128 characters in length.' + schema: '- (Required) The schema for the model. This should be a JSON schema draft 4 model. Must be less than or equal to 32768 characters in length.' + aws_apigatewayv2_route: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 route. + name: aws_apigatewayv2_route + titleName: aws_apigatewayv2_route + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "route_key": "$default" + } + references: + api_id: aws_apigatewayv2_api.id + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "route_key": "ANY /example/{proxy+}", + "target": "integrations/${aws_apigatewayv2_integration.example.id}" + } + references: + api_id: aws_apigatewayv2_api.id + argumentDocs: + api_id: '- (Required) The API identifier.' + api_key_required: '- (Optional) Boolean whether an API key is required for the route. Defaults to false. Supported only for WebSocket APIs.' + authorization_scopes: '- (Optional) The authorization scopes supported by this route. The scopes are used with a JWT authorizer to authorize the method invocation.' + authorization_type: |- + - (Optional) The authorization type for the route. + For WebSocket APIs, valid values are NONE for open access, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer. + For HTTP APIs, valid values are NONE for open access, JWT for using JSON Web Tokens, AWS_IAM for using AWS IAM permissions, and CUSTOM for using a Lambda authorizer. + Defaults to NONE. + authorizer_id: '- (Optional) The identifier of the aws_apigatewayv2_authorizer resource to be associated with this route.' + id: '- The route identifier.' + model_selection_expression: '- (Optional) The model selection expression for the route. Supported only for WebSocket APIs.' + operation_name: '- (Optional) The operation name for the route. Must be between 1 and 64 characters in length.' + request_models: '- (Optional) The request models for the route. Supported only for WebSocket APIs.' + request_parameter: '- (Optional) The request parameters for the route. Supported only for WebSocket APIs.' + request_parameter_key: '- (Required) Request parameter key. This is a request data mapping parameter.' + required: '- (Required) Boolean whether or not the parameter is required.' + route_key: '- (Required) The route key for the route. For HTTP APIs, the route key can be either $default, or a combination of an HTTP method and resource path, for example, GET /pets.' + route_response_selection_expression: '- (Optional) The route response selection expression for the route. Supported only for WebSocket APIs.' + target: '- (Optional) The target for the route, of the form integrations/IntegrationID, where IntegrationID is the identifier of an aws_apigatewayv2_integration resource.' + aws_apigatewayv2_route_response: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 route response. + name: aws_apigatewayv2_route_response + titleName: aws_apigatewayv2_route_response + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "route_id": "${aws_apigatewayv2_route.example.id}", + "route_response_key": "$default" + } + references: + api_id: aws_apigatewayv2_api.id + route_id: aws_apigatewayv2_route.id + argumentDocs: + api_id: '- (Required) The API identifier.' + id: '- The route response identifier.' + model_selection_expression: '- (Optional) The model selection expression for the route response.' + response_models: '- (Optional) The response models for the route response.' + route_id: '- (Required) The identifier of the aws_apigatewayv2_route.' + route_response_key: '- (Required) The route response key.' + aws_apigatewayv2_stage: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 stage. + name: aws_apigatewayv2_stage + titleName: aws_apigatewayv2_stage + examples: + - manifest: |- + { + "api_id": "${aws_apigatewayv2_api.example.id}", + "name": "example-stage" + } + references: + api_id: aws_apigatewayv2_api.id + argumentDocs: + access_log_settings: |- + - (Optional) Settings for logging access in this stage. + Use the aws_api_gateway_account resource to configure permissions for CloudWatch Logging. + api_id: '- (Required) The API identifier.' + arn: '- The ARN of the stage.' + auto_deploy: '- (Optional) Whether updates to an API automatically trigger a new deployment. Defaults to false. Applicable for HTTP APIs.' + client_certificate_id: |- + - (Optional) The identifier of a client certificate for the stage. Use the aws_api_gateway_client_certificate resource to configure a client certificate. + Supported only for WebSocket APIs. + data_trace_enabled: |- + - (Optional) Whether data trace logging is enabled for the route. Affects the log entries pushed to Amazon CloudWatch Logs. + Defaults to false. Supported only for WebSocket APIs. + default_route_settings: '- (Optional) The default route settings for the stage.' + deployment_id: '- (Optional) The deployment identifier of the stage. Use the aws_apigatewayv2_deployment resource to configure a deployment.' + description: '- (Optional) The description for the stage. Must be less than or equal to 1024 characters in length.' + destination_arn: '- (Required) The ARN of the CloudWatch Logs log group to receive access logs. Any trailing :* is trimmed from the ARN.' + detailed_metrics_enabled: '- (Optional) Whether detailed metrics are enabled for the route. Defaults to false.' + execution_arn: |- + - The ARN prefix to be used in an aws_lambda_permission's source_arn attribute. + For WebSocket APIs this attribute can additionally be used in an aws_iam_policy to authorize access to the @connections API. + See the Amazon API Gateway Developer Guide for details. + format: '- (Required) A single line format of the access logs of data, as specified by selected $context variables.' + id: '- The stage identifier.' + invoke_url: |- + - The URL to invoke the API pointing to the stage, + e.g. wss://z4675bid1j.execute-api.eu-west-2.amazonaws.com/example-stage, or https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/ + logging_level: |- + - (Optional) The logging level for the route. Affects the log entries pushed to Amazon CloudWatch Logs. + Valid values: ERROR, INFO, OFF. Defaults to OFF. Supported only for WebSocket APIs. Terraform will only perform drift detection of its value when present in a configuration. + name: '- (Required) The name of the stage. Must be between 1 and 128 characters in length.' + route_key: '- (Required) Route key.' + route_settings: '- (Optional) Route settings for the stage.' + stage_variables: '- (Optional) A map that defines the stage variables for the stage.' + tags: '- (Optional) A map of tags to assign to the stage. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + throttling_burst_limit: '- (Optional) The throttling burst limit for the route.' + throttling_rate_limit: '- (Optional) The throttling rate limit for the route.' + aws_apigatewayv2_vpc_link: + subCategory: API Gateway v2 (WebSocket and HTTP APIs) + description: Manages an Amazon API Gateway Version 2 VPC Link. + name: aws_apigatewayv2_vpc_link + titleName: aws_apigatewayv2_vpc_link + examples: + - manifest: |- + { + "name": "example", + "security_group_ids": [ + "${data.aws_security_group.example.id}" + ], + "subnet_ids": "${data.aws_subnet_ids.example.ids}", + "tags": { + "Usage": "example" + } + } + references: + subnet_ids: data.ids + argumentDocs: + arn: '- The VPC Link ARN.' + id: '- The VPC Link identifier.' + name: '- (Required) The name of the VPC Link. Must be between 1 and 128 characters in length.' + security_group_ids: '- (Required) Security group IDs for the VPC Link.' + subnet_ids: '- (Required) Subnet IDs for the VPC Link.' + tags: '- (Optional) A map of tags to assign to the VPC Link. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_app_cookie_stickiness_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides an application cookie stickiness policy, which allows an ELB to wed its stickiness cookie to a cookie generated by your application. + name: aws_app_cookie_stickiness_policy + titleName: aws_app_cookie_stickiness_policy + examples: + - manifest: |- + { + "cookie_name": "MyAppCookie", + "lb_port": 80, + "load_balancer": "${aws_elb.lb.name}", + "name": "foo_policy" + } + references: + load_balancer: aws_elb.name + argumentDocs: + cookie_name: '- The application cookie whose lifetime the ELB''s cookie should follow.' + id: '- The ID of the policy.' + lb_port: '- The load balancer port to which the policy is applied.' + load_balancer: '- The name of load balancer to which the policy is attached.' + name: '- The name of the stickiness policy.' + aws_appautoscaling_policy: + subCategory: Application Autoscaling + description: Provides an Application AutoScaling Policy resource. + name: aws_appautoscaling_policy + titleName: aws_appautoscaling_policy + examples: + - manifest: |- + { + "name": "DynamoDBReadCapacityUtilization:${aws_appautoscaling_target.dynamodb_table_read_target.resource_id}", + "policy_type": "TargetTrackingScaling", + "resource_id": "${aws_appautoscaling_target.dynamodb_table_read_target.resource_id}", + "scalable_dimension": "${aws_appautoscaling_target.dynamodb_table_read_target.scalable_dimension}", + "service_namespace": "${aws_appautoscaling_target.dynamodb_table_read_target.service_namespace}", + "target_tracking_scaling_policy_configuration": [ + { + "predefined_metric_specification": [ + { + "predefined_metric_type": "DynamoDBReadCapacityUtilization" + } + ], + "target_value": 70 + } + ] + } + references: + resource_id: aws_appautoscaling_target.resource_id + scalable_dimension: aws_appautoscaling_target.scalable_dimension + service_namespace: aws_appautoscaling_target.service_namespace + - manifest: |- + { + "name": "scale-down", + "policy_type": "StepScaling", + "resource_id": "${aws_appautoscaling_target.ecs_target.resource_id}", + "scalable_dimension": "${aws_appautoscaling_target.ecs_target.scalable_dimension}", + "service_namespace": "${aws_appautoscaling_target.ecs_target.service_namespace}", + "step_scaling_policy_configuration": [ + { + "adjustment_type": "ChangeInCapacity", + "cooldown": 60, + "metric_aggregation_type": "Maximum", + "step_adjustment": [ + { + "metric_interval_upper_bound": 0, + "scaling_adjustment": -1 + } + ] + } + ] + } + references: + resource_id: aws_appautoscaling_target.resource_id + scalable_dimension: aws_appautoscaling_target.scalable_dimension + service_namespace: aws_appautoscaling_target.service_namespace + - manifest: |- + { + "name": "cpu-auto-scaling", + "policy_type": "TargetTrackingScaling", + "resource_id": "${aws_appautoscaling_target.replicas.resource_id}", + "scalable_dimension": "${aws_appautoscaling_target.replicas.scalable_dimension}", + "service_namespace": "${aws_appautoscaling_target.replicas.service_namespace}", + "target_tracking_scaling_policy_configuration": [ + { + "predefined_metric_specification": [ + { + "predefined_metric_type": "RDSReaderAverageCPUUtilization" + } + ], + "scale_in_cooldown": 300, + "scale_out_cooldown": 300, + "target_value": 75 + } + ] + } + references: + resource_id: aws_appautoscaling_target.resource_id + scalable_dimension: aws_appautoscaling_target.scalable_dimension + service_namespace: aws_appautoscaling_target.service_namespace + - manifest: |- + { + "step_scaling_policy_configuration": [ + { + "step_adjustment": [ + { + "metric_interval_lower_bound": 1, + "metric_interval_upper_bound": 2, + "scaling_adjustment": -1 + }, + { + "metric_interval_lower_bound": 2, + "metric_interval_upper_bound": 3, + "scaling_adjustment": 1 + } + ] + } + ] + } + - manifest: |- + { + "policy_type": "TargetTrackingScaling", + "target_tracking_scaling_policy_configuration": [ + { + "customized_metric_specification": [ + { + "dimensions": [ + { + "name": "MyOptionalMetricDimensionName", + "value": "MyOptionalMetricDimensionValue" + } + ], + "metric_name": "MyUtilizationMetric", + "namespace": "MyNamespace", + "statistic": "Average", + "unit": "Percent" + } + ], + "target_value": 40 + } + ] + } + argumentDocs: + adjustment_type: '- (Required) Specifies whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are ChangeInCapacity, ExactCapacity, and PercentChangeInCapacity.' + arn: '- The ARN assigned by AWS to the scaling policy.' + cooldown: '- (Required) The amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start.' + customized_metric_specification: '- (Optional) A custom CloudWatch metric. Documentation can be found at: AWS Customized Metric Specification. See supported fields below.' + dimensions: '- (Optional) Configuration block(s) with the dimensions of the metric if the metric was published with dimensions. Detailed below.' + disable_scale_in: '- (Optional) Indicates whether scale in by the target tracking policy is disabled. If the value is true, scale in is disabled and the target tracking policy won''t remove capacity from the scalable resource. Otherwise, scale in is enabled and the target tracking policy can remove capacity from the scalable resource. The default value is false.' + metric_aggregation_type: '- (Optional) The aggregation type for the policy''s metrics. Valid values are "Minimum", "Maximum", and "Average". Without a value, AWS will treat the aggregation type as "Average".' + metric_interval_lower_bound: '- (Optional) The lower bound for the difference between the alarm threshold and the CloudWatch metric. Without a value, AWS will treat this bound as negative infinity.' + metric_interval_upper_bound: '- (Optional) The upper bound for the difference between the alarm threshold and the CloudWatch metric. Without a value, AWS will treat this bound as infinity. The upper bound must be greater than the lower bound.' + metric_name: '- (Required) The name of the metric.' + min_adjustment_magnitude: '- (Optional) The minimum number to adjust your scalable dimension as a result of a scaling activity. If the adjustment type is PercentChangeInCapacity, the scaling policy changes the scalable dimension of the scalable target by this amount.' + name: '- The scaling policy''s name.' + namespace: '- (Required) The namespace of the metric.' + policy_type: '- The scaling policy''s type.' + predefined_metric_specification: '- (Optional) A predefined metric. See supported fields below.' + predefined_metric_type: '- (Required) The metric type.' + resource_id: '- (Required) The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the ResourceId parameter at: AWS Application Auto Scaling API Reference' + resource_label: '- (Optional) Reserved for future use. Must be less than or equal to 1023 characters in length.' + scalable_dimension: '- (Required) The scalable dimension of the scalable target. Documentation can be found in the ScalableDimension parameter at: AWS Application Auto Scaling API Reference' + scale_in_cooldown: '- (Optional) The amount of time, in seconds, after a scale in activity completes before another scale in activity can start.' + scale_out_cooldown: '- (Optional) The amount of time, in seconds, after a scale out activity completes before another scale out activity can start.' + scaling_adjustment: '- (Required) The number of members by which to scale, when the adjustment bounds are breached. A positive value scales up. A negative value scales down.' + service_namespace: '- (Required) The AWS service namespace of the scalable target. Documentation can be found in the ServiceNamespace parameter at: AWS Application Auto Scaling API Reference' + statistic: '- (Required) The statistic of the metric. Valid values: Average, Minimum, Maximum, SampleCount, and Sum.' + step_adjustment: '- (Optional) A set of adjustments that manage scaling. These have the following structure:' + step_scaling_policy_configuration: '- (Optional) Step scaling policy configuration, requires policy_type = "StepScaling" (default). See supported fields below.' + target_tracking_scaling_policy_configuration: '- (Optional) A target tracking policy, requires policy_type = "TargetTrackingScaling". See supported fields below.' + target_value: '- (Required) The target value for the metric.' + unit: '- (Optional) The unit of the metric.' + value: '- (Required) Value of the dimension.' + aws_appautoscaling_scheduled_action: + subCategory: Application Autoscaling + description: Provides an Application AutoScaling ScheduledAction resource. + name: aws_appautoscaling_scheduled_action + titleName: aws_appautoscaling_scheduled_action + examples: + - manifest: |- + { + "name": "dynamodb", + "resource_id": "${aws_appautoscaling_target.dynamodb.resource_id}", + "scalable_dimension": "${aws_appautoscaling_target.dynamodb.scalable_dimension}", + "scalable_target_action": [ + { + "max_capacity": 200, + "min_capacity": 1 + } + ], + "schedule": "at(2006-01-02T15:04:05)", + "service_namespace": "${aws_appautoscaling_target.dynamodb.service_namespace}" + } + references: + resource_id: aws_appautoscaling_target.resource_id + scalable_dimension: aws_appautoscaling_target.scalable_dimension + service_namespace: aws_appautoscaling_target.service_namespace + - manifest: |- + { + "name": "ecs", + "resource_id": "${aws_appautoscaling_target.ecs.resource_id}", + "scalable_dimension": "${aws_appautoscaling_target.ecs.scalable_dimension}", + "scalable_target_action": [ + { + "max_capacity": 10, + "min_capacity": 1 + } + ], + "schedule": "at(2006-01-02T15:04:05)", + "service_namespace": "${aws_appautoscaling_target.ecs.service_namespace}" + } + references: + resource_id: aws_appautoscaling_target.resource_id + scalable_dimension: aws_appautoscaling_target.scalable_dimension + service_namespace: aws_appautoscaling_target.service_namespace + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the scheduled action.' + end_time: '- (Optional) The date and time for the scheduled action to end in RFC 3339 format. The timezone is not affected by the setting of timezone.' + max_capacity: '- (Optional) The maximum capacity. At least one of max_capacity or min_capacity must be set.' + min_capacity: '- (Optional) The minimum capacity. At least one of min_capacity or max_capacity must be set.' + name: '- (Required) The name of the scheduled action.' + resource_id: '- (Required) The identifier of the resource associated with the scheduled action. Documentation can be found in the parameter at: AWS Application Auto Scaling API Reference' + scalable_dimension: '- (Required) The scalable dimension. Documentation can be found in the parameter at: AWS Application Auto Scaling API Reference Example: ecs:service:DesiredCount' + scalable_target_action: '- (Required) The new minimum and maximum capacity. You can set both values or just one. See below' + schedule: '- (Required) The schedule for this action. The following formats are supported: At expressions - at(yyyy-mm-ddThh:mm:ss), Rate expressions - rate(valueunit), Cron expressions - cron(fields). Times for at expressions and cron expressions are evaluated using the time zone configured in timezone. Documentation can be found in the parameter at: AWS Application Auto Scaling API Reference' + service_namespace: '- (Required) The namespace of the AWS service. Documentation can be found in the parameter at: AWS Application Auto Scaling API Reference Example: ecs' + start_time: '- (Optional) The date and time for the scheduled action to start in RFC 3339 format. The timezone is not affected by the setting of timezone.' + timezone: '- (Optional) The time zone used when setting a scheduled action by using an at or cron expression. Does not affect timezone for start_time and end_time. Valid values are the canonical names of the IANA time zones supported by Joda-Time, such as Etc/GMT+9 or Pacific/Tahiti. Default is UTC.' + aws_appautoscaling_target: + subCategory: Application Autoscaling + description: Provides an Application AutoScaling ScalableTarget resource. + name: aws_appautoscaling_target + titleName: aws_appautoscaling_target + examples: + - manifest: |- + { + "max_capacity": 100, + "min_capacity": 5, + "resource_id": "table/${aws_dynamodb_table.example.name}", + "scalable_dimension": "dynamodb:table:ReadCapacityUnits", + "service_namespace": "dynamodb" + } + - manifest: |- + { + "max_capacity": 100, + "min_capacity": 5, + "resource_id": "table/${aws_dynamodb_table.example.name}/index/${var.index_name}", + "scalable_dimension": "dynamodb:index:ReadCapacityUnits", + "service_namespace": "dynamodb" + } + - manifest: |- + { + "max_capacity": 4, + "min_capacity": 1, + "resource_id": "service/${aws_ecs_cluster.example.name}/${aws_ecs_service.example.name}", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs" + } + - manifest: |- + { + "max_capacity": 15, + "min_capacity": 1, + "resource_id": "cluster:${aws_rds_cluster.example.id}", + "scalable_dimension": "rds:cluster:ReadReplicaCount", + "service_namespace": "rds" + } + argumentDocs: + max_capacity: '- (Required) The max capacity of the scalable target.' + min_capacity: '- (Required) The min capacity of the scalable target.' + resource_id: '- (Required) The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the ResourceId parameter at: AWS Application Auto Scaling API Reference' + role_arn: '- (Optional) The ARN of the IAM role that allows Application AutoScaling to modify your scalable target on your behalf. This defaults to an IAM Service-Linked Role for most services and custom IAM Roles are ignored by the API for those namespaces. See the AWS Application Auto Scaling documentation for more information about how this service interacts with IAM.' + scalable_dimension: '- (Required) The scalable dimension of the scalable target. Documentation can be found in the ScalableDimension parameter at: AWS Application Auto Scaling API Reference' + service_namespace: '- (Required) The AWS service namespace of the scalable target. Documentation can be found in the ServiceNamespace parameter at: AWS Application Auto Scaling API Reference' + aws_appconfig_application: + subCategory: AppConfig + description: Provides an AppConfig Application resource. + name: aws_appconfig_application + titleName: aws_appconfig_application + examples: + - manifest: |- + { + "description": "Example AppConfig Application", + "name": "example-application-tf", + "tags": { + "Type": "AppConfig Application" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the AppConfig Application.' + description: '- (Optional) The description of the application. Can be at most 1024 characters.' + id: '- The AppConfig application ID.' + name: '- (Required) The name for the application. Must be between 1 and 64 characters in length.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_appconfig_configuration_profile: + subCategory: AppConfig + description: Provides an AppConfig Configuration Profile resource. + name: aws_appconfig_configuration_profile + titleName: aws_appconfig_configuration_profile + examples: + - manifest: |- + { + "application_id": "${aws_appconfig_application.example.id}", + "description": "Example Configuration Profile", + "location_uri": "hosted", + "name": "example-configuration-profile-tf", + "tags": { + "Type": "AppConfig Configuration Profile" + }, + "validator": [ + { + "content": "${aws_lambda_function.example.arn}", + "type": "LAMBDA" + } + ] + } + references: + application_id: aws_appconfig_application.id + argumentDocs: + application_id: '- (Required, Forces new resource) The application ID. Must be between 4 and 7 characters in length.' + arn: '- The Amazon Resource Name (ARN) of the AppConfig Configuration Profile.' + configuration_profile_id: '- The configuration profile ID.' + content: '- (Optional, Required when type is LAMBDA) Either the JSON Schema content or the Amazon Resource Name (ARN) of an AWS Lambda function.' + description: '- (Optional) The description of the configuration profile. Can be at most 1024 characters.' + id: '- The AppConfig configuration profile ID and application ID separated by a colon (:).' + location_uri: '- (Required, Forces new resource) A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For the hosted configuration store, specify hosted. For an SSM document, specify either the document name in the format ssm-document:// or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format ssm-parameter:// or the ARN. For an Amazon S3 object, specify the URI in the following format: s3:///.' + name: '- (Required) The name for the configuration profile. Must be between 1 and 64 characters in length.' + retrieval_role_arn: '- (Optional) The ARN of an IAM role with permission to access the configuration at the specified location_uri. A retrieval role ARN is not required for configurations stored in the AWS AppConfig hosted configuration store. It is required for all other sources that store your configuration.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of validator. Valid values: JSON_SCHEMA and LAMBDA.' + validator: '- (Optional) A set of methods for validating the configuration. Maximum of 2. See Validator below for more details.' + aws_appconfig_deployment: + subCategory: AppConfig + description: Provides an AppConfig Deployment resource. + name: aws_appconfig_deployment + titleName: aws_appconfig_deployment + examples: + - manifest: |- + { + "application_id": "${aws_appconfig_application.example.id}", + "configuration_profile_id": "${aws_appconfig_configuration_profile.example.configuration_profile_id}", + "configuration_version": "${aws_appconfig_hosted_configuration_version.example.version_number}", + "deployment_strategy_id": "${aws_appconfig_deployment_strategy.example.id}", + "description": "My example deployment", + "environment_id": "${aws_appconfig_environment.example.environment_id}", + "tags": { + "Type": "AppConfig Deployment" + } + } + references: + application_id: aws_appconfig_application.id + configuration_profile_id: aws_appconfig_configuration_profile.configuration_profile_id + configuration_version: aws_appconfig_hosted_configuration_version.version_number + deployment_strategy_id: aws_appconfig_deployment_strategy.id + environment_id: aws_appconfig_environment.environment_id + argumentDocs: + application_id: '- (Required, Forces new resource) The application ID. Must be between 4 and 7 characters in length.' + arn: '- The Amazon Resource Name (ARN) of the AppConfig Deployment.' + configuration_profile_id: '- (Required, Forces new resource) The configuration profile ID. Must be between 4 and 7 characters in length.' + configuration_version: '- (Required, Forces new resource) The configuration version to deploy. Can be at most 1024 characters.' + deployment_number: '- The deployment number.' + deployment_strategy_id: '- (Required, Forces new resource) The deployment strategy ID or name of a predefined deployment strategy. See Predefined Deployment Strategies for more details.' + description: '- (Optional, Forces new resource) The description of the deployment. Can be at most 1024 characters.' + environment_id: '- (Required, Forces new resource) The environment ID. Must be between 4 and 7 characters in length.' + id: '- The AppConfig application ID, environment ID, and deployment number separated by a slash (/).' + state: '- The state of the deployment.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_appconfig_deployment_strategy: + subCategory: AppConfig + description: Provides an AppConfig Deployment Strategy resource. + name: aws_appconfig_deployment_strategy + titleName: aws_appconfig_deployment_strategy + examples: + - manifest: |- + { + "deployment_duration_in_minutes": 3, + "description": "Example Deployment Strategy", + "final_bake_time_in_minutes": 4, + "growth_factor": 10, + "growth_type": "LINEAR", + "name": "example-deployment-strategy-tf", + "replicate_to": "NONE", + "tags": { + "Type": "AppConfig Deployment Strategy" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy.' + deployment_duration_in_minutes: '- (Required) Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440.' + description: '- (Optional) A description of the deployment strategy. Can be at most 1024 characters.' + final_bake_time_in_minutes: '- (Optional) The amount of time AWS AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic roll back. Minimum value of 0, maximum value of 1440.' + growth_factor: '- (Required) The percentage of targets to receive a deployed configuration during each interval. Minimum value of 1.0, maximum value of 100.0.' + growth_type: '- (Optional) The algorithm used to define how percentage grows over time. Valid value: LINEAR and EXPONENTIAL. Defaults to LINEAR.' + id: '- The AppConfig deployment strategy ID.' + name: '- (Required, Forces new resource) A name for the deployment strategy. Must be between 1 and 64 characters in length.' + replicate_to: '- (Required, Forces new resource) Where to save the deployment strategy. Valid values: NONE and SSM_DOCUMENT.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_appconfig_environment: + subCategory: AppConfig + description: Provides an AppConfig Environment resource. + name: aws_appconfig_environment + titleName: aws_appconfig_environment + examples: + - manifest: |- + { + "application_id": "${aws_appconfig_application.example.id}", + "description": "Example AppConfig Environment", + "monitor": [ + { + "alarm_arn": "${aws_cloudwatch_metric_alarm.example.arn}", + "alarm_role_arn": "${aws_iam_role.example.arn}" + } + ], + "name": "example-environment-tf", + "tags": { + "Type": "AppConfig Environment" + } + } + references: + application_id: aws_appconfig_application.id + argumentDocs: + alarm_arn: '- (Required) ARN of the Amazon CloudWatch alarm.' + alarm_role_arn: '- (Optional) ARN of an IAM role for AWS AppConfig to monitor alarm_arn.' + application_id: '- (Required, Forces new resource) The AppConfig application ID. Must be between 4 and 7 characters in length.' + arn: '- The Amazon Resource Name (ARN) of the AppConfig Environment.' + description: '- (Optional) The description of the environment. Can be at most 1024 characters.' + environment_id: '- The AppConfig environment ID.' + id: '- The AppConfig environment ID and application ID separated by a colon (:).' + monitor: '- (Optional) Set of Amazon CloudWatch alarms to monitor during the deployment process. Maximum of 5. See Monitor below for more details.' + name: '- (Required) The name for the environment. Must be between 1 and 64 characters in length.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_appconfig_hosted_configuration_version: + subCategory: AppConfig + description: Provides an AppConfig Hosted Configuration Version resource. + name: aws_appconfig_hosted_configuration_version + titleName: aws_appconfig_hosted_configuration_version + examples: + - manifest: |- + { + "application_id": "${aws_appconfig_application.example.id}", + "configuration_profile_id": "${aws_appconfig_configuration_profile.example.configuration_profile_id}", + "content": "${jsonencode({\n foo = \"bar\"\n })}", + "content_type": "application/json", + "description": "Example Hosted Configuration Version" + } + references: + application_id: aws_appconfig_application.id + configuration_profile_id: aws_appconfig_configuration_profile.configuration_profile_id + argumentDocs: + application_id: '- (Required, Forces new resource) The application ID.' + arn: '- The Amazon Resource Name (ARN) of the AppConfig hosted configuration version.' + configuration_profile_id: '- (Required, Forces new resource) The configuration profile ID.' + content: '- (Required, Forces new resource) The content of the configuration or the configuration data.' + content_type: '- (Required, Forces new resource) A standard MIME type describing the format of the configuration content. For more information, see Content-Type.' + description: '- (Optional, Forces new resource) A description of the configuration.' + id: '- The AppConfig application ID, configuration profile ID, and version number separated by a slash (/).' + version_number: '- The version number of the hosted configuration.' + aws_appmesh_gateway_route: + subCategory: AppMesh + description: Provides an AWS App Mesh gateway route resource. + name: aws_appmesh_gateway_route + titleName: aws_appmesh_gateway_route + examples: + - manifest: |- + { + "mesh_name": "example-service-mesh", + "name": "example-gateway-route", + "spec": [ + { + "http_route": [ + { + "action": [ + { + "target": [ + { + "virtual_service": [ + { + "virtual_service_name": "${aws_appmesh_virtual_service.example.name}" + } + ] + } + ] + } + ], + "match": [ + { + "prefix": "/" + } + ] + } + ] + } + ], + "tags": { + "Environment": "test" + }, + "virtual_gateway_name": "${aws_appmesh_virtual_gateway.example.name}" + } + references: + virtual_gateway_name: aws_appmesh_virtual_gateway.name + argumentDocs: + action: '- (Required) The action to take if a match is determined.' + arn: '- The ARN of the gateway route.' + created_date: '- The creation date of the gateway route.' + grpc_route: '- (Optional) The specification of a gRPC gateway route.' + http_route: '- (Optional) The specification of an HTTP gateway route.' + http2_route: '- (Optional) The specification of an HTTP/2 gateway route.' + id: '- The ID of the gateway route.' + last_updated_date: '- The last update date of the gateway route.' + match: '- (Required) The criteria for determining a request match.' + mesh_name: '- (Required) The name of the service mesh in which to create the gateway route. Must be between 1 and 255 characters in length.' + mesh_owner: '- (Optional) The AWS account ID of the service mesh''s owner. Defaults to the account ID the AWS provider is currently connected to.' + name: '- (Required) The name to use for the gateway route. Must be between 1 and 255 characters in length.' + prefix: '- (Required) Specifies the path to match requests with. This parameter must always start with /, which by itself matches all requests to the virtual service name.' + resource_owner: '- The resource owner''s AWS account ID.' + service_name: '- (Required) The fully qualified domain name for the service to match from the request.' + spec: '- (Required) The gateway route specification to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target: '- (Required) The target that traffic is routed to when a request matches the gateway route.' + virtual_gateway_name: '- (Required) The name of the virtual gateway to associate the gateway route with. Must be between 1 and 255 characters in length.' + virtual_service: '- (Required) The virtual service gateway route target.' + virtual_service_name: '- (Required) The name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length.' + aws_appmesh_mesh: + subCategory: AppMesh + description: Provides an AWS App Mesh service mesh resource. + name: aws_appmesh_mesh + titleName: aws_appmesh_mesh + examples: + - manifest: |- + { + "name": "simpleapp" + } + - manifest: |- + { + "name": "simpleapp", + "spec": [ + { + "egress_filter": [ + { + "type": "ALLOW_ALL" + } + ] + } + ] + } + argumentDocs: + arn: '- The ARN of the service mesh.' + created_date: '- The creation date of the service mesh.' + egress_filter: '- (Optional) The egress filter rules for the service mesh.' + id: '- The ID of the service mesh.' + last_updated_date: '- The last update date of the service mesh.' + mesh_owner: '- The AWS account ID of the service mesh''s owner.' + name: '- (Required) The name to use for the service mesh. Must be between 1 and 255 characters in length.' + resource_owner: '- The resource owner''s AWS account ID.' + spec: '- (Optional) The service mesh specification to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: |- + - (Optional) The egress filter type. By default, the type is DROP_ALL. + Valid values are ALLOW_ALL and DROP_ALL. + aws_appmesh_route: + subCategory: AppMesh + description: Provides an AWS App Mesh route resource. + name: aws_appmesh_route + titleName: aws_appmesh_route + examples: + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceB-route", + "spec": [ + { + "http_route": [ + { + "action": [ + { + "weighted_target": [ + { + "virtual_node": "${aws_appmesh_virtual_node.serviceb1.name}", + "weight": 90 + }, + { + "virtual_node": "${aws_appmesh_virtual_node.serviceb2.name}", + "weight": 10 + } + ] + } + ], + "match": [ + { + "prefix": "/" + } + ] + } + ] + } + ], + "virtual_router_name": "${aws_appmesh_virtual_router.serviceb.name}" + } + references: + mesh_name: aws_appmesh_mesh.id + virtual_router_name: aws_appmesh_virtual_router.name + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceB-route", + "spec": [ + { + "http_route": [ + { + "action": [ + { + "weighted_target": [ + { + "virtual_node": "${aws_appmesh_virtual_node.serviceb.name}", + "weight": 100 + } + ] + } + ], + "match": [ + { + "header": [ + { + "match": [ + { + "prefix": "123" + } + ], + "name": "clientRequestId" + } + ], + "method": "POST", + "prefix": "/", + "scheme": "https" + } + ] + } + ] + } + ], + "virtual_router_name": "${aws_appmesh_virtual_router.serviceb.name}" + } + references: + mesh_name: aws_appmesh_mesh.id + virtual_router_name: aws_appmesh_virtual_router.name + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceB-route", + "spec": [ + { + "http_route": [ + { + "action": [ + { + "weighted_target": [ + { + "virtual_node": "${aws_appmesh_virtual_node.serviceb.name}", + "weight": 100 + } + ] + } + ], + "match": [ + { + "prefix": "/" + } + ], + "retry_policy": [ + { + "http_retry_events": [ + "server-error" + ], + "max_retries": 1, + "per_retry_timeout": [ + { + "unit": "s", + "value": 15 + } + ] + } + ] + } + ] + } + ], + "virtual_router_name": "${aws_appmesh_virtual_router.serviceb.name}" + } + references: + mesh_name: aws_appmesh_mesh.id + virtual_router_name: aws_appmesh_virtual_router.name + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceB-route", + "spec": [ + { + "tcp_route": [ + { + "action": [ + { + "weighted_target": [ + { + "virtual_node": "${aws_appmesh_virtual_node.serviceb1.name}", + "weight": 100 + } + ] + } + ] + } + ] + } + ], + "virtual_router_name": "${aws_appmesh_virtual_router.serviceb.name}" + } + references: + mesh_name: aws_appmesh_mesh.id + virtual_router_name: aws_appmesh_virtual_router.name + argumentDocs: + action: '- (Required) The action to take if a match is determined.' + arn: '- The ARN of the route.' + created_date: '- The creation date of the route.' + end: '- (Required) The end of the range.' + exact: '- (Optional) The header value sent by the client must match the specified value exactly.' + grpc_retry_events: |- + - (Optional) List of gRPC retry events. + Valid values: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + grpc_route: '- (Optional) The gRPC routing information for the route.' + header: '- (Optional) The client request headers to match on.' + http_retry_events: |- + - (Optional) List of HTTP retry events. + Valid values: client-error (HTTP status code 409), gateway-error (HTTP status codes 502, 503, and 504), server-error (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), stream-error (retry on refused stream). + http_route: '- (Optional) The HTTP routing information for the route.' + http2_route: '- (Optional) The HTTP/2 routing information for the route.' + id: '- The ID of the route.' + idle: '- (Optional) The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.' + invert: '- (Optional) If true, the match is on the opposite of the match method and value. Default is false.' + last_updated_date: '- The last update date of the route.' + match: '- (Optional) The method and value to match the header value sent with a request. Specify one match method.' + max_retries: '- (Required) The maximum number of retries.' + mesh_name: '- (Required) The name of the service mesh in which to create the route. Must be between 1 and 255 characters in length.' + mesh_owner: '- (Optional) The AWS account ID of the service mesh''s owner. Defaults to the account ID the AWS provider is currently connected to.' + metadata: '- (Optional) The data to match from the gRPC request.' + method: '- (Optional) The client request header method to match on. Valid values: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH.' + method_name: '- (Optional) The method name to match from the request. If you specify a name, you must also specify a service_name.' + name: '- (Required) A name for the HTTP header in the client request that will be matched on.' + per_request: '- (Optional) The per request timeout.' + per_retry_timeout: '- (Required) The per-retry timeout.' + prefix: '- (Optional) The header value sent by the client must begin with the specified characters.' + priority: |- + - (Optional) The priority for the route, between 0 and 1000. + Routes are matched based on the specified value, where 0 is the highest priority. + range: '- (Optional) The object that specifies the range of numbers that the header value sent by the client must be included in.' + regex: '- (Optional) The header value sent by the client must include the specified characters.' + resource_owner: '- The resource owner''s AWS account ID.' + retry_policy: '- (Optional) The retry policy.' + scheme: '- (Optional) The client request header scheme to match on. Valid values: http, https.' + service_name: '- (Optional) The fully qualified domain name for the service to match from the request.' + spec: '- (Required) The route specification to apply.' + start: '- (Requited) The start of the range.' + suffix: '- (Optional) The header value sent by the client must end with the specified characters.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tcp_retry_events: '- (Optional) List of TCP retry events. The only valid value is connection-error.' + tcp_route: '- (Optional) The TCP routing information for the route.' + timeout: '- (Optional) The types of timeouts.' + unit: '- (Required) Retry unit. Valid values: ms, s.' + value: '- (Required) Retry value.' + virtual_node: '- (Required) The virtual node to associate with the weighted target. Must be between 1 and 255 characters in length.' + virtual_router_name: '- (Required) The name of the virtual router in which to create the route. Must be between 1 and 255 characters in length.' + weight: '- (Required) The relative weight of the weighted target. An integer between 0 and 100.' + weighted_target: |- + - (Required) The targets that traffic is routed to when a request matches the route. + You can specify one or more targets and their relative weights with which to distribute traffic. + aws_appmesh_virtual_gateway: + subCategory: AppMesh + description: Provides an AWS App Mesh virtual gateway resource. + name: aws_appmesh_virtual_gateway + titleName: aws_appmesh_virtual_gateway + examples: + - manifest: |- + { + "mesh_name": "example-service-mesh", + "name": "example-virtual-gateway", + "spec": [ + { + "listener": [ + { + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ] + } + ] + } + ], + "tags": { + "Environment": "test" + } + } + - manifest: |- + { + "mesh_name": "example-service-mesh", + "name": "example-virtual-gateway", + "spec": [ + { + "listener": [ + { + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ], + "tls": [ + { + "certificate": [ + { + "acm": [ + { + "certificate_arn": "${aws_acm_certificate.example.arn}" + } + ] + } + ], + "mode": "STRICT" + } + ] + } + ], + "logging": [ + { + "access_log": [ + { + "file": [ + { + "path": "/var/log/access.log" + } + ] + } + ] + } + ] + } + ] + } + argumentDocs: + access_log: '- (Optional) The access log configuration for a virtual gateway.' + acm: '- (Optional) An AWS Certificate Manager (ACM) certificate.' + arn: '- The ARN of the virtual gateway.' + backend_defaults: '- (Optional) The defaults for backends.' + certificate: '- (Required) The listener''s TLS certificate.' + certificate_arn: '- (Required) The Amazon Resource Name (ARN) for the certificate.' + certificate_authority_arns: '- (Required) One or more ACM Amazon Resource Name (ARN)s.' + certificate_chain: '- (Required) The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.' + client_policy: '- (Optional) The default client policy for virtual gateway backends.' + connection_pool: '- (Optional) The connection pool information for the listener.' + created_date: '- The creation date of the virtual gateway.' + enforce: '- (Optional) Whether the policy is enforced. Default is true.' + exact: '- (Required) The values sent must match the specified values exactly.' + file: '- (Optional) The TLS validation context trust for a local file certificate.' + grpc: '- (Optional) Connection pool information for gRPC listeners.' + health_check: '- (Optional) The health check information for the listener.' + healthy_threshold: '- (Required) The number of consecutive successful health checks that must occur before declaring listener healthy.' + http: '- (Optional) Connection pool information for HTTP listeners.' + http2: '- (Optional) Connection pool information for HTTP2 listeners.' + id: '- The ID of the virtual gateway.' + interval_millis: '- (Required) The time period in milliseconds between each health check execution.' + last_updated_date: '- The last update date of the virtual gateway.' + listener: '- (Required) The listeners that the mesh endpoint is expected to receive inbound traffic from. You can specify one listener.' + logging: '- (Optional) The inbound and outbound access logging information for the virtual gateway.' + match: '- (Required) The criteria for determining a SAN''s match.' + max_connections: '- (Required) Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of 1.' + max_pending_requests: '- (Optional) Number of overflowing requests after max_connections Envoy will queue to upstream cluster. Minimum value of 1.' + max_requests: '- (Required) Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of 1.' + mesh_name: '- (Required) The name of the service mesh in which to create the virtual gateway. Must be between 1 and 255 characters in length.' + mesh_owner: '- (Optional) The AWS account ID of the service mesh''s owner. Defaults to the account ID the AWS provider is currently connected to.' + mode: '- (Required) The listener''s TLS mode. Valid values: DISABLED, PERMISSIVE, STRICT.' + name: '- (Required) The name to use for the virtual gateway. Must be between 1 and 255 characters in length.' + path: '- (Optional) The destination path for the health check request. This is only required if the specified protocol is http or http2.' + port: '- (Optional) The destination port for the health check request. This port must match the port defined in the port_mapping for the listener.' + port_mapping: '- (Required) The port mapping information for the listener.' + ports: '- (Optional) One or more ports that the policy is enforced for.' + private_key: '- (Required) The private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.' + protocol: '- (Required) The protocol for the health check request. Valid values are http, http2, and grpc.' + resource_owner: '- The resource owner''s AWS account ID.' + sds: '- (Optional) The TLS validation context trust for a Secret Discovery Service certificate.' + secret_name: '- (Required) The name of the secret for a virtual gateway''s Transport Layer Security (TLS) Secret Discovery Service validation context trust.' + spec: '- (Required) The virtual gateway specification to apply.' + subject_alternative_names: '- (Optional) The SANs for a virtual gateway''s listener''s Transport Layer Security (TLS) validation context.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout_millis: '- (Required) The amount of time to wait when receiving a response from the health check, in milliseconds.' + tls: '- (Optional) The Transport Layer Security (TLS) properties for the listener' + trust: '- (Required) The TLS validation context trust.' + unhealthy_threshold: '- (Required) The number of consecutive failed health checks that must occur before declaring a virtual gateway unhealthy.' + validation: '- (Optional) The listener''s Transport Layer Security (TLS) validation context.' + aws_appmesh_virtual_node: + subCategory: AppMesh + description: Provides an AWS App Mesh virtual node resource. + name: aws_appmesh_virtual_node + titleName: aws_appmesh_virtual_node + examples: + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceBv1", + "spec": [ + { + "backend": [ + { + "virtual_service": [ + { + "virtual_service_name": "servicea.simpleapp.local" + } + ] + } + ], + "listener": [ + { + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ] + } + ], + "service_discovery": [ + { + "dns": [ + { + "hostname": "serviceb.simpleapp.local" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceBv1", + "spec": [ + { + "backend": [ + { + "virtual_service": [ + { + "virtual_service_name": "servicea.simpleapp.local" + } + ] + } + ], + "listener": [ + { + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ] + } + ], + "service_discovery": [ + { + "aws_cloud_map": [ + { + "attributes": { + "stack": "blue" + }, + "namespace_name": "${aws_service_discovery_http_namespace.example.name}", + "service_name": "serviceb1" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceBv1", + "spec": [ + { + "backend": [ + { + "virtual_service": [ + { + "virtual_service_name": "servicea.simpleapp.local" + } + ] + } + ], + "listener": [ + { + "health_check": [ + { + "healthy_threshold": 2, + "interval_millis": 5000, + "path": "/ping", + "protocol": "http", + "timeout_millis": 2000, + "unhealthy_threshold": 2 + } + ], + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ] + } + ], + "service_discovery": [ + { + "dns": [ + { + "hostname": "serviceb.simpleapp.local" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceBv1", + "spec": [ + { + "backend": [ + { + "virtual_service": [ + { + "virtual_service_name": "servicea.simpleapp.local" + } + ] + } + ], + "listener": [ + { + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ] + } + ], + "logging": [ + { + "access_log": [ + { + "file": [ + { + "path": "/dev/stdout" + } + ] + } + ] + } + ], + "service_discovery": [ + { + "dns": [ + { + "hostname": "serviceb.simpleapp.local" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + argumentDocs: + access_log: '- (Optional) The access log configuration for a virtual node.' + acm: '- (Optional) An AWS Certificate Manager (ACM) certificate.' + arn: '- The ARN of the virtual node.' + attributes: '- (Optional) A string map that contains attributes with values that you can use to filter instances by any custom attribute that you specified when you registered the instance. Only instances that match all of the specified key/value pairs will be returned.' + aws_cloud_map: '- (Optional) Specifies any AWS Cloud Map information for the virtual node.' + backend: '- (Optional) The backends to which the virtual node is expected to send outbound traffic.' + backend_defaults: '- (Optional) The defaults for backends.' + backends: |- + attribute of the spec object with one or more backend configuration blocks, + setting virtual_service_name to the name of the service. + base_ejection_duration: '- (Required) The base amount of time for which a host is ejected.' + certificate: '- (Required) The listener''s TLS certificate.' + certificate_arn: '- (Required) The Amazon Resource Name (ARN) for the certificate.' + certificate_authority_arns: '- (Required) One or more ACM Amazon Resource Name (ARN)s.' + certificate_chain: '- (Required) The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.' + client_policy: '- (Optional) The default client policy for virtual service backends. See above for details.' + connection_pool: '- (Optional) The connection pool information for the listener.' + created_date: '- The creation date of the virtual node.' + dns: '- (Optional) Specifies the DNS service name for the virtual node.' + enforce: '- (Optional) Whether the policy is enforced. Default is true.' + exact: '- (Required) The values sent must match the specified values exactly.' + file: '- (Optional) The TLS validation context trust for a local file certificate.' + grpc: '- (Optional) Timeouts for gRPC listeners.' + health_check: '- (Optional) The health check information for the listener.' + healthy_threshold: '- (Required) The number of consecutive successful health checks that must occur before declaring listener healthy.' + hostname: '- (Required) The DNS host name for your virtual node.' + http: '- (Optional) Timeouts for HTTP listeners.' + http2: '- (Optional) Timeouts for HTTP2 listeners.' + id: '- The ID of the virtual node.' + idle: '- (Optional) The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.' + interval: '- (Required) The time interval between ejection sweep analysis.' + interval_millis: '- (Required) The time period in milliseconds between each health check execution.' + last_updated_date: '- The last update date of the virtual node.' + listener: '- (Optional) The listeners from which the virtual node is expected to receive inbound traffic.' + logging: '- (Optional) The inbound and outbound access logging information for the virtual node.' + match: '- (Required) The criteria for determining a SAN''s match.' + max_connections: '- (Required) Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of 1.' + max_ejection_percent: |- + - (Required) Maximum percentage of hosts in load balancing pool for upstream service that can be ejected. Will eject at least one host regardless of the value. + Minimum value of 0. Maximum value of 100. + max_pending_requests: '- (Optional) Number of overflowing requests after max_connections Envoy will queue to upstream cluster. Minimum value of 1.' + max_requests: '- (Required) Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of 1.' + max_server_errors: '- (Required) Number of consecutive 5xx errors required for ejection. Minimum value of 1.' + mesh_name: '- (Required) The name of the service mesh in which to create the virtual node. Must be between 1 and 255 characters in length.' + mesh_owner: '- (Optional) The AWS account ID of the service mesh''s owner. Defaults to the account ID the AWS provider is currently connected to.' + mode: '- (Required) The listener''s TLS mode. Valid values: DISABLED, PERMISSIVE, STRICT.' + name: '- (Required) The name to use for the virtual node. Must be between 1 and 255 characters in length.' + namespace_name: |- + - (Required) The name of the AWS Cloud Map namespace to use. + Use the aws_service_discovery_http_namespace resource to configure a Cloud Map namespace. Must be between 1 and 1024 characters in length. + outlier_detection: '- (Optional) The outlier detection information for the listener.' + path: '- (Optional) The destination path for the health check request. This is only required if the specified protocol is http or http2.' + per_request: '- (Optional) The per request timeout.' + port: '- (Optional) The destination port for the health check request. This port must match the port defined in the port_mapping for the listener.' + port_mapping: '- (Required) The port mapping information for the listener.' + ports: '- (Optional) One or more ports that the policy is enforced for.' + private_key: '- (Required) The private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length.' + protocol: '- (Required) The protocol for the health check request. Valid values are http, http2, tcp and grpc.' + resource_owner: '- The resource owner''s AWS account ID.' + sds: '- (Optional) The TLS validation context trust for a Secret Discovery Service certificate.' + secret_name: '- (Required) The name of the secret for a virtual node''s Transport Layer Security (TLS) Secret Discovery Service validation context trust.' + service_discovery: '- (Optional) The service discovery information for the virtual node.' + service_name: '- (Required) The name of the AWS Cloud Map service to use. Use the aws_service_discovery_service resource to configure a Cloud Map service. Must be between 1 and 1024 characters in length.' + spec: '- (Required) The virtual node specification to apply.' + subject_alternative_names: '- (Optional) The SANs for a TLS validation context.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tcp: '- (Optional) Timeouts for TCP listeners.' + timeout: '- (Optional) Timeouts for different protocols.' + timeout_millis: '- (Required) The amount of time to wait when receiving a response from the health check, in milliseconds.' + tls: '- (Optional) The Transport Layer Security (TLS) properties for the listener' + trust: '- (Required) The TLS validation context trust.' + unhealthy_threshold: '- (Required) The number of consecutive failed health checks that must occur before declaring a virtual node unhealthy.' + unit: '- (Required) The unit of time. Valid values: ms, s.' + validation: '- (Optional) The listener''s Transport Layer Security (TLS) validation context.' + value: '- (Required) The number of time units. Minimum value of 0.' + virtual_service: '- (Required) Specifies a virtual service to use as a backend for a virtual node.' + virtual_service_name: '- (Required) The name of the virtual service that is acting as a virtual node backend. Must be between 1 and 255 characters in length.' + aws_appmesh_virtual_router: + subCategory: AppMesh + description: Provides an AWS App Mesh virtual router resource. + name: aws_appmesh_virtual_router + titleName: aws_appmesh_virtual_router + examples: + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "serviceB", + "spec": [ + { + "listener": [ + { + "port_mapping": [ + { + "port": 8080, + "protocol": "http" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + argumentDocs: + arn: '- The ARN of the virtual router.' + created_date: '- The creation date of the virtual router.' + id: '- The ID of the virtual router.' + last_updated_date: '- The last update date of the virtual router.' + listener: |- + - (Required) The listeners that the virtual router is expected to receive inbound traffic from. + Currently only one listener is supported per virtual router. + mesh_name: '- (Required) The name of the service mesh in which to create the virtual router. Must be between 1 and 255 characters in length.' + mesh_owner: '- (Optional) The AWS account ID of the service mesh''s owner. Defaults to the account ID the AWS provider is currently connected to.' + name: '- (Required) The name to use for the virtual router. Must be between 1 and 255 characters in length.' + port: '- (Required) The port used for the port mapping.' + port_mapping: '- (Required) The port mapping information for the listener.' + protocol: '- (Required) The protocol used for the port mapping. Valid values are http,http2, tcp and grpc.' + resource_owner: '- The resource owner''s AWS account ID.' + service_names: |- + from the spec argument. + AWS has created a aws_appmesh_virtual_service resource for each of service names. + These resource can be imported using terraform import. + spec: '- (Required) The virtual router specification to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_appmesh_virtual_service: + subCategory: AppMesh + description: Provides an AWS App Mesh virtual service resource. + name: aws_appmesh_virtual_service + titleName: aws_appmesh_virtual_service + examples: + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "servicea.simpleapp.local", + "spec": [ + { + "provider": [ + { + "virtual_node": [ + { + "virtual_node_name": "${aws_appmesh_virtual_node.serviceb1.name}" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + - manifest: |- + { + "mesh_name": "${aws_appmesh_mesh.simple.id}", + "name": "servicea.simpleapp.local", + "spec": [ + { + "provider": [ + { + "virtual_router": [ + { + "virtual_router_name": "${aws_appmesh_virtual_router.serviceb.name}" + } + ] + } + ] + } + ] + } + references: + mesh_name: aws_appmesh_mesh.id + argumentDocs: + arn: '- The ARN of the virtual service.' + created_date: '- The creation date of the virtual service.' + id: '- The ID of the virtual service.' + last_updated_date: '- The last update date of the virtual service.' + mesh_name: '- (Required) The name of the service mesh in which to create the virtual service. Must be between 1 and 255 characters in length.' + mesh_owner: '- (Optional) The AWS account ID of the service mesh''s owner. Defaults to the account ID the AWS provider is currently connected to.' + name: '- (Required) The name to use for the virtual service. Must be between 1 and 255 characters in length.' + provider: '- (Optional) The App Mesh object that is acting as the provider for a virtual service. You can specify a single virtual node or virtual router.' + resource_owner: '- The resource owner''s AWS account ID.' + spec: '- (Required) The virtual service specification to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + virtual_node: '- (Optional) The virtual node associated with a virtual service.' + virtual_node_name: '- (Required) The name of the virtual node that is acting as a service provider. Must be between 1 and 255 characters in length.' + virtual_router: '- (Optional) The virtual router associated with a virtual service.' + virtual_router_name: '- (Required) The name of the virtual router that is acting as a service provider. Must be between 1 and 255 characters in length.' + aws_apprunner_auto_scaling_configuration_version: + subCategory: App Runner + description: Manages an App Runner AutoScaling Configuration Version. + name: aws_apprunner_auto_scaling_configuration_version + titleName: aws_apprunner_auto_scaling_configuration_version + examples: + - manifest: |- + { + "auto_scaling_configuration_name": "example", + "max_concurrency": 50, + "max_size": 10, + "min_size": 2, + "tags": { + "Name": "example-apprunner-autoscaling" + } + } + argumentDocs: + arn: '- ARN of this auto scaling configuration version.' + auto_scaling_configuration_name: '- (Required, Forces new resource) Name of the auto scaling configuration.' + auto_scaling_configuration_revision: '- The revision of this auto scaling configuration.' + latest: '- Whether the auto scaling configuration has the highest auto_scaling_configuration_revision among all configurations that share the same auto_scaling_configuration_name.' + max_concurrency: '- (Optional, Forces new resource) The maximal number of concurrent requests that you want an instance to process. When the number of concurrent requests goes over this limit, App Runner scales up your service.' + max_size: '- (Optional, Forces new resource) The maximal number of instances that App Runner provisions for your service.' + min_size: '- (Optional, Forces new resource) The minimal number of instances that App Runner provisions for your service.' + status: '- The current state of the auto scaling configuration. An INACTIVE configuration revision has been deleted and can''t be used. It is permanently removed some time after deletion.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_apprunner_connection: + subCategory: App Runner + description: Manages an App Runner Connection. + name: aws_apprunner_connection + titleName: aws_apprunner_connection + examples: + - manifest: |- + { + "connection_name": "example", + "provider_type": "GITHUB", + "tags": { + "Name": "example-apprunner-connection" + } + } + argumentDocs: + arn: '- ARN of the connection.' + connection_name: '- (Required) Name of the connection.' + provider_type: '- (Required) The source repository provider. Valid values: GITHUB.' + status: '- The current state of the App Runner connection. When the state is AVAILABLE, you can use the connection to create an aws_apprunner_service resource.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_apprunner_custom_domain_association: + subCategory: App Runner + description: Manages an App Runner Custom Domain association. + name: aws_apprunner_custom_domain_association + titleName: aws_apprunner_custom_domain_association + examples: + - manifest: |- + { + "domain_name": "example.com", + "service_arn": "${aws_apprunner_service.example.arn}" + } + references: + service_arn: aws_apprunner_service.arn + argumentDocs: + certificate_validation_records: '- A set of certificate CNAME records used for this domain name. See Certificate Validation Records below for more details.' + dns_target: '- The App Runner subdomain of the App Runner service. The custom domain name is mapped to this target name. Attribute only available if resource created (not imported) with Terraform.' + domain_name: '- (Required) The custom domain endpoint to association. Specify a base domain e.g. example.com or a subdomain e.g. subdomain.example.com.' + enable_www_subdomain: (Optional) Whether to associate the subdomain with the App Runner service in addition to the base domain. Defaults to true. + id: '- The domain_name and service_arn separated by a comma (,).' + name: '- The certificate CNAME record name.' + service_arn: '- (Required) The ARN of the App Runner service.' + status: '- The current state of the certificate CNAME record validation. It should change to SUCCESS after App Runner completes validation with your DNS.' + type: '- The record type, always CNAME.' + value: '- The certificate CNAME record value.' + aws_apprunner_service: + subCategory: App Runner + description: Manages an App Runner Service. + name: aws_apprunner_service + titleName: aws_apprunner_service + examples: + - manifest: |- + { + "service_name": "example", + "source_configuration": [ + { + "authentication_configuration": [ + { + "connection_arn": "${aws_apprunner_connection.example.arn}" + } + ], + "code_repository": [ + { + "code_configuration": [ + { + "code_configuration_values": [ + { + "build_command": "python setup.py develop", + "port": "8000", + "runtime": "python3", + "start_command": "python runapp.py" + } + ], + "configuration_source": "API" + } + ], + "repository_url": "https://github.com/example/my-example-python-app", + "source_code_version": [ + { + "type": "BRANCH", + "value": "main" + } + ] + } + ] + } + ], + "tags": { + "Name": "example-apprunner-service" + } + } + - manifest: |- + { + "service_name": "example", + "source_configuration": [ + { + "image_repository": [ + { + "image_configuration": [ + { + "port": "8000" + } + ], + "image_identifier": "public.ecr.aws/jg/hello:latest", + "image_repository_type": "ECR_PUBLIC" + } + ] + } + ], + "tags": { + "Name": "example-apprunner-service" + } + } + argumentDocs: + API: |- + - App Runner uses configuration values provided in the CodeConfigurationValues + parameter and ignores the apprunner.yaml file in the source code repository. + REPOSITORY: |- + - App Runner reads configuration values from the apprunner.yaml file in the + source code repository and ignores the CodeConfigurationValues parameter. + access_role_arn: '- (Optional) ARN of the IAM role that grants the App Runner service access to a source repository. Required for ECR image repositories (but not for ECR Public)' + arn: '- ARN of the App Runner service.' + authentication_configuration: '- (Optional) Describes resources needed to authenticate access to some source repositories. See Authentication Configuration below for more details.' + auto_deployments_enabled: '- (Optional) Whether continuous integration from the source repository is enabled for the App Runner service. If set to true, each repository change (source code commit or new image version) starts a deployment. Defaults to true.' + auto_scaling_configuration_arn: '- ARN of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.' + build_command: '- (Optional) The command App Runner runs to build your application.' + code_configuration: '- (Optional) Configuration for building and running the service from a source code repository. See Code Configuration below for more details.' + code_configuration_values: '- (Optional) Basic configuration for building and running the App Runner service. Use this parameter to quickly launch an App Runner service without providing an apprunner.yaml file in the source code repository (or ignoring the file if it exists). See Code Configuration Values below for more details.' + code_repository: '- (Optional) Description of a source code repository. See Code Repository below for more details.' + configuration_source: '- (Required) The source of the App Runner configuration. Valid values: REPOSITORY, API. Values are interpreted as follows:' + connection_arn: '- (Optional) ARN of the App Runner connection that enables the App Runner service to connect to a source repository. Required for GitHub code repositories.' + cpu: '- (Optional) The number of CPU units reserved for each instance of your App Runner service represented as a String. Defaults to 1024. Valid values: 1024|2048|(1|2) vCPU.' + encryption_configuration: '- (Forces new resource) An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an AWS managed CMK. See Encryption Configuration below for more details.' + health_check_configuration: '- (Forces new resource) Settings of the health check that AWS App Runner performs to monitor the health of your service. See Health Check Configuration below for more details.' + healthy_threshold: '- (Optional) The number of consecutive checks that must succeed before App Runner decides that the service is healthy. Defaults to 1. Minimum value of 1. Maximum value of 20.' + image_configuration: '- (Optional) Configuration for running the identified image. See Image Configuration below for more details.' + image_identifier: |- + - (Required) The identifier of an image. For an image in Amazon Elastic Container Registry (Amazon ECR), this is an image name. For the + image name format, see Pulling an image in the Amazon ECR User Guide. + image_repository: '- (Optional) Description of a source image repository. See Image Repository below for more details.' + image_repository_type: '- (Required) The type of the image repository. This reflects the repository provider and whether the repository is private or public. Valid values: ECR , ECR_PUBLIC.' + instance_configuration: '- The runtime configuration of instances (scaling units) of the App Runner service. See Instance Configuration below for more details.' + instance_role_arn: '- (Required) The Amazon Resource Name (ARN) of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs.' + interval: '- (Optional) The time interval, in seconds, between health checks. Defaults to 5. Minimum value of 1. Maximum value of 20.' + kms_key: '- (Required) The ARN of the KMS key used for encryption.' + memory: '- (Optional) The amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to 2048. Valid values: 2048|3072|4096|(2|3|4) GB.' + path: '- (Optional) The URL to send requests to for health checks. Defaults to /. Minimum length of 0. Maximum length of 51200.' + port: '- (Optional) The port that your application listens to in the container. Defaults to "8080".' + protocol: '- (Optional) The IP protocol that App Runner uses to perform health checks for your service. Valid values: TCP, HTTP. Defaults to TCP. If you set protocol to HTTP, App Runner sends health check requests to the HTTP path specified by path.' + repository_url: '- (Required) The location of the repository that contains the source code.' + runtime: '- (Required) A runtime environment type for building and running an App Runner service. Represents a programming language runtime. Valid values: python3, nodejs12.' + runtime_environment_variables: '- (Optional) Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of AWSAPPRUNNER are reserved for system use and aren''t valid.' + service_id: '- An alphanumeric ID that App Runner generated for this service. Unique within the AWS Region.' + service_name: '- (Forces new resource) Name of the service.' + service_url: '- A subdomain URL that App Runner generated for this service. You can use this URL to access your service web application.' + source_code_version: '- (Required) The version that should be used within the source code repository. See Source Code Version below for more details.' + source_configuration: '- The source to deploy to the App Runner service. Can be a code or an image repository. See Source Configuration below for more details.' + start_command: '- (Optional) A command App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command.' + status: '- The current state of the App Runner service.' + tags: '- Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout: '- (Optional) The time, in seconds, to wait for a health check response before deciding it failed. Defaults to 2. Minimum value of 1. Maximum value of 20.' + type: '- (Required) The type of version identifier. For a git-based repository, branches represent versions. Valid values: BRANCH.' + unhealthy_threshold: '- (Optional) The number of consecutive checks that must fail before App Runner decides that the service is unhealthy. Defaults to 5. Minimum value of 1. Maximum value of 20.' + value: '- (Required) A source code version. For a git-based repository, a branch name maps to a specific version. App Runner uses the most recent commit to the branch.' + aws_appstream_stack: + subCategory: AppStream + description: Provides an AppStream stack + name: aws_appstream_stack + titleName: aws_appstream_stack + examples: + - manifest: |- + { + "application_settings": [ + { + "enabled": true, + "settings_group": "SettingsGroup" + } + ], + "description": "stack description", + "display_name": "stack display name", + "feedback_url": "http://your-domain/feedback", + "name": "stack name", + "redirect_url": "http://your-domain/redirect", + "storage_connectors": [ + { + "connector_type": "HOMEFOLDERS" + } + ], + "tags": { + "TagName": "TagValue" + }, + "user_settings": [ + { + "action": "CLIPBOARD_COPY_FROM_LOCAL_DEVICE", + "permission": "ENABLED" + }, + { + "action": "CLIPBOARD_COPY_TO_LOCAL_DEVICE", + "permission": "ENABLED" + }, + { + "action": "FILE_UPLOAD", + "permission": "ENABLED" + }, + { + "action": "FILE_DOWNLOAD", + "permission": "ENABLED" + } + ] + } + argumentDocs: + action: '- (Required) Action that is enabled or disabled. Valid values are: CLIPBOARD_COPY_FROM_LOCAL_DEVICE, CLIPBOARD_COPY_TO_LOCAL_DEVICE, FILE_UPLOAD, FILE_DOWNLOAD, PRINTING_TO_LOCAL_DEVICE, DOMAIN_PASSWORD_SIGNIN, DOMAIN_SMART_CARD_SIGNIN.' + application_settings: '- (Optional) Settings for application settings persistence.' + arn: '- ARN of the appstream stack.' + connector_type: '- (Required) Type of storage connector. Valid values are: HOMEFOLDERS, GOOGLE_DRIVE, ONE_DRIVE.' + created_time: '- Date and time, in UTC and extended RFC 3339 format, when the stack was created.' + description: '- (Optional) Description for the AppStream stack.' + display_name: '- (Optional) Stack name to display.' + domains: '- (Optional) Names of the domains for the account.' + embed_host_domains: '- (Optional) Domains where AppStream 2.0 streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded AppStream 2.0 streaming sessions.' + feedback_url: '- (Optional) URL that users are redirected to after they click the Send Feedback link. If no URL is specified, no Send Feedback link is displayed. .' + id: '- Unique ID of the appstream stack.' + name: '- (Required) Unique name for the AppStream stack.' + permission: '- (Required) Indicates whether the action is enabled or disabled. Valid values are: ENABLED, DISABLED.' + redirect_url: '- (Optional) URL that users are redirected to after their streaming session ends.' + resource_identifier: '- (Optional) ARN of the storage connector.' + storage_connectors: '- (Optional) Configuration block for the storage connectors to enable. See below.' + user_settings: '- (Optional) Configuration block for the actions that are enabled or disabled for users during their streaming sessions. By default, these actions are enabled. See below.' + aws_appsync_api_key: + subCategory: AppSync + description: Provides an AppSync API Key. + name: aws_appsync_api_key + titleName: aws_appsync_api_key + examples: + - manifest: |- + { + "api_id": "${aws_appsync_graphql_api.example.id}", + "expires": "2018-05-03T04:00:00Z" + } + references: + api_id: aws_appsync_graphql_api.id + argumentDocs: + api_id: '- (Required) The ID of the associated AppSync API' + description: '- (Optional) The API key description. Defaults to "Managed by Terraform".' + expires: '- (Optional) RFC3339 string representation of the expiry date. Rounded down to nearest hour. By default, it is 7 days from the date of creation.' + id: '- API Key ID (Formatted as ApiId:Key)' + key: '- The API key' + aws_appsync_datasource: + subCategory: AppSync + description: Provides an AppSync DataSource. + name: aws_appsync_datasource + titleName: aws_appsync_datasource + examples: + - manifest: |- + { + "api_id": "${aws_appsync_graphql_api.example.id}", + "dynamodb_config": [ + { + "table_name": "${aws_dynamodb_table.example.name}" + } + ], + "name": "tf_appsync_example", + "service_role_arn": "${aws_iam_role.example.arn}", + "type": "AMAZON_DYNAMODB" + } + references: + api_id: aws_appsync_graphql_api.id + service_role_arn: aws_iam_role.arn + argumentDocs: + api_id: '- (Required) The API ID for the GraphQL API for the DataSource.' + arn: '- The ARN' + description: '- (Optional) A description of the DataSource.' + dynamodb_config: '- (Optional) DynamoDB settings. See below' + elasticsearch_config: '- (Optional) Amazon Elasticsearch settings. See below' + endpoint: '- (Required) HTTP URL.' + function_arn: '- (Required) The ARN for the Lambda function.' + http_config: '- (Optional) HTTP settings. See below' + lambda_config: '- (Optional) AWS Lambda settings. See below' + name: '- (Required) A user-supplied name for the DataSource.' + region: '- (Optional) AWS region of Elasticsearch domain. Defaults to current region.' + service_role_arn: '- (Optional) The IAM service role ARN for the data source.' + table_name: '- (Required) Name of the DynamoDB table.' + type: '- (Required) The type of the DataSource. Valid values: AWS_LAMBDA, AMAZON_DYNAMODB, AMAZON_ELASTICSEARCH, HTTP, NONE.' + use_caller_credentials: '- (Optional) Set to true to use Amazon Cognito credentials with this data source.' + aws_appsync_function: + subCategory: AppSync + description: Provides an AppSync Function. + name: aws_appsync_function + titleName: aws_appsync_function + examples: + - manifest: |- + { + "api_id": "${aws_appsync_graphql_api.example.id}", + "data_source": "${aws_appsync_datasource.example.name}", + "name": "example", + "request_mapping_template": "{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n", + "response_mapping_template": "#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n" + } + references: + api_id: aws_appsync_graphql_api.id + data_source: aws_appsync_datasource.name + argumentDocs: + api_id: '- (Required) The ID of the associated AppSync API.' + arn: '- The ARN of the Function object.' + data_source: '- (Required) The Function DataSource name.' + description: '- (Optional) The Function description.' + function_id: '- A unique ID representing the Function object.' + function_version: '- (Optional) The version of the request mapping template. Currently the supported value is 2018-05-29.' + id: '- API Function ID (Formatted as ApiId-FunctionId)' + name: '- (Required) The Function name. The function name does not have to be unique.' + request_mapping_template: '- (Required) The Function request mapping template. Functions support only the 2018-05-29 version of the request mapping template.' + response_mapping_template: '- (Required) The Function response mapping template.' + aws_appsync_graphql_api: + subCategory: AppSync + description: Provides an AppSync GraphQL API. + name: aws_appsync_graphql_api + titleName: aws_appsync_graphql_api + examples: + - manifest: |- + { + "authentication_type": "API_KEY", + "name": "example" + } + - manifest: |- + { + "authentication_type": "AMAZON_COGNITO_USER_POOLS", + "name": "example", + "user_pool_config": [ + { + "aws_region": "${data.aws_region.current.name}", + "default_action": "DENY", + "user_pool_id": "${aws_cognito_user_pool.example.id}" + } + ] + } + - manifest: |- + { + "authentication_type": "AWS_IAM", + "name": "example" + } + - manifest: |- + { + "authentication_type": "AWS_IAM", + "name": "example", + "schema": "schema {\n\tquery: Query\n}\ntype Query {\n test: Int\n}\n" + } + - manifest: |- + { + "authentication_type": "OPENID_CONNECT", + "name": "example", + "openid_connect_config": [ + { + "issuer": "https://example.com" + } + ] + } + - manifest: |- + { + "additional_authentication_provider": [ + { + "authentication_type": "AWS_IAM" + } + ], + "authentication_type": "API_KEY", + "name": "example" + } + - manifest: |- + { + "log_config": [ + { + "cloudwatch_logs_role_arn": "${aws_iam_role.example.arn}", + "field_log_level": "ERROR" + } + ] + } + - manifest: |- + { + "authentication_type": "API_KEY", + "name": "example" + } + argumentDocs: + additional_authentication_provider: '- (Optional) One or more additional authentication providers for the GraphqlApi. Defined below.' + app_id_client_regex: '- (Optional) A regular expression for validating the incoming Amazon Cognito User Pool app client ID.' + arn: '- The ARN' + auth_ttl: '- (Optional) Number of milliseconds a token is valid after being authenticated.' + authentication_type: '- (Required) The authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT' + aws_region: '- (Optional) The AWS region in which the user pool was created.' + client_id: '- (Optional) Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.' + cloudwatch_logs_role_arn: '- (Required) Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.' + default_action: '- (Required only if Cognito is used as the default auth provider) The action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn''t match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY' + exclude_verbose_content: '- (Optional) Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false' + field_log_level: '- (Required) Field logging level. Valid values: ALL, ERROR, NONE.' + iat_ttl: '- (Optional) Number of milliseconds a token is valid after being issued to a user.' + id: '- API ID' + issuer: '- (Required) Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.' + log_config: '- (Optional) Nested argument containing logging configuration. Defined below.' + name: '- (Required) A user-supplied name for the GraphqlApi.' + openid_connect_config: '- (Optional) Nested argument containing OpenID Connect configuration. Defined below.' + schema: '- (Optional) The schema definition, in GraphQL schema language format. Terraform cannot perform drift detection of this configuration.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + uris: '- Map of URIs associated with the API. e.g. uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql' + user_pool_config: '- (Optional) The Amazon Cognito User Pool configuration. Defined below.' + user_pool_id: '- (Required) The user pool ID.' + xray_enabled: '- (Optional) Whether tracing with X-ray is enabled. Defaults to false.' + aws_appsync_resolver: + subCategory: AppSync + description: Provides an AppSync Resolver. + name: aws_appsync_resolver + titleName: aws_appsync_resolver + examples: + - manifest: |- + { + "api_id": "${aws_appsync_graphql_api.test.id}", + "caching_config": [ + { + "caching_keys": [ + "$context.identity.sub", + "$context.arguments.id" + ], + "ttl": 60 + } + ], + "data_source": "${aws_appsync_datasource.test.name}", + "field": "singlePost", + "request_template": "{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n", + "response_template": "#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n", + "type": "Query" + } + references: + api_id: aws_appsync_graphql_api.id + data_source: aws_appsync_datasource.name + - manifest: |- + { + "api_id": "${aws_appsync_graphql_api.test.id}", + "field": "pipelineTest", + "kind": "PIPELINE", + "pipeline_config": [ + { + "functions": [ + "${aws_appsync_function.test1.function_id}", + "${aws_appsync_function.test2.function_id}", + "${aws_appsync_function.test3.function_id}" + ] + } + ], + "request_template": "{}", + "response_template": "$util.toJson($ctx.result)", + "type": "Mutation" + } + references: + api_id: aws_appsync_graphql_api.id + argumentDocs: + api_id: '- (Required) The API ID for the GraphQL API.' + arn: '- The ARN' + caching_config: '- (Optional) The CachingConfig.' + caching_keys: '- (Optional) The list of caching key.' + data_source: '- (Optional) The DataSource name.' + field: '- (Required) The field name from the schema defined in the GraphQL API.' + functions: '- (Required) The list of Function ID.' + kind: '- (Optional) The resolver type. Valid values are UNIT and PIPELINE.' + pipeline_config: '- (Optional) The PipelineConfig.' + request_template: '- (Optional) The request mapping template for UNIT resolver or ''before mapping template'' for PIPELINE resolver. Required for non-Lambda resolvers.' + response_template: '- (Optional) The response mapping template for UNIT resolver or ''after mapping template'' for PIPELINE resolver. Required for non-Lambda resolvers.' + ttl: '- (Optional) The TTL in seconds.' + type: '- (Required) The type name from the schema defined in the GraphQL API.' + aws_athena_database: + subCategory: Athena + description: Provides an Athena database. + name: aws_athena_database + titleName: aws_athena_database + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.hoge.bucket}", + "name": "database_name" + } + references: + bucket: aws_s3_bucket.bucket + argumentDocs: + bucket: '- (Required) Name of s3 bucket to save the results of the query execution.' + encryption_configuration: '- (Optional) The encryption key block AWS Athena uses to decrypt the data in S3, such as an AWS Key Management Service (AWS KMS) key. An encryption_configuration block is documented below.' + encryption_option: '- (Required) The type of key; one of SSE_S3, SSE_KMS, CSE_KMS' + force_destroy: '- (Optional, Default: false) A boolean that indicates all tables should be deleted from the database so that the database can be destroyed without error. The tables are not recoverable.' + id: '- The database name' + kms_key: '- (Optional) The KMS key ARN or ID; required for key types SSE_KMS and CSE_KMS.' + name: '- (Required) Name of the database to create.' + aws_athena_named_query: + subCategory: Athena + description: Provides an Athena Named Query resource. + name: aws_athena_named_query + titleName: aws_athena_named_query + examples: + - manifest: |- + { + "database": "${aws_athena_database.hoge.name}", + "name": "bar", + "query": "SELECT * FROM ${aws_athena_database.hoge.name} limit 10;", + "workgroup": "${aws_athena_workgroup.test.id}" + } + references: + database: aws_athena_database.name + workgroup: aws_athena_workgroup.id + argumentDocs: + database: '- (Required) The database to which the query belongs.' + description: '- (Optional) A brief explanation of the query. Maximum length of 1024.' + id: '- The unique ID of the query.' + name: '- (Required) The plain language name for the query. Maximum length of 128.' + query: '- (Required) The text of the query itself. In other words, all query statements. Maximum length of 262144.' + workgroup: '- (Optional) The workgroup to which the query belongs. Defaults to primary' + aws_athena_workgroup: + subCategory: Athena + description: Manages an Athena Workgroup. + name: aws_athena_workgroup + titleName: aws_athena_workgroup + examples: + - manifest: |- + { + "configuration": [ + { + "enforce_workgroup_configuration": true, + "publish_cloudwatch_metrics_enabled": true, + "result_configuration": [ + { + "encryption_configuration": [ + { + "encryption_option": "SSE_KMS", + "kms_key_arn": "${aws_kms_key.example.arn}" + } + ], + "output_location": "s3://${aws_s3_bucket.example.bucket}/output/" + } + ] + } + ], + "name": "example" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the workgroup' + bytes_scanned_cutoff_per_query: '- (Optional) Integer for the upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. Must be at least 10485760.' + configuration: '- (Optional) Configuration block with various settings for the workgroup. Documented below.' + description: '- (Optional) Description of the workgroup.' + encryption_configuration: '- (Optional) Configuration block with encryption settings. Documented below.' + encryption_option: '- (Required) Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE_S3), server-side encryption with KMS-managed keys (SSE_KMS), or client-side encryption with KMS-managed keys (CSE_KMS) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup''s setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.' + enforce_workgroup_configuration: '- (Optional) Boolean whether the settings for the workgroup override client-side settings. For more information, see Workgroup Settings Override Client-Side Settings. Defaults to true.' + force_destroy: '- (Optional) The option to delete the workgroup and its contents even if the workgroup contains any named queries.' + id: '- The workgroup name' + kms_key_arn: '- (Optional) For SSE_KMS and CSE_KMS, this is the KMS key Amazon Resource Name (ARN).' + name: '- (Required) Name of the workgroup.' + output_location: '- (Optional) The location in Amazon S3 where your query results are stored, such as s3://path/to/query/bucket/. For more information, see Queries and Query Result Files.' + publish_cloudwatch_metrics_enabled: '- (Optional) Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to true.' + requester_pays_enabled: '- (Optional) If set to true , allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false , workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false . For more information about Requester Pays buckets, see Requester Pays Buckets in the Amazon Simple Storage Service Developer Guide.' + result_configuration: '- (Optional) Configuration block with result settings. Documented below.' + state: '- (Optional) State of the workgroup. Valid values are DISABLED or ENABLED. Defaults to ENABLED.' + tags: '- (Optional) Key-value map of resource tags for the workgroup. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_autoscaling_attachment: + subCategory: Autoscaling + description: Provides an AutoScaling Group Attachment resource. + name: aws_autoscaling_attachment + titleName: aws_autoscaling_attachment + examples: + - manifest: |- + { + "autoscaling_group_name": "${aws_autoscaling_group.asg.id}", + "elb": "${aws_elb.bar.id}" + } + references: + autoscaling_group_name: aws_autoscaling_group.id + elb: aws_elb.id + - manifest: |- + { + "alb_target_group_arn": "${aws_lb_target_group.test.arn}", + "autoscaling_group_name": "${aws_autoscaling_group.asg.id}" + } + references: + alb_target_group_arn: aws_lb_target_group.arn + autoscaling_group_name: aws_autoscaling_group.id + - manifest: |- + { + "autoscaling_group_name": "${aws_autoscaling_group.asg.id}", + "elb": "${aws_elb.test.id}" + } + references: + autoscaling_group_name: aws_autoscaling_group.id + elb: aws_elb.id + argumentDocs: + alb_target_group_arn: '- (Optional) The ARN of an ALB Target Group.' + autoscaling_group_name: '- (Required) Name of ASG to associate with the ELB.' + elb: '- (Optional) The name of the ELB.' + aws_autoscaling_group: + subCategory: Autoscaling + description: Provides an Auto Scaling Group resource. + name: aws_autoscaling_group + titleName: aws_autoscaling_group + examples: + - manifest: |- + { + "desired_capacity": 4, + "force_delete": true, + "health_check_grace_period": 300, + "health_check_type": "ELB", + "initial_lifecycle_hook": [ + { + "default_result": "CONTINUE", + "heartbeat_timeout": 2000, + "lifecycle_transition": "autoscaling:EC2_INSTANCE_LAUNCHING", + "name": "foobar", + "notification_metadata": "{\n \"foo\": \"bar\"\n}\n", + "notification_target_arn": "arn:aws:sqs:us-east-1:444455556666:queue1*", + "role_arn": "arn:aws:iam::123456789012:role/S3Access" + } + ], + "launch_configuration": "${aws_launch_configuration.foobar.name}", + "max_size": 5, + "min_size": 2, + "name": "foobar3-terraform-test", + "placement_group": "${aws_placement_group.test.id}", + "tag": [ + { + "key": "foo", + "propagate_at_launch": true, + "value": "bar" + }, + { + "key": "lorem", + "propagate_at_launch": false, + "value": "ipsum" + } + ], + "timeouts": [ + { + "delete": "15m" + } + ], + "vpc_zone_identifier": [ + "${aws_subnet.example1.id}", + "${aws_subnet.example2.id}" + ] + } + references: + launch_configuration: aws_launch_configuration.name + placement_group: aws_placement_group.id + - manifest: |- + { + "availability_zones": [ + "us-east-1a" + ], + "desired_capacity": 1, + "launch_template": [ + { + "id": "${aws_launch_template.foobar.id}", + "version": "$Latest" + } + ], + "max_size": 1, + "min_size": 1 + } + - manifest: |- + { + "availability_zones": [ + "us-east-1a" + ], + "desired_capacity": 1, + "max_size": 1, + "min_size": 1, + "mixed_instances_policy": [ + { + "launch_template": [ + { + "launch_template_specification": [ + { + "launch_template_id": "${aws_launch_template.example.id}" + } + ], + "override": [ + { + "instance_type": "c4.large", + "weighted_capacity": "3" + }, + { + "instance_type": "c3.large", + "weighted_capacity": "2" + } + ] + } + ] + } + ] + } + - manifest: |- + { + "capacity_rebalance": true, + "desired_capacity": 12, + "max_size": 15, + "min_size": 12, + "mixed_instances_policy": [ + { + "instances_distribution": [ + { + "on_demand_base_capacity": 0, + "on_demand_percentage_above_base_capacity": 25, + "spot_allocation_strategy": "capacity-optimized" + } + ], + "launch_template": [ + { + "launch_template_specification": [ + { + "launch_template_id": "${aws_launch_template.example.id}" + } + ], + "override": [ + { + "instance_type": "c4.large", + "weighted_capacity": "3" + }, + { + "instance_type": "c3.large", + "weighted_capacity": "2" + } + ] + } + ] + } + ], + "vpc_zone_identifier": [ + "${aws_subnet.example1.id}", + "${aws_subnet.example2.id}" + ] + } + - manifest: |- + { + "availability_zones": [ + "us-east-1a" + ], + "desired_capacity": 1, + "max_size": 1, + "min_size": 1, + "mixed_instances_policy": [ + { + "launch_template": [ + { + "launch_template_specification": [ + { + "launch_template_id": "${aws_launch_template.example.id}" + } + ], + "override": [ + { + "instance_type": "c4.large", + "weighted_capacity": "3" + }, + { + "instance_type": "c6g.large", + "launch_template_specification": [ + { + "launch_template_id": "${aws_launch_template.example2.id}" + } + ], + "weighted_capacity": "2" + } + ] + } + ] + } + ] + } + - manifest: |- + { + "launch_configuration": "${aws_launch_configuration.foobar.name}", + "max_size": 5, + "min_size": 2, + "name": "foobar3-terraform-test", + "tags": "${concat(\n [\n {\n \"key\" = \"interpolation1\"\n \"value\" = \"value3\"\n \"propagate_at_launch\" = true\n },\n {\n \"key\" = \"interpolation2\"\n \"value\" = \"value4\"\n \"propagate_at_launch\" = true\n },\n ],\n var.extra_tags,\n )}", + "vpc_zone_identifier": [ + "${aws_subnet.example1.id}", + "${aws_subnet.example2.id}" + ] + } + references: + launch_configuration: aws_launch_configuration.name + - manifest: |- + { + "availability_zones": [ + "us-east-1a" + ], + "desired_capacity": 1, + "instance_refresh": [ + { + "preferences": [ + { + "min_healthy_percentage": 50 + } + ], + "strategy": "Rolling", + "triggers": [ + "tag" + ] + } + ], + "launch_template": [ + { + "id": "${aws_launch_template.example.id}", + "version": "${aws_launch_template.example.latest_version}" + } + ], + "max_size": 2, + "min_size": 1, + "tag": [ + { + "key": "Key", + "propagate_at_launch": true, + "value": "Value" + } + ] + } + - manifest: |- + { + "availability_zones": [ + "us-east-1a" + ], + "desired_capacity": 1, + "max_size": 5, + "min_size": 1, + "warm_pool": [ + { + "max_group_prepared_capacity": 10, + "min_size": 1, + "pool_state": "Stopped" + } + ] + } + argumentDocs: + arn: '- The ARN for this Auto Scaling Group' + availability_zones: '- The availability zones of the Auto Scaling Group.' + capacity_rebalance: '- (Optional) Indicates whether capacity rebalance is enabled. Otherwise, capacity rebalance is disabled.' + default_cooldown: '- Time between a scaling activity and the succeeding scaling activity.' + delete: '- (Default 10 minutes) Used for destroying ASG.' + desired_capacity: -The number of Amazon EC2 instances that should be running in the group. + enabled_metrics: '- (Optional) A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances.' + force_delete: |- + - (Optional) Allows deleting the Auto Scaling Group without waiting + for all instances in the pool to terminate. You can force an Auto Scaling Group to delete + even if it's in the process of scaling a resource. Normally, Terraform + drains all the instances before deleting the group. This bypasses that + behavior and potentially leaves resources dangling. + health_check_grace_period: '- Time after instance comes into service before checking health.' + health_check_type: '- "EC2" or "ELB". Controls how health checking is done.' + id: '- The Auto Scaling Group id.' + initial_lifecycle_hook: |- + - (Optional) One or more + Lifecycle Hooks + to attach to the Auto Scaling Group before instances are launched. The + syntax is exactly the same as the separate + aws_autoscaling_lifecycle_hook + resource, without the autoscaling_group_name attribute. Please note that this will only work when creating + a new Auto Scaling Group. For all other use-cases, please use aws_autoscaling_lifecycle_hook resource. + instance_refresh: |- + - (Optional) If this block is configured, start an + Instance Refresh + when this Auto Scaling Group is updated. Defined below. + instance_type: '- (Optional) Override the instance type in the Launch Template.' + instance_warmup: '- (Optional) The number of seconds until a newly launched instance is configured and ready to use. Default behavior is to use the Auto Scaling Group''s health check grace period.' + instances_distribution: '- (Optional) Nested argument containing settings on how to mix on-demand and Spot instances in the Auto Scaling group. Defined below.' + key: '- (Required) Key' + launch_configuration: '- The launch configuration of the Auto Scaling Group' + launch_template: '- (Required) Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below.' + launch_template_id: '- (Optional) The ID of the launch template. Conflicts with launch_template_name.' + launch_template_name: '- (Optional) The name of the launch template. Conflicts with launch_template_id.' + launch_template_specification: '- (Optional) Override the instance launch template specification in the Launch Template.' + load_balancers: |- + (Optional) A list of elastic load balancer names to add to the autoscaling + group names. Only valid for classic load balancers. For ALBs, use target_group_arns instead. + max_group_prepared_capacity: '- (Optional) Specifies the total maximum number of instances that are allowed to be in the warm pool or in any state except Terminated for the Auto Scaling group.' + max_instance_lifetime: (Optional) The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds. + max_size: '- The maximum size of the Auto Scaling Group' + metrics_granularity: '- (Optional) The granularity to associate with the metrics to collect. The only valid value is 1Minute. Default is 1Minute.' + min_elb_capacity: |- + - (Optional) Setting this causes Terraform to wait for + this number of instances from this Auto Scaling Group to show up healthy in the + ELB only on creation. Updates will not wait on ELB instance number changes. + (See also Waiting for Capacity below.) + min_healthy_percentage: '- (Optional) The amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group. Defaults to 90.' + min_size: '- The minimum size of the Auto Scaling Group' + mixed_instances_policy: (Optional) Configuration block containing settings to define launch targets for Auto Scaling groups. Defined below. + name: '- The name of the Auto Scaling Group' + name_prefix: |- + - (Optional) Creates a unique name beginning with the specified + prefix. Conflicts with name. + on_demand_allocation_strategy: '- (Optional) Strategy to use when launching on-demand instances. Valid values: prioritized. Default: prioritized.' + on_demand_base_capacity: '- (Optional) Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances. Default: 0.' + on_demand_percentage_above_base_capacity: '- (Optional) Percentage split between on-demand and Spot instances above the base on-demand capacity. Default: 100.' + override: '- (Optional) List of nested arguments provides the ability to specify multiple instance types. This will override the same parameter in the launch template. For on-demand instances, Auto Scaling considers the order of preference of instance types to launch based on the order specified in the overrides list. Defined below.' + placement_group: (Optional) The name of the placement group into which you'll launch your instances, if any. + pool_state: '- (Optional) Sets the instance state to transition to after the lifecycle hooks finish. Valid values are: Stopped (default) or Running.' + preferences: '- (Optional) Override default parameters for Instance Refresh.' + propagate_at_launch: |- + - (Required) Enables propagation of the tag to + Amazon EC2 instances launched via this ASG + protect_from_scale_in: |- + (Optional) Allows setting instance protection. The + Auto Scaling Group will not select instances with this setting for termination + during scale in events. + service_linked_role_arn: (Optional) The ARN of the service-linked role that the ASG will use to call other AWS services + spot_allocation_strategy: '- (Optional) How to allocate capacity across the Spot pools. Valid values: lowest-price, capacity-optimized, capacity-optimized-prioritized. Default: lowest-price.' + spot_instance_pools: '- (Optional) Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify. Default: 2.' + spot_max_price: '- (Optional) Maximum price per unit hour that the user is willing to pay for the Spot instances. Default: an empty string which means the on-demand price.' + strategy: '- (Required) The strategy to use for instance refresh. The only allowed value is Rolling. See StartInstanceRefresh Action for more information.' + suspended_processes: |- + - (Optional) A list of processes to suspend for the Auto Scaling Group. The allowed values are Launch, Terminate, HealthCheck, ReplaceUnhealthy, AZRebalance, AlarmNotification, ScheduledActions, AddToLoadBalancer. + Note that if you suspend either the Launch or Terminate process types, it can prevent your Auto Scaling Group from functioning properly. + tag: (Optional) Configuration block(s) containing resource tags. Conflicts with tags. Documented below. + tags: (Optional) Set of maps containing resource tags. Conflicts with tag. Documented below. + target_group_arns: (Optional) A set of aws_alb_target_group ARNs, for use with Application or Network Load Balancing. + termination_policies: (Optional) A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy, Default. + triggers: '- (Optional) Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of launch_configuration, launch_template, or mixed_instances_policy.' + value: '- (Required) Value' + version: '- (Optional) Template version. Can be version number, $Latest, or $Default. (Default: $Default).' + vpc_zone_identifier: (Optional) - The VPC zone identifier + wait_for_capacity_timeout: |- + (Default: "10m") A maximum + duration that Terraform should + wait for ASG instances to be healthy before timing out. (See also Waiting + for Capacity below.) Setting this to "0" causes + Terraform to skip all Capacity Waiting behavior. + wait_for_elb_capacity: |- + - (Optional) Setting this will cause Terraform to wait + for exactly this number of healthy instances from this Auto Scaling Group in + all attached load balancers on both create and update operations. (Takes + precedence over min_elb_capacity behavior.) + (See also Waiting for Capacity below.) + warm_pool: |- + - (Optional) If this block is configured, add a Warm Pool + to the specified Auto Scaling group. Defined below + weighted_capacity: '- (Optional) The number of capacity units, which gives the instance type a proportional weight to other instance types.' + aws_autoscaling_group_tag: + subCategory: Autoscaling + description: Manages an individual Autoscaling Group tag + name: aws_autoscaling_group_tag + titleName: aws_autoscaling_group_tag + examples: + - manifest: |- + { + "autoscaling_group_name": "${each.value}", + "for_each": "${toset(\n [for asg in flatten(\n [for resources in aws_eks_node_group.example.resources : resources.autoscaling_groups]\n ) : asg.name]\n )}", + "tag": [ + { + "key": "k8s.io/cluster-autoscaler/node-template/label/eks.amazonaws.com/capacityType", + "propagate_at_launch": false, + "value": "SPOT" + } + ] + } + references: + autoscaling_group_name: each.value + argumentDocs: + autoscaling_group_name: '- (Required) The name of the Autoscaling Group to apply the tag to.' + id: '- ASG name and key, separated by a comma (,)' + key: '- (Required) Tag name.' + propagate_at_launch: '- (Required) Whether to propagate the tags to instances launched by the ASG.' + tag: '- (Required) The tag to create. The tag block is documented below.' + value: '- (Required) Tag value.' + aws_autoscaling_lifecycle_hook: + subCategory: Autoscaling + description: Provides an AutoScaling Lifecycle Hook resource. + name: aws_autoscaling_lifecycle_hook + titleName: aws_autoscaling_lifecycle_hook + examples: + - manifest: |- + { + "autoscaling_group_name": "${aws_autoscaling_group.foobar.name}", + "default_result": "CONTINUE", + "heartbeat_timeout": 2000, + "lifecycle_transition": "autoscaling:EC2_INSTANCE_LAUNCHING", + "name": "foobar", + "notification_metadata": "{\n \"foo\": \"bar\"\n}\n", + "notification_target_arn": "arn:aws:sqs:us-east-1:444455556666:queue1*", + "role_arn": "arn:aws:iam::123456789012:role/S3Access" + } + references: + autoscaling_group_name: aws_autoscaling_group.name + argumentDocs: + autoscaling_group_name: '- (Required) The name of the Auto Scaling group to which you want to assign the lifecycle hook' + default_result: '- (Optional) Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. The value for this parameter can be either CONTINUE or ABANDON. The default value for this parameter is ABANDON.' + heartbeat_timeout: '- (Optional) Defines the amount of time, in seconds, that can elapse before the lifecycle hook times out. When the lifecycle hook times out, Auto Scaling performs the action defined in the DefaultResult parameter' + lifecycle_transition: '- (Required) The instance state to which you want to attach the lifecycle hook. For a list of lifecycle hook types, see describe-lifecycle-hook-types' + name: '- (Required) The name of the lifecycle hook.' + notification_metadata: '- (Optional) Contains additional information that you want to include any time Auto Scaling sends a message to the notification target.' + notification_target_arn: '- (Optional) The ARN of the notification target that Auto Scaling will use to notify you when an instance is in the transition state for the lifecycle hook. This ARN target can be either an SQS queue or an SNS topic.' + role_arn: '- (Optional) The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target.' + aws_autoscaling_notification: + subCategory: Autoscaling + description: Provides an AutoScaling Group with Notification support + name: aws_autoscaling_notification + titleName: aws_autoscaling_notification + examples: + - manifest: |- + { + "group_names": [ + "${aws_autoscaling_group.bar.name}", + "${aws_autoscaling_group.foo.name}" + ], + "notifications": [ + "autoscaling:EC2_INSTANCE_LAUNCH", + "autoscaling:EC2_INSTANCE_TERMINATE", + "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", + "autoscaling:EC2_INSTANCE_TERMINATE_ERROR" + ], + "topic_arn": "${aws_sns_topic.example.arn}" + } + references: + topic_arn: aws_sns_topic.arn + argumentDocs: + group_names: '- (Required) A list of AutoScaling Group Names' + notifications: |- + - (Required) A list of Notification Types that trigger + notifications. Acceptable values are documented in the AWS documentation here + topic_arn: '- (Required) The Topic ARN for notifications to be sent through' + aws_autoscaling_policy: + subCategory: Autoscaling + description: Provides an AutoScaling Scaling Group resource. + name: aws_autoscaling_policy + titleName: aws_autoscaling_policy + examples: + - manifest: |- + { + "adjustment_type": "ChangeInCapacity", + "autoscaling_group_name": "${aws_autoscaling_group.bar.name}", + "cooldown": 300, + "name": "foobar3-terraform-test", + "scaling_adjustment": 4 + } + references: + autoscaling_group_name: aws_autoscaling_group.name + - manifest: |- + { + "step_adjustment": [ + { + "metric_interval_lower_bound": 1, + "metric_interval_upper_bound": 2, + "scaling_adjustment": -1 + }, + { + "metric_interval_lower_bound": 2, + "metric_interval_upper_bound": 3, + "scaling_adjustment": 1 + } + ] + } + - manifest: |- + { + "target_tracking_configuration": [ + { + "predefined_metric_specification": [ + { + "predefined_metric_type": "ASGAverageCPUUtilization" + } + ], + "target_value": 40 + }, + { + "customized_metric_specification": [ + { + "metric_dimension": [ + { + "name": "fuga", + "value": "fuga" + } + ], + "metric_name": "hoge", + "namespace": "hoge", + "statistic": "Average" + } + ], + "target_value": 40 + } + ] + } + argumentDocs: + adjustment_type: '- The scaling policy''s adjustment type.' + arn: '- The ARN assigned by AWS to the scaling policy.' + autoscaling_group_name: '- The scaling policy''s assigned autoscaling group.' + cooldown: '- (Optional) The amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start.' + customized_metric_specification: '- (Optional) A customized metric. Conflicts with predefined_metric_specification.' + disable_scale_in: '- (Optional, Default: false) Indicates whether scale in by the target tracking policy is disabled.' + estimated_instance_warmup: '- (Optional) The estimated time, in seconds, until a newly launched instance will contribute CloudWatch metrics. Without a value, AWS will default to the group''s specified cooldown period.' + max_capacity_breach_behavior: '- (Optional) Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity of the Auto Scaling group. Valid values are HonorMaxCapacity or IncreaseMaxCapacity. Default is HonorMaxCapacity.' + max_capacity_buffer: '- (Optional) The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. Valid range is 0 to 100. If set to 0, Amazon EC2 Auto Scaling may scale capacity higher than the maximum capacity to equal but not exceed forecast capacity.' + metric_aggregation_type: '- (Optional) The aggregation type for the policy''s metrics. Valid values are "Minimum", "Maximum", and "Average". Without a value, AWS will treat the aggregation type as "Average".' + metric_dimension: '- (Optional) The dimensions of the metric.' + metric_interval_lower_bound: |- + - (Optional) The lower bound for the + difference between the alarm threshold and the CloudWatch metric. + Without a value, AWS will treat this bound as infinity. + metric_interval_upper_bound: |- + - (Optional) The upper bound for the + difference between the alarm threshold and the CloudWatch metric. + Without a value, AWS will treat this bound as infinity. The upper bound + must be greater than the lower bound. + metric_name: '- (Required) The name of the metric.' + metric_specification: '- (Required) This structure includes the metrics and target utilization to use for predictive scaling.' + min_adjustment_magnitude: '- (Optional) Minimum value to scale by when adjustment_type is set to PercentChangeInCapacity.' + mode: '- (Optional) The predictive scaling mode. Valid values are ForecastAndScale and ForecastOnly. Default is ForecastOnly.' + name: '- The scaling policy''s name.' + namespace: '- (Required) The namespace of the metric.' + policy_type: '- The scaling policy''s type.' + predefined_load_metric_specification: '- (Optional) The load metric specification.' + predefined_metric_pair_specification: '- (Optional) The metric pair specification from which Amazon EC2 Auto Scaling determines the appropriate scaling metric and load metric to use.' + predefined_metric_specification: '- (Optional) A predefined metric. Conflicts with customized_metric_specification.' + predefined_metric_type: '- (Required) Describes a scaling metric for a predictive scaling policy. Valid values are ASGAverageCPUUtilization, ASGAverageNetworkIn, ASGAverageNetworkOut, or ALBRequestCountPerTarget.' + predefined_scaling_metric_specification: '- (Optional) The scaling metric specification.' + predictive_scaling_configuration: '- (Optional) The predictive scaling policy configuration to use with Amazon EC2 Auto Scaling.' + resource_label: '- (Required) A label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group.' + scaling_adjustment: |- + - (Required) The number of members by which to + scale, when the adjustment bounds are breached. A positive value scales + up. A negative value scales down. + scheduling_buffer_time: '- (Optional) The amount of time, in seconds, by which the instance launch time can be advanced. Minimum is 0.' + statistic: '- (Required) The statistic of the metric.' + step_adjustment: |- + - (Optional) A set of adjustments that manage + group scaling. These have the following structure: + target_tracking_configuration: '- (Optional) A target tracking policy. These have the following structure:' + target_value: '- (Required) The target value for the metric.' + unit: '- (Optional) The unit of the metric.' + value: '- (Required) The value of the dimension.' + aws_autoscaling_schedule: + subCategory: Autoscaling + description: Provides an AutoScaling Schedule resource. + name: aws_autoscaling_schedule + titleName: aws_autoscaling_schedule + examples: + - manifest: |- + { + "autoscaling_group_name": "${aws_autoscaling_group.foobar.name}", + "desired_capacity": 0, + "end_time": "2016-12-12T06:00:00Z", + "max_size": 1, + "min_size": 0, + "scheduled_action_name": "foobar", + "start_time": "2016-12-11T18:00:00Z" + } + references: + autoscaling_group_name: aws_autoscaling_group.name + argumentDocs: + arn: '- The ARN assigned by AWS to the autoscaling schedule.' + autoscaling_group_name: '- (Required) The name or Amazon Resource Name (ARN) of the Auto Scaling group.' + desired_capacity: '- (Optional) The number of EC2 instances that should be running in the group. Default 0. Set to -1 if you don''t want to change the desired capacity at the scheduled time.' + end_time: |- + - (Optional) The time for this action to end, in "YYYY-MM-DDThh:mm:ssZ" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ). + If you try to schedule your action in the past, Auto Scaling returns an error message. + max_size: |- + - (Optional) The maximum size for the Auto Scaling group. Default 0. + Set to -1 if you don't want to change the maximum size at the scheduled time. + min_size: |- + - (Optional) The minimum size for the Auto Scaling group. Default 0. + Set to -1 if you don't want to change the minimum size at the scheduled time. + recurrence: '- (Optional) The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format.' + scheduled_action_name: '- (Required) The name of this scaling action.' + start_time: |- + - (Optional) The time for this action to start, in "YYYY-MM-DDThh:mm:ssZ" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ). + If you try to schedule your action in the past, Auto Scaling returns an error message. + time_zone: '- (Optional) The timezone for the cron expression. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or Pacific/Tahiti).' + aws_autoscalingplans_scaling_plan: + subCategory: Autoscaling Plans + description: Manages an AWS Auto Scaling scaling plan. + name: aws_autoscalingplans_scaling_plan + titleName: aws_autoscalingplans_scaling_plan + examples: + - manifest: |- + { + "application_source": [ + { + "tag_filter": [ + { + "key": "application", + "values": [ + "example" + ] + } + ] + } + ], + "name": "example-dynamic-cost-optimization", + "scaling_instruction": [ + { + "max_capacity": 3, + "min_capacity": 0, + "resource_id": "${format(\"autoScalingGroup/%s\", aws_autoscaling_group.example.name)}", + "scalable_dimension": "autoscaling:autoScalingGroup:DesiredCapacity", + "service_namespace": "autoscaling", + "target_tracking_configuration": [ + { + "predefined_scaling_metric_specification": [ + { + "predefined_scaling_metric_type": "ASGAverageCPUUtilization" + } + ], + "target_value": 70 + } + ] + } + ] + } + - manifest: |- + { + "application_source": [ + { + "tag_filter": [ + { + "key": "application", + "values": [ + "example" + ] + } + ] + } + ], + "name": "example-predictive-cost-optimization", + "scaling_instruction": [ + { + "disable_dynamic_scaling": true, + "max_capacity": 3, + "min_capacity": 0, + "predefined_load_metric_specification": [ + { + "predefined_load_metric_type": "ASGTotalCPUUtilization" + } + ], + "predictive_scaling_max_capacity_behavior": "SetForecastCapacityToMaxCapacity", + "predictive_scaling_mode": "ForecastAndScale", + "resource_id": "${format(\"autoScalingGroup/%s\", aws_autoscaling_group.example.name)}", + "scalable_dimension": "autoscaling:autoScalingGroup:DesiredCapacity", + "service_namespace": "autoscaling", + "target_tracking_configuration": [ + { + "predefined_scaling_metric_specification": [ + { + "predefined_scaling_metric_type": "ASGAverageCPUUtilization" + } + ], + "target_value": 70 + } + ] + } + ] + } + argumentDocs: + application_source: '- (Required) A CloudFormation stack or set of tags. You can create one scaling plan per application source.' + cloudformation_stack_arn: '- (Optional) The Amazon Resource Name (ARN) of a AWS CloudFormation stack.' + customized_load_metric_specification: |- + - (Optional) The customized load metric to use for predictive scaling. You must specify either customized_load_metric_specification or predefined_load_metric_specification when configuring predictive scaling. + More details can be found in the AWS Auto Scaling API Reference. + customized_scaling_metric_specification: |- + - (Optional) A customized metric. You can specify either customized_scaling_metric_specification or predefined_scaling_metric_specification. + More details can be found in the AWS Auto Scaling API Reference. + dimensions: '- (Optional) The dimensions of the metric.' + disable_dynamic_scaling: '- (Optional) Boolean controlling whether dynamic scaling by AWS Auto Scaling is disabled. Defaults to false.' + disable_scale_in: '- (Optional) Boolean indicating whether scale in by the target tracking scaling policy is disabled. Defaults to false.' + estimated_instance_warmup: |- + - (Optional) The estimated time, in seconds, until a newly launched instance can contribute to the CloudWatch metrics. + This value is used only if the resource is an Auto Scaling group. + id: '- The scaling plan identifier.' + key: '- (Required) The tag key.' + max_capacity: '- (Required) The maximum capacity of the resource. The exception to this upper limit is if you specify a non-default setting for predictive_scaling_max_capacity_behavior.' + metric_name: '- (Required) The name of the metric.' + min_capacity: '- (Required) The minimum capacity of the resource.' + name: '- (Required) The name of the scaling plan. Names cannot contain vertical bars, colons, or forward slashes.' + namespace: '- (Required) The namespace of the metric.' + predefined_load_metric_specification: |- + - (Optional) The predefined load metric to use for predictive scaling. You must specify either predefined_load_metric_specification or customized_load_metric_specification when configuring predictive scaling. + More details can be found in the AWS Auto Scaling API Reference. + predefined_load_metric_type: '- (Required) The metric type. Valid values: ALBTargetGroupRequestCount, ASGTotalCPUUtilization, ASGTotalNetworkIn, ASGTotalNetworkOut.' + predefined_scaling_metric_specification: |- + - (Optional) A predefined metric. You can specify either predefined_scaling_metric_specification or customized_scaling_metric_specification. + More details can be found in the AWS Auto Scaling API Reference. + predefined_scaling_metric_type: '- (Required) The metric type. Valid values: ALBRequestCountPerTarget, ASGAverageCPUUtilization, ASGAverageNetworkIn, ASGAverageNetworkOut, DynamoDBReadCapacityUtilization, DynamoDBWriteCapacityUtilization, ECSServiceAverageCPUUtilization, ECSServiceAverageMemoryUtilization, EC2SpotFleetRequestAverageCPUUtilization, EC2SpotFleetRequestAverageNetworkIn, EC2SpotFleetRequestAverageNetworkOut, RDSReaderAverageCPUUtilization, RDSReaderAverageDatabaseConnections.' + predictive_scaling_max_capacity_behavior: |- + - (Optional) Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity specified for the resource. + Valid values: SetForecastCapacityToMaxCapacity, SetMaxCapacityAboveForecastCapacity, SetMaxCapacityToForecastCapacity. + predictive_scaling_max_capacity_buffer: '- (Optional) The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity.' + predictive_scaling_mode: '- (Optional) The predictive scaling mode. Valid values: ForecastAndScale, ForecastOnly.' + resource_id: '- (Required) The ID of the resource. This string consists of the resource type and unique identifier.' + resource_label: '- (Optional) Identifies the resource associated with the metric type.' + scalable_dimension: '- (Required) The scalable dimension associated with the resource. Valid values: autoscaling:autoScalingGroup:DesiredCapacity, dynamodb:index:ReadCapacityUnits, dynamodb:index:WriteCapacityUnits, dynamodb:table:ReadCapacityUnits, dynamodb:table:WriteCapacityUnits, ecs:service:DesiredCount, ec2:spot-fleet-request:TargetCapacity, rds:cluster:ReadReplicaCount.' + scale_in_cooldown: |- + - (Optional) The amount of time, in seconds, after a scale in activity completes before another scale in activity can start. + This value is not used if the scalable resource is an Auto Scaling group. + scale_out_cooldown: |- + - (Optional) The amount of time, in seconds, after a scale-out activity completes before another scale-out activity can start. + This value is not used if the scalable resource is an Auto Scaling group. + scaling_instruction: '- (Required) The scaling instructions. More details can be found in the AWS Auto Scaling API Reference.' + scaling_plan_version: '- The version number of the scaling plan. This value is always 1.' + scaling_policy_update_behavior: '- (Optional) Controls whether a resource''s externally created scaling policies are kept or replaced. Valid values: KeepExternalPolicies, ReplaceExternalPolicies. Defaults to KeepExternalPolicies.' + scheduled_action_buffer_time: '- (Optional) The amount of time, in seconds, to buffer the run time of scheduled scaling actions when scaling out.' + service_namespace: '- (Required) The namespace of the AWS service. Valid values: autoscaling, dynamodb, ecs, ec2, rds.' + statistic: '- (Required) The statistic of the metric. Valid values: Average, Maximum, Minimum, SampleCount, Sum.' + tag_filter: '- (Optional) A set of tags.' + target_tracking_configuration: |- + - (Required) The structure that defines new target tracking configurations. Each of these structures includes a specific scaling metric and a target value for the metric, along with various parameters to use with dynamic scaling. + More details can be found in the AWS Auto Scaling API Reference. + target_value: '- (Required) The target value for the metric.' + unit: '- (Optional) The unit of the metric.' + values: '- (Optional) The tag values.' + aws_backup_global_settings: + subCategory: Backup + description: Provides an AWS Backup Global Settings resource. + name: aws_backup_global_settings + titleName: aws_backup_global_settings + examples: + - manifest: |- + { + "global_settings": { + "isCrossAccountBackupEnabled": "true" + } + } + argumentDocs: + global_settings: '- (Required) A list of resources along with the opt-in preferences for the account.' + id: '- The AWS Account ID.' + aws_backup_plan: + subCategory: Backup + description: Provides an AWS Backup plan resource. + name: aws_backup_plan + titleName: aws_backup_plan + examples: + - manifest: |- + { + "advanced_backup_setting": [ + { + "backup_options": { + "WindowsVSS": "enabled" + }, + "resource_type": "EC2" + } + ], + "name": "tf_example_backup_plan", + "rule": [ + { + "rule_name": "tf_example_backup_rule", + "schedule": "cron(0 12 * * ? *)", + "target_vault_name": "${aws_backup_vault.test.name}" + } + ] + } + argumentDocs: + advanced_backup_setting: '- (Optional) An object that specifies backup options for each resource type.' + arn: '- The ARN of the backup plan.' + backup_options: '- (Required) Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs. Set to { WindowsVSS = "enabled" } to enable Windows VSS backup option and create a VSS Windows backup.' + cold_storage_after: '- (Optional) Specifies the number of days after creation that a recovery point is moved to cold storage.' + completion_window: '- (Optional) The amount of time AWS Backup attempts a backup before canceling the job and returning an error.' + copy_action: '- (Optional) Configuration block(s) with copy operation settings. Detailed below.' + delete_after: '- (Optional) Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than cold_storage_after.' + destination_vault_arn: '- (Required) An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup.' + enable_continuous_backup: '- (Optional) Enable continuous backups for supported resources.' + id: '- The id of the backup plan.' + lifecycle: '- (Optional) The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. Fields documented above.' + name: '- (Required) The display name of a backup plan.' + recovery_point_tags: '- (Optional) Metadata that you can assign to help organize the resources that you create.' + resource_type: '- (Required) The type of AWS resource to be backed up. For VSS Windows backups, the only supported resource type is Amazon EC2. Valid values: EC2.' + rule: '- (Required) A rule object that specifies a scheduled task that is used to back up a selection of resources.' + rule_name: '- (Required) An display name for a backup rule.' + schedule: '- (Optional) A CRON expression specifying when AWS Backup initiates a backup job.' + start_window: '- (Optional) The amount of time in minutes before beginning a backup.' + tags: '- (Optional) Metadata that you can assign to help organize the plans you create. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_vault_name: '- (Required) The name of a logical container where backups are stored.' + version: '- Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan.' + aws_backup_region_settings: + subCategory: Backup + description: Provides an AWS Backup Region Settings resource. + name: aws_backup_region_settings + titleName: aws_backup_region_settings + examples: + - manifest: |- + { + "resource_type_opt_in_preference": { + "Aurora": true, + "DynamoDB": true, + "EBS": true, + "EC2": true, + "EFS": true, + "FSx": true, + "RDS": true, + "Storage Gateway": true + } + } + argumentDocs: + id: '- The AWS region.' + resource_type_opt_in_preference: '- (Required) A map of services along with the opt-in preferences for the Region.' + aws_backup_selection: + subCategory: Backup + description: Manages selection conditions for AWS Backup plan resources. + name: aws_backup_selection + titleName: aws_backup_selection + examples: + - manifest: |- + { + "iam_role_arn": "${aws_iam_role.example.arn}" + } + references: + iam_role_arn: aws_iam_role.arn + - manifest: |- + { + "iam_role_arn": "${aws_iam_role.example.arn}", + "name": "tf_example_backup_selection", + "plan_id": "${aws_backup_plan.example.id}", + "selection_tag": [ + { + "key": "foo", + "type": "STRINGEQUALS", + "value": "bar" + } + ] + } + references: + iam_role_arn: aws_iam_role.arn + plan_id: aws_backup_plan.id + - manifest: |- + { + "iam_role_arn": "${aws_iam_role.example.arn}", + "name": "tf_example_backup_selection", + "plan_id": "${aws_backup_plan.example.id}", + "resources": [ + "${aws_db_instance.example.arn}", + "${aws_ebs_volume.example.arn}", + "${aws_efs_file_system.example.arn}" + ] + } + references: + iam_role_arn: aws_iam_role.arn + plan_id: aws_backup_plan.id + argumentDocs: + iam_role_arn: '- (Required) The ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. See the AWS Backup Developer Guide for additional information about using AWS managed policies or creating custom policies attached to the IAM role.' + id: '- Backup Selection identifier' + key: '- (Required) The key in a key-value pair.' + name: '- (Required) The display name of a resource selection document.' + plan_id: '- (Required) The backup plan ID to be associated with the selection of resources.' + resources: '- (Optional) An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan..' + selection_tag: '- (Optional) Tag-based conditions used to specify a set of resources to assign to a backup plan.' + type: '- (Required) An operation, such as StringEquals, that is applied to a key-value pair used to filter resources in a selection.' + value: '- (Required) The value in a key-value pair.' + aws_backup_vault: + subCategory: Backup + description: Provides an AWS Backup vault resource. + name: aws_backup_vault + titleName: aws_backup_vault + examples: + - manifest: |- + { + "kms_key_arn": "${aws_kms_key.example.arn}", + "name": "example_backup_vault" + } + references: + kms_key_arn: aws_kms_key.arn + argumentDocs: + arn: '- The ARN of the vault.' + id: '- The name of the vault.' + kms_key_arn: '- (Optional) The server-side encryption key that is used to protect your backups.' + name: '- (Required) Name of the backup vault to create.' + recovery_points: '- The number of recovery points that are stored in a backup vault.' + tags: '- (Optional) Metadata that you can assign to help organize the resources that you create. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_backup_vault_notifications: + subCategory: Backup + description: Provides an AWS Backup vault notifications resource. + name: aws_backup_vault_notifications + titleName: aws_backup_vault_notifications + examples: + - manifest: |- + { + "backup_vault_events": [ + "BACKUP_JOB_STARTED", + "RESTORE_JOB_COMPLETED" + ], + "backup_vault_name": "example_backup_vault", + "sns_topic_arn": "${aws_sns_topic.test.arn}" + } + references: + sns_topic_arn: aws_sns_topic.arn + argumentDocs: + backup_vault_arn: '- The ARN of the vault.' + backup_vault_events: '- (Required) An array of events that indicate the status of jobs to back up resources to the backup vault.' + backup_vault_name: '- (Required) Name of the backup vault to add notifications for.' + id: '- The name of the vault.' + sns_topic_arn: '- (Required) The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events' + aws_backup_vault_policy: + subCategory: Backup + description: Provides an AWS Backup vault policy resource. + name: aws_backup_vault_policy + titleName: aws_backup_vault_policy + examples: + - manifest: |- + { + "backup_vault_name": "${aws_backup_vault.example.name}", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"default\",\n \"Statement\": [\n {\n \"Sid\": \"default\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": [\n\t\t\"backup:DescribeBackupVault\",\n\t\t\"backup:DeleteBackupVault\",\n\t\t\"backup:PutBackupVaultAccessPolicy\",\n\t\t\"backup:DeleteBackupVaultAccessPolicy\",\n\t\t\"backup:GetBackupVaultAccessPolicy\",\n\t\t\"backup:StartBackupJob\",\n\t\t\"backup:GetBackupVaultNotifications\",\n\t\t\"backup:PutBackupVaultNotifications\"\n ],\n \"Resource\": \"${aws_backup_vault.example.arn}\"\n }\n ]\n}\n" + } + references: + backup_vault_name: aws_backup_vault.name + argumentDocs: + backup_vault_arn: '- The ARN of the vault.' + backup_vault_name: '- (Required) Name of the backup vault to add policy for.' + id: '- The name of the vault.' + policy: '- (Required) The backup vault access policy document in JSON format.' + aws_batch_compute_environment: + subCategory: Batch + description: Creates a AWS Batch compute environment. + name: aws_batch_compute_environment + titleName: aws_batch_compute_environment + examples: + - manifest: |- + { + "compute_environment_name": "sample", + "compute_resources": [ + { + "instance_role": "${aws_iam_instance_profile.ecs_instance_role.arn}", + "instance_type": [ + "c4.large" + ], + "max_vcpus": 16, + "min_vcpus": 0, + "security_group_ids": [ + "${aws_security_group.sample.id}" + ], + "subnets": [ + "${aws_subnet.sample.id}" + ], + "type": "EC2" + } + ], + "depends_on": [ + "${aws_iam_role_policy_attachment.aws_batch_service_role}" + ], + "service_role": "${aws_iam_role.aws_batch_service_role.arn}", + "type": "MANAGED" + } + references: + service_role: aws_iam_role.arn + - manifest: |- + { + "compute_environment_name": "sample", + "compute_resources": [ + { + "max_vcpus": 16, + "security_group_ids": [ + "${aws_security_group.sample.id}" + ], + "subnets": [ + "${aws_subnet.sample.id}" + ], + "type": "FARGATE" + } + ], + "depends_on": [ + "${aws_iam_role_policy_attachment.aws_batch_service_role}" + ], + "service_role": "${aws_iam_role.aws_batch_service_role.arn}", + "type": "MANAGED" + } + references: + service_role: aws_iam_role.arn + argumentDocs: + allocation_strategy: '- (Optional) The allocation strategy to use for the compute resource in case not enough instances of the best fitting instance type can be allocated. Valid items are BEST_FIT_PROGRESSIVE, SPOT_CAPACITY_OPTIMIZED or BEST_FIT. Defaults to BEST_FIT. See AWS docs for details. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + arn: '- The Amazon Resource Name (ARN) of the compute environment.' + bid_percentage: '- (Optional) Integer of minimum percentage that a Spot Instance price must be when compared with the On-Demand price for that instance type before instances are launched. For example, if your bid percentage is 20% (20), then the Spot price must be below 20% of the current On-Demand price for that EC2 instance. This parameter is required for SPOT compute environments. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + compute_environment_name: '- (Optional, Forces new resource) The name for your compute environment. Up to 128 letters (uppercase and lowercase), numbers, and underscores are allowed. If omitted, Terraform will assign a random, unique name.' + compute_environment_name_prefix: '- (Optional, Forces new resource) Creates a unique compute environment name beginning with the specified prefix. Conflicts with compute_environment_name.' + compute_resources: '- (Optional) Details of the compute resources managed by the compute environment. This parameter is required for managed compute environments. See details below.' + desired_vcpus: '- (Optional) The desired number of EC2 vCPUS in the compute environment. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + ec2_key_pair: '- (Optional) The EC2 key pair that is used for instances launched in the compute environment. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + ecs_cluster_arn: '- The Amazon Resource Name (ARN) of the underlying Amazon ECS cluster used by the compute environment.' + image_id: '- (Optional) The Amazon Machine Image (AMI) ID used for instances launched in the compute environment. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + instance_role: '- (Optional) The Amazon ECS instance role applied to Amazon EC2 instances in a compute environment. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + instance_type: '- (Optional) A list of instance types that may be launched. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + launch_template: '- (Optional) The launch template to use for your compute resources. See details below. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + launch_template_id: '- (Optional) ID of the launch template. You must specify either the launch template ID or launch template name in the request, but not both.' + launch_template_name: '- (Optional) Name of the launch template.' + max_vcpus: '- (Required) The maximum number of EC2 vCPUs that an environment can reach.' + min_vcpus: '- (Optional) The minimum number of EC2 vCPUs that an environment should maintain. For EC2 or SPOT compute environments, if the parameter is not explicitly defined, a 0 default value will be set. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + security_group_ids: '- (Required) A list of EC2 security group that are associated with instances launched in the compute environment.' + service_role: '- (Required) The full Amazon Resource Name (ARN) of the IAM role that allows AWS Batch to make calls to other AWS services on your behalf.' + spot_iam_fleet_role: '- (Optional) The Amazon Resource Name (ARN) of the Amazon EC2 Spot Fleet IAM role applied to a SPOT compute environment. This parameter is required for SPOT compute environments. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + state: '- (Optional) The state of the compute environment. If the state is ENABLED, then the compute environment accepts jobs from a queue and can scale out automatically based on queues. Valid items are ENABLED or DISABLED. Defaults to ENABLED.' + status: '- The current status of the compute environment (for example, CREATING or VALID).' + status_reason: '- A short, human-readable string to provide additional details about the current status of the compute environment.' + subnets: '- (Required) A list of VPC subnets into which the compute resources are launched.' + tags: '- (Optional) Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn''t applicable to jobs running on Fargate resources, and shouldn''t be specified.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of compute environment. Valid items are EC2, SPOT, FARGATE or FARGATE_SPOT.' + version: '- (Optional) The version number of the launch template. Default: The default version of the launch template.' + aws_batch_job_definition: + subCategory: Batch + description: Provides a Batch Job Definition resource. + name: aws_batch_job_definition + titleName: aws_batch_job_definition + examples: + - manifest: |- + { + "container_properties": "{\n\t\"command\": [\"ls\", \"-la\"],\n\t\"image\": \"busybox\",\n\t\"memory\": 1024,\n\t\"vcpus\": 1,\n\t\"volumes\": [\n {\n \"host\": {\n \"sourcePath\": \"/tmp\"\n },\n \"name\": \"tmp\"\n }\n ],\n\t\"environment\": [\n\t\t{\"name\": \"VARNAME\", \"value\": \"VARVAL\"}\n\t],\n\t\"mountPoints\": [\n\t\t{\n \"sourceVolume\": \"tmp\",\n \"containerPath\": \"/tmp\",\n \"readOnly\": false\n }\n\t],\n \"ulimits\": [\n {\n \"hardLimit\": 1024,\n \"name\": \"nofile\",\n \"softLimit\": 1024\n }\n ]\n}\n", + "name": "tf_test_batch_job_definition", + "type": "container" + } + - manifest: |- + { + "container_properties": "{\n \"command\": [\"echo\", \"test\"],\n \"image\": \"busybox\",\n \"fargatePlatformConfiguration\": {\n \"platformVersion\": \"LATEST\"\n },\n \"resourceRequirements\": [\n {\"type\": \"VCPU\", \"value\": \"0.25\"},\n {\"type\": \"MEMORY\", \"value\": \"512\"}\n ],\n \"executionRoleArn\": \"${aws_iam_role.ecs_task_execution_role.arn}\"\n}\n", + "name": "tf_test_batch_job_definition", + "platform_capabilities": [ + "FARGATE" + ], + "type": "container" + } + argumentDocs: + action: '- (Required) Specifies the action to take if all of the specified conditions are met. The values are not case sensitive. Valid values: RETRY, EXIT.' + arn: '- The Amazon Resource Name of the job definition.' + attempt_duration_seconds: '- (Optional) The time duration in seconds after which AWS Batch terminates your jobs if they have not finished. The minimum value for the timeout is 60 seconds.' + attempts: '- (Optional) The number of times to move a job to the RUNNABLE status. You may specify between 1 and 10 attempts.' + container_properties: |- + - (Optional) A valid container properties + provided as a single valid JSON document. This parameter is required if the type parameter is container. + evaluate_on_exit: '- (Optional) The evaluate on exit conditions under which the job should be retried or failed. If this parameter is specified, then the attempts parameter must also be specified. You may specify up to 5 configuration blocks.' + name: '- (Required) Specifies the name of the job definition.' + on_exit_code: '- (Optional) A glob pattern to match against the decimal representation of the exit code returned for a job.' + on_reason: '- (Optional) A glob pattern to match against the reason returned for a job.' + on_status_reason: '- (Optional) A glob pattern to match against the status reason returned for a job.' + parameters: '- (Optional) Specifies the parameter substitution placeholders to set in the job definition.' + platform_capabilities: '- (Optional) The platform capabilities required by the job definition. If no value is specified, it defaults to EC2. To run the job on Fargate resources, specify FARGATE.' + propagate_tags: '- (Optional) Specifies whether to propagate the tags from the job definition to the corresponding Amazon ECS task. Default is false.' + retry_strategy: |- + - (Optional) Specifies the retry strategy to use for failed jobs that are submitted with this job definition. + Maximum number of retry_strategy is 1. Defined below. + revision: '- The revision of the job definition.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout: '- (Optional) Specifies the timeout for jobs so that if a job runs longer, AWS Batch terminates the job. Maximum number of timeout is 1. Defined below.' + type: '- (Required) The type of job definition. Must be container.' + aws_batch_job_queue: + subCategory: Batch + description: Provides a Batch Job Queue resource. + name: aws_batch_job_queue + titleName: aws_batch_job_queue + examples: + - manifest: |- + { + "compute_environments": [ + "${aws_batch_compute_environment.test_environment_1.arn}", + "${aws_batch_compute_environment.test_environment_2.arn}" + ], + "name": "tf-test-batch-job-queue", + "priority": 1, + "state": "ENABLED" + } + argumentDocs: + arn: '- The Amazon Resource Name of the job queue.' + compute_environments: |- + - (Required) Specifies the set of compute environments + mapped to a job queue and their order. The position of the compute environments + in the list will dictate the order. You can associate up to 3 compute environments + with a job queue. + name: '- (Required) Specifies the name of the job queue.' + priority: |- + - (Required) The priority of the job queue. Job queues with a higher priority + are evaluated first when associated with the same compute environment. + state: '- (Required) The state of the job queue. Must be one of: ENABLED or DISABLED' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_budgets_budget: + subCategory: Budgets + description: Provides a budgets budget resource. + name: aws_budgets_budget + titleName: aws_budgets_budget + examples: + - manifest: |- + { + "budget_type": "COST", + "cost_filter": [ + { + "name": "Service", + "values": [ + "Amazon Elastic Compute Cloud - Compute" + ] + } + ], + "limit_amount": "1200", + "limit_unit": "USD", + "name": "budget-ec2-monthly", + "notification": [ + { + "comparison_operator": "GREATER_THAN", + "notification_type": "FORECASTED", + "subscriber_email_addresses": [ + "test@example.com" + ], + "threshold": 100, + "threshold_type": "PERCENTAGE" + } + ], + "time_period_end": "2087-06-15_00:00", + "time_period_start": "2017-07-01_00:00", + "time_unit": "MONTHLY" + } + - manifest: |- + { + "budget_type": "COST", + "limit_amount": "100", + "limit_unit": "USD" + } + - manifest: |- + { + "budget_type": "USAGE", + "limit_amount": "3", + "limit_unit": "GB" + } + - manifest: |- + { + "budget_type": "SAVINGS_PLANS_UTILIZATION", + "cost_types": [ + { + "include_credit": false, + "include_discount": false, + "include_other_subscription": false, + "include_recurring": false, + "include_refund": false, + "include_subscription": true, + "include_support": false, + "include_tax": false, + "include_upfront": false, + "use_blended": false + } + ], + "limit_amount": "100.0", + "limit_unit": "PERCENTAGE" + } + - manifest: |- + { + "budget_type": "RI_UTILIZATION", + "cost_filters": { + "Service": "Amazon Relational Database Service" + }, + "cost_types": [ + { + "include_credit": false, + "include_discount": false, + "include_other_subscription": false, + "include_recurring": false, + "include_refund": false, + "include_subscription": true, + "include_support": false, + "include_tax": false, + "include_upfront": false, + "use_blended": false + } + ], + "limit_amount": "100.0", + "limit_unit": "PERCENTAGE" + } + argumentDocs: + account_id: '- (Optional) The ID of the target account for budget. Will use current user''s account_id by default if omitted.' + arn: '- The ARN of the budget.' + budget_type: '- (Required) Whether this budget tracks monetary cost or usage.' + comparison_operator: '- (Required) Comparison operator to use to evaluate the condition. Can be LESS_THAN, EQUAL_TO or GREATER_THAN.' + cost: "" + cost_filter: '- (Optional) A list of CostFilter name/values pair to apply to budget.' + cost_filters: '- (Optional) Map of CostFilters key/value pairs to apply to the budget.' + cost_types: '- (Optional) Object containing CostTypes The types of cost included in a budget, such as tax and subscriptions.' + id: '- id of resource.' + include_credit: '- A boolean value whether to include credits in the cost budget. Defaults to true' + include_discount: '- Specifies whether a budget includes discounts. Defaults to true' + include_other_subscription: '- A boolean value whether to include other subscription costs in the cost budget. Defaults to true' + include_recurring: '- A boolean value whether to include recurring costs in the cost budget. Defaults to true' + include_refund: '- A boolean value whether to include refunds in the cost budget. Defaults to true' + include_subscription: '- A boolean value whether to include subscriptions in the cost budget. Defaults to true' + include_support: '- A boolean value whether to include support costs in the cost budget. Defaults to true' + include_tax: '- A boolean value whether to include tax in the cost budget. Defaults to true' + include_upfront: '- A boolean value whether to include upfront costs in the cost budget. Defaults to true' + limit_amount: '- (Required) The amount of cost or usage being measured for a budget.' + limit_unit: '- (Required) The unit of measurement used for the budget forecast, actual spend, or budget threshold, such as dollars or GB. See Spend documentation.' + name: '- (Optional) The name of a budget. Unique within accounts.' + name_prefix: '- (Optional) The prefix of the name of a budget. Unique within accounts.' + notification: '- (Optional) Object containing Budget Notifications. Can be used multiple times to define more than one budget notification' + notification_type: '- (Required) What kind of budget value to notify on. Can be ACTUAL or FORECASTED' + subscriber_email_addresses: '- (Optional) E-Mail addresses to notify. Either this or subscriber_sns_topic_arns is required.' + subscriber_sns_topic_arns: '- (Optional) SNS topics to notify. Either this or subscriber_email_addresses is required.' + threshold: '- (Required) Threshold when the notification should be sent.' + threshold_type: '- (Required) What kind of threshold is defined. Can be PERCENTAGE OR ABSOLUTE_VALUE.' + time_period_end: '- (Optional) The end of the time period covered by the budget. There are no restrictions on the end date. Format: 2017-01-01_12:00.' + time_period_start: '- (Optional) The start of the time period covered by the budget. If you don''t specify a start date, AWS defaults to the start of your chosen time period. The start date must come before the end date. Format: 2017-01-01_12:00.' + time_unit: '- (Required) The length of time until a budget resets the actual and forecasted spend. Valid values: MONTHLY, QUARTERLY, ANNUALLY, and DAILY.' + usage: "" + use_amortized: '- Specifies whether a budget uses the amortized rate. Defaults to false' + use_blended: '- A boolean value whether to use blended costs in the cost budget. Defaults to false' + aws_budgets_budget_action: + subCategory: Budgets + description: Provides a budget action resource. + name: aws_budgets_budget_action + titleName: aws_budgets_budget_action + examples: + - manifest: |- + { + "action_threshold": [ + { + "action_threshold_type": "ABSOLUTE_VALUE", + "action_threshold_value": 100 + } + ], + "action_type": "APPLY_IAM_POLICY", + "approval_model": "AUTOMATIC", + "budget_name": "${aws_budgets_budget.example.name}", + "definition": [ + { + "iam_action_definition": [ + { + "policy_arn": "${aws_iam_policy.example.arn}", + "roles": [ + "${aws_iam_role.example.name}" + ] + } + ] + } + ], + "execution_role_arn": "${aws_iam_role.example.arn}", + "notification_type": "ACTUAL", + "subscriber": [ + { + "address": "example@example.example", + "subscription_type": "EMAIL" + } + ] + } + references: + budget_name: aws_budgets_budget.name + execution_role_arn: aws_iam_role.arn + argumentDocs: + account_id: '- (Optional) The ID of the target account for budget. Will use current user''s account_id by default if omitted.' + action_id: '- The id of the budget action.' + action_sub_type: '- (Required) The action subType. Valid values are STOP_EC2_INSTANCES or STOP_RDS_INSTANCES.' + action_threshold: '- (Required) The trigger threshold of the action. See Action Threshold.' + action_threshold_type: '- (Required) The type of threshold for a notification. Valid values are PERCENTAGE or ABSOLUTE_VALUE.' + action_threshold_value: '- (Required) The threshold of a notification.' + action_type: '- (Required) The type of action. This defines the type of tasks that can be carried out by this action. This field also determines the format for definition. Valid values are APPLY_IAM_POLICY, APPLY_SCP_POLICY, and RUN_SSM_DOCUMENTS.' + address: '- (Required) The address that AWS sends budget notifications to, either an SNS topic or an email.' + approval_model: '- (Required) This specifies if the action needs manual or automatic approval. Valid values are AUTOMATIC and MANUAL.' + arn: '- The ARN of the budget action.' + budget_name: '- (Required) The name of a budget.' + definition: '- (Required) Specifies all of the type-specific parameters. See Definition.' + execution_role_arn: '- (Required) The role passed for action execution and reversion. Roles and actions must be in the same account.' + groups: '- (Optional) A list of groups to be attached. There must be at least one group.' + iam_action_definition: '- (Optional) The AWS Identity and Access Management (IAM) action definition details. See IAM Action Definition.' + id: '- ID of resource.' + instance_ids: '- (Required) The EC2 and RDS instance IDs.' + notification_type: '- (Required) The type of a notification. Valid values are ACTUAL or FORECASTED.' + policy_arn: '- (Required) The Amazon Resource Name (ARN) of the policy to be attached.' + policy_id: '- (Required) The policy ID attached.' + region: '- (Required) The Region to run the SSM document.' + roles: '- (Optional) A list of roles to be attached. There must be at least one role.' + scp_action_definition: '- (Optional) The service control policies (SCPs) action definition details. See SCP Action Definition.' + ssm_action_definition: '- (Optional) The AWS Systems Manager (SSM) action definition details. See SSM Action Definition.' + status: '- The status of the budget action.' + subscriber: '- (Required) A list of subscribers. See Subscriber.' + subscription_type: '- (Required) The type of notification that AWS sends to a subscriber. Valid values are SNS or EMAIL.' + target_ids: '- (Optional) A list of target IDs.' + users: '- (Optional) A list of users to be attached. There must be at least one user.' + aws_chime_voice_connector: + subCategory: Chime + description: Enables you to connect your phone system to the telephone network at a substantial cost savings by using SIP trunking. + name: aws_chime_voice_connector + titleName: aws_chime_voice_connector + examples: + - manifest: |- + { + "aws_region": "us-east-1", + "name": "connector-test-1", + "require_encryption": true + } + argumentDocs: + aws_region: '- (Optional) The AWS Region in which the Amazon Chime Voice Connector is created. Default value: us-east-1' + name: '- (Required) The name of the Amazon Chime Voice Connector.' + outbound_host_name: '- The outbound host name for the Amazon Chime Voice Connector.' + require_encryption: '- (Required) When enabled, requires encryption for the Amazon Chime Voice Connector.' + aws_chime_voice_connector_group: + subCategory: Chime + description: Creates an Amazon Chime Voice Connector group under the administrator's AWS account. + name: aws_chime_voice_connector_group + titleName: aws_chime_voice_connector_group + examples: + - manifest: |- + { + "connector": [ + { + "priority": 1, + "voice_connector_id": "${aws_chime_voice_connector.vc1.id}" + }, + { + "priority": 3, + "voice_connector_id": "${aws_chime_voice_connector.vc2.id}" + } + ], + "name": "test-group" + } + argumentDocs: + connector: '- (Optional) The Amazon Chime Voice Connectors to route inbound calls to.' + id: '- Amazon Chime Voice Connector group ID.' + name: '- (Required) The name of the Amazon Chime Voice Connector group.' + priority: '- (Required) The priority associated with the Amazon Chime Voice Connector, with 1 being the highest priority. Higher priority Amazon Chime Voice Connectors are attempted first.' + voice_connector_id: '- (Required) The Amazon Chime Voice Connector ID.' + aws_cloud9_environment_ec2: + subCategory: Cloud9 + description: Provides a Cloud9 EC2 Development Environment. + name: aws_cloud9_environment_ec2 + titleName: aws_cloud9_environment_ec2 + examples: + - manifest: |- + { + "instance_type": "t2.micro", + "name": "example-env" + } + - manifest: |- + { + "instance_type": "t2.micro" + } + - manifest: |- + { + "instance_type": "t2.micro" + } + argumentDocs: + arn: '- The ARN of the environment.' + automatic_stop_time_minutes: '- (Optional) The number of minutes until the running instance is shut down after the environment has last been used.' + description: '- (Optional) The description of the environment.' + id: '- The ID of the environment.' + instance_type: '- (Required) The type of instance to connect to the environment, e.g. t2.micro.' + name: '- (Required) The name of the environment.' + owner_arn: '- (Optional) The ARN of the environment owner. This can be ARN of any AWS IAM principal. Defaults to the environment''s creator.' + subnet_id: '- (Optional) The ID of the subnet in Amazon VPC that AWS Cloud9 will use to communicate with the Amazon EC2 instance.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- The type of the environment (e.g. ssh or ec2)' + aws_cloudformation_stack: + subCategory: CloudFormation + description: Provides a CloudFormation Stack resource. + name: aws_cloudformation_stack + titleName: aws_cloudformation_stack + examples: + - manifest: |- + { + "name": "networking-stack", + "parameters": { + "VPCCidr": "10.0.0.0/16" + }, + "template_body": "{\n \"Parameters\" : {\n \"VPCCidr\" : {\n \"Type\" : \"String\",\n \"Default\" : \"10.0.0.0/16\",\n \"Description\" : \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\n }\n },\n \"Resources\" : {\n \"myVpc\": {\n \"Type\" : \"AWS::EC2::VPC\",\n \"Properties\" : {\n \"CidrBlock\" : { \"Ref\" : \"VPCCidr\" },\n \"Tags\" : [\n {\"Key\": \"Name\", \"Value\": \"Primary_CF_VPC\"}\n ]\n }\n }\n }\n}\n" + } + argumentDocs: + capabilities: |- + - (Optional) A list of capabilities. + Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, or CAPABILITY_AUTO_EXPAND + create: '- (Default 30 minutes) Used for Creating Stacks' + delete: '- (Default 30 minutes) Used for destroying stacks.' + disable_rollback: |- + - (Optional) Set to true to disable rollback of the stack if stack creation failed. + Conflicts with on_failure. + iam_role_arn: '- (Optional) The ARN of an IAM role that AWS CloudFormation assumes to create the stack. If you don''t specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.' + id: '- A unique identifier of the stack.' + name: '- (Required) Stack name.' + notification_arns: '- (Optional) A list of SNS topic ARNs to publish stack related events.' + on_failure: |- + - (Optional) Action to be taken if stack creation fails. This must be + one of: DO_NOTHING, ROLLBACK, or DELETE. Conflicts with disable_rollback. + outputs: '- A map of outputs from the stack.' + parameters: '- (Optional) A map of Parameter structures that specify input parameters for the stack.' + policy_body: |- + - (Optional) Structure containing the stack policy body. + Conflicts w/ policy_url. + policy_url: |- + - (Optional) Location of a file containing the stack policy. + Conflicts w/ policy_body. + tags: '- (Optional) Map of resource tags to associate with this stack. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + template_body: '- (Optional) Structure containing the template body (max size: 51,200 bytes).' + template_url: '- (Optional) Location of a file containing the template body (max size: 460,800 bytes).' + timeout_in_minutes: '- (Optional) The amount of time that can pass before the stack status becomes CREATE_FAILED.' + update: '- (Default 30 minutes) Used for Stack modifications' + aws_cloudformation_stack_set: + subCategory: CloudFormation + description: Manages a CloudFormation StackSet. + name: aws_cloudformation_stack_set + titleName: aws_cloudformation_stack_set + examples: + - manifest: |- + { + "administration_role_arn": "${aws_iam_role.AWSCloudFormationStackSetAdministrationRole.arn}", + "name": "example", + "parameters": { + "VPCCidr": "10.0.0.0/16" + }, + "template_body": "{\n \"Parameters\" : {\n \"VPCCidr\" : {\n \"Type\" : \"String\",\n \"Default\" : \"10.0.0.0/16\",\n \"Description\" : \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\n }\n },\n \"Resources\" : {\n \"myVpc\": {\n \"Type\" : \"AWS::EC2::VPC\",\n \"Properties\" : {\n \"CidrBlock\" : { \"Ref\" : \"VPCCidr\" },\n \"Tags\" : [\n {\"Key\": \"Name\", \"Value\": \"Primary_CF_VPC\"}\n ]\n }\n }\n }\n}\n" + } + references: + administration_role_arn: aws_iam_role.arn + argumentDocs: + administration_role_arn: '- (Optional) Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the SELF_MANAGED permission model.' + arn: '- Amazon Resource Name (ARN) of the StackSet.' + auto_deployment: '- (Optional) Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the SERVICE_MANAGED permission model.' + capabilities: '- (Optional) A list of capabilities. Valid values: CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_AUTO_EXPAND.' + description: '- (Optional) Description of the StackSet.' + enabled: '- (Optional) Whether or not auto-deployment is enabled.' + execution_role_name: '- (Optional) Name of the IAM Role in all target accounts for StackSet operations. Defaults to AWSCloudFormationStackSetExecutionRole when using the SELF_MANAGED permission model. This should not be defined when using the SERVICE_MANAGED permission model.' + id: '- Name of the StackSet.' + name: '- (Required) Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.' + parameters: '- (Optional) Key-value map of input parameters for the StackSet template. All template parameters, including those with a Default, must be configured or ignored with lifecycle configuration block ignore_changes argument. All NoEcho template parameters must be ignored with the lifecycle configuration block ignore_changes argument.' + permission_model: '- (Optional) Describes how the IAM roles required for your StackSet are created. Valid values: SELF_MANAGED (default), SERVICE_MANAGED.' + retain_stacks_on_account_removal: '- (Optional) Whether or not to retain stacks when the account is removed.' + stack_set_id: '- Unique identifier of the StackSet.' + tags: '- (Optional) Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + template_body: '- (Optional) String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with template_url.' + template_url: '- (Optional) String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with template_body.' + update: '- (Default 30m) How long to wait for a StackSet to be updated.' + aws_cloudformation_stack_set_instance: + subCategory: CloudFormation + description: Manages a CloudFormation StackSet Instance. + name: aws_cloudformation_stack_set_instance + titleName: aws_cloudformation_stack_set_instance + examples: + - manifest: |- + { + "account_id": "123456789012", + "region": "us-east-1", + "stack_set_name": "${aws_cloudformation_stack_set.example.name}" + } + references: + stack_set_name: aws_cloudformation_stack_set.name + argumentDocs: + account_id: '- (Optional) Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account.' + create: '- (Default 30m) How long to wait for a Stack to be created.' + delete: '- (Default 30m) How long to wait for a Stack to be deleted.' + id: '- StackSet name, target AWS account ID, and target AWS region separated by commas (,)' + parameter_overrides: '- (Optional) Key-value map of input parameters to override from the StackSet for this Instance.' + region: '- (Optional) Target AWS Region to create a Stack based on the StackSet. Defaults to current region.' + retain_stack: '- (Optional) During Terraform resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in Terraform state before destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to false.' + stack_id: '- Stack identifier' + stack_set_name: '- (Required) Name of the StackSet.' + update: '- (Default 30m) How long to wait for a Stack to be updated.' + aws_cloudformation_type: + subCategory: CloudFormation + description: Manages a version of a CloudFormation Type. + name: aws_cloudformation_type + titleName: aws_cloudformation_type + examples: + - manifest: |- + { + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "logging_config": [ + { + "log_group_name": "${aws_cloudwatch_log_group.example.name}", + "log_role_arn": "${aws_iam_role.example.arn}" + } + ], + "schema_handler_package": "s3://${aws_s3_bucket_object.example.bucket}/${aws_s3_bucket_object.example.key}", + "type": "RESOURCE", + "type_name": "ExampleCompany::ExampleService::ExampleResource" + } + argumentDocs: + arn: '- (Optional) Amazon Resource Name (ARN) of the CloudFormation Type version. See also type_arn.' + default_version_id: '- Identifier of the CloudFormation Type default version.' + deprecated_status: '- Deprecation status of the version.' + description: '- Description of the version.' + documentation_url: '- URL of the documentation for the CloudFormation Type.' + execution_role_arn: '- (Optional) Amazon Resource Name (ARN) of the IAM Role for CloudFormation to assume when invoking the extension. If your extension calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. When CloudFormation needs to invoke the extension handler, CloudFormation assumes this execution role to create a temporary session token, which it then passes to the extension handler, thereby supplying your extension with the appropriate credentials.' + is_default_version: '- Whether the CloudFormation Type version is the default version.' + log_group_name: '- (Required) Name of the CloudWatch Log Group where CloudFormation sends error logging information when invoking the type''s handlers.' + log_role_arn: '- (Required) Amazon Resource Name (ARN) of the IAM Role CloudFormation assumes when sending error logging information to CloudWatch Logs.' + logging_config: '- (Optional) Configuration block containing logging configuration.' + provisioning_type: '- Provisioning behavior of the CloudFormation Type.' + schema: '- JSON document of the CloudFormation Type schema.' + schema_handler_package: '- (Required) URL to the S3 bucket containing the extension project package that contains the necessary files for the extension you want to register. Must begin with s3:// or https://. For example, s3://example-bucket/example-object.' + source_url: '- URL of the source code for the CloudFormation Type.' + type: '- (Optional) CloudFormation Registry Type. For example, RESOURCE or MODULE.' + type_arn: '- (Optional) Amazon Resource Name (ARN) of the CloudFormation Type. See also arn.' + type_name: '- (Optional) CloudFormation Type name. For example, ExampleCompany::ExampleService::ExampleResource.' + version_id: '- (Optional) Identifier of the CloudFormation Type version.' + visibility: '- Scope of the CloudFormation Type.' + aws_cloudfront_cache_policy: + subCategory: CloudFront + description: Provides a cache policy for a CloudFront ditribution. When it’s attached to a cache behavior, the cache policy determines the the values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. It also determines the default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache. + name: aws_cloudfront_cache_policy + titleName: aws_cloudfront_cache_policy + examples: + - manifest: |- + { + "comment": "test comment", + "default_ttl": 50, + "max_ttl": 100, + "min_ttl": 1, + "name": "example-policy", + "parameters_in_cache_key_and_forwarded_to_origin": [ + { + "cookies_config": [ + { + "cookie_behavior": "whitelist", + "cookies": [ + { + "items": [ + "example" + ] + } + ] + } + ], + "headers_config": [ + { + "header_behavior": "whitelist", + "headers": [ + { + "items": [ + "example" + ] + } + ] + } + ], + "query_strings_config": [ + { + "query_string_behavior": "whitelist", + "query_strings": [ + { + "items": [ + "example" + ] + } + ] + } + ] + } + ] + } + argumentDocs: + comment: '- (Optional) A comment to describe the cache policy.' + cookie_behavior: '- (Required) Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are none, whitelist, allExcept, all.' + cookies: '- (Optional) Object that contains a list of cookie names. See Items for more information.' + cookies_config: '- (Required) Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.' + default_ttl: '- (Optional) The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.' + enable_accept_encoding_brotli: '- (Optional) A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.' + enable_accept_encoding_gzip: '- (Optional) A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.' + etag: '- The current version of the cache policy.' + header_behavior: '- (Required) Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are none, whitelist.' + headers: '- (Optional) Object that contains a list of header names. See Items for more information.' + headers_config: '- (Required) Object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.' + id: '- The identifier for the cache policy.' + items: '- (Required) A list of item names (cookies, headers, or query strings).' + max_ttl: '- (Optional) The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.' + min_ttl: '- (Required) The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.' + name: '- (Required) A unique name to identify the cache policy.' + parameters_in_cache_key_and_forwarded_to_origin: '- (Optional) The HTTP headers, cookies, and URL query strings to include in the cache key. See Parameters In Cache Key And Forwarded To Origin for more information.' + query_string_behavior: '- (Required) Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are none, whitelist, allExcept, all.' + query_strings: '- (Optional) Object that contains a list of query string names. See Items for more information.' + query_strings_config: '- (Required) Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.' + aws_cloudfront_distribution: + subCategory: CloudFront + description: Provides a CloudFront web distribution resource. + name: aws_cloudfront_distribution + titleName: aws_cloudfront_distribution + examples: + - manifest: |- + { + "aliases": [ + "mysite.example.com", + "yoursite.example.com" + ], + "comment": "Some comment", + "default_cache_behavior": [ + { + "allowed_methods": [ + "DELETE", + "GET", + "HEAD", + "OPTIONS", + "PATCH", + "POST", + "PUT" + ], + "cached_methods": [ + "GET", + "HEAD" + ], + "default_ttl": 3600, + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none" + } + ], + "query_string": false + } + ], + "max_ttl": 86400, + "min_ttl": 0, + "target_origin_id": "${local.s3_origin_id}", + "viewer_protocol_policy": "allow-all" + } + ], + "default_root_object": "index.html", + "enabled": true, + "is_ipv6_enabled": true, + "logging_config": [ + { + "bucket": "mylogs.s3.amazonaws.com", + "include_cookies": false, + "prefix": "myprefix" + } + ], + "ordered_cache_behavior": [ + { + "allowed_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "cached_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "compress": true, + "default_ttl": 86400, + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none" + } + ], + "headers": [ + "Origin" + ], + "query_string": false + } + ], + "max_ttl": 31536000, + "min_ttl": 0, + "path_pattern": "/content/immutable/*", + "target_origin_id": "${local.s3_origin_id}", + "viewer_protocol_policy": "redirect-to-https" + }, + { + "allowed_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "cached_methods": [ + "GET", + "HEAD" + ], + "compress": true, + "default_ttl": 3600, + "forwarded_values": [ + { + "cookies": [ + { + "forward": "none" + } + ], + "query_string": false + } + ], + "max_ttl": 86400, + "min_ttl": 0, + "path_pattern": "/content/*", + "target_origin_id": "${local.s3_origin_id}", + "viewer_protocol_policy": "redirect-to-https" + } + ], + "origin": [ + { + "domain_name": "${aws_s3_bucket.b.bucket_regional_domain_name}", + "origin_id": "${local.s3_origin_id}", + "s3_origin_config": [ + { + "origin_access_identity": "origin-access-identity/cloudfront/ABCDEFG1234567" + } + ] + } + ], + "price_class": "PriceClass_200", + "restrictions": [ + { + "geo_restriction": [ + { + "locations": [ + "US", + "CA", + "GB", + "DE" + ], + "restriction_type": "whitelist" + } + ] + } + ], + "tags": { + "Environment": "production" + }, + "viewer_certificate": [ + { + "cloudfront_default_certificate": true + } + ] + } + - manifest: |- + { + "default_cache_behavior": [ + { + "target_origin_id": "groupS3" + } + ], + "origin": [ + { + "domain_name": "${aws_s3_bucket.primary.bucket_regional_domain_name}", + "origin_id": "primaryS3", + "s3_origin_config": [ + { + "origin_access_identity": "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}" + } + ] + }, + { + "domain_name": "${aws_s3_bucket.failover.bucket_regional_domain_name}", + "origin_id": "failoverS3", + "s3_origin_config": [ + { + "origin_access_identity": "${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}" + } + ] + } + ], + "origin_group": [ + { + "failover_criteria": [ + { + "status_codes": [ + 403, + 404, + 500, + 502 + ] + } + ], + "member": [ + { + "origin_id": "primaryS3" + }, + { + "origin_id": "failoverS3" + } + ], + "origin_id": "groupS3" + } + ] + } + - manifest: |- + { + "ordered_cache_behavior": [ + { + "lambda_function_association": [ + { + "event_type": "viewer-request", + "include_body": false, + "lambda_arn": "${aws_lambda_function.example.qualified_arn}" + } + ] + } + ] + } + - manifest: |- + { + "ordered_cache_behavior": [ + { + "function_association": [ + { + "event_type": "viewer-request", + "function_arn": "${aws_cloudfront_function.example.arn}" + } + ] + } + ] + } + argumentDocs: + acm_certificate_arn: |- + - The ARN of the AWS Certificate Manager + certificate that you wish to use with this distribution. Specify this, + cloudfront_default_certificate, or iam_certificate_id. The ACM + certificate must be in US-EAST-1. + aliases: |- + (Optional) - Extra CNAMEs (alternate domain names), if any, for + this distribution. + allowed_methods: |- + (Required) - Controls which HTTP methods CloudFront + processes and forwards to your Amazon S3 bucket or your custom origin. + arn: '- The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.' + aws_account_number: '- AWS account ID or self' + bucket: |- + (Required) - The Amazon S3 bucket to store the access logs in, for + example, myawslogbucket.s3.amazonaws.com. + cache_policy_id: |- + (Optional) - The unique identifier of the cache policy that + is attached to the cache behavior. + cached_methods: |- + (Required) - Controls whether CloudFront caches the + response to requests using the specified HTTP methods. + caller_reference: |- + - Internal value used by CloudFront to allow future + updates to the distribution configuration. + cloudfront_default_certificate: |- + - true if you want viewers to use HTTPS + to request your objects and you're using the CloudFront domain name for your + distribution. Specify this, acm_certificate_arn, or iam_certificate_id. + comment: |- + (Optional) - Any comments you want to include about the + distribution. + compress: |- + (Optional) - Whether you want CloudFront to automatically + compress content for web requests that include Accept-Encoding: gzip in + the request header (default: false). + connection_attempts: (Optional) - The number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3. + connection_timeout: (Optional) - The number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10. + cookies: |- + (Required) - The forwarded values cookies + that specifies how CloudFront handles cookies (maximum one). + custom_error_response: (Optional) - One or more custom error response elements (multiples allowed). + custom_header: |- + (Optional) - One or more sub-resources with name and + value parameters that specify header data that will be sent to the origin + (multiples allowed). + custom_origin_config: |- + - The CloudFront custom + origin configuration information. If an S3 + origin is required, use s3_origin_config instead. + default_cache_behavior: |- + (Required) - The default cache behavior for this distribution (maximum + one). + default_root_object: |- + (Optional) - The object that you want CloudFront to + return (for example, index.html) when an end user requests the root URL. + default_ttl: |- + (Optional) - The default amount of time (in seconds) that an + object is in a CloudFront cache before CloudFront forwards another request + in the absence of an Cache-Control max-age or Expires header. + domain_name: |- + - The domain name corresponding to the distribution. For + example: d604721fxaaqy9.cloudfront.net. + enabled: '- true if any of the AWS accounts listed as trusted signers have active CloudFront key pairs' + error_caching_min_ttl: |- + (Optional) - The minimum amount of time you want + HTTP error codes to stay in CloudFront caches before CloudFront queries your + origin to see whether the object has been updated. + error_code: |- + (Required) - The 4xx or 5xx HTTP status code that you want to + customize. + etag: |- + - The current version of the distribution's information. For example: + E2QWRUHAPOMQZL. + event_type: |- + (Required) - The specific event to trigger this function. + Valid values: viewer-request or viewer-response + failover_criteria: (Required) - The failover criteria for when to failover to the secondary origin + field_level_encryption_id: (Optional) - Field level encryption configuration ID + forward: |- + (Required) - Specifies whether you want CloudFront to forward + cookies to the origin that is associated with this cache behavior. You can + specify all, none or whitelist. If whitelist, you must include the + subsequent whitelisted_names + forwarded_values: |- + (Optional) - The forwarded values configuration that specifies how CloudFront + handles query strings, cookies and headers (maximum one). + function_arn: (Required) - ARN of the Cloudfront function. + function_association: |- + (Optional) - A config block that triggers a cloudfront + function with specific actions (maximum 2). + headers: |- + (Optional) - Specifies the Headers, if any, that you want + CloudFront to vary upon for this cache behavior. Specify * to include all + headers. + hosted_zone_id: |- + - The CloudFront Route 53 zone ID that can be used to + route an Alias Resource Record Set to. This attribute is simply an + alias for the zone ID Z2FDTNDATAQYW2. + http_port: (Required) - The HTTP port the custom origin listens on. + http_version: |- + (Optional) - The maximum HTTP version to support on the + distribution. Allowed values are http1.1 and http2. The default is + http2. + https_port: (Required) - The HTTPS port the custom origin listens on. + iam_certificate_id: |- + - The IAM certificate identifier of the custom viewer + certificate for this distribution if you are using a custom domain. Specify + this, acm_certificate_arn, or cloudfront_default_certificate. + id: '- The identifier for the distribution. For example: EDFDVBD632BHDS5.' + in_progress_validation_batches: |- + - The number of invalidation batches + currently in progress. + include_body: '(Optional) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.' + include_cookies: |- + (Optional) - Specifies whether you want CloudFront to + include cookies in access logs (default: false). + is_ipv6_enabled: (Optional) - Whether the IPv6 is enabled for the distribution. + items: '- List of nested attributes for each trusted signer' + key_group_id: '- The ID of the key group that contains the public keys' + key_pair_ids: '- Set of active CloudFront key pairs associated with the signer account' + lambda_arn: (Required) - ARN of the Lambda function. + lambda_function_association: |- + (Optional) - A config block that triggers a lambda + function with specific actions (maximum 4). + last_modified_time: '- The date and time the distribution was last modified.' + locations: |- + (Optional) - The ISO 3166-1-alpha-2 codes for which you + want CloudFront either to distribute your content (whitelist) or not + distribute your content (blacklist). + logging_config: |- + (Optional) - The logging + configuration that controls how logs are written + to your distribution (maximum one). + max_ttl: |- + (Optional) - The maximum amount of time (in seconds) that an + object is in a CloudFront cache before CloudFront forwards another request + to your origin to determine whether the object has been updated. Only + effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. + member: (Required) - Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members. + min_ttl: |- + (Optional) - The minimum amount of time that you want objects to + stay in CloudFront caches before CloudFront queries your origin to see + whether the object has been updated. Defaults to 0 seconds. + minimum_protocol_version: |- + - The minimum version of the SSL protocol that + you want CloudFront to use for HTTPS connections. Can only be set if + cloudfront_default_certificate = false. See all possible values in + this + table under "Security policy." Some examples include: TLSv1.2_2019 and + TLSv1.2_2021. Default: TLSv1. NOTE: + If you are using a custom certificate (specified with acm_certificate_arn + or iam_certificate_id), and have specified sni-only in + ssl_support_method, TLSv1 or later must be specified. If you have + specified vip in ssl_support_method, only SSLv3 or TLSv1 can be + specified. If you have specified cloudfront_default_certificate, TLSv1 + must be specified. + ordered_cache_behavior: |- + (Optional) - An ordered list of cache behaviors + resource for this distribution. List from top to bottom + in order of precedence. The topmost cache behavior will have precedence 0. + origin: |- + (Required) - One or more origins for this + distribution (multiples allowed). + origin_access_identity: |- + (Optional) - The CloudFront origin access + identity to associate with the origin. + origin_group: |- + (Optional) - One or more origin_group for this + distribution (multiples allowed). + origin_id: (Required) - The unique identifier of the member origin + origin_keepalive_timeout: '- (Optional) The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.' + origin_path: |- + (Optional) - An optional element that causes CloudFront to + request your content from a directory in your Amazon S3 bucket or your + custom origin. + origin_protocol_policy: |- + (Required) - The origin protocol policy to apply to + your origin. One of http-only, https-only, or match-viewer. + origin_read_timeout: '- (Optional) The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.' + origin_request_policy_id: |- + (Optional) - The unique identifier of the origin request policy + that is attached to the behavior. + origin_shield: |- + - The CloudFront Origin Shield + configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide. + origin_shield_region: (Required) - The AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2. + origin_ssl_protocols: |- + (Required) - The SSL/TLS protocols that you want + CloudFront to use when communicating with your origin over HTTPS. A list of + one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2. + path_pattern: |- + (Required) - The pattern (for example, images/*.jpg) that + specifies which requests you want this cache behavior to apply to. + prefix: |- + (Optional) - An optional string that you want CloudFront to prefix + to the access log filenames for this distribution, for example, myprefix/. + price_class: |- + (Optional) - The price class for this distribution. One of + PriceClass_All, PriceClass_200, PriceClass_100 + query_string: |- + (Required) - Indicates whether you want CloudFront to forward + query strings to the origin that is associated with this cache behavior. + query_string_cache_keys: |- + (Optional) - When specified, along with a value of + true for query_string, all query strings are forwarded, however only the + query string keys listed in this argument are cached. When omitted with a + value of true for query_string, all query string keys are cached. + realtime_log_config_arn: |- + (Optional) - The ARN of the real-time log configuration + that is attached to this cache behavior. + response_code: |- + (Optional) - The HTTP status code that you want CloudFront + to return with the custom error page to the viewer. + response_page_path: |- + (Optional) - The path of the custom error page (for + example, /custom_404.html). + restriction_type: |- + (Required) - The method that you want to use to restrict + distribution of your content by country: none, whitelist, or + blacklist. + restrictions: |- + (Required) - The restriction + configuration for this distribution (maximum one). + retain_on_delete: |- + (Optional) - Disables the distribution instead of + deleting it when destroying the resource through Terraform. If this is set, + the distribution needs to be deleted manually afterwards. Default: false. + s3_origin_config: |- + - The CloudFront S3 origin + configuration information. If a custom origin is required, use + custom_origin_config instead. + smooth_streaming: |- + (Optional) - Indicates whether you want to distribute + media files in Microsoft Smooth Streaming format using the origin that is + associated with this cache behavior. + ssl_support_method: |- + : Specifies how you want CloudFront to serve HTTPS + requests. One of vip or sni-only. Required if you specify + acm_certificate_arn or iam_certificate_id. NOTE: vip causes + CloudFront to use a dedicated IP address and may incur extra charges. + status: |- + - The current status of the distribution. Deployed if the + distribution's information is fully propagated throughout the Amazon + CloudFront system. + status_codes: (Required) - A list of HTTP status codes for the origin group + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_origin_id: |- + (Required) - The value of ID for the origin that you want + CloudFront to route requests to when a request matches the path pattern + either for a cache behavior or for the default cache behavior. + trusted_key_groups: '- List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs' + trusted_signers: '- List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs' + viewer_certificate: |- + (Required) - The SSL + configuration for this distribution (maximum + one). + viewer_protocol_policy: |- + (Required) - Use this element to specify the + protocol that users can use to access the files in the origin specified by + TargetOriginId when a request matches the path pattern in PathPattern. One + of allow-all, https-only, or redirect-to-https. + wait_for_deployment: |- + (Optional) - If enabled, the resource will wait for + the distribution status to change from InProgress to Deployed. Setting + this tofalse will skip the process. Default: true. + web_acl_id: |- + (Optional) - A unique identifier that specifies the AWS WAF web ACL, + if any, to associate with this distribution. + To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, + for example aws_wafv2_web_acl.example.arn. To specify a web + ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. + The WAF Web ACL must exist in the WAF Global (CloudFront) region and the + credentials configuring this argument must have waf:GetWebACL permissions assigned. + whitelisted_names: |- + (Optional) - If you have specified whitelist to + forward, the whitelisted cookies that you want CloudFront to forward to + your origin. + aws_cloudfront_function: + subCategory: CloudFront + description: Provides a CloudFront Function resource. With CloudFront Functions in Amazon CloudFront, you can write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations. + name: aws_cloudfront_function + titleName: aws_cloudfront_function + examples: + - manifest: |- + { + "code": "${file(\"${path.module}/function.js\")}", + "comment": "my function", + "name": "test", + "publish": true, + "runtime": "cloudfront-js-1.0" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) identifying your CloudFront Function.' + code: '- (Required) Source code of the function' + comment: '- (Optional) Comment.' + etag: '- ETag hash of the function' + name: '- (Required) Unique name for your CloudFront Function.' + publish: '- (Optional) Whether to publish creation/change as Live CloudFront Function Version. Defaults to true.' + runtime: '- (Required) Identifier of the function''s runtime. Currently only cloudfront-js-1.0 is valid.' + status: '- Status of the function. Can be UNPUBLISHED, UNASSOCIATED or ASSOCIATED.' + aws_cloudfront_key_group: + subCategory: CloudFront + description: Provides a CloudFront key group. + name: aws_cloudfront_key_group + titleName: aws_cloudfront_key_group + examples: + - manifest: |- + { + "comment": "example key group", + "items": [ + "${aws_cloudfront_public_key.example.id}" + ], + "name": "example-key-group" + } + argumentDocs: + comment: '- (Optional) A comment to describe the key group..' + etag: '- The identifier for this version of the key group.' + id: '- The identifier for the key group.' + items: '- (Required) A list of the identifiers of the public keys in the key group.' + name: '- (Required) A name to identify the key group.' + aws_cloudfront_monitoring_subscription: + subCategory: CloudFront + description: Provides a CloudFront monitoring subscription resource. + name: aws_cloudfront_monitoring_subscription + titleName: aws_cloudfront_monitoring_subscription + examples: + - manifest: |- + { + "distribution_id": "${aws_cloudfront_distribution.example.id}", + "monitoring_subscription": [ + { + "realtime_metrics_subscription_config": [ + { + "realtime_metrics_subscription_status": "Enabled" + } + ] + } + ] + } + references: + distribution_id: aws_cloudfront_distribution.id + argumentDocs: + distribution_id: '- (Required) The ID of the distribution that you are enabling metrics for.' + id: '- The ID of the CloudFront monitoring subscription, which corresponds to the distribution_id.' + monitoring_subscription: '- (Required) A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.' + realtime_metrics_subscription_config: '- (Required) A subscription configuration for additional CloudWatch metrics. See below.' + realtime_metrics_subscription_status: '- (Required) A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are Enabled and Disabled. See below.' + aws_cloudfront_origin_access_identity: + subCategory: CloudFront + description: Provides a CloudFront origin access identity. + name: aws_cloudfront_origin_access_identity + titleName: aws_cloudfront_origin_access_identity + examples: + - manifest: |- + { + "comment": "Some comment" + } + argumentDocs: + caller_reference: |- + - Internal value used by CloudFront to allow future + updates to the origin access identity. + cloudfront_access_identity_path: |- + - A shortcut to the full path for the + origin access identity to use in CloudFront, see below. + comment: (Optional) - An optional comment for the origin access identity. + etag: |- + - The current version of the origin access identity's information. + For example: E2QWRUHAPOMQZL. + iam_arn: |- + - A pre-generated ARN for use in S3 bucket policies (see below). + Example: arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2QWRUHAPOMQZL. + id: '- The identifier for the distribution. For example: EDFDVBD632BHDS5.' + s3_canonical_user_id: |- + - The Amazon S3 canonical user ID for the origin + access identity, which you use when giving the origin access identity read + permission to an object in Amazon S3. + aws_cloudfront_origin_request_policy: + subCategory: CloudFront + description: Determines the values that CloudFront includes in requests that it sends to the origin. + name: aws_cloudfront_origin_request_policy + titleName: aws_cloudfront_origin_request_policy + examples: + - manifest: |- + { + "comment": "example comment", + "cookies_config": [ + { + "cookie_behavior": "whitelist", + "cookies": [ + { + "items": [ + "example" + ] + } + ] + } + ], + "headers_config": [ + { + "header_behavior": "whitelist", + "headers": [ + { + "items": [ + "example" + ] + } + ] + } + ], + "name": "example-policy", + "query_strings_config": [ + { + "query_string_behavior": "whitelist", + "query_strings": [ + { + "items": [ + "example" + ] + } + ] + } + ] + } + argumentDocs: + comment: '- (Optional) Comment to describe the origin request policy.' + cookies_config: '- (Required) Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.' + etag: '- The current version of the origin request policy.' + headers_config: '- (Required) Object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.' + id: '- The identifier for the origin request policy.' + name: '- (Required) Unique name to identify the origin request policy.' + query_strings_config: '- (Required) Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.' + aws_cloudfront_public_key: + subCategory: CloudFront + description: Provides a CloudFront Public Key which you add to CloudFront to use with features like field-level encryption. + name: aws_cloudfront_public_key + titleName: aws_cloudfront_public_key + examples: + - manifest: |- + { + "comment": "test public key", + "encoded_key": "${file(\"public_key.pem\")}", + "name": "test_key" + } + argumentDocs: + caller_reference: '- Internal value used by CloudFront to allow future updates to the public key configuration.' + comment: '- (Optional) An optional comment about the public key.' + encoded_key: '- (Required) The encoded public key that you want to add to CloudFront to use with features like field-level encryption.' + etag: '- The current version of the public key. For example: E2QWRUHAPOMQZL.' + id: '- The identifier for the public key. For example: K3D5EWEUDCCXON.' + name: '- (Optional) The name for the public key. By default generated by Terraform.' + name_prefix: '- (Optional) The name for the public key. Conflicts with name.' + aws_cloudfront_realtime_log_config: + subCategory: CloudFront + description: Provides a CloudFront real-time log configuration resource. + name: aws_cloudfront_realtime_log_config + titleName: aws_cloudfront_realtime_log_config + examples: + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy.example}" + ], + "endpoint": [ + { + "kinesis_stream_config": [ + { + "role_arn": "${aws_iam_role.example.arn}", + "stream_arn": "${aws_kinesis_stream.example.arn}" + } + ], + "stream_type": "Kinesis" + } + ], + "fields": [ + "timestamp", + "c-ip" + ], + "name": "example", + "sampling_rate": 75 + } + argumentDocs: + arn: '- The ARN (Amazon Resource Name) of the CloudFront real-time log configuration.' + endpoint: '- (Required) The Amazon Kinesis data streams where real-time log data is sent.' + fields: '- (Required) The fields that are included in each real-time log record. See the AWS documentation for supported values.' + id: '- The ID of the CloudFront real-time log configuration.' + kinesis_stream_config: '- (Required) The Amazon Kinesis data stream configuration.' + name: '- (Required) The unique name to identify this real-time log configuration.' + role_arn: |- + - (Required) The ARN of an IAM role that CloudFront can use to send real-time log data to the Kinesis data stream. + See the AWS documentation for more information. + sampling_rate: '- (Required) The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. An integer between 1 and 100, inclusive.' + stream_arn: '- (Required) The ARN of the Kinesis data stream.' + stream_type: '- (Required) The type of data stream where real-time log data is sent. The only valid value is Kinesis.' + aws_cloudhsm_v2_cluster: + subCategory: CloudHSM v2 + description: Provides a CloudHSM v2 resource. + name: aws_cloudhsm_v2_cluster + titleName: aws_cloudhsm_v2_cluster + examples: + - manifest: |- + { + "hsm_type": "hsm1.medium", + "subnet_ids": "${aws_subnet.cloudhsm_v2_subnets.*.id}", + "tags": { + "Name": "example-aws_cloudhsm_v2_cluster" + } + } + argumentDocs: + cluster_certificates: '- The list of cluster certificates.' + cluster_certificates.0.aws_hardware_certificate: '- The HSM hardware certificate issued (signed) by AWS CloudHSM.' + cluster_certificates.0.cluster_certificate: '- The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster''s owner.' + cluster_certificates.0.cluster_csr: '- The certificate signing request (CSR). Available only in UNINITIALIZED state after an HSM instance is added to the cluster.' + cluster_certificates.0.hsm_certificate: '- The HSM certificate issued (signed) by the HSM hardware.' + cluster_certificates.0.manufacturer_hardware_certificate: '- The HSM hardware certificate issued (signed) by the hardware manufacturer.' + cluster_id: '- The id of the CloudHSM cluster.' + cluster_state: '- The state of the CloudHSM cluster.' + hsm_type: '- (Required) The type of HSM module in the cluster. Currently, only hsm1.medium is supported.' + security_group_id: '- The ID of the security group associated with the CloudHSM cluster.' + source_backup_identifier: '- (Optional) The id of Cloud HSM v2 cluster backup to be restored.' + subnet_ids: '- (Required) The IDs of subnets in which cluster will operate.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- The id of the VPC that the CloudHSM cluster resides in.' + aws_cloudhsm_v2_hsm: + subCategory: CloudHSM v2 + description: Provides a CloudHSM v2 HSM module resource. + name: aws_cloudhsm_v2_hsm + titleName: aws_cloudhsm_v2_hsm + examples: + - manifest: |- + { + "cluster_id": "${data.aws_cloudhsm_v2_cluster.cluster.cluster_id}", + "subnet_id": "${data.aws_cloudhsm_v2_cluster.cluster.subnet_ids[0]}" + } + argumentDocs: + availability_zone: '- (Optional) The IDs of AZ in which HSM module will be located. Do not use together with subnet_id.' + cluster_id: '- (Required) The ID of Cloud HSM v2 cluster to which HSM will be added.' + hsm_eni_id: '- The id of the ENI interface allocated for HSM module.' + hsm_id: '- The id of the HSM module.' + hsm_state: '- The state of the HSM module.' + ip_address: '- (Optional) The IP address of HSM module. Must be within the CIDR of selected subnet.' + subnet_id: '- (Optional) The ID of subnet in which HSM module will be located.' + aws_cloudtrail: + subCategory: CloudTrail + description: Provides a CloudTrail resource. + name: aws_cloudtrail + titleName: aws_cloudtrail + examples: + - manifest: |- + { + "include_global_service_events": false, + "name": "tf-trail-foobar", + "s3_bucket_name": "${aws_s3_bucket.foo.id}", + "s3_key_prefix": "prefix" + } + references: + s3_bucket_name: aws_s3_bucket.id + - manifest: |- + { + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::Lambda::Function", + "values": [ + "arn:aws:lambda" + ] + } + ], + "include_management_events": true, + "read_write_type": "All" + } + ] + } + - manifest: |- + { + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::S3::Object", + "values": [ + "arn:aws:s3:::" + ] + } + ], + "include_management_events": true, + "read_write_type": "All" + } + ] + } + - manifest: |- + { + "event_selector": [ + { + "data_resource": [ + { + "type": "AWS::S3::Object", + "values": [ + "${data.aws_s3_bucket.important-bucket.arn}/" + ] + } + ], + "include_management_events": true, + "read_write_type": "All" + } + ] + } + - manifest: |- + { + "cloud_watch_logs_group_arn": "${aws_cloudwatch_log_group.example.arn}:*" + } + argumentDocs: + arn: '- ARN of the trail.' + cloud_watch_logs_group_arn: '- (Optional) Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.' + cloud_watch_logs_role_arn: '- (Optional) Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.' + data_resource: '- (Optional) Configuration block for data events. See details below.' + enable_log_file_validation: '- (Optional) Whether log file integrity validation is enabled. Defaults to false.' + enable_logging: '- (Optional) Enables logging for the trail. Defaults to true. Setting this to false will pause logging.' + event_selector: '- (Optional) Configuration block of an event selector for enabling data event logging. See details below. Please note the CloudTrail limits when configuring these.' + home_region: '- Region in which the trail was created.' + id: '- Name of the trail.' + include_global_service_events: '- (Optional) Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.' + include_management_events: '- (Optional) Whether to include management events for your trail.' + insight_selector: '- (Optional) Configuration block for identifying unusual operational activity. See details below.' + insight_type: '- (Optional) Type of insights to log on a trail. The valid value is ApiCallRateInsight.' + is_multi_region_trail: '- (Optional) Whether the trail is created in the current region or in all regions. Defaults to false.' + is_organization_trail: '- (Optional) Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.' + kms_key_id: '- (Optional) KMS key ARN to use to encrypt the logs delivered by CloudTrail.' + name: '- (Required) Name of the trail.' + read_write_type: '- (Optional) Type of events to log. Valid values are ReadOnly, WriteOnly, All. Default value is All.' + s3_bucket_name: '- (Required) Name of the S3 bucket designated for publishing log files.' + s3_key_prefix: '- (Optional) S3 key prefix that follows the name of the bucket you have designated for log file delivery.' + sns_topic_name: '- (Optional) Name of the Amazon SNS topic defined for notification of log file delivery.' + tags: '- (Optional) Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) Resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table".' + values: '- (Required) List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued type. For example, arn:aws:s3:::/ for all objects in a bucket, arn:aws:s3:::/key for specific objects, arn:aws:lambda for all lambda events within an account, arn:aws:lambda:::function: for a specific Lambda function, arn:aws:dynamodb for all DDB events for all tables within an account, or arn:aws:dynamodb:::table/ for a specific DynamoDB table.' + aws_cloudwatch_composite_alarm: + subCategory: CloudWatch + description: Provides a CloudWatch Composite Alarm resource. + name: aws_cloudwatch_composite_alarm + titleName: aws_cloudwatch_composite_alarm + examples: + - manifest: |- + { + "alarm_actions": "${aws_sns_topic.example.arn}", + "alarm_description": "This is a composite alarm!", + "alarm_name": "example-composite-alarm", + "alarm_rule": "ALARM(${aws_cloudwatch_metric_alarm.alpha.alarm_name}) OR\nALARM(${aws_cloudwatch_metric_alarm.bravo.alarm_name})\n", + "ok_actions": "${aws_sns_topic.example.arn}" + } + references: + alarm_actions: aws_sns_topic.arn + ok_actions: aws_sns_topic.arn + argumentDocs: + actions_enabled: '- (Optional, Forces new resource) Indicates whether actions should be executed during any changes to the alarm state of the composite alarm. Defaults to true.' + alarm_actions: '- (Optional) The set of actions to execute when this alarm transitions to the ALARM state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.' + alarm_description: '- (Optional) The description for the composite alarm.' + alarm_name: '- (Required) The name for the composite alarm. This name must be unique within the region.' + alarm_rule: '- (Required) An expression that specifies which other alarms are to be evaluated to determine this composite alarm''s state. For syntax, see Creating a Composite Alarm. The maximum length is 10240 characters.' + arn: '- The ARN of the composite alarm.' + id: '- The ID of the composite alarm resource, which is equivalent to its alarm_name.' + insufficient_data_actions: '- (Optional) The set of actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.' + ok_actions: '- (Optional) The set of actions to execute when this alarm transitions to an OK state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.' + tags: '- (Optional) A map of tags to associate with the alarm. Up to 50 tags are allowed. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_cloudwatch_dashboard: + subCategory: CloudWatch + description: Provides a CloudWatch Dashboard resource. + name: aws_cloudwatch_dashboard + titleName: aws_cloudwatch_dashboard + examples: + - manifest: |- + { + "dashboard_body": "{\n \"widgets\": [\n {\n \"type\": \"metric\",\n \"x\": 0,\n \"y\": 0,\n \"width\": 12,\n \"height\": 6,\n \"properties\": {\n \"metrics\": [\n [\n \"AWS/EC2\",\n \"CPUUtilization\",\n \"InstanceId\",\n \"i-012345\"\n ]\n ],\n \"period\": 300,\n \"stat\": \"Average\",\n \"region\": \"us-east-1\",\n \"title\": \"EC2 Instance CPU\"\n }\n },\n {\n \"type\": \"text\",\n \"x\": 0,\n \"y\": 7,\n \"width\": 3,\n \"height\": 3,\n \"properties\": {\n \"markdown\": \"Hello world\"\n }\n }\n ]\n}\n", + "dashboard_name": "my-dashboard" + } + argumentDocs: + dashboard_arn: '- The Amazon Resource Name (ARN) of the dashboard.' + dashboard_body: '- (Required) The detailed information about the dashboard, including what widgets are included and their location on the dashboard. You can read more about the body structure in the documentation.' + dashboard_name: '- (Required) The name of the dashboard.' + aws_cloudwatch_event_api_destination: + subCategory: EventBridge (CloudWatch Events) + description: Provides an EventBridge event API Destination resource. + name: aws_cloudwatch_event_api_destination + titleName: aws_cloudwatch_event_api_destination + examples: + - manifest: |- + { + "connection_arn": "${aws_cloudwatch_event_connection.test.arn}", + "description": "An API Destination", + "http_method": "POST", + "invocation_endpoint": "https://api.destination.com/endpoint", + "invocation_rate_limit_per_second": 20, + "name": "api-destination" + } + references: + connection_arn: aws_cloudwatch_event_connection.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the event API Destination.' + connection_arn: '- (Required) ARN of the EventBridge Connection to use for the API Destination.' + description: '- (Optional) The description of the new API Destination. Maximum of 512 characters.' + http_method: '- (Required) Select the HTTP method used for the invocation endpoint, such as GET, POST, PUT, etc.' + invocation_endpoint: '- (Required) URL endpoint to invoke as a target. This could be a valid endpoint generated by a partner service. You can include "*" as path parameters wildcards to be set from the Target HttpParameters.' + invocation_rate_limit_per_second: '- (Optional) Enter the maximum number of invocations per second to allow for this destination. Enter a value greater than 0 (default 300).' + name: '- (Required) The name of the new API Destination. The name must be unique for your account. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.' + aws_cloudwatch_event_archive: + subCategory: EventBridge (CloudWatch Events) + description: Provides an EventBridge event archive resource. + name: aws_cloudwatch_event_archive + titleName: aws_cloudwatch_event_archive + examples: + - manifest: |- + { + "event_source_arn": "${aws_cloudwatch_event_bus.order.arn}", + "name": "order-archive" + } + references: + event_source_arn: aws_cloudwatch_event_bus.arn + - manifest: |- + { + "description": "Archived events from order service", + "event_pattern": "{\n \"source\": [\"company.team.order\"]\n}\n", + "event_source_arn": "${aws_cloudwatch_event_bus.order.arn}", + "name": "order-archive", + "retention_days": 7 + } + references: + event_source_arn: aws_cloudwatch_event_bus.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the event archive.' + description: '- (Optional) The description of the new event archive.' + event_pattern: '- (Optional) Instructs the new event archive to only capture events matched by this pattern. By default, it attempts to archive every event received in the event_source_arn.' + event_source_arn: '- (Required) Event bus source ARN from where these events should be archived.' + name: '- (Required) The name of the new event archive. The archive name cannot exceed 48 characters.' + retention_days: '- (Optional) The maximum number of days to retain events in the new event archive. By default, it archives indefinitely.' + aws_cloudwatch_event_bus: + subCategory: EventBridge (CloudWatch Events) + description: Provides an EventBridge event bus resource. + name: aws_cloudwatch_event_bus + titleName: aws_cloudwatch_event_bus + examples: + - manifest: |- + { + "name": "chat-messages" + } + - manifest: |- + { + "event_source_name": "${data.aws_cloudwatch_event_source.examplepartner.name}", + "name": "${data.aws_cloudwatch_event_source.examplepartner.name}" + } + references: + event_source_name: data.name + name: data.name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the event bus.' + event_source_name: (Optional) The partner event source that the new event bus will be matched with. Must match name. + name: '- (Required) The name of the new event bus. The names of custom event buses can''t contain the / character. To create a partner event bus, ensure the name matches the event_source_name.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_cloudwatch_event_bus_policy: + subCategory: EventBridge (CloudWatch Events) + description: Provides a resource to create an EventBridge policy to support cross-account events. + name: aws_cloudwatch_event_bus_policy + titleName: aws_cloudwatch_event_bus_policy + examples: + - manifest: |- + { + "event_bus_name": "${aws_cloudwatch_event_bus.test.name}", + "policy": "${data.aws_iam_policy_document.test.json}" + } + references: + event_bus_name: aws_cloudwatch_event_bus.name + policy: data.json + - manifest: |- + { + "event_bus_name": "${aws_cloudwatch_event_bus.test.name}", + "policy": "${data.aws_iam_policy_document.test.json}" + } + references: + event_bus_name: aws_cloudwatch_event_bus.name + policy: data.json + - manifest: |- + { + "event_bus_name": "${aws_cloudwatch_event_bus.test.name}", + "policy": "${data.aws_iam_policy_document.test.json}" + } + references: + event_bus_name: aws_cloudwatch_event_bus.name + policy: data.json + argumentDocs: + event_bus_name: '- (Optional) The event bus to set the permissions on. If you omit this, the permissions are set on the default event bus.' + id: '- The name of the EventBridge event bus.' + policy: '- (Required) The text of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + aws_cloudwatch_event_connection: + subCategory: EventBridge (CloudWatch Events) + description: Provides an EventBridge connection resource. + name: aws_cloudwatch_event_connection + titleName: aws_cloudwatch_event_connection + examples: + - manifest: |- + { + "auth_parameters": [ + { + "api_key": [ + { + "key": "x-signature", + "value": "1234" + } + ] + } + ], + "authorization_type": "API_KEY", + "description": "A connection description", + "name": "ngrok-connection" + } + - manifest: |- + { + "auth_parameters": [ + { + "basic": [ + { + "password": "Pass1234!", + "username": "user" + } + ] + } + ], + "authorization_type": "BASIC", + "description": "A connection description", + "name": "ngrok-connection" + } + - manifest: |- + { + "auth_parameters": [ + { + "oauth": [ + { + "authorization_endpoint": "https://auth.url.com/endpoint", + "client_parameters": [ + { + "client_id": "1234567890", + "client_secret": "Pass1234!" + } + ], + "http_method": "GET", + "oauth_http_parameters": [ + { + "body": [ + { + "is_value_secret": false, + "key": "body-parameter-key", + "value": "body-parameter-value" + } + ], + "header": [ + { + "is_value_secret": false, + "key": "header-parameter-key", + "value": "header-parameter-value" + } + ], + "query_string": [ + { + "is_value_secret": false, + "key": "query-string-parameter-key", + "value": "query-string-parameter-value" + } + ] + } + ] + } + ] + } + ], + "authorization_type": "OAUTH_CLIENT_CREDENTIALS", + "description": "A connection description", + "name": "ngrok-connection" + } + - manifest: |- + { + "auth_parameters": [ + { + "basic": [ + { + "password": "Pass1234!", + "username": "user" + } + ], + "invocation_http_parameters": [ + { + "body": [ + { + "is_value_secret": false, + "key": "body-parameter-key", + "value": "body-parameter-value" + }, + { + "is_value_secret": true, + "key": "body-parameter-key2", + "value": "body-parameter-value2" + } + ], + "header": [ + { + "is_value_secret": false, + "key": "header-parameter-key", + "value": "header-parameter-value" + } + ], + "query_string": [ + { + "is_value_secret": false, + "key": "query-string-parameter-key", + "value": "query-string-parameter-value" + } + ] + } + ] + } + ], + "authorization_type": "BASIC", + "description": "A connection description", + "name": "ngrok-connection" + } + argumentDocs: + api_key: '- (Optional) Parameters used for API_KEY authorization. An API key to include in the header for each authentication request. A maximum of 1 are allowed. Conflicts with basic and oauth. Documented below.' + arn: '- The Amazon Resource Name (ARN) of the connection.' + auth_parameters: '- (Required) Parameters used for authorization. A maximum of 1 are allowed. Documented below.' + authorization_endpoint: '- (Required) The URL to the authorization endpoint.' + authorization_type: '- (Required) Choose the type of authorization to use for the connection. One of API_KEY,BASIC,OAUTH_CLIENT_CREDENTIALS.' + basic: '- (Optional) Parameters used for BASIC authorization. A maximum of 1 are allowed. Conflicts with api_key and oauth. Documented below.' + body: '- (Optional) Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:' + client_id: '- (Required) The client ID for the credentials to use for authorization. Created and stored in AWS Secrets Manager.' + client_parameters: '- (Required) Contains the client parameters for OAuth authorization. Contains the following two parameters.' + client_secret: '- (Required) The client secret for the credentials to use for authorization. Created and stored in AWS Secrets Manager.' + description: '- (Optional) Enter a description for the connection. Maximum of 512 characters.' + header: '- (Optional) Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:' + http_method: '- (Required) A password for the authorization. Created and stored in AWS Secrets Manager.' + invocation_http_parameters: '- (Optional) Invocation Http Parameters are additional credentials used to sign each Invocation of the ApiDestination created from this Connection. If the ApiDestination Rule Target has additional HttpParameters, the values will be merged together, with the Connection Invocation Http Parameters taking precedence. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below.' + is_value_secret: '- (Optional) Specified whether the value is secret.' + key: '- (Required) The key for the parameter.' + name: '- (Required) The name of the new connection. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.' + oauth: '- (Optional) Parameters used for OAUTH_CLIENT_CREDENTIALS authorization. A maximum of 1 are allowed. Conflicts with basic and api_key. Documented below.' + oauth_http_parameters: '- (Required) OAuth Http Parameters are additional credentials used to sign the request to the authorization endpoint to exchange the OAuth Client information for an access token. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below.' + password: '- (Required) A password for the authorization. Created and stored in AWS Secrets Manager.' + query_string: '- (Optional) Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:' + secret_arn: '- The Amazon Resource Name (ARN) of the secret created from the authorization parameters specified for the connection.' + username: '- (Required) A username for the authorization.' + value: '- (Required) The value associated with the key. Created and stored in AWS Secrets Manager if is secret.' + aws_cloudwatch_event_permission: + subCategory: EventBridge (CloudWatch Events) + description: Provides a resource to create an EventBridge permission to support cross-account events in the current account default event bus. + name: aws_cloudwatch_event_permission + titleName: aws_cloudwatch_event_permission + examples: + - manifest: |- + { + "principal": "123456789012", + "statement_id": "DevAccountAccess" + } + - manifest: |- + { + "condition": [ + { + "key": "aws:PrincipalOrgID", + "type": "StringEquals", + "value": "${aws_organizations_organization.example.id}" + } + ], + "principal": "*", + "statement_id": "OrganizationAccess" + } + argumentDocs: + action: '- (Optional) The action that you are enabling the other account to perform. Defaults to events:PutEvents.' + condition: '- (Optional) Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.' + event_bus_name: '- (Optional) The event bus to set the permissions on. If you omit this, the permissions are set on the default event bus.' + id: '- The statement ID of the EventBridge permission.' + key: '- (Required) Key for the condition. Valid values: aws:PrincipalOrgID.' + principal: '- (Required) The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify * to permit any account to put events to your default event bus, optionally limited by condition.' + statement_id: '- (Required) An identifier string for the external account that you are granting permissions to.' + type: '- (Required) Type of condition. Value values: StringEquals.' + value: '- (Required) Value for the key.' + aws_cloudwatch_event_rule: + subCategory: EventBridge (CloudWatch Events) + description: Provides an EventBridge Rule resource. + name: aws_cloudwatch_event_rule + titleName: aws_cloudwatch_event_rule + examples: + - manifest: |- + { + "description": "Capture each AWS Console Sign In", + "event_pattern": "{\n \"detail-type\": [\n \"AWS Console Sign In via CloudTrail\"\n ]\n}\n", + "name": "capture-aws-sign-in" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the rule.' + description: '- (Optional) The description of the rule.' + event_bus_name: '- (Optional) The event bus to associate with this rule. If you omit this, the default event bus is used.' + event_pattern: '- (Optional) The event pattern described a JSON object. At least one of schedule_expression or event_pattern is required. See full documentation of Events and Event Patterns in EventBridge for details.' + id: '- The name of the rule.' + is_enabled: '- (Optional) Whether the rule should be enabled (defaults to true).' + name: '- (Optional) The name of the rule. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.' + role_arn: '- (Optional) The Amazon Resource Name (ARN) associated with the role that is used for target invocation.' + schedule_expression: '- (Optional) The scheduling expression. For example, cron(0 20 * * ? *) or rate(5 minutes). At least one of schedule_expression or event_pattern is required. Can only be used on the default event bus. For more information, refer to the AWS documentation Schedule Expressions for Rules.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_cloudwatch_event_target: + subCategory: EventBridge (CloudWatch Events) + description: Provides an EventBridge Target resource. + name: aws_cloudwatch_event_target + titleName: aws_cloudwatch_event_target + examples: + - manifest: |- + { + "arn": "${aws_kinesis_stream.test_stream.arn}", + "rule": "${aws_cloudwatch_event_rule.console.name}", + "run_command_targets": [ + { + "key": "tag:Name", + "values": [ + "FooBar" + ] + }, + { + "key": "InstanceIds", + "values": [ + "i-162058cd308bffec2" + ] + } + ], + "target_id": "Yada" + } + references: + arn: aws_kinesis_stream.arn + rule: aws_cloudwatch_event_rule.name + - manifest: |- + { + "arn": "${aws_ssm_document.stop_instance.arn}", + "role_arn": "${aws_iam_role.ssm_lifecycle.arn}", + "rule": "${aws_cloudwatch_event_rule.stop_instances.name}", + "run_command_targets": [ + { + "key": "tag:Terminate", + "values": [ + "midnight" + ] + } + ], + "target_id": "StopInstance" + } + references: + arn: aws_ssm_document.arn + role_arn: aws_iam_role.arn + rule: aws_cloudwatch_event_rule.name + - manifest: |- + { + "arn": "arn:aws:ssm:${var.aws_region}::document/AWS-RunShellScript", + "input": "{\"commands\":[\"halt\"]}", + "role_arn": "${aws_iam_role.ssm_lifecycle.arn}", + "rule": "${aws_cloudwatch_event_rule.stop_instances.name}", + "run_command_targets": [ + { + "key": "tag:Terminate", + "values": [ + "midnight" + ] + } + ], + "target_id": "StopInstance" + } + references: + role_arn: aws_iam_role.arn + rule: aws_cloudwatch_event_rule.name + - manifest: |- + { + "arn": "${aws_ecs_cluster.cluster_name.arn}", + "ecs_target": [ + { + "task_count": 1, + "task_definition_arn": "${aws_ecs_task_definition.task_name.arn}" + } + ], + "input": "{\n \"containerOverrides\": [\n {\n \"name\": \"name-of-container-to-override\",\n \"command\": [\"bin/console\", \"scheduled-task\"]\n }\n ]\n}\n", + "role_arn": "${aws_iam_role.ecs_events.arn}", + "rule": "${aws_cloudwatch_event_rule.every_hour.name}", + "target_id": "run-scheduled-task-every-hour" + } + references: + arn: aws_ecs_cluster.arn + role_arn: aws_iam_role.arn + rule: aws_cloudwatch_event_rule.name + - manifest: |- + { + "arn": "${aws_api_gateway_stage.example.execution_arn}/GET", + "http_target": [ + { + "header_parameters": { + "Env": "Test" + }, + "query_string_parameters": { + "Body": "$.detail.body" + } + } + ], + "rule": "${aws_cloudwatch_event_rule.example.id}" + } + references: + rule: aws_cloudwatch_event_rule.id + - manifest: |- + { + "arn": "${aws_lambda_function.example.arn}", + "input_transformer": [ + { + "input_paths": { + "instance": "$.detail.instance", + "status": "$.detail.status" + }, + "input_template": "{\n \"instance_id\": \u003cinstance\u003e,\n \"instance_status\": \u003cstatus\u003e\n}\n" + } + ], + "rule": "${aws_cloudwatch_event_rule.example.id}" + } + references: + arn: aws_lambda_function.arn + rule: aws_cloudwatch_event_rule.id + - manifest: |- + { + "arn": "${aws_lambda_function.example.arn}", + "input_transformer": [ + { + "input_paths": { + "instance": "$.detail.instance", + "status": "$.detail.status" + }, + "input_template": "\"\u003cinstance\u003e is in state \u003cstatus\u003e\"" + } + ], + "rule": "${aws_cloudwatch_event_rule.example.id}" + } + references: + arn: aws_lambda_function.arn + rule: aws_cloudwatch_event_rule.id + argumentDocs: + arn: '- (Optional) - ARN of the SQS queue specified as the target for the dead-letter queue.' + array_size: '- (Optional) The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.' + assign_public_ip: '- (Optional) Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false.' + batch_target: '- (Optional) Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.' + database: '- (Required) The name of the database.' + db_user: '- (Optional) The database user name.' + dead_letter_config: '- (Optional) Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.' + ecs_target: '- (Optional) Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.' + enable_ecs_managed_tags: '- (Optional) Specifies whether to enable Amazon ECS managed tags for the task.' + enable_execute_command: '- (Optional) Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.' + event_bus_name: '- (Optional) The event bus to associate with the rule. If you omit this, the default event bus is used.' + expression: '- (Optional) Cluster Query Language expression to apply to the constraint. Does not need to be specified for the distinctInstance type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.' + group: '- (Optional) Specifies an ECS task group for the task. The maximum length is 255 characters.' + header_parameters: '- (Optional) Enables you to specify HTTP headers to add to the request.' + http_target: '- (Optional) Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.' + input: '- (Optional) Valid JSON text passed to the target. Conflicts with input_path and input_transformer.' + input_path: '- (Optional) The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. Conflicts with input and input_transformer.' + input_paths: '- (Optional) Key value pairs specified in the form of JSONPath (for example, time = $.time)' + input_template: '- (Required) Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes. Values must be escaped for both JSON and Terraform, e.g. "\"Your string goes here.\\nA new line.\""' + input_transformer: '- (Optional) Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with input and input_path.' + job_attempts: '- (Optional) The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.' + job_definition: '- (Required) The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.' + job_name: '- (Required) The name to use for this execution of the job, if the target is an AWS Batch job.' + key: '- (Required) Can be either tag:tag-key or InstanceIds.' + kinesis_target: '- (Optional) Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.' + launch_type: '- (Optional) Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include: an empty string "" (to specify no launch type), EC2, or FARGATE.' + maximum_event_age_in_seconds: '- (Optional) The age in seconds to continue to make retry attempts.' + maximum_retry_attempts: '- (Optional) maximum number of retry attempts to make before the request fails' + message_group_id: '- (Optional) The FIFO message group ID to use as the target.' + network_configuration: '- (Optional) Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if launch_type is FARGATE because the awsvpc mode is required for Fargate tasks.' + partition_key_path: '- (Optional) The JSON path to be extracted from the event and used as the partition key.' + path_parameter_values: '- (Optional) The list of values that correspond sequentially to any path variables in your endpoint ARN (for example arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*).' + placement_constraint: '- (Optional) An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.' + platform_version: '- (Optional) Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions.' + propagate_tags: '- (Optional) Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation.' + query_string_parameters: '- (Optional) Represents keys/values of query string parameters that are appended to the invoked endpoint.' + redshift_target: '- (Optional) Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.' + retry_policy: '- (Optional) Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.' + role_arn: '- (Optional) The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if ecs_target is used or target in arn is EC2 instance, Kinesis data stream or Step Functions state machine.' + rule: '- (Required) The name of the rule you want to add targets to.' + run_command_targets: '- (Optional) Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.' + secrets_manager_arn: '- (Optional) The name or ARN of the secret that enables access to the database.' + security_groups: '- (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.' + sql: '- (Optional) The SQL statement text to run.' + sqs_target: '- (Optional) Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.' + statement_name: '- (Optional) The name of the SQL statement.' + subnets: '- (Required) The subnets associated with the task or service.' + tags: '- (Optional) A map of tags to assign to ecs resources.' + target_id: '- (Optional) The unique target assignment ID. If missing, will generate a random, unique id.' + task_count: '- (Optional) The number of tasks to create based on the TaskDefinition. The default is 1.' + task_definition_arn: '- (Required) The ARN of the task definition to use if the event target is an Amazon ECS cluster.' + type: '- (Required) Type of constraint. The only valid values at this time are memberOf and distinctInstance.' + values: '- (Required) If Key is tag:tag-key, Values is a list of tag values. If Key is InstanceIds, Values is a list of Amazon EC2 instance IDs.' + with_event: '- (Optional) Indicates whether to send an event back to EventBridge after the SQL statement runs.' + aws_cloudwatch_log_destination: + subCategory: CloudWatch + description: Provides a CloudWatch Logs destination. + name: aws_cloudwatch_log_destination + titleName: aws_cloudwatch_log_destination + examples: + - manifest: |- + { + "name": "test_destination", + "role_arn": "${aws_iam_role.iam_for_cloudwatch.arn}", + "target_arn": "${aws_kinesis_stream.kinesis_for_cloudwatch.arn}" + } + references: + role_arn: aws_iam_role.arn + target_arn: aws_kinesis_stream.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the log destination.' + name: '- (Required) A name for the log destination' + role_arn: '- (Required) The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to put data into the target' + target_arn: '- (Required) The ARN of the target Amazon Kinesis stream resource for the destination' + aws_cloudwatch_log_destination_policy: + subCategory: CloudWatch + description: Provides a CloudWatch Logs destination policy. + name: aws_cloudwatch_log_destination_policy + titleName: aws_cloudwatch_log_destination_policy + examples: + - manifest: |- + { + "access_policy": "${data.aws_iam_policy_document.test_destination_policy.json}", + "destination_name": "${aws_cloudwatch_log_destination.test_destination.name}" + } + references: + access_policy: data.json + destination_name: aws_cloudwatch_log_destination.name + argumentDocs: + access_policy: '- (Required) The policy document. This is a JSON formatted string.' + destination_name: '- (Required) A name for the subscription filter' + aws_cloudwatch_log_group: + subCategory: CloudWatch + description: Provides a CloudWatch Log Group resource. + name: aws_cloudwatch_log_group + titleName: aws_cloudwatch_log_group + examples: + - manifest: |- + { + "name": "Yada", + "tags": { + "Application": "serviceA", + "Environment": "production" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the log group. Any :* suffix added by the API, denoting all CloudWatch Log Streams under the CloudWatch Log Group, is removed for greater compatibility with other AWS services that do not accept the suffix.' + kms_key_id: |- + - (Optional) The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, + AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires + permissions for the CMK whenever the encrypted data is requested. + name: '- (Optional, Forces new resource) The name of the log group. If omitted, Terraform will assign a random, unique name.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + retention_in_days: |- + - (Optional) Specifies the number of days + you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. + If you select 0, the events in the log group are always retained and never expire. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_cloudwatch_log_metric_filter: + subCategory: CloudWatch + description: Provides a CloudWatch Log Metric Filter resource. + name: aws_cloudwatch_log_metric_filter + titleName: aws_cloudwatch_log_metric_filter + examples: + - manifest: |- + { + "log_group_name": "${aws_cloudwatch_log_group.dada.name}", + "metric_transformation": [ + { + "name": "EventCount", + "namespace": "YourNamespace", + "value": "1" + } + ], + "name": "MyAppAccessCount", + "pattern": "" + } + references: + log_group_name: aws_cloudwatch_log_group.name + argumentDocs: + default_value: '- (Optional) The value to emit when a filter pattern does not match a log event. Conflicts with dimensions.' + dimensions: '- (Optional) Map of fields to use as dimensions for the metric. Up to 3 dimensions are allowed. Conflicts with default_value.' + id: '- The name of the metric filter.' + log_group_name: '- (Required) The name of the log group to associate the metric filter with.' + metric_transformation: '- (Required) A block defining collection of information needed to define how metric data gets emitted. See below.' + name: '- (Required) The name of the CloudWatch metric to which the monitored log information should be published (e.g. ErrorCount)' + namespace: '- (Required) The destination namespace of the CloudWatch metric.' + pattern: |- + - (Required) A valid CloudWatch Logs filter pattern + for extracting metric data out of ingested log events. + unit: '- (Optional) The unit to assign to the metric. If you omit this, the unit is set as None.' + value: '- (Required) What to publish to the metric. For example, if you''re counting the occurrences of a particular term like "Error", the value will be "1" for each occurrence. If you''re counting the bytes transferred the published value will be the value in the log event.' + aws_cloudwatch_log_resource_policy: + subCategory: CloudWatch + description: Provides a resource to manage a CloudWatch log resource policy + name: aws_cloudwatch_log_resource_policy + titleName: aws_cloudwatch_log_resource_policy + examples: + - manifest: |- + { + "policy_document": "${data.aws_iam_policy_document.elasticsearch-log-publishing-policy.json}", + "policy_name": "elasticsearch-log-publishing-policy" + } + references: + policy_document: data.json + - manifest: |- + { + "policy_document": "${data.aws_iam_policy_document.route53-query-logging-policy.json}", + "policy_name": "route53-query-logging-policy" + } + references: + policy_document: data.json + argumentDocs: + id: '- The name of the CloudWatch log resource policy' + policy_document: '- (Required) Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters.' + policy_name: '- (Required) Name of the resource policy.' + aws_cloudwatch_log_stream: + subCategory: CloudWatch + description: Provides a CloudWatch Log Stream resource. + name: aws_cloudwatch_log_stream + titleName: aws_cloudwatch_log_stream + examples: + - manifest: |- + { + "log_group_name": "${aws_cloudwatch_log_group.yada.name}", + "name": "SampleLogStream1234" + } + references: + log_group_name: aws_cloudwatch_log_group.name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the log stream.' + log_group_name: '- (Required) The name of the log group under which the log stream is to be created.' + name: '- (Required) The name of the log stream. Must not be longer than 512 characters and must not contain :' + aws_cloudwatch_log_subscription_filter: + subCategory: CloudWatch + description: Provides a CloudWatch Logs subscription filter. + name: aws_cloudwatch_log_subscription_filter + titleName: aws_cloudwatch_log_subscription_filter + examples: + - manifest: |- + { + "destination_arn": "${aws_kinesis_stream.test_logstream.arn}", + "distribution": "Random", + "filter_pattern": "logtype test", + "log_group_name": "/aws/lambda/example_lambda_name", + "name": "test_lambdafunction_logfilter", + "role_arn": "${aws_iam_role.iam_for_lambda.arn}" + } + references: + destination_arn: aws_kinesis_stream.arn + role_arn: aws_iam_role.arn + argumentDocs: + destination_arn: '- (Required) The ARN of the destination to deliver matching log events to. Kinesis stream or Lambda function ARN.' + distribution: '- (Optional) The method used to distribute log data to the destination. By default log data is grouped by log stream, but the grouping can be set to random for a more even distribution. This property is only applicable when the destination is an Amazon Kinesis stream. Valid values are "Random" and "ByLogStream".' + filter_pattern: '- (Required) A valid CloudWatch Logs filter pattern for subscribing to a filtered stream of log events.' + log_group_name: '- (Required) The name of the log group to associate the subscription filter with' + name: '- (Required) A name for the subscription filter' + role_arn: '- (Optional) The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to deliver ingested log events to the destination. If you use Lambda as a destination, you should skip this argument and use aws_lambda_permission resource for granting access from CloudWatch logs to the destination Lambda function.' + aws_cloudwatch_metric_alarm: + subCategory: CloudWatch + description: Provides a CloudWatch Metric Alarm resource. + name: aws_cloudwatch_metric_alarm + titleName: aws_cloudwatch_metric_alarm + examples: + - manifest: |- + { + "alarm_description": "This metric monitors ec2 cpu utilization", + "alarm_name": "terraform-test-foobar5", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "evaluation_periods": "2", + "insufficient_data_actions": [], + "metric_name": "CPUUtilization", + "namespace": "AWS/EC2", + "period": "120", + "statistic": "Average", + "threshold": "80" + } + - manifest: |- + { + "alarm_actions": [ + "${aws_autoscaling_policy.bat.arn}" + ], + "alarm_description": "This metric monitors ec2 cpu utilization", + "alarm_name": "terraform-test-foobar5", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "dimensions": { + "AutoScalingGroupName": "${aws_autoscaling_group.bar.name}" + }, + "evaluation_periods": "2", + "metric_name": "CPUUtilization", + "namespace": "AWS/EC2", + "period": "120", + "statistic": "Average", + "threshold": "80" + } + - manifest: |- + { + "alarm_description": "Request error rate has exceeded 10%", + "alarm_name": "terraform-test-foobar", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "evaluation_periods": "2", + "insufficient_data_actions": [], + "metric_query": [ + { + "expression": "m2/m1*100", + "id": "e1", + "label": "Error Rate", + "return_data": "true" + }, + { + "id": "m1", + "metric": [ + { + "dimensions": { + "LoadBalancer": "app/web" + }, + "metric_name": "RequestCount", + "namespace": "AWS/ApplicationELB", + "period": "120", + "stat": "Sum", + "unit": "Count" + } + ] + }, + { + "id": "m2", + "metric": [ + { + "dimensions": { + "LoadBalancer": "app/web" + }, + "metric_name": "HTTPCode_ELB_5XX_Count", + "namespace": "AWS/ApplicationELB", + "period": "120", + "stat": "Sum", + "unit": "Count" + } + ] + } + ], + "threshold": "10" + } + - manifest: |- + { + "alarm_description": "This metric monitors ec2 cpu utilization", + "alarm_name": "terraform-test-foobar", + "comparison_operator": "GreaterThanUpperThreshold", + "evaluation_periods": "2", + "insufficient_data_actions": [], + "metric_query": [ + { + "expression": "ANOMALY_DETECTION_BAND(m1)", + "id": "e1", + "label": "CPUUtilization (Expected)", + "return_data": "true" + }, + { + "id": "m1", + "metric": [ + { + "dimensions": { + "InstanceId": "i-abc123" + }, + "metric_name": "CPUUtilization", + "namespace": "AWS/EC2", + "period": "120", + "stat": "Average", + "unit": "Count" + } + ], + "return_data": "true" + } + ], + "threshold_metric_id": "e1" + } + - manifest: |- + { + "actions_enabled": "true", + "alarm_actions": [ + "${aws_sns_topic.sns.arn}" + ], + "alarm_description": "Number of healthy nodes in Target Group", + "alarm_name": "alarmname", + "comparison_operator": "LessThanThreshold", + "dimensions": { + "LoadBalancer": "${aws_lb.lb.arn_suffix}", + "TargetGroup": "${aws_lb_target_group.lb-tg.arn_suffix}" + }, + "evaluation_periods": "1", + "metric_name": "HealthyHostCount", + "namespace": "AWS/NetworkELB", + "ok_actions": [ + "${aws_sns_topic.sns.arn}" + ], + "period": "60", + "statistic": "Average", + "threshold": "${var.logstash_servers_count}" + } + references: + threshold: var.logstash_servers_count + argumentDocs: + actions_enabled: '- (Optional) Indicates whether or not actions should be executed during any changes to the alarm''s state. Defaults to true.' + alarm_actions: '- (Optional) The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).' + alarm_description: '- (Optional) The description for the alarm.' + alarm_name: '- (Required) The descriptive name for the alarm. This name must be unique within the user''s AWS account' + arn: '- The ARN of the CloudWatch Metric Alarm.' + comparison_operator: '- (Required) The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. Additionally, the values LessThanLowerOrGreaterThanUpperThreshold, LessThanLowerThreshold, and GreaterThanUpperThreshold are used only for alarms based on anomaly detection models.' + datapoints_to_alarm: '- (Optional) The number of datapoints that must be breaching to trigger the alarm.' + dimensions: '- (Optional) The dimensions for this metric. For the list of available dimensions see the AWS documentation here.' + evaluate_low_sample_count_percentiles: |- + - (Optional) Used only for alarms + based on percentiles. If you specify ignore, the alarm state will not + change during periods with too few data points to be statistically significant. + If you specify evaluate or omit this parameter, the alarm will always be + evaluated and possibly change state no matter how many data points are available. + The following values are supported: ignore, and evaluate. + evaluation_periods: '- (Required) The number of periods over which data is compared to the specified threshold.' + expression: '- (Optional) The math expression to be performed on the returned data, if this object is performing a math expression. This expression can use the id of the other metrics to refer to those metrics, and can also use the id of other expressions to use the result of those expressions. For more information about metric math expressions, see Metric Math Syntax and Functions in the Amazon CloudWatch User Guide.' + extended_statistic: '- (Optional) The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100.' + id: '- The ID of the health check.' + insufficient_data_actions: '- (Optional) The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN).' + label: '- (Optional) A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents.' + metric: (Optional) The metric to be returned, along with statistics, period, and units. Use this parameter only if this object is retrieving a metric and not performing a math expression on returned data. + metric_name: |- + - (Required) The name for this metric. + See docs for supported metrics. + metric_query: (Optional) Enables you to create an alarm based on a metric math expression. You may specify at most 20. + namespace: |- + - (Required) The namespace for this metric. See docs for the list of namespaces. + See docs for supported metrics. + ok_actions: '- (Optional) The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN).' + period: '- (Required) The period in seconds over which the specified stat is applied.' + return_data: (Optional) Specify exactly one metric_query to be true to use that metric_query result as the alarm. + stat: |- + - (Required) The statistic to apply to this metric. + Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum + statistic: |- + - (Optional) The statistic to apply to the alarm's associated metric. + Either of the following is supported: SampleCount, Average, Sum, Minimum, Maximum + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + threshold: '- (Optional) The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models.' + threshold_metric_id: '- (Optional) If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function.' + treat_missing_data: '- (Optional) Sets how this alarm is to handle missing data points. The following values are supported: missing, ignore, breaching and notBreaching. Defaults to missing.' + unit: '- (Optional) The unit for this metric.' + aws_cloudwatch_metric_stream: + subCategory: CloudWatch + description: Provides a CloudWatch Metric Stream resource. + name: aws_cloudwatch_metric_stream + titleName: aws_cloudwatch_metric_stream + examples: + - manifest: |- + { + "firehose_arn": "${aws_kinesis_firehose_delivery_stream.s3_stream.arn}", + "include_filter": [ + { + "namespace": "AWS/EC2" + }, + { + "namespace": "AWS/EBS" + } + ], + "name": "my-metric-stream", + "output_format": "json", + "role_arn": "${aws_iam_role.metric_stream_to_firehose.arn}" + } + references: + firehose_arn: aws_kinesis_firehose_delivery_stream.arn + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- ARN of the metric stream.' + creation_date: '- Date and time in RFC3339 format that the metric stream was created.' + exclude_filter: '- (Optional) List of exclusive metric filters. If you specify this parameter, the stream sends metrics from all metric namespaces except for the namespaces that you specify here. Conflicts with include_filter.' + firehose_arn: '- (Required) ARN of the Amazon Kinesis Firehose delivery stream to use for this metric stream.' + include_filter: '- (Optional) List of inclusive metric filters. If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. Conflicts with exclude_filter.' + last_update_date: '- Date and time in RFC3339 format that the metric stream was last updated.' + name: '- (Optional, Forces new resource) Friendly name of the metric stream. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.' + name_prefix: '- (Optional, Forces new resource) Creates a unique friendly name beginning with the specified prefix. Conflicts with name.' + namespace: '- (Required) Name of the metric namespace in the filter.' + output_format: '- (Required) Output format for the stream. Possible values are json and opentelemetry0.7. For more information about output formats, see Metric streams output formats.' + role_arn: '- (Required) ARN of the IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. For more information about role permissions, see Trust between CloudWatch and Kinesis Data Firehose.' + state: '- State of the metric stream. Possible values are running and stopped.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_cloudwatch_query_definition: + subCategory: CloudWatch + description: Provides a CloudWatch Logs query definition resource. + name: aws_cloudwatch_query_definition + titleName: aws_cloudwatch_query_definition + examples: + - manifest: |- + { + "log_group_names": [ + "/aws/logGroup1", + "/aws/logGroup2" + ], + "name": "custom_query", + "query_string": "fields @timestamp, @message\n| sort @timestamp desc\n| limit 25\n" + } + argumentDocs: + log_group_names: '- (Optional) Specific log groups to use with the query.' + name: '- (Required) The name of the query.' + query_definition_id: '- The query definition ID.' + query_string: '- (Required) The query to save. You can read more about CloudWatch Logs Query Syntax in the documentation.' + aws_codeartifact_domain: + subCategory: CodeArtifact + description: Provides a CodeArtifact Domain resource. + name: aws_codeartifact_domain + titleName: aws_codeartifact_domain + examples: + - manifest: |- + { + "domain": "example" + } + argumentDocs: + arn: '- The ARN of Domain.' + asset_size_bytes: '- The total size of all assets in the domain.' + created_time: '- A timestamp that represents the date and time the domain was created in RFC3339 format.' + domain: '- (Required) The name of the domain to create. All domain names in an AWS Region that are in the same AWS account must be unique. The domain name is used as the prefix in DNS hostnames. Do not use sensitive information in a domain name because it is publicly discoverable.' + encryption_key: '- (Optional) The encryption key for the domain. This is used to encrypt content stored in a domain. The KMS Key Amazon Resource Name (ARN). The default aws/codeartifact AWS KMS master key is used if this element is absent.' + id: '- The Name of Domain.' + owner: '- The AWS account ID that owns the domain.' + repository_count: '- The number of repositories in the domain.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_codeartifact_domain_permissions_policy: + subCategory: CodeArtifact + description: Provides a CodeArtifact Domain Permissions Policy resource. + name: aws_codeartifact_domain_permissions_policy + titleName: aws_codeartifact_domain_permissions_policy + examples: + - manifest: |- + { + "domain": "${aws_codeartifact_domain.example.domain}", + "policy_document": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"codeartifact:CreateRepository\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Resource\": \"${aws_codeartifact_domain.example.arn}\"\n }\n ]\n}\n" + } + references: + domain: aws_codeartifact_domain.domain + argumentDocs: + domain: '- (Required) The name of the domain on which to set the resource policy.' + domain_owner: '- (Optional) The account number of the AWS account that owns the domain.' + id: '- The Name of Domain.' + policy_document: '- (Required) A JSON policy string to be set as the access control resource policy on the provided domain.' + policy_revision: '- (Optional) The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain''s resource policy.' + resource_arn: '- The ARN of the resource associated with the resource policy.' + aws_codeartifact_repository: + subCategory: CodeArtifact + description: Provides a CodeArtifact Repository resource. + name: aws_codeartifact_repository + titleName: aws_codeartifact_repository + examples: + - manifest: |- + { + "domain": "${aws_codeartifact_domain.example.domain}", + "repository": "example" + } + references: + domain: aws_codeartifact_domain.domain + - manifest: |- + { + "domain": "${aws_codeartifact_domain.test.domain}", + "repository": "upstream" + } + references: + domain: aws_codeartifact_domain.domain + - manifest: |- + { + "domain": "${aws_codeartifact_domain.example.domain}", + "repository": "example", + "upstream": [ + { + "repository_name": "${aws_codeartifact_repository.upstream.repository}" + } + ] + } + references: + domain: aws_codeartifact_domain.domain + - manifest: |- + { + "domain": "${aws_codeartifact_domain.test.domain}", + "repository": "upstream" + } + references: + domain: aws_codeartifact_domain.domain + - manifest: |- + { + "domain": "${aws_codeartifact_domain.example.domain}", + "external_connections": [ + { + "external_connection_name": "public:npmjs" + } + ], + "repository": "example" + } + references: + domain: aws_codeartifact_domain.domain + argumentDocs: + administrator_account: '- The account number of the AWS account that manages the repository.' + arn: '- The ARN of the repository.' + description: '- (Optional) The description of the repository.' + domain: '- (Required) The domain that contains the created repository.' + domain_owner: '- (Optional) The account number of the AWS account that owns the domain.' + external_connection_name: '- (Required) The name of the external connection associated with a repository.' + external_connections: '- An array of external connections associated with the repository. Only one external connection can be set per repository. see External Connections.' + id: '- The Name of the repository.' + repository: '- (Required) The name of the repository to create.' + repository_name: '- (Required) The name of an upstream repository.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + upstream: '- (Optional) A list of upstream repositories to associate with the repository. The order of the upstream repositories in the list determines their priority order when AWS CodeArtifact looks for a requested package version. see Upstream' + aws_codeartifact_repository_permissions_policy: + subCategory: CodeArtifact + description: Provides a CodeArtifact Repository Permissions Policy resource. + name: aws_codeartifact_repository_permissions_policy + titleName: aws_codeartifact_repository_permissions_policy + examples: + - manifest: |- + { + "domain": "${aws_codeartifact_domain.example.domain}", + "policy_document": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"codeartifact:CreateRepository\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Resource\": \"${aws_codeartifact_domain.example.arn}\"\n }\n ]\n}\n", + "repository": "${aws_codeartifact_repository.example.repository}" + } + references: + domain: aws_codeartifact_domain.domain + repository: aws_codeartifact_repository.repository + argumentDocs: + domain: '- (Required) The name of the domain on which to set the resource policy.' + domain_owner: '- (Optional) The account number of the AWS account that owns the domain.' + id: '- The ARN of the resource associated with the resource policy.' + policy_document: '- (Required) A JSON policy string to be set as the access control resource policy on the provided domain.' + policy_revision: '- (Optional) The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain''s resource policy.' + repository: '- (Required) The name of the repository to set the resource policy on.' + resource_arn: '- The ARN of the resource associated with the resource policy.' + aws_codebuild_project: + subCategory: CodeBuild + description: Provides a CodeBuild Project resource. + name: aws_codebuild_project + titleName: aws_codebuild_project + examples: + - manifest: |- + { + "artifacts": [ + { + "type": "NO_ARTIFACTS" + } + ], + "build_timeout": "5", + "cache": [ + { + "location": "${aws_s3_bucket.example.bucket}", + "type": "S3" + } + ], + "description": "test_codebuild_project", + "environment": [ + { + "compute_type": "BUILD_GENERAL1_SMALL", + "environment_variable": [ + { + "name": "SOME_KEY1", + "value": "SOME_VALUE1" + }, + { + "name": "SOME_KEY2", + "type": "PARAMETER_STORE", + "value": "SOME_VALUE2" + } + ], + "image": "aws/codebuild/standard:1.0", + "image_pull_credentials_type": "CODEBUILD", + "type": "LINUX_CONTAINER" + } + ], + "logs_config": [ + { + "cloudwatch_logs": [ + { + "group_name": "log-group", + "stream_name": "log-stream" + } + ], + "s3_logs": [ + { + "location": "${aws_s3_bucket.example.id}/build-log", + "status": "ENABLED" + } + ] + } + ], + "name": "test-project", + "service_role": "${aws_iam_role.example.arn}", + "source": [ + { + "git_clone_depth": 1, + "git_submodules_config": [ + { + "fetch_submodules": true + } + ], + "location": "https://github.com/mitchellh/packer.git", + "type": "GITHUB" + } + ], + "source_version": "master", + "tags": { + "Environment": "Test" + }, + "vpc_config": [ + { + "security_group_ids": [ + "${aws_security_group.example1.id}", + "${aws_security_group.example2.id}" + ], + "subnets": [ + "${aws_subnet.example1.id}", + "${aws_subnet.example2.id}" + ], + "vpc_id": "${aws_vpc.example.id}" + } + ] + } + references: + service_role: aws_iam_role.arn + - manifest: |- + { + "artifacts": [ + { + "type": "NO_ARTIFACTS" + } + ], + "build_timeout": "5", + "cache": [ + { + "modes": [ + "LOCAL_DOCKER_LAYER_CACHE", + "LOCAL_SOURCE_CACHE" + ], + "type": "LOCAL" + } + ], + "description": "test_codebuild_project_cache", + "environment": [ + { + "compute_type": "BUILD_GENERAL1_SMALL", + "environment_variable": [ + { + "name": "SOME_KEY1", + "value": "SOME_VALUE1" + } + ], + "image": "aws/codebuild/standard:1.0", + "image_pull_credentials_type": "CODEBUILD", + "type": "LINUX_CONTAINER" + } + ], + "name": "test-project-cache", + "queued_timeout": "5", + "service_role": "${aws_iam_role.example.arn}", + "source": [ + { + "git_clone_depth": 1, + "location": "https://github.com/mitchellh/packer.git", + "type": "GITHUB" + } + ], + "tags": { + "Environment": "Test" + } + } + references: + service_role: aws_iam_role.arn + argumentDocs: + arn: '- ARN of the CodeBuild project.' + artifact_identifier: '- (Required) Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification.' + artifacts: '- (Required) Configuration block. Detailed below.' + auth: '- (Optional, Deprecated) Configuration block with the authorization settings for AWS CodeBuild to access the source code to be built. This information is for the AWS CodeBuild console''s use only. Use the aws_codebuild_source_credential resource instead. Auth blocks are documented below.' + badge_enabled: '- (Optional) Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled.' + badge_url: '- URL of the build badge when badge_enabled is enabled.' + build_batch_config: '- (Optional) Defines the batch build options for the project.' + build_status_config: '- (Optional) Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB, GITHUB_ENTERPRISE, or BITBUCKET.' + build_timeout: '- (Optional) Number of minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.' + buildspec: '- (Optional) Build specification to use for this build project''s related builds. This must be set when type is NO_SOURCE.' + cache: '- (Optional) Configuration block. Detailed below.' + certificate: '- (Optional) ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate.' + cloudwatch_logs: '- (Optional) Configuration block. Detailed below.' + combine_artifacts: '- (Optional) Specifies if the build artifacts for the batch build should be combined into a single artifact location.' + compute_type: '- (Required) Information about the compute resources the build project will use. Valid values: BUILD_GENERAL1_SMALL, BUILD_GENERAL1_MEDIUM, BUILD_GENERAL1_LARGE, BUILD_GENERAL1_2XLARGE. BUILD_GENERAL1_SMALL is only valid if type is set to LINUX_CONTAINER. When type is set to LINUX_GPU_CONTAINER, compute_type must be BUILD_GENERAL1_LARGE.' + compute_types_allowed: '- (Optional) An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the AWS CodeBuild User Guide for these values.' + concurrent_build_limit: '- (Optional) Specify a maximum number of concurrent builds for the project. The value specified must be greater than 0 and less than the account concurrent running builds limit.' + context: '- (Optional) Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.' + credential: '- (Required) ARN or name of credentials created using AWS Secrets Manager.' + credential_provider: '- (Required) Service that created the credentials to access a private Docker registry. Valid value: SECRETS_MANAGER (AWS Secrets Manager).' + description: '- (Optional) Short description of the project.' + encryption_disabled: '- (Optional) Whether to disable encrypting output artifacts. If type is set to NO_ARTIFACTS, this value is ignored. Defaults to false.' + encryption_key: '- (Optional) AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project''s build output artifacts.' + environment: '- (Required) Configuration block. Detailed below.' + environment_variable: '- (Optional) Configuration block. Detailed below.' + fetch_submodules: '- (Required) Whether to fetch Git submodules for the AWS CodeBuild build project.' + file_system_locations: '- (Optional) A set of file system locations to to mount inside the build. File system locations are documented below.' + git_clone_depth: '- (Optional) Truncate git history to this many commits. Use 0 for a Full checkout which you need to run commands like git branch --show-current. See AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source for details.' + git_submodules_config: '- (Optional) Configuration block. Detailed below.' + group_name: '- (Optional) Group name of the logs in CloudWatch Logs.' + id: '- Name (if imported via name) or ARN (if created via Terraform or imported via ARN) of the CodeBuild project.' + identifier: '- (Optional) The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.' + image: '- (Required) Docker image to use for this build project. Valid values include Docker images provided by CodeBuild (e.g aws/codebuild/standard:2.0), Docker Hub images (e.g. hashicorp/terraform:latest), and full Docker repository URIs such as those for ECR (e.g. 137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest).' + image_pull_credentials_type: '- (Optional) Type of credentials AWS CodeBuild uses to pull images in your build. Valid values: CODEBUILD, SERVICE_ROLE. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CodeBuild credentials. Defaults to CODEBUILD.' + insecure_ssl: '- (Optional) Ignore SSL warnings when connecting to source control.' + location: '- (Optional) A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path.' + logs_config: '- (Optional) Configuration block. Detailed below.' + maximum_builds_allowed: '- (Optional) Specifies the maximum number of builds allowed.' + modes: '- (Required when cache type is LOCAL) Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL_SOURCE_CACHE, LOCAL_DOCKER_LAYER_CACHE, LOCAL_CUSTOM_CACHE.' + mount_options: '- (Optional) The mount options for a file system created by AWS EFS.' + mount_point: '- (Optional) The location in the container where you mount the file system.' + name: '- (Optional) Name of the project. If type is set to S3, this is the name of the output artifact object' + namespace_type: '- (Optional) Namespace to use in storing build artifacts. If type is set to S3, then valid values are BUILD_ID or NONE.' + override_artifact_name: (Optional) Whether a name specified in the build specification overrides the artifact name. + packaging: '- (Optional) Type of build output artifact to create. If type is set to S3, valid values are NONE, ZIP' + path: '- (Optional) If type is set to S3, this is the path to the output artifact.' + privileged_mode: '- (Optional) Whether to enable running the Docker daemon inside a Docker container. Defaults to false.' + queued_timeout: '- (Optional) Number of minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out. The default is 8 hours.' + registry_credential: '- (Optional) Configuration block. Detailed below.' + report_build_status: '- (Optional) Whether to report the status of a build''s start and finish to your source provider. This option is only valid when the type is BITBUCKET or GITHUB.' + resource: '- (Optional, Deprecated) Resource value that applies to the specified authorization type. Use the aws_codebuild_source_credential resource instead.' + restrictions: '- (Optional) Specifies the restrictions for the batch build.' + s3_logs: '- (Optional) Configuration block. Detailed below.' + secondary_artifacts: '- (Optional) Configuration block. Detailed below.' + secondary_sources: '- (Optional) Configuration block. Detailed below.' + security_group_ids: '- (Required) Security group IDs to assign to running builds.' + service_role: '- (Required) Specifies the service role ARN for the batch build project.' + source: '- (Required) Configuration block. Detailed below.' + source_identifier: '- (Required) Source identifier. Source data will be put inside a folder named as this parameter inside AWS CodeBuild source directory' + source_version: '- (Optional) Version of the build input to be built for this project. If not specified, the latest version is used.' + status: '- (Optional) Current status of logs in S3 for a build project. Valid values: ENABLED, DISABLED. Defaults to DISABLED.' + stream_name: '- (Optional) Stream name of the logs in CloudWatch Logs.' + subnets: '- (Required) Subnet IDs within which to run builds.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_url: '- (Optional) Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.' + timeout_in_mins: '- (Optional) Specifies the maximum amount of time, in minutes, that the batch build must be completed in.' + type: '- (Required, Deprecated) Authorization type to use. The only valid value is OAUTH. This data type is deprecated and is no longer accurate or used. Use the aws_codebuild_source_credential resource instead.' + value: '- (Required) Environment variable''s value.' + vpc_config: '- (Optional) Configuration block. Detailed below.' + vpc_id: '- (Required) ID of the VPC within which to run builds.' + aws_codebuild_report_group: + subCategory: CodeBuild + description: Provides a CodeBuild Report Group resource. + name: aws_codebuild_report_group + titleName: aws_codebuild_report_group + examples: + - manifest: |- + { + "export_config": [ + { + "s3_destination": [ + { + "bucket": "${aws_s3_bucket.example.id}", + "encryption_disabled": false, + "encryption_key": "${aws_kms_key.example.arn}", + "packaging": "NONE", + "path": "/some" + } + ], + "type": "S3" + } + ], + "name": "my test report group", + "type": "TEST" + } + argumentDocs: + arn: '- The ARN of Report Group.' + bucket: '- (Required) The name of the S3 bucket where the raw data of a report are exported.' + created: '- The date and time this Report Group was created.' + delete_reports: '- (Optional) If true, deletes any reports that belong to a report group before deleting the report group. If false, you must delete any reports in the report group before deleting it. Default value is false.' + encryption_disabled: |- + - (Optional) A boolean value that specifies if the results of a report are encrypted. + Note: the API does not currently allow setting encryption as disabled + encryption_key: '- (Required) The encryption key for the report''s encrypted raw data. The KMS key ARN.' + export_config: '- (Required) Information about the destination where the raw data of this Report Group is exported. see Export Config documented below.' + id: '- The ARN of Report Group.' + name: '- (Required) The name of a Report Group.' + packaging: '- (Optional) The type of build output artifact to create. Valid values are: NONE (default) and ZIP.' + path: '- (Optional) The path to the exported report''s raw data results.' + s3_destination: '- (Required) contains information about the S3 bucket where the run of a report is exported. see S3 Destination documented below.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The export configuration type. Valid values are S3 and NO_EXPORT.' + aws_codebuild_source_credential: + subCategory: CodeBuild + description: Provides a CodeBuild Source Credential resource. + name: aws_codebuild_source_credential + titleName: aws_codebuild_source_credential + examples: + - manifest: |- + { + "auth_type": "PERSONAL_ACCESS_TOKEN", + "server_type": "GITHUB", + "token": "example" + } + - manifest: |- + { + "auth_type": "BASIC_AUTH", + "server_type": "BITBUCKET", + "token": "example", + "user_name": "test-user" + } + argumentDocs: + arn: '- The ARN of Source Credential.' + auth_type: '- (Required) The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.' + id: '- The ARN of Source Credential.' + server_type: '- (Required) The source provider used for this project.' + token: '- (Required) For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.' + user_name: '- (Optional) The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.' + aws_codebuild_webhook: + subCategory: CodeBuild + description: Provides a CodeBuild Webhook resource. + name: aws_codebuild_webhook + titleName: aws_codebuild_webhook + examples: + - manifest: |- + { + "build_type": "BUILD", + "filter_group": [ + { + "filter": [ + { + "pattern": "PUSH", + "type": "EVENT" + }, + { + "pattern": "master", + "type": "HEAD_REF" + } + ] + } + ], + "project_name": "${aws_codebuild_project.example.name}" + } + references: + project_name: aws_codebuild_project.name + - manifest: |- + { + "project_name": "${aws_codebuild_project.example.name}" + } + references: + project_name: aws_codebuild_project.name + argumentDocs: + branch_filter: '- (Optional) A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use filter_group over branch_filter.' + build_type: '- (Optional) The type of build this webhook will trigger. Valid values for this parameter are: BUILD, BUILD_BATCH.' + exclude_matched_pattern: '- (Optional) If set to true, the specified filter does not trigger a build. Defaults to false.' + filter: '- (Required) A webhook filter for the group. Filter blocks are documented below.' + filter_group: '- (Optional) Information about the webhook''s trigger. Filter group blocks are documented below.' + id: '- The name of the build project.' + pattern: '- (Required) For a filter that uses EVENT type, a comma-separated string that specifies one event: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED. PULL_REQUEST_MERGED works with GitHub & GitHub Enterprise only. For a filter that uses any of the other filter types, a regular expression.' + payload_url: '- The CodeBuild endpoint where webhook events are sent.' + project_name: '- (Required) The name of the build project.' + secret: '- The secret token of the associated repository. Not returned by the CodeBuild API for all source types.' + type: '- (Required) The webhook filter group''s type. Valid values for this parameter are: EVENT, BASE_REF, HEAD_REF, ACTOR_ACCOUNT_ID, FILE_PATH, COMMIT_MESSAGE. At least one filter group must specify EVENT as its type.' + url: '- The URL to the webhook.' + aws_codecommit_repository: + subCategory: CodeCommit + description: Provides a CodeCommit Repository Resource. + name: aws_codecommit_repository + titleName: aws_codecommit_repository + examples: + - manifest: |- + { + "description": "This is the Sample App Repository", + "repository_name": "MyTestRepository" + } + argumentDocs: + arn: '- The ARN of the repository' + clone_url_http: '- The URL to use for cloning the repository over HTTPS.' + clone_url_ssh: '- The URL to use for cloning the repository over SSH.' + default_branch: '- (Optional) The default branch of the repository. The branch specified here needs to exist.' + description: '- (Optional) The description of the repository. This needs to be less than 1000 characters' + repository_id: '- The ID of the repository' + repository_name: '- (Required) The name for the repository. This needs to be less than 100 characters.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_codecommit_trigger: + subCategory: CodeCommit + description: Provides a CodeCommit Trigger Resource. + name: aws_codecommit_trigger + titleName: aws_codecommit_trigger + examples: + - manifest: |- + { + "repository_name": "${aws_codecommit_repository.test.repository_name}", + "trigger": [ + { + "destination_arn": "${aws_sns_topic.test.arn}", + "events": [ + "all" + ], + "name": "all" + } + ] + } + references: + repository_name: aws_codecommit_repository.repository_name + argumentDocs: + branches: '- (Optional) The branches that will be included in the trigger configuration. If no branches are specified, the trigger will apply to all branches.' + configuration_id: '- System-generated unique identifier.' + custom_data: '- (Optional) Any custom data associated with the trigger that will be included in the information sent to the target of the trigger.' + destination_arn: '- (Required) The ARN of the resource that is the target for a trigger. For example, the ARN of a topic in Amazon Simple Notification Service (SNS).' + events: '- (Required) The repository events that will cause the trigger to run actions in another service, such as sending a notification through Amazon Simple Notification Service (SNS). If no events are specified, the trigger will run for all repository events. Event types include: all, updateReference, createReference, deleteReference.' + name: '- (Required) The name of the trigger.' + repository_name: '- (Required) The name for the repository. This needs to be less than 100 characters.' + aws_codedeploy_app: + subCategory: CodeDeploy + description: Provides a CodeDeploy application. + name: aws_codedeploy_app + titleName: aws_codedeploy_app + examples: + - manifest: |- + { + "compute_platform": "ECS", + "name": "example" + } + - manifest: |- + { + "compute_platform": "Lambda", + "name": "example" + } + - manifest: |- + { + "compute_platform": "Server", + "name": "example" + } + argumentDocs: + application_id: '- The application ID.' + arn: '- The ARN of the CodeDeploy application.' + compute_platform: '- (Optional) The compute platform can either be ECS, Lambda, or Server. Default is Server.' + github_account_name: '- The name for a connection to a GitHub account.' + id: '- Amazon''s assigned ID for the application.' + linked_to_github: '- Whether the user has authenticated with GitHub for the specified application.' + name: '- The application''s name.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_codedeploy_deployment_config: + subCategory: CodeDeploy + description: Provides a CodeDeploy deployment config. + name: aws_codedeploy_deployment_config + titleName: aws_codedeploy_deployment_config + examples: + - manifest: |- + { + "deployment_config_name": "test-deployment-config", + "minimum_healthy_hosts": [ + { + "type": "HOST_COUNT", + "value": 2 + } + ] + } + - manifest: |- + { + "compute_platform": "Lambda", + "deployment_config_name": "test-deployment-config", + "traffic_routing_config": [ + { + "time_based_linear": [ + { + "interval": 10, + "percentage": 10 + } + ], + "type": "TimeBasedLinear" + } + ] + } + argumentDocs: + compute_platform: '- (Optional) The compute platform can be Server, Lambda, or ECS. Default is Server.' + deployment_config_id: '- The AWS Assigned deployment config id' + deployment_config_name: '- (Required) The name of the deployment config.' + id: '- The deployment group''s config name.' + interval: '- (Optional) The number of minutes between each incremental traffic shift of a TimeBasedLinear deployment.' + minimum_healthy_hosts: '- (Optional) A minimum_healthy_hosts block. Required for Server compute platform. Minimum Healthy Hosts are documented below.' + percentage: '- (Optional) The percentage of traffic that is shifted at the start of each increment of a TimeBasedLinear deployment.' + time_based_canary: '- (Optional) The time based canary configuration information. If type is TimeBasedLinear, use time_based_linear instead.' + time_based_linear: '- (Optional) The time based linear configuration information. If type is TimeBasedCanary, use time_based_canary instead.' + traffic_routing_config: '- (Optional) A traffic_routing_config block. Traffic Routing Config is documented below.' + type: '- (Optional) Type of traffic routing config. One of TimeBasedCanary, TimeBasedLinear, AllAtOnce.' + value: |- + - (Required) The value when the type is FLEET_PERCENT represents the minimum number of healthy instances as + a percentage of the total number of instances in the deployment. If you specify FLEET_PERCENT, at the start of the + deployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances. + When the type is HOST_COUNT, the value represents the minimum number of healthy instances as an absolute value. + aws_codedeploy_deployment_group: + subCategory: CodeDeploy + description: Provides a CodeDeploy deployment group. + name: aws_codedeploy_deployment_group + titleName: aws_codedeploy_deployment_group + examples: + - manifest: |- + { + "alarm_configuration": [ + { + "alarms": [ + "my-alarm-name" + ], + "enabled": true + } + ], + "app_name": "${aws_codedeploy_app.example.name}", + "auto_rollback_configuration": [ + { + "enabled": true, + "events": [ + "DEPLOYMENT_FAILURE" + ] + } + ], + "deployment_group_name": "example-group", + "ec2_tag_set": [ + { + "ec2_tag_filter": [ + { + "key": "filterkey1", + "type": "KEY_AND_VALUE", + "value": "filtervalue" + }, + { + "key": "filterkey2", + "type": "KEY_AND_VALUE", + "value": "filtervalue" + } + ] + } + ], + "service_role_arn": "${aws_iam_role.example.arn}", + "trigger_configuration": [ + { + "trigger_events": [ + "DeploymentFailure" + ], + "trigger_name": "example-trigger", + "trigger_target_arn": "${aws_sns_topic.example.arn}" + } + ] + } + references: + app_name: aws_codedeploy_app.name + service_role_arn: aws_iam_role.arn + - manifest: |- + { + "app_name": "${aws_codedeploy_app.example.name}", + "auto_rollback_configuration": [ + { + "enabled": true, + "events": [ + "DEPLOYMENT_FAILURE" + ] + } + ], + "blue_green_deployment_config": [ + { + "deployment_ready_option": [ + { + "action_on_timeout": "CONTINUE_DEPLOYMENT" + } + ], + "terminate_blue_instances_on_deployment_success": [ + { + "action": "TERMINATE", + "termination_wait_time_in_minutes": 5 + } + ] + } + ], + "deployment_config_name": "CodeDeployDefault.ECSAllAtOnce", + "deployment_group_name": "example", + "deployment_style": [ + { + "deployment_option": "WITH_TRAFFIC_CONTROL", + "deployment_type": "BLUE_GREEN" + } + ], + "ecs_service": [ + { + "cluster_name": "${aws_ecs_cluster.example.name}", + "service_name": "${aws_ecs_service.example.name}" + } + ], + "load_balancer_info": [ + { + "target_group_pair_info": [ + { + "prod_traffic_route": [ + { + "listener_arns": [ + "${aws_lb_listener.example.arn}" + ] + } + ], + "target_group": [ + { + "name": "${aws_lb_target_group.blue.name}" + }, + { + "name": "${aws_lb_target_group.green.name}" + } + ] + } + ] + } + ], + "service_role_arn": "${aws_iam_role.example.arn}" + } + references: + app_name: aws_codedeploy_app.name + service_role_arn: aws_iam_role.arn + - manifest: |- + { + "app_name": "${aws_codedeploy_app.example.name}", + "blue_green_deployment_config": [ + { + "deployment_ready_option": [ + { + "action_on_timeout": "STOP_DEPLOYMENT", + "wait_time_in_minutes": 60 + } + ], + "green_fleet_provisioning_option": [ + { + "action": "DISCOVER_EXISTING" + } + ], + "terminate_blue_instances_on_deployment_success": [ + { + "action": "KEEP_ALIVE" + } + ] + } + ], + "deployment_group_name": "example-group", + "deployment_style": [ + { + "deployment_option": "WITH_TRAFFIC_CONTROL", + "deployment_type": "BLUE_GREEN" + } + ], + "load_balancer_info": [ + { + "elb_info": [ + { + "name": "${aws_elb.example.name}" + } + ] + } + ], + "service_role_arn": "${aws_iam_role.example.arn}" + } + references: + app_name: aws_codedeploy_app.name + service_role_arn: aws_iam_role.arn + argumentDocs: + CONTINUE_DEPLOYMENT: ': Register new instances with the load balancer immediately after the new application revision is installed on the instances in the replacement environment.' + COPY_AUTO_SCALING_GROUP: ': Use settings from a specified Auto Scaling group to define and create instances in a new Auto Scaling group. Exactly one Auto Scaling group must be specified when selecting COPY_AUTO_SCALING_GROUP. Use autoscaling_groups to specify the Auto Scaling group.' + DISCOVER_EXISTING: ': Use instances that already exist or will be created manually.' + KEEP_ALIVE: ': Instances are left running after they are deregistered from the load balancer and removed from the deployment group.' + STOP_DEPLOYMENT: ': Do not register new instances with load balancer unless traffic is rerouted manually. If traffic is not rerouted manually before the end of the specified wait period, the deployment status is changed to Stopped.' + TERMINATE: ': Instances are terminated after a specified wait time.' + action: '- (Optional) The action to take on instances in the original environment after a successful blue/green deployment.' + action_on_timeout: '- (Optional) When to reroute traffic from an original environment to a replacement environment in a blue/green deployment.' + alarm_configuration: '- (Optional) Configuration block of alarms associated with the deployment group (documented below).' + alarms: '- (Optional) A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group.' + app_name: '- (Required) The name of the application.' + arn: '- The ARN of the CodeDeploy deployment group.' + auto_rollback_configuration: '- (Optional) Configuration block of the automatic rollback configuration associated with the deployment group (documented below).' + autoscaling_groups: '- (Optional) Autoscaling groups associated with the deployment group.' + blue_green_deployment_config: '- (Optional) Configuration block of the blue/green deployment options for a deployment group (documented below).' + cluster_name: '- (Required) The name of the ECS cluster.' + compute_platform: '- The destination platform type for the deployment.' + deployment_config_name: '- (Optional) The name of the group''s deployment config. The default is "CodeDeployDefault.OneAtATime".' + deployment_group_id: '- The ID of the CodeDeploy deployment group.' + deployment_group_name: '- (Required) The name of the deployment group.' + deployment_option: '- (Optional) Indicates whether to route deployment traffic behind a load balancer. Valid Values are WITH_TRAFFIC_CONTROL or WITHOUT_TRAFFIC_CONTROL. Default is WITHOUT_TRAFFIC_CONTROL.' + deployment_ready_option: '- (Optional) Information about the action to take when newly provisioned instances are ready to receive traffic in a blue/green deployment (documented below).' + deployment_style: '- (Optional) Configuration block of the type of deployment, either in-place or blue/green, you want to run and whether to route deployment traffic behind a load balancer (documented below).' + deployment_type: '- (Optional) Indicates whether to run an in-place deployment or a blue/green deployment. Valid Values are IN_PLACE or BLUE_GREEN. Default is IN_PLACE.' + ec2_tag_filter: '- (Optional) Tag filters associated with the deployment group. See the AWS docs for details.' + ec2_tag_set: '- (Optional) Configuration block(s) of Tag filters associated with the deployment group, which are also referred to as tag groups (documented below). See the AWS docs for details.' + ecs_service: '- (Optional) Configuration block(s) of the ECS services for a deployment group (documented below).' + elb_info: '- (Optional) The Classic Elastic Load Balancer to use in a deployment. Conflicts with target_group_info and target_group_pair_info.' + enabled: '- (Optional) Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. If you enable automatic rollback, you must specify at least one event type.' + events: '- (Optional) The event type or types that trigger a rollback. Supported types are DEPLOYMENT_FAILURE and DEPLOYMENT_STOP_ON_ALARM.' + "false": ': The deployment will stop if alarm status information can''t be retrieved.' + green_fleet_provisioning_option: '- (Optional) Information about how instances are provisioned for a replacement environment in a blue/green deployment (documented below).' + id: '- Application name and deployment group name.' + ignore_poll_alarm_failure: '- (Optional) Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. The default value is false.' + key: '- (Optional) The key of the tag filter.' + listener_arns: '- (Required) List of Amazon Resource Names (ARNs) of the load balancer listeners.' + load_balancer_info: '- (Optional) Single configuration block of the load balancer to use in a blue/green deployment (documented below).' + name: '- (Required) Name of the target group.' + on_premises_instance_tag_filter: '- (Optional) On premise tag filters associated with the group. See the AWS docs for details.' + prod_traffic_route: '- (Required) Configuration block for the production traffic route (documented below).' + service_name: '- (Required) The name of the ECS service.' + service_role_arn: '- (Required) The service role ARN that allows deployments.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_group: '- (Required) Configuration blocks for a target group within a target group pair (documented below).' + target_group_info: '- (Optional) The (Application/Network Load Balancer) target group to use in a deployment. Conflicts with elb_info and target_group_pair_info.' + target_group_pair_info: '- (Optional) The (Application/Network Load Balancer) target group pair to use in a deployment. Conflicts with elb_info and target_group_info.' + terminate_blue_instances_on_deployment_success: '- (Optional) Information about whether to terminate instances in the original fleet during a blue/green deployment (documented below).' + termination_wait_time_in_minutes: '- (Optional) The number of minutes to wait after a successful blue/green deployment before terminating instances from the original environment.' + test_traffic_route: '- (Optional) Configuration block for the test traffic route (documented below).' + trigger_configuration: '- (Optional) Configuration block(s) of the triggers for the deployment group (documented below).' + trigger_events: '- (Required) The event type or types for which notifications are triggered. Some values that are supported: DeploymentStart, DeploymentSuccess, DeploymentFailure, DeploymentStop, DeploymentRollback, InstanceStart, InstanceSuccess, InstanceFailure. See the CodeDeploy documentation for all possible values.' + trigger_name: '- (Required) The name of the notification trigger.' + trigger_target_arn: '- (Required) The ARN of the SNS topic through which notifications are sent.' + "true": ': The deployment will proceed even if alarm status information can''t be retrieved.' + type: '- (Optional) The type of the tag filter, either KEY_ONLY, VALUE_ONLY, or KEY_AND_VALUE.' + value: '- (Optional) The value of the tag filter.' + wait_time_in_minutes: '- (Optional) The number of minutes to wait before the status of a blue/green deployment changed to Stopped if rerouting is not started manually. Applies only to the STOP_DEPLOYMENT option for action_on_timeout.' + aws_codepipeline: + subCategory: CodePipeline + description: Provides a CodePipeline + name: aws_codepipeline + titleName: aws_codepipeline + examples: + - manifest: |- + { + "artifact_store": [ + { + "encryption_key": [ + { + "id": "${data.aws_kms_alias.s3kmskey.arn}", + "type": "KMS" + } + ], + "location": "${aws_s3_bucket.codepipeline_bucket.bucket}", + "type": "S3" + } + ], + "name": "tf-test-pipeline", + "role_arn": "${aws_iam_role.codepipeline_role.arn}", + "stage": [ + { + "action": [ + { + "category": "Source", + "configuration": { + "BranchName": "main", + "ConnectionArn": "${aws_codestarconnections_connection.example.arn}", + "FullRepositoryId": "my-organization/example" + }, + "name": "Source", + "output_artifacts": [ + "source_output" + ], + "owner": "AWS", + "provider": "CodeStarSourceConnection", + "version": "1" + } + ], + "name": "Source" + }, + { + "action": [ + { + "category": "Build", + "configuration": { + "ProjectName": "test" + }, + "input_artifacts": [ + "source_output" + ], + "name": "Build", + "output_artifacts": [ + "build_output" + ], + "owner": "AWS", + "provider": "CodeBuild", + "version": "1" + } + ], + "name": "Build" + }, + { + "action": [ + { + "category": "Deploy", + "configuration": { + "ActionMode": "REPLACE_ON_FAILURE", + "Capabilities": "CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM", + "OutputFileName": "CreateStackOutput.json", + "StackName": "MyStack", + "TemplatePath": "build_output::sam-templated.yaml" + }, + "input_artifacts": [ + "build_output" + ], + "name": "Deploy", + "owner": "AWS", + "provider": "CloudFormation", + "version": "1" + } + ], + "name": "Deploy" + } + ] + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + action: '- (Required) The action(s) to include in the stage. Defined as an action block below' + arn: '- The codepipeline ARN.' + artifact_store: (Required) One or more artifact_store blocks. Artifact stores are documented below. + category: '- (Required) A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are Approval, Build, Deploy, Invoke, Source and Test.' + configuration: '- (Optional) A map of the action declaration''s configuration. Configurations options for action types and providers can be found in the Pipeline Structure Reference and Action Structure Reference documentation.' + encryption_key: '- (Optional) The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don''t specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An encryption_key block is documented below.' + id: '- The codepipeline ID.' + input_artifacts: '- (Optional) A list of artifact names to be worked on.' + location: '- (Required) The location where AWS CodePipeline stores artifacts for a pipeline; currently only S3 is supported.' + name: '- (Required) The action declaration''s name.' + namespace: '- (Optional) The namespace all output variables will be accessed from.' + output_artifacts: '- (Optional) A list of artifact names to output. Output artifact names must be unique within a pipeline.' + owner: '- (Required) The creator of the action being called. Possible values are AWS, Custom and ThirdParty.' + provider: '- (Required) The provider of the service being called by the action. Valid providers are determined by the action category. Provider names are listed in the Action Structure Reference documentation.' + region: '- (Optional) The region in which to run the action.' + role_arn: '- (Optional) The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline.' + run_order: '- (Optional) The order in which actions are run.' + stage: (Minimum of at least two stage blocks is required) A stage block. Stages are documented below. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of key; currently only KMS is supported' + version: '- (Required) A string that identifies the action type.' + aws_codepipeline_webhook: + subCategory: CodePipeline + description: Provides a CodePipeline Webhook + name: aws_codepipeline_webhook + titleName: aws_codepipeline_webhook + examples: + - manifest: |- + { + "authentication": "GITHUB_HMAC", + "authentication_configuration": [ + { + "secret_token": "${local.webhook_secret}" + } + ], + "filter": [ + { + "json_path": "$.ref", + "match_equals": "refs/heads/{Branch}" + } + ], + "name": "test-webhook-github-bar", + "target_action": "Source", + "target_pipeline": "${aws_codepipeline.bar.name}" + } + references: + target_pipeline: aws_codepipeline.name + argumentDocs: + allowed_ip_range: '- (Optional) A valid CIDR block for IP filtering. Required for IP.' + authentication: '- (Required) The type of authentication to use. One of IP, GITHUB_HMAC, or UNAUTHENTICATED.' + authentication_configuration: '- (Optional) An auth block. Required for IP and GITHUB_HMAC. Auth blocks are documented below.' + filter: (Required) One or more filter blocks. Filter blocks are documented below. + id: '- The CodePipeline webhook''s ARN.' + json_path: '- (Required) The JSON path to filter on.' + match_equals: '- (Required) The value to match on (e.g. refs/heads/{Branch}). See AWS docs for details.' + name: '- (Required) The name of the webhook.' + secret_token: '- (Optional) The shared secret for the GitHub repository webhook. Set this as secret in your github_repository_webhook''s configuration block. Required for GITHUB_HMAC.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_action: '- (Required) The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.' + target_pipeline: '- (Required) The name of the pipeline.' + url: '- The CodePipeline webhook''s URL. POST events to this endpoint to trigger the target.' + aws_codestarconnections_connection: + subCategory: CodeStar Connections + description: Provides a CodeStar Connection + name: aws_codestarconnections_connection + titleName: aws_codestarconnections_connection + examples: + - manifest: |- + { + "name": "example-connection", + "provider_type": "Bitbucket" + } + argumentDocs: + arn: '- The codestar connection ARN.' + connection_status: '- The codestar connection status. Possible values are PENDING, AVAILABLE and ERROR.' + host_arn: '- (Optional) The Amazon Resource Name (ARN) of the host associated with the connection. Conflicts with provider_type' + id: '- The codestar connection ARN.' + name: '- (Required) The name of the connection to be created. The name must be unique in the calling AWS account. Changing name will create a new resource.' + provider_type: '- (Optional) The name of the external provider where your third-party code repository is configured. Valid values are Bitbucket, GitHub or GitHubEnterpriseServer. Changing provider_type will create a new resource. Conflicts with host_arn' + tags: '- (Optional) Map of key-value resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_codestarconnections_host: + subCategory: CodeStar Connections + description: Provides a CodeStar Host + name: aws_codestarconnections_host + titleName: aws_codestarconnections_host + examples: + - manifest: |- + { + "name": "example-host", + "provider_endpoint": "https://example.com", + "provider_type": "GitHubEnterpriseServer" + } + argumentDocs: + arn: '- The CodeStar Host ARN.' + id: '- The CodeStar Host ARN.' + name: '- (Required) The name of the host to be created. The name must be unique in the calling AWS account.' + provider_endpoint: '- (Required) The endpoint of the infrastructure to be represented by the host after it is created.' + provider_type: '- (Required) The name of the external provider where your third-party code repository is configured.' + security_group_ids: '- (Required) he ID of the security group or security groups associated with the Amazon VPC connected to the infrastructure where your provider type is installed.' + status: '- The CodeStar Host status. Possible values are PENDING, AVAILABLE, VPC_CONFIG_DELETING, VPC_CONFIG_INITIALIZING, and VPC_CONFIG_FAILED_INITIALIZATION.' + subnet_ids: '- (Required) The ID of the subnet or subnets associated with the Amazon VPC connected to the infrastructure where your provider type is installed.' + tls_certificate: '- (Optional) The value of the Transport Layer Security (TLS) certificate associated with the infrastructure where your provider type is installed.' + vpc_configuration: '- (Optional) The VPC configuration to be provisioned for the host. A VPC must be configured, and the infrastructure to be represented by the host must already be connected to the VPC.' + vpc_id: '- (Required) The ID of the Amazon VPC connected to the infrastructure where your provider type is installed.' + aws_codestarnotifications_notification_rule: + subCategory: CodeStar Notifications + description: Provides a CodeStar Notifications Rule + name: aws_codestarnotifications_notification_rule + titleName: aws_codestarnotifications_notification_rule + examples: + - manifest: |- + { + "detail_type": "BASIC", + "event_type_ids": [ + "codecommit-repository-comments-on-commits" + ], + "name": "example-code-repo-commits", + "resource": "${aws_codecommit_repository.code.arn}", + "target": [ + { + "address": "${aws_sns_topic.notif.arn}" + } + ] + } + references: + resource: aws_codecommit_repository.arn + argumentDocs: + address: '- (Required) The ARN of notification rule target. For example, a SNS Topic ARN.' + arn: '- The codestar notification rule ARN.' + detail_type: '- (Required) The level of detail to include in the notifications for this resource. Possible values are BASIC and FULL.' + event_type_ids: |- + - (Required) A list of event types associated with this notification rule. + For list of allowed events see here. + id: '- The codestar notification rule ARN.' + name: '- (Required) The name of notification rule.' + resource: '- (Required) The ARN of the resource to associate with the notification rule.' + status: '- (Optional) The status of the notification rule. Possible values are ENABLED and DISABLED, default is ENABLED.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target: '- (Optional) Configuration blocks containing notification target information. Can be specified multiple times. At least one target must be specified on creation.' + type: '- (Optional) The type of the notification target. Default value is SNS.' + aws_cognito_identity_pool: + subCategory: Cognito + description: Provides an AWS Cognito Identity Pool. + name: aws_cognito_identity_pool + titleName: aws_cognito_identity_pool + examples: + - manifest: |- + { + "allow_classic_flow": false, + "allow_unauthenticated_identities": false, + "cognito_identity_providers": [ + { + "client_id": "6lhlkkfbfb4q5kpp90urffae", + "provider_name": "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ", + "server_side_token_check": false + }, + { + "client_id": "7kodkvfqfb4qfkp39eurffae", + "provider_name": "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu", + "server_side_token_check": false + } + ], + "identity_pool_name": "identity pool", + "openid_connect_provider_arns": [ + "arn:aws:iam::123456789012:oidc-provider/id.example.com" + ], + "saml_provider_arns": [ + "${aws_iam_saml_provider.default.arn}" + ], + "supported_login_providers": { + "accounts.google.com": "123456789012.apps.googleusercontent.com", + "graph.facebook.com": "7346241598935552" + } + } + argumentDocs: + allow_classic_flow: (Optional) - Enables or disables the classic / basic authentication flow. Default is false. + allow_unauthenticated_identities: (Required) - Whether the identity pool supports unauthenticated logins or not. + arn: '- The ARN of the identity pool.' + client_id: (Optional) - The client ID for the Amazon Cognito Identity User Pool. + cognito_identity_providers: (Optional) - An array of Amazon Cognito Identity user pools and their client IDs. + developer_provider_name: |- + (Optional) - The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your + backend and the Cognito service to communicate about the developer provider. + id: '- An identity pool ID in the format REGION:GUID.' + identity_pool_name: (Required) - The Cognito Identity Pool name. + openid_connect_provider_arns: (Optional) - Set of OpendID Connect provider ARNs. + provider_name: (Optional) - The provider name for an Amazon Cognito Identity User Pool. + saml_provider_arns: (Optional) - An array of Amazon Resource Names (ARNs) of the SAML provider for your identity. + server_side_token_check: (Optional) - Whether server-side token validation is enabled for the identity provider’s token or not. + supported_login_providers: (Optional) - Key-Value pairs mapping provider names to provider app IDs. + tags: '- (Optional) A map of tags to assign to the Identity Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_cognito_identity_pool_roles_attachment: + subCategory: Cognito + description: Provides an AWS Cognito Identity Pool Roles Attachment. + name: aws_cognito_identity_pool_roles_attachment + titleName: aws_cognito_identity_pool_roles_attachment + examples: + - manifest: |- + { + "identity_pool_id": "${aws_cognito_identity_pool.main.id}", + "role_mapping": [ + { + "ambiguous_role_resolution": "AuthenticatedRole", + "identity_provider": "graph.facebook.com", + "mapping_rule": [ + { + "claim": "isAdmin", + "match_type": "Equals", + "role_arn": "${aws_iam_role.authenticated.arn}", + "value": "paid" + } + ], + "type": "Rules" + } + ], + "roles": { + "authenticated": "${aws_iam_role.authenticated.arn}" + } + } + references: + identity_pool_id: aws_cognito_identity_pool.id + argumentDocs: + ambiguous_role_resolution: (Optional) - Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. Required if you specify Token or Rules as the Type. + claim: (Required) - The claim name that must be present in the token, for example, "isAdmin" or "paid". + id: '- The identity pool ID.' + identity_pool_id: (Required) - An identity pool ID in the format REGION:GUID. + identity_provider: (Required) - A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". + mapping_rule: (Optional) - The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role. + match_type: (Required) - The match condition that specifies how closely the claim value in the IdP token must match Value. + role_arn: (Required) - The role ARN. + role_mapping: (Optional) - The List of Role Mapping. + roles: (Required) - The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN. + type: (Required) - The role mapping type. + value: (Required) - A brief string that the claim must match, for example, "paid" or "yes". + aws_cognito_identity_provider: + subCategory: Cognito + description: Provides a Cognito User Identity Provider resource. + name: aws_cognito_identity_provider + titleName: aws_cognito_identity_provider + examples: + - manifest: |- + { + "attribute_mapping": { + "email": "email", + "username": "sub" + }, + "provider_details": { + "authorize_scopes": "email", + "client_id": "your client_id", + "client_secret": "your client_secret" + }, + "provider_name": "Google", + "provider_type": "Google", + "user_pool_id": "${aws_cognito_user_pool.example.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + argumentDocs: + attribute_mapping: (Optional) - The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation + idp_identifiers: (Optional) - The list of identity providers. + provider_details: (Optional) - The map of identity details, such as access token + provider_name: (Required) - The provider name + provider_type: (Required) - The provider type. See AWS API for valid values + user_pool_id: (Required) - The user pool id + aws_cognito_resource_server: + subCategory: Cognito + description: Provides a Cognito Resource Server. + name: aws_cognito_resource_server + titleName: aws_cognito_resource_server + examples: + - manifest: |- + { + "identifier": "https://example.com", + "name": "example", + "user_pool_id": "${aws_cognito_user_pool.pool.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + - manifest: |- + { + "identifier": "https://example.com", + "name": "example", + "scope": [ + { + "scope_description": "a Sample Scope Description", + "scope_name": "sample-scope" + } + ], + "user_pool_id": "${aws_cognito_user_pool.pool.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + argumentDocs: + identifier: '- (Required) An identifier for the resource server.' + name: '- (Required) A name for the resource server.' + scope: '- (Optional) A list of Authorization Scope.' + scope_description: '- (Required) The scope description.' + scope_identifiers: '- A list of all scopes configured for this resource server in the format identifier/scope_name.' + scope_name: '- (Required) The scope name.' + aws_cognito_user_group: + subCategory: Cognito + description: Provides a Cognito User Group resource. + name: aws_cognito_user_group + titleName: aws_cognito_user_group + examples: + - manifest: |- + { + "description": "Managed by Terraform", + "name": "user-group", + "precedence": 42, + "role_arn": "${aws_iam_role.group_role.arn}", + "user_pool_id": "${aws_cognito_user_pool.main.id}" + } + references: + role_arn: aws_iam_role.arn + user_pool_id: aws_cognito_user_pool.id + argumentDocs: + description: '- (Optional) The description of the user group.' + name: '- (Required) The name of the user group.' + precedence: '- (Optional) The precedence of the user group.' + role_arn: '- (Optional) The ARN of the IAM role to be associated with the user group.' + user_pool_id: '- (Required) The user pool ID.' + aws_cognito_user_pool: + subCategory: Cognito + description: Provides a Cognito User Pool resource. + name: aws_cognito_user_pool + titleName: aws_cognito_user_pool + examples: + - manifest: |- + { + "name": "mypool" + } + - manifest: |- + { + "mfa_configuration": "ON", + "sms_authentication_message": "Your code is {####}", + "sms_configuration": [ + { + "external_id": "example", + "sns_caller_arn": "${aws_iam_role.example.arn}" + } + ], + "software_token_mfa_configuration": [ + { + "enabled": true + } + ] + } + - manifest: |- + { + "account_recovery_setting": [ + { + "recovery_mechanism": [ + { + "name": "verified_email", + "priority": 1 + }, + { + "name": "verified_phone_number", + "priority": 2 + } + ] + } + ], + "name": "mypool" + } + - manifest: |- + { + "schema": [ + { + "attribute_data_type": "\u003cappropriate type\u003e", + "developer_only_attribute": false, + "mutable": true, + "name": "\u003cname\u003e", + "required": false, + "string_attribute_constraints": [ + { + "max_length": 2048, + "min_length": 0 + } + ] + } + ] + } + argumentDocs: + account_recovery_setting: '- (Optional) Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.' + admin_create_user_config: '- (Optional) Configuration block for creating a new user profile. Detailed below.' + advanced_security_mode: '- (Required) Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.' + alias_attributes: '- (Optional) Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.' + allow_admin_create_user_only: '- (Optional) Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.' + arn: '- ARN of the user pool.' + attribute_data_type: '- (Required) Attribute data type. Must be one of Boolean, Number, String, DateTime.' + auto_verified_attributes: '- (Optional) Attributes to be auto-verified. Valid values: email, phone_number.' + case_sensitive: '- (Required) Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.' + challenge_required_on_new_device: '- (Optional) Whether a challenge is required on a new device. Only applicable to a new device.' + configuration_set: '- (Optional) Email configuration set name from SES.' + create_auth_challenge: '- (Optional) ARN of the lambda creating an authentication challenge.' + creation_date: '- Date the user pool was created.' + custom_domain: '- A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.' + custom_email_sender: '- (Optional) A custom email sender AWS Lambda trigger. See custom_email_sender Below.' + custom_message: '- (Optional) Custom Message AWS Lambda trigger.' + custom_sms_sender: '- (Optional) A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.' + default_email_option: '- (Optional) Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.' + define_auth_challenge: '- (Optional) Defines the authentication challenge.' + developer_only_attribute: '- (Optional) Whether the attribute type is developer only.' + device_configuration: '- (Optional) Configuration block for the user pool''s device tracking. Detailed below.' + device_only_remembered_on_user_prompt: '- (Optional) Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."' + domain: '- Holds the domain prefix if the user pool has a domain associated with it.' + email_configuration: '- (Optional) Configuration block for configuring email. Detailed below.' + email_message: '- (Optional) Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.' + email_message_by_link: '- (Optional) Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.' + email_sending_account: '- (Optional) Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration.' + email_subject: '- (Optional) Subject line for the email message template. Conflicts with email_verification_subject argument.' + email_subject_by_link: '- (Optional) Subject line for the email message template for sending a confirmation link to the user.' + email_verification_message: '- (Optional) String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.' + email_verification_subject: '- (Optional) String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.' + enabled: '- (Required) Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.' + endpoint: '- Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy' + estimated_number_of_users: '- A number estimating the size of the user pool.' + external_id: '- (Required) External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.' + from_email_address: '- (Optional) Sender’s email address or sender’s display name with their email address (e.g. john@example.com, John Smith or \"John Smith Ph.D.\" ). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.' + id: '- ID of the user pool.' + invite_message_template: '- (Optional) Invite message template structure. Detailed below.' + kms_key_id: '- (Optional) The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.' + lambda_arn: '- (Required) he Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.' + lambda_config: '- (Optional) Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.' + lambda_version: '- (Required) The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.' + last_modified_date: '- Date the user pool was last modified.' + max_length: '- (Optional) Maximum length of an attribute value of the string type.' + max_value: '- (Optional) Maximum value of an attribute that is of the number data type.' + mfa_configuration: '- (Optional) Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).' + min_length: '- (Optional) Minimum length of an attribute value of the string type.' + min_value: '- (Optional) Minimum value of an attribute that is of the number data type.' + minimum_length: '- (Optional) Minimum length of the password policy that you have set.' + mutable: '- (Optional) Whether the attribute can be changed once it has been created.' + name: '- (Required) Name of the attribute.' + number_attribute_constraints: '- (Required when attribute_data_type is Number) Configuration block for the constraints for an attribute of the number type. Detailed below.' + password_policy: '- (Optional) Configuration blocked for information about the user pool password policy. Detailed below.' + post_authentication: '- (Optional) Post-authentication AWS Lambda trigger.' + post_confirmation: '- (Optional) Post-confirmation AWS Lambda trigger.' + pre_authentication: '- (Optional) Pre-authentication AWS Lambda trigger.' + pre_sign_up: '- (Optional) Pre-registration AWS Lambda trigger.' + pre_token_generation: '- (Optional) Allow to customize identity token claims before token generation.' + priority: '- (Required) Positive integer specifying priority of a method with 1 being the highest priority.' + recovery_mechanism: '- (Required) List of Account Recovery Options of the following structure:' + reply_to_email_address: '- (Optional) REPLY-TO email address.' + require_lowercase: '- (Optional) Whether you have required users to use at least one lowercase letter in their password.' + require_numbers: '- (Optional) Whether you have required users to use at least one number in their password.' + require_symbols: '- (Optional) Whether you have required users to use at least one symbol in their password.' + require_uppercase: '- (Optional) Whether you have required users to use at least one uppercase letter in their password.' + required: '- (Optional) Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.' + schema: '- (Optional) Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.' + sms_authentication_message: '- (Optional) String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.' + sms_configuration: '- (Optional) Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.' + sms_message: '- (Optional) SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.' + sms_verification_message: '- (Optional) String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.' + sns_caller_arn: '- (Required) ARN of the Amazon SNS caller. This is usually the IAM role that you''ve given Cognito permission to assume.' + software_token_mfa_configuration: '- (Optional) Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.' + source_arn: '- (Optional) ARN of the SES verified email identity to to use. Required if email_sending_account is set to DEVELOPER.' + string_attribute_constraints: '- (Required when attribute_data_type is String) Constraints for an attribute of the string type. Detailed below.' + tags: '- (Optional) Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + temporary_password_validity_days: '- (Optional) In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.' + user_migration: '- (Optional) User migration Lambda config type.' + user_pool_add_ons: '- (Optional) Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.' + username_attributes: '- (Optional) Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.' + username_configuration: '- (Optional) Configuration block for username configuration. Detailed below.' + verification_message_template: '- (Optional) Configuration block for verification message templates. Detailed below.' + verify_auth_challenge_response: '- (Optional) Verifies the authentication challenge response.' + aws_cognito_user_pool_client: + subCategory: Cognito + description: Provides a Cognito User Pool Client resource. + name: aws_cognito_user_pool_client + titleName: aws_cognito_user_pool_client + examples: + - manifest: |- + { + "name": "client", + "user_pool_id": "${aws_cognito_user_pool.pool.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + - manifest: |- + { + "explicit_auth_flows": [ + "ADMIN_NO_SRP_AUTH" + ], + "generate_secret": true, + "name": "client", + "user_pool_id": "${aws_cognito_user_pool.pool.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + - manifest: |- + { + "analytics_configuration": [ + { + "application_id": "${aws_pinpoint_app.test.application_id}", + "external_id": "some_id", + "role_arn": "${aws_iam_role.test.arn}", + "user_data_shared": true + } + ], + "name": "pool_client", + "user_pool_id": "${aws_cognito_user_pool.test.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + argumentDocs: + access_token: '- (Optional) Time unit in for the value in access_token_validity, defaults to hours.' + access_token_validity: '- (Optional) Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in token_validity_units.' + allowed_oauth_flows: '- (Optional) List of allowed OAuth flows (code, implicit, client_credentials).' + allowed_oauth_flows_user_pool_client: '- (Optional) Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.' + allowed_oauth_scopes: '- (Optional) List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).' + analytics_configuration: '- (Optional) Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.' + application_arn: '- (Optional) Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.' + application_id: '- (Optional) Application ID for an Amazon Pinpoint application.' + callback_urls: '- (Optional) List of allowed callback URLs for the identity providers.' + client_secret: '- Client secret of the user pool client.' + default_redirect_uri: '- (Optional) Default redirect URI. Must be in the list of callback URLs.' + enable_token_revocation: '- (Optional) Enables or disables token revocation.' + explicit_auth_flows: '- (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).' + external_id: '- (Optional) ID for the Analytics Configuration. Conflicts with application_arn.' + generate_secret: '- (Optional) Should an application secret be generated.' + id: '- ID of the user pool client.' + id_token: '- (Optional) Time unit in for the value in id_token_validity, defaults to hours.' + id_token_validity: '- (Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in token_validity_units.' + logout_urls: '- (Optional) List of allowed logout URLs for the identity providers.' + name: '- (Required) Name of the application client.' + prevent_user_existence_errors: '- (Optional) Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.' + read_attributes: '- (Optional) List of user pool attributes the application client can read from.' + refresh_token: '- (Optional) Time unit in for the value in refresh_token_validity, defaults to days.' + refresh_token_validity: '- (Optional) Time limit in days refresh tokens are valid for.' + role_arn: '- (Optional) ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.' + supported_identity_providers: '- (Optional) List of provider names for the identity providers that are supported on this client.' + token_validity_units: '- (Optional) Configuration block for units in which the validity times are represented in. Detailed below.' + user_data_shared: (Optional) If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics. + user_pool_id: '- (Required) User pool the client belongs to.' + write_attributes: '- (Optional) List of user pool attributes the application client can write to.' + aws_cognito_user_pool_domain: + subCategory: Cognito + description: Provides a Cognito User Pool Domain resource. + name: aws_cognito_user_pool_domain + titleName: aws_cognito_user_pool_domain + examples: + - manifest: |- + { + "domain": "example-domain", + "user_pool_id": "${aws_cognito_user_pool.example.id}" + } + references: + user_pool_id: aws_cognito_user_pool.id + - manifest: |- + { + "certificate_arn": "${aws_acm_certificate.cert.arn}", + "domain": "example-domain.example.com", + "user_pool_id": "${aws_cognito_user_pool.example.id}" + } + references: + certificate_arn: aws_acm_certificate.arn + user_pool_id: aws_cognito_user_pool.id + argumentDocs: + aws_account_id: '- The AWS account ID for the user pool owner.' + certificate_arn: '- (Optional) The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.' + cloudfront_distribution_arn: '- The URL of the CloudFront distribution. This is required to generate the ALIAS aws_route53_record' + domain: '- (Required) The domain string.' + s3_bucket: '- The S3 bucket where the static files for this domain are stored.' + user_pool_id: '- (Required) The user pool ID.' + version: '- The app version.' + aws_cognito_user_pool_ui_customization: + subCategory: Cognito + description: Provides a Cognito User Pool UI Customization resource. + name: aws_cognito_user_pool_ui_customization + titleName: aws_cognito_user_pool_ui_customization + examples: + - manifest: |- + { + "client_id": "${aws_cognito_user_pool_client.example.id}", + "css": ".label-customizable {font-weight: 400;}", + "image_file": "${filebase64(\"logo.png\")}", + "user_pool_id": "${aws_cognito_user_pool_domain.example.user_pool_id}" + } + references: + client_id: aws_cognito_user_pool_client.id + user_pool_id: aws_cognito_user_pool_domain.user_pool_id + - manifest: |- + { + "css": ".label-customizable {font-weight: 400;}", + "image_file": "${filebase64(\"logo.png\")}", + "user_pool_id": "${aws_cognito_user_pool_domain.example.user_pool_id}" + } + references: + user_pool_id: aws_cognito_user_pool_domain.user_pool_id + argumentDocs: + client_id: (Optional) The client ID for the client app. Defaults to ALL. If ALL is specified, the css and/or image_file settings will be used for every client that has no UI customization set previously. + creation_date: '- The creation date in RFC3339 format for the UI customization.' + css: (Optional) - The CSS values in the UI customization, provided as a String. At least one of css or image_file is required. + css_version: '- The CSS version number.' + image_file: (Optional) - The uploaded logo image for the UI customization, provided as a base64-encoded String. Drift detection is not possible for this argument. At least one of css or image_file is required. + image_url: '- The logo image URL for the UI customization.' + last_modified_date: '- The last-modified date in RFC3339 format for the UI customization.' + user_pool_id: (Required) - The user pool ID for the user pool. + aws_config_aggregate_authorization: + subCategory: Config + description: Manages an AWS Config Aggregate Authorization. + name: aws_config_aggregate_authorization + titleName: aws_config_aggregate_authorization + examples: + - manifest: |- + { + "account_id": "123456789012", + "region": "eu-west-2" + } + argumentDocs: + account_id: '- (Required) Account ID' + arn: '- The ARN of the authorization' + region: '- (Required) Region' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_config_config_rule: + subCategory: Config + description: Provides an AWS Config Rule. + name: aws_config_config_rule + titleName: aws_config_config_rule + examples: + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.foo}" + ], + "name": "example", + "source": [ + { + "owner": "AWS", + "source_identifier": "S3_BUCKET_VERSIONING_ENABLED" + } + ] + } + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.example}", + "${aws_lambda_permission.example}" + ], + "source": [ + { + "owner": "CUSTOM_LAMBDA", + "source_identifier": "${aws_lambda_function.example.arn}" + } + ] + } + argumentDocs: + ConfigurationItemChangeNotification: '- Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.' + ConfigurationSnapshotDeliveryCompleted: '- Triggers a periodic evaluation when AWS Config delivers a configuration snapshot.' + OversizedConfigurationItemChangeNotification: '- Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.' + ScheduledNotification: '- Triggers a periodic evaluation at the frequency specified for maximum_execution_frequency.' + arn: '- The ARN of the config rule' + compliance_resource_id: '- (Optional) The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for compliance_resource_types.' + compliance_resource_types: '- (Optional) A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. AWS::EC2::Instance. You can only specify one type if you also specify a resource ID for compliance_resource_id. See relevant part of AWS Docs for available types.' + description: '- (Optional) Description of the rule' + event_source: '- (Optional) The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to aws.config and is the only valid value.' + input_parameters: '- (Optional) A string in JSON format that is passed to the AWS Config rule Lambda function.' + maximum_execution_frequency: '- (Optional) The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.' + message_type: '- (Optional) The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:' + name: '- (Required) The name of the rule' + owner: '- (Required) Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are AWS or CUSTOM_LAMBDA. For more information about managed rules, see the AWS Config Managed Rules documentation. For more information about custom rules, see the AWS Config Custom Rules documentation. Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the aws_lambda_permission resource.' + rule_id: '- The ID of the config rule' + scope: '- (Optional) Scope defines which resources can trigger an evaluation for the rule as documented below.' + source: '- (Required) Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.' + source_detail: '- (Optional) Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if owner is CUSTOM_LAMBDA.' + source_identifier: '- (Required) For AWS Config managed rules, a predefined identifier, e.g IAM_PASSWORD_POLICY. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name or the arn attribute of the aws_lambda_function resource.' + tag_key: '- (Optional, Required if tag_value is specified) The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.' + tag_value: '- (Optional) The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_config_configuration_aggregator: + subCategory: Config + description: Manages an AWS Config Configuration Aggregator. + name: aws_config_configuration_aggregator + titleName: aws_config_configuration_aggregator + examples: + - manifest: |- + { + "account_aggregation_source": [ + { + "account_ids": [ + "123456789012" + ], + "regions": [ + "us-west-2" + ] + } + ], + "name": "example" + } + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy_attachment.organization}" + ], + "name": "example", + "organization_aggregation_source": [ + { + "all_regions": true, + "role_arn": "${aws_iam_role.organization.arn}" + } + ] + } + argumentDocs: + account_aggregation_source: '- (Optional) The account(s) to aggregate config data from as documented below.' + account_ids: '- (Required) List of 12-digit account IDs of the account(s) being aggregated.' + all_regions: '- (Optional) If true, aggregate existing AWS Config regions and future regions.' + arn: '- The ARN of the aggregator' + name: '- (Required) The name of the configuration aggregator.' + organization_aggregation_source: '- (Optional) The organization to aggregate config data from as documented below.' + regions: '- (Optional) List of source regions being aggregated.' + role_arn: '- (Required) ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_config_configuration_recorder: + subCategory: Config + description: Provides an AWS Config Configuration Recorder. + name: aws_config_configuration_recorder + titleName: aws_config_configuration_recorder + examples: + - manifest: |- + { + "name": "example", + "role_arn": "${aws_iam_role.r.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + all_supported: '- (Optional) Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with resource_types. Defaults to true.' + id: '- Name of the recorder' + include_global_resource_types: '- (Optional) Specifies whether AWS Config includes all supported types of global resources with the resources that it records. Requires all_supported = true. Conflicts with resource_types.' + name: '- (Optional) The name of the recorder. Defaults to default. Changing it recreates the resource.' + recording_group: '- (Optional) Recording group - see below.' + resource_types: '- (Optional) A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail). See relevant part of AWS Docs for available types. In order to use this attribute, all_supported must be set to false.' + role_arn: '- (Required) Amazon Resource Name (ARN) of the IAM role. Used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.' + aws_config_configuration_recorder_status: + subCategory: Config + description: Manages status of an AWS Config Configuration Recorder. + name: aws_config_configuration_recorder_status + titleName: aws_config_configuration_recorder_status + examples: + - manifest: |- + { + "depends_on": [ + "${aws_config_delivery_channel.foo}" + ], + "is_enabled": true, + "name": "${aws_config_configuration_recorder.foo.name}" + } + references: + name: aws_config_configuration_recorder.name + argumentDocs: + is_enabled: '- (Required) Whether the configuration recorder should be enabled or disabled.' + name: '- (Required) The name of the recorder' + aws_config_conformance_pack: + subCategory: Config + description: Manages a Config Conformance Pack + name: aws_config_conformance_pack + titleName: aws_config_conformance_pack + examples: + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.example}" + ], + "input_parameter": [ + { + "parameter_name": "AccessKeysRotatedParameterMaxAccessKeyAge", + "parameter_value": "90" + } + ], + "name": "example", + "template_body": "Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n" + } + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.example}" + ], + "name": "example", + "template_s3_uri": "s3://${aws_s3_bucket.example.bucket}/${aws_s3_bucket_object.example.key}" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the conformance pack.' + delivery_s3_bucket: '- (Optional) Amazon S3 bucket where AWS Config stores conformance pack templates. Maximum length of 63.' + delivery_s3_key_prefix: '- (Optional) The prefix for the Amazon S3 bucket. Maximum length of 1024.' + input_parameter: '- (Optional) Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the template_body or in the template stored in Amazon S3 if using template_s3_uri.' + name: '- (Required, Forces new resource) The name of the conformance pack. Must begin with a letter and contain from 1 to 256 alphanumeric characters and hyphens.' + parameter_name: '- (Required) The input key.' + parameter_value: '- (Required) The input value.' + template_body: '- (Optional, required if template_s3_uri is not provided) A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.' + template_s3_uri: '- (Optional, required if template_body is not provided) Location of file, e.g. s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.' + aws_config_delivery_channel: + subCategory: Config + description: Provides an AWS Config Delivery Channel. + name: aws_config_delivery_channel + titleName: aws_config_delivery_channel + examples: + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.foo}" + ], + "name": "example", + "s3_bucket_name": "${aws_s3_bucket.b.bucket}" + } + references: + s3_bucket_name: aws_s3_bucket.bucket + argumentDocs: + delivery_frequency: '- (Optional) - The frequency with which AWS Config recurringly delivers configuration snapshots. e.g. One_Hour or Three_Hours. Valid values are listed here.' + id: '- The name of the delivery channel.' + name: '- (Optional) The name of the delivery channel. Defaults to default. Changing it recreates the resource.' + s3_bucket_name: '- (Required) The name of the S3 bucket used to store the configuration history.' + s3_key_prefix: '- (Optional) The prefix for the specified S3 bucket.' + snapshot_delivery_properties: '- (Optional) Options for how AWS Config delivers configuration snapshots. See below' + sns_topic_arn: '- (Optional) The ARN of the SNS topic that AWS Config delivers notifications to.' + aws_config_organization_conformance_pack: + subCategory: Config + description: Manages a Config Organization Conformance Pack + name: aws_config_organization_conformance_pack + titleName: aws_config_organization_conformance_pack + examples: + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.example}", + "${aws_organizations_organization.example}" + ], + "input_parameter": [ + { + "parameter_name": "AccessKeysRotatedParameterMaxAccessKeyAge", + "parameter_value": "90" + } + ], + "name": "example", + "template_body": "Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n" + } + - manifest: |- + { + "depends_on": [ + "${aws_config_configuration_recorder.example}", + "${aws_organizations_organization.example}" + ], + "name": "example", + "template_s3_uri": "s3://${aws_s3_bucket.example.bucket}/${aws_s3_bucket_object.example.key}" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the organization conformance pack.' + delivery_s3_bucket: '- (Optional) Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with awsconfigconforms prefix. Maximum length of 63.' + delivery_s3_key_prefix: '- (Optional) The prefix for the Amazon S3 bucket. Maximum length of 1024.' + excluded_accounts: '- (Optional) Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.' + id: '- The name of the organization conformance pack.' + input_parameter: '- (Optional) Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the template_body or in the template stored in Amazon S3 if using template_s3_uri.' + name: '- (Required, Forces new resource) The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.' + parameter_name: '- (Required) The input key.' + parameter_value: '- (Required) The input value.' + template_body: '- (Optional, Conflicts with template_s3_uri) A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.' + template_s3_uri: '- (Optional, Conflicts with template_body) Location of file, e.g. s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.' + aws_config_organization_custom_rule: + subCategory: Config + description: Manages a Config Organization Custom Rule + name: aws_config_organization_custom_rule + titleName: aws_config_organization_custom_rule + examples: + - manifest: |- + { + "depends_on": [ + "${aws_lambda_permission.example}", + "${aws_organizations_organization.example}" + ], + "lambda_function_arn": "${aws_lambda_function.example.arn}", + "name": "example", + "trigger_types": [ + "ConfigurationItemChangeNotification" + ] + } + references: + lambda_function_arn: aws_lambda_function.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the rule' + create: '- (Default 5m) How long to wait for the rule to be created.' + delete: '- (Default 5m) How long to wait for the rule to be deleted.' + description: '- (Optional) Description of the rule' + excluded_accounts: '- (Optional) List of AWS account identifiers to exclude from the rule' + input_parameters: '- (Optional) A string in JSON format that is passed to the AWS Config Rule Lambda Function' + lambda_function_arn: '- (Required) Amazon Resource Name (ARN) of the rule Lambda Function' + maximum_execution_frequency: '- (Optional) The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.' + name: '- (Required) The name of the rule' + resource_id_scope: '- (Optional) Identifier of the AWS resource to evaluate' + resource_types_scope: '- (Optional) List of types of AWS resources to evaluate' + tag_key_scope: '- (Optional, Required if tag_value_scope is configured) Tag key of AWS resources to evaluate' + tag_value_scope: '- (Optional) Tag value of AWS resources to evaluate' + trigger_types: '- (Required) List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: ConfigurationItemChangeNotification, OversizedConfigurationItemChangeNotification, and ScheduledNotification' + update: '- (Default 5m) How long to wait for the rule to be updated.' + aws_config_organization_managed_rule: + subCategory: Config + description: Manages a Config Organization Managed Rule + name: aws_config_organization_managed_rule + titleName: aws_config_organization_managed_rule + examples: + - manifest: |- + { + "depends_on": [ + "${aws_organizations_organization.example}" + ], + "name": "example", + "rule_identifier": "IAM_PASSWORD_POLICY" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the rule' + create: '- (Default 5m) How long to wait for the rule to be created.' + delete: '- (Default 5m) How long to wait for the rule to be deleted.' + description: '- (Optional) Description of the rule' + excluded_accounts: '- (Optional) List of AWS account identifiers to exclude from the rule' + input_parameters: '- (Optional) A string in JSON format that is passed to the AWS Config Rule Lambda Function' + maximum_execution_frequency: '- (Optional) The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.' + name: '- (Required) The name of the rule' + resource_id_scope: '- (Optional) Identifier of the AWS resource to evaluate' + resource_types_scope: '- (Optional) List of types of AWS resources to evaluate' + rule_identifier: '- (Required) Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentation' + tag_key_scope: '- (Optional, Required if tag_value_scope is configured) Tag key of AWS resources to evaluate' + tag_value_scope: '- (Optional) Tag value of AWS resources to evaluate' + update: '- (Default 5m) How long to wait for the rule to be updated.' + aws_config_remediation_configuration: + subCategory: Config + description: Provides an AWS Config Remediation Configuration. + name: aws_config_remediation_configuration + titleName: aws_config_remediation_configuration + examples: + - manifest: |- + { + "config_rule_name": "${aws_config_config_rule.this.name}", + "parameter": [ + { + "name": "AutomationAssumeRole", + "static_value": "arn:aws:iam::875924563244:role/security_config" + }, + { + "name": "BucketName", + "resource_value": "RESOURCE_ID" + }, + { + "name": "SSEAlgorithm", + "static_value": "AES256" + } + ], + "resource_type": "AWS::S3::Bucket", + "target_id": "AWS-EnableS3BucketEncryption", + "target_type": "SSM_DOCUMENT", + "target_version": "1" + } + references: + config_rule_name: aws_config_config_rule.name + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the Config Remediation Configuration.' + config_rule_name: '- (Required) The name of the AWS Config rule' + name: '- (Required) The name of the attribute.' + parameter: |- + - (Optional) Can be specified multiple times for each + parameter. Each parameter block supports fields documented below. + resource_type: '- (Optional) The type of a resource' + resource_value: '- (Optional) The value is dynamic and changes at run-time.' + static_value: '- (Optional) The value is static and does not change at run-time.' + target_id: '- (Required) Target ID is the name of the public document' + target_type: '- (Required) The type of the target. Target executes remediation. For example, SSM document' + target_version: '- (Optional) Version of the target. For example, version of the SSM document' + aws_cur_report_definition: + subCategory: Cost and Usage Report + description: Provides a Cost and Usage Report Definition. + name: aws_cur_report_definition + titleName: aws_cur_report_definition + examples: + - manifest: |- + { + "additional_artifacts": [ + "REDSHIFT", + "QUICKSIGHT" + ], + "additional_schema_elements": [ + "RESOURCES" + ], + "compression": "GZIP", + "format": "textORcsv", + "report_name": "example-cur-report-definition", + "s3_bucket": "example-bucket-name", + "s3_region": "us-east-1", + "time_unit": "HOURLY" + } + argumentDocs: + additional_artifacts: '- (Required) A list of additional artifacts. Valid values are: REDSHIFT, QUICKSIGHT, ATHENA. When ATHENA exists within additional_artifacts, no other artifact type can be declared and report_versioning must be OVERWRITE_REPORT.' + additional_schema_elements: '- (Required) A list of schema elements. Valid values are: RESOURCES.' + arn: '- The Amazon Resource Name (ARN) specifying the cur report.' + compression: '- (Required) Compression format for report. Valid values are: GZIP, ZIP, Parquet. If Parquet is used, then format must also be Parquet.' + format: '- (Required) Format for report. Valid values are: textORcsv, Parquet. If Parquet is used, then Compression must also be Parquet.' + refresh_closed_reports: '- (Optional) Set to true to update your reports after they have been finalized if AWS detects charges related to previous months.' + report_name: '- (Required) Unique name for the report. Must start with a number/letter and is case sensitive. Limited to 256 characters.' + report_versioning: '- (Optional) Overwrite the previous version of each report or to deliver the report in addition to the previous versions. Valid values are: CREATE_NEW_REPORT and OVERWRITE_REPORT.' + s3_bucket: '- (Required) Name of the existing S3 bucket to hold generated reports.' + s3_prefix: '- (Optional) Report path prefix. Limited to 256 characters.' + s3_region: '- (Required) Region of the existing S3 bucket to hold generated reports.' + time_unit: '- (Required) The frequency on which report data are measured and displayed. Valid values are: HOURLY, DAILY.' + aws_customer_gateway: + subCategory: VPC + description: Provides a customer gateway inside a VPC. These objects can be connected to VPN gateways via VPN connections, and allow you to establish tunnels between your network and the VPC. + name: aws_customer_gateway + titleName: aws_customer_gateway + examples: + - manifest: |- + { + "bgp_asn": 65000, + "ip_address": "172.83.124.10", + "tags": { + "Name": "main-customer-gateway" + }, + "type": "ipsec.1" + } + argumentDocs: + arn: '- The ARN of the customer gateway.' + bgp_asn: '- (Required) The gateway''s Border Gateway Protocol (BGP) Autonomous System Number (ASN).' + device_name: '- (Optional) A name for the customer gateway device.' + id: '- The amazon-assigned ID of the gateway.' + ip_address: '- (Required) The IP address of the gateway''s Internet-routable external interface.' + tags: '- (Optional) Tags to apply to the gateway. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: |- + - (Required) The type of customer gateway. The only type AWS + supports at this time is "ipsec.1". + aws_datapipeline_pipeline: + subCategory: DataPipeline + description: Provides a AWS DataPipeline Pipeline. + name: aws_datapipeline_pipeline + titleName: aws_datapipeline_pipeline + examples: + - manifest: |- + { + "name": "tf-pipeline-default" + } + argumentDocs: + description: '- (Optional) The description of Pipeline.' + id: '- The identifier of the client certificate.' + name: '- (Required) The name of Pipeline.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_datasync_agent: + subCategory: DataSync + description: Manages an AWS DataSync Agent in the provider region + name: aws_datasync_agent + titleName: aws_datasync_agent + examples: + - manifest: |- + { + "ip_address": "1.2.3.4", + "name": "example" + } + - manifest: |- + { + "ip_address": "1.2.3.4", + "name": "example", + "private_link_endpoint": "${data.aws_network_interface.example.private_ip}", + "security_group_arns": [ + "${aws_security_group.example.arn}" + ], + "subnet_arns": [ + "${aws_subnet.example.arn}" + ], + "vpc_endpoint_id": "${aws_vpc_endpoint.example.id}" + } + references: + private_link_endpoint: data.private_ip + vpc_endpoint_id: aws_vpc_endpoint.id + argumentDocs: + activation_key: '- (Optional) DataSync Agent activation key during resource creation. Conflicts with ip_address. If an ip_address is provided instead, Terraform will retrieve the activation_key as part of the resource creation.' + arn: '- Amazon Resource Name (ARN) of the DataSync Agent.' + create: '- (Default 10m) How long to wait for agent activation and connection to DataSync.' + id: '- Amazon Resource Name (ARN) of the DataSync Agent.' + ip_address: '- (Optional) DataSync Agent IP address to retrieve activation key during resource creation. Conflicts with activation_key. DataSync Agent must be accessible on port 80 from where Terraform is running.' + name: '- (Required) Name of the DataSync Agent.' + private_link_endpoint: '- (Optional) The IP address of the VPC endpoint the agent should connect to when retrieving an activation key during resource creation. Conflicts with activation_key.' + security_group_arns: '- (Optional) The ARNs of the security groups used to protect your data transfer task subnets.' + subnet_arns: '- (Optional) The Amazon Resource Names (ARNs) of the subnets in which DataSync will create elastic network interfaces for each data transfer task.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Agent. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_endpoint_id: '- (Optional) The ID of the VPC (virtual private cloud) endpoint that the agent has access to.' + aws_datasync_location_efs: + subCategory: DataSync + description: Manages an EFS Location within AWS DataSync. + name: aws_datasync_location_efs + titleName: aws_datasync_location_efs + examples: + - manifest: |- + { + "ec2_config": [ + { + "security_group_arns": [ + "${aws_security_group.example.arn}" + ], + "subnet_arn": "${aws_subnet.example.arn}" + } + ], + "efs_file_system_arn": "${aws_efs_mount_target.example.file_system_arn}" + } + references: + efs_file_system_arn: aws_efs_mount_target.file_system_arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the DataSync Location.' + ec2_config: '- (Required) Configuration block containing EC2 configurations for connecting to the EFS File System.' + efs_file_system_arn: '- (Required) Amazon Resource Name (ARN) of EFS File System.' + id: '- Amazon Resource Name (ARN) of the DataSync Location.' + security_group_arns: '- (Required) List of Amazon Resource Names (ARNs) of the EC2 Security Groups that are associated with the EFS Mount Target.' + subdirectory: '- (Optional) Subdirectory to perform actions as source or destination. Default /.' + subnet_arn: '- (Required) Amazon Resource Name (ARN) of the EC2 Subnet that is associated with the EFS Mount Target.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Location. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_datasync_location_fsx_windows_file_system: + subCategory: DataSync + description: Manages an FSx Windows Location within AWS DataSync. + name: aws_datasync_location_fsx_windows_file_system + titleName: aws_datasync_location_fsx_windows_file_system + examples: + - manifest: |- + { + "fsx_filesystem_arn": "${aws_fsx_windows_file_system.example.arn}", + "password": "SuperSecretPassw0rd", + "security_group_arns": [ + "${aws_security_group.example.arn}" + ], + "user": "SomeUser" + } + references: + fsx_filesystem_arn: aws_fsx_windows_file_system.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the DataSync Location.' + creation_time: '- The time that the FSx for Windows location was created.' + domain: '- (Optional) The name of the Windows domain that the FSx for Windows server belongs to.' + fsx_filesystem_arn: '- (Required) The Amazon Resource Name (ARN) for the FSx for Windows file system.' + id: '- Amazon Resource Name (ARN) of the DataSync Location.' + password: '- (Required) The password of the user who has the permissions to access files and folders in the FSx for Windows file system.' + security_group_arns: '- (Optional) The Amazon Resource Names (ARNs) of the security groups that are to use to configure the FSx for Windows file system.' + subdirectory: '- (Optional) Subdirectory to perform actions as source or destination.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Location. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + uri: '- The URL of the FSx for Windows location that was described.' + user: '- (Required) The user who has the permissions to access files and folders in the FSx for Windows file system.' + aws_datasync_location_nfs: + subCategory: DataSync + description: Manages an AWS DataSync NFS Location + name: aws_datasync_location_nfs + titleName: aws_datasync_location_nfs + examples: + - manifest: |- + { + "on_prem_config": [ + { + "agent_arns": [ + "${aws_datasync_agent.example.arn}" + ] + } + ], + "server_hostname": "nfs.example.com", + "subdirectory": "/exported/path" + } + argumentDocs: + agent_arns: '- (Required) List of Amazon Resource Names (ARNs) of the DataSync Agents used to connect to the NFS server.' + arn: '- Amazon Resource Name (ARN) of the DataSync Location.' + id: '- Amazon Resource Name (ARN) of the DataSync Location.' + mount_options: '- (Optional) Configuration block containing mount options used by DataSync to access the NFS Server.' + on_prem_config: '- (Required) Configuration block containing information for connecting to the NFS File System.' + server_hostname: '- (Required) Specifies the IP address or DNS name of the NFS server. The DataSync Agent(s) use this to mount the NFS server.' + subdirectory: '- (Required) Subdirectory to perform actions as source or destination. Should be exported by the NFS server.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Location. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version: '- (Optional) The specific NFS version that you want DataSync to use for mounting your NFS share. Valid values: AUTOMATIC, NFS3, NFS4_0 and NFS4_1. Default: AUTOMATIC' + aws_datasync_location_s3: + subCategory: DataSync + description: Manages an AWS DataSync S3 Location + name: aws_datasync_location_s3 + titleName: aws_datasync_location_s3 + examples: + - manifest: |- + { + "s3_bucket_arn": "${aws_s3_bucket.example.arn}", + "s3_config": [ + { + "bucket_access_role_arn": "${aws_iam_role.example.arn}" + } + ], + "subdirectory": "/example/prefix" + } + references: + s3_bucket_arn: aws_s3_bucket.arn + argumentDocs: + agent_arns: '- (Optional) A list of DataSync Agent ARNs with which this location will be associated.' + arn: '- Amazon Resource Name (ARN) of the DataSync Location.' + bucket_access_role_arn: '- (Required) Amazon Resource Names (ARN) of the IAM Role used to connect to the S3 Bucket.' + id: '- Amazon Resource Name (ARN) of the DataSync Location.' + s3_bucket_arn: '- (Required) Amazon Resource Name (ARN) of the S3 Bucket.' + s3_config: '- (Required) Configuration block containing information for connecting to S3.' + s3_storage_class: '- (Optional) The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. Valid values' + subdirectory: '- (Required) Prefix to perform actions as source or destination.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Location. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_datasync_location_smb: + subCategory: DataSync + description: Manages an AWS DataSync SMB Location + name: aws_datasync_location_smb + titleName: aws_datasync_location_smb + examples: + - manifest: |- + { + "agent_arns": [ + "${aws_datasync_agent.example.arn}" + ], + "password": "ANotGreatPassword", + "server_hostname": "smb.example.com", + "subdirectory": "/exported/path", + "user": "Guest" + } + argumentDocs: + agent_arns: '- (Required) A list of DataSync Agent ARNs with which this location will be associated.' + arn: '- Amazon Resource Name (ARN) of the DataSync Location.' + domain: '- (Optional) The name of the Windows domain the SMB server belongs to.' + mount_options: '- (Optional) Configuration block containing mount options used by DataSync to access the SMB Server. Can be AUTOMATIC, SMB2, or SMB3.' + password: '- (Required) The password of the user who can mount the share and has file permissions in the SMB.' + server_hostname: '- (Required) Specifies the IP address or DNS name of the SMB server. The DataSync Agent(s) use this to mount the SMB share.' + subdirectory: '- (Required) Subdirectory to perform actions as source or destination. Should be exported by the NFS server.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Location. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + user: '- (Required) The user who can mount the share and has file and folder permissions in the SMB share.' + version: '- (Optional) The specific SMB version that you want DataSync to use for mounting your SMB share. Valid values: AUTOMATIC, SMB2, and SMB3. Default: AUTOMATIC' + aws_datasync_task: + subCategory: DataSync + description: Manages an AWS DataSync Task + name: aws_datasync_task + titleName: aws_datasync_task + examples: + - manifest: |- + { + "destination_location_arn": "${aws_datasync_location_s3.destination.arn}", + "name": "example", + "options": [ + { + "bytes_per_second": -1 + } + ], + "source_location_arn": "${aws_datasync_location_nfs.source.arn}" + } + references: + destination_location_arn: aws_datasync_location_s3.arn + source_location_arn: aws_datasync_location_nfs.arn + - manifest: |- + { + "destination_location_arn": "${aws_datasync_location_s3.destination.arn}", + "name": "example", + "schedule": [ + { + "schedule_expression": "cron(0 12 ? * SUN,WED *)" + } + ], + "source_location_arn": "${aws_datasync_location_nfs.source.arn}" + } + references: + destination_location_arn: aws_datasync_location_s3.arn + source_location_arn: aws_datasync_location_nfs.arn + - manifest: |- + { + "destination_location_arn": "${aws_datasync_location_s3.destination.arn}", + "excludes": [ + { + "filter_type": "SIMPLE_PATTERN", + "value": "/folder1|/folder2" + } + ], + "name": "example", + "source_location_arn": "${aws_datasync_location_nfs.source.arn}" + } + references: + destination_location_arn: aws_datasync_location_s3.arn + source_location_arn: aws_datasync_location_nfs.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the DataSync Task.' + atime: '- (Optional) A file metadata that shows the last time a file was accessed (that is when the file was read or written to). If set to BEST_EFFORT, the DataSync Task attempts to preserve the original (that is, the version before sync PREPARING phase) atime attribute on all source files. Valid values: BEST_EFFORT, NONE. Default: BEST_EFFORT.' + bytes_per_second: '- (Optional) Limits the bandwidth utilized. For example, to set a maximum of 1 MB, set this value to 1048576. Value values: -1 or greater. Default: -1 (unlimited).' + cloudwatch_log_group_arn: '- (Optional) Amazon Resource Name (ARN) of the CloudWatch Log Group that is used to monitor and log events in the sync task.' + create: '- (Default 5m) How long to wait for DataSync Task availability.' + destination_location_arn: '- (Required) Amazon Resource Name (ARN) of destination DataSync Location.' + excludes: '- (Optional) Filter rules that determines which files to exclude from a task.' + filter_type: '- (Optional) The type of filter rule to apply. Valid values: SIMPLE_PATTERN.' + gid: '- (Optional) Group identifier of the file''s owners. Valid values: BOTH, INT_VALUE, NAME, NONE. Default: INT_VALUE (preserve integer value of the ID).' + id: '- Amazon Resource Name (ARN) of the DataSync Task.' + log_level: '- (Optional) Determines the type of logs that DataSync publishes to a log stream in the Amazon CloudWatch log group that you provide. Valid values: OFF, BASIC, TRANSFER. Default: OFF.' + mtime: '- (Optional) A file metadata that indicates the last time a file was modified (written to) before the sync PREPARING phase. Value values: NONE, PRESERVE. Default: PRESERVE.' + name: '- (Optional) Name of the DataSync Task.' + options: '- (Optional) Configuration block containing option that controls the default behavior when you start an execution of this DataSync Task. For each individual task execution, you can override these options by specifying an overriding configuration in those executions.' + overwrite_mode: '- (Optional) Determines whether files at the destination should be overwritten or preserved when copying files. Valid values: ALWAYS, NEVER. Default: ALWAYS.' + posix_permissions: '- (Optional) Determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. Valid values: NONE, PRESERVE. Default: PRESERVE.' + preserve_deleted_files: '- (Optional) Whether files deleted in the source should be removed or preserved in the destination file system. Valid values: PRESERVE, REMOVE. Default: PRESERVE.' + preserve_devices: '- (Optional) Whether the DataSync Task should preserve the metadata of block and character devices in the source files system, and recreate the files with that device name and metadata on the destination. The DataSync Task can’t sync the actual contents of such devices, because many of the devices are non-terminal and don’t return an end of file (EOF) marker. Valid values: NONE, PRESERVE. Default: NONE (ignore special devices).' + schedule: '- (Optional) Specifies a schedule used to periodically transfer files from a source to a destination location.' + schedule_expression: '- (Required) Specifies the schedule you want your task to use for repeated executions. For more information, see Schedule Expressions for Rules.' + source_location_arn: '- (Required) Amazon Resource Name (ARN) of source DataSync Location.' + tags: '- (Optional) Key-value pairs of resource tags to assign to the DataSync Task. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + task_queueing: '- (Optional) Determines whether tasks should be queued before executing the tasks. Valid values: ENABLED, DISABLED. Default ENABLED.' + transfer_mode: '- (Optional) Determines whether DataSync transfers only the data and metadata that differ between the source and the destination location, or whether DataSync transfers all the content from the source, without comparing to the destination location. Valid values: CHANGED, ALL. Default: CHANGED' + uid: '- (Optional) User identifier of the file''s owners. Valid values: BOTH, INT_VALUE, NAME, NONE. Default: INT_VALUE (preserve integer value of the ID).' + value: '- (Optional) A single filter string that consists of the patterns to include or exclude. The patterns are delimited by "|" (that is, a pipe), for example: /folder1|/folder2' + verify_mode: '- (Optional) Whether a data integrity verification should be performed at the end of a task execution after all data and metadata have been transferred. Valid values: NONE, POINT_IN_TIME_CONSISTENT, ONLY_FILES_TRANSFERRED. Default: POINT_IN_TIME_CONSISTENT.' + aws_dax_cluster: + subCategory: DynamoDB Accelerator (DAX) + description: Provides an DAX Cluster resource. + name: aws_dax_cluster + titleName: aws_dax_cluster + examples: + - manifest: |- + { + "cluster_name": "cluster-example", + "iam_role_arn": "${data.aws_iam_role.example.arn}", + "node_type": "dax.r4.large", + "replication_factor": 1 + } + references: + iam_role_arn: data.arn + argumentDocs: + arn: '- The ARN of the DAX cluster' + availability_zones: |- + - (Optional) List of Availability Zones in which the + nodes will be created + cluster_address: '- The DNS name of the DAX cluster without the port appended' + cluster_name: |- + – (Required) Group identifier. DAX converts this name to + lowercase + configuration_endpoint: |- + - The configuration endpoint for this DAX cluster, + consisting of a DNS name and a port number + create: '- (Default 45 minutes) Used for creating a DAX cluster' + delete: '- (Default 90 minutes) Used for destroying a DAX cluster' + description: – (Optional) Description for the cluster + enabled: '- (Optional) Whether to enable encryption at rest. Defaults to false.' + iam_role_arn: |- + - (Required) A valid Amazon Resource Name (ARN) that identifies + an IAM role. At runtime, DAX will assume this role and use the role's + permissions to access DynamoDB on your behalf + maintenance_window: |- + – (Optional) Specifies the weekly time range for when + maintenance on the cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi + (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: + sun:05:00-sun:09:00 + node_type: |- + – (Required) The compute and memory capacity of the nodes. See + Nodes for supported node types + nodes: |- + - List of node objects including id, address, port and + availability_zone. Referenceable e.g. as + ${aws_dax_cluster.test.nodes.0.address} + notification_topic_arn: |- + – (Optional) An Amazon Resource Name (ARN) of an + SNS topic to send DAX notifications to. Example: + arn:aws:sns:us-east-1:012345678999:my_sns_topic + parameter_group_name: |- + – (Optional) Name of the parameter group to associate + with this DAX cluster + port: '- The port used by the configuration endpoint' + replication_factor: |- + – (Required) The number of nodes in the DAX cluster. A + replication factor of 1 will create a single-node cluster, without any read + replicas + security_group_ids: |- + – (Optional) One or more VPC security groups associated + with the cluster + server_side_encryption: '- (Optional) Encrypt at rest options' + subnet_group_name: |- + – (Optional) Name of the subnet group to be used for the + cluster + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 45 minutes) Used for cluster modifications' + aws_dax_parameter_group: + subCategory: DynamoDB Accelerator (DAX) + description: Provides an DAX Parameter Group resource. + name: aws_dax_parameter_group + titleName: aws_dax_parameter_group + examples: + - manifest: |- + { + "name": "example", + "parameters": [ + { + "name": "query-ttl-millis", + "value": "100000" + }, + { + "name": "record-ttl-millis", + "value": "100000" + } + ] + } + argumentDocs: + description: '- (Optional, ForceNew) A description of the parameter group.' + id: '- The name of the parameter group.' + name: '- (Required) The name of the parameter.' + parameters: – (Optional) The parameters of the parameter group. + value: '- (Required) The value for the parameter.' + aws_dax_subnet_group: + subCategory: DynamoDB Accelerator (DAX) + description: Provides an DAX Subnet Group resource. + name: aws_dax_subnet_group + titleName: aws_dax_subnet_group + examples: + - manifest: |- + { + "name": "example", + "subnet_ids": [ + "${aws_subnet.example1.id}", + "${aws_subnet.example2.id}" + ] + } + argumentDocs: + description: '- (Optional) A description of the subnet group.' + id: '- The name of the subnet group.' + name: – (Required) The name of the subnet group. + subnet_ids: – (Required) A list of VPC subnet IDs for the subnet group. + vpc_id: – VPC ID of the subnet group. + aws_db_cluster_snapshot: + subCategory: RDS + description: Manages an RDS database cluster snapshot. + name: aws_db_cluster_snapshot + titleName: aws_db_cluster_snapshot + examples: + - manifest: |- + { + "db_cluster_identifier": "${aws_rds_cluster.example.id}", + "db_cluster_snapshot_identifier": "resourcetestsnapshot1234" + } + references: + db_cluster_identifier: aws_rds_cluster.id + argumentDocs: + allocated_storage: '- Specifies the allocated storage size in gigabytes (GB).' + availability_zones: '- List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.' + create: '- (Default 20m) How long to wait for the snapshot to be available.' + db_cluster_identifier: '- (Required) The DB Cluster Identifier from which to take the snapshot.' + db_cluster_snapshot_arn: '- The Amazon Resource Name (ARN) for the DB Cluster Snapshot.' + db_cluster_snapshot_identifier: '- (Required) The Identifier for the snapshot.' + engine: '- Specifies the name of the database engine.' + engine_version: '- Version of the database engine for this DB cluster snapshot.' + kms_key_id: '- If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.' + license_model: '- License model information for the restored DB cluster.' + port: '- Port that the DB cluster was listening on at the time of the snapshot.' + source_db_cluster_snapshot_identifier: '- The DB Cluster Snapshot Arn that the DB Cluster Snapshot was copied from. It only has value in case of cross customer or cross region copy.' + status: '- The status of this DB Cluster Snapshot.' + storage_encrypted: '- Specifies whether the DB cluster snapshot is encrypted.' + tags: '- (Optional) A map of tags to assign to the DB cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- The VPC ID associated with the DB cluster snapshot.' + aws_db_event_subscription: + subCategory: RDS + description: Provides a DB event subscription resource. + name: aws_db_event_subscription + titleName: aws_db_event_subscription + examples: + - manifest: |- + { + "event_categories": [ + "availability", + "deletion", + "failover", + "failure", + "low storage", + "maintenance", + "notification", + "read replica", + "recovery", + "restoration" + ], + "name": "rds-event-sub", + "sns_topic": "${aws_sns_topic.default.arn}", + "source_ids": [ + "${aws_db_instance.default.id}" + ], + "source_type": "db-instance" + } + references: + sns_topic: aws_sns_topic.arn + argumentDocs: + arn: '- The Amazon Resource Name of the RDS event notification subscription' + create: '- (Default 40m) How long to wait for an RDS event notification subscription to be ready.' + customer_aws_id: '- The AWS customer account associated with the RDS event notification subscription' + delete: '- (Default 40m) How long to wait for an RDS event notification subscription to be deleted.' + enabled: '- (Optional) A boolean flag to enable/disable the subscription. Defaults to true.' + event_categories: '- (Optional) A list of event categories for a SourceType that you want to subscribe to. See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html or run aws rds describe-event-categories.' + id: '- The name of the RDS event notification subscription' + name: '- (Optional) The name of the DB event subscription. By default generated by Terraform.' + name_prefix: '- (Optional) The name of the DB event subscription. Conflicts with name.' + sns_topic: '- (Required) The SNS topic to send events to.' + source_ids: '- (Optional) A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.' + source_type: '- (Optional) The type of source that will be generating the events. Valid options are db-instance, db-security-group, db-parameter-group, db-snapshot, db-cluster or db-cluster-snapshot. If not set, all sources will be subscribed to.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 40m) How long to wait for an RDS event notification subscription to be updated.' + aws_db_instance: + subCategory: RDS + description: Provides an RDS instance resource. + name: aws_db_instance + titleName: aws_db_instance + examples: + - manifest: |- + { + "allocated_storage": 10, + "engine": "mysql", + "engine_version": "5.7", + "instance_class": "db.t3.micro", + "name": "mydb", + "parameter_group_name": "default.mysql5.7", + "password": "foobarbaz", + "skip_final_snapshot": true, + "username": "foo" + } + - manifest: |- + { + "allocated_storage": 50, + "max_allocated_storage": 100 + } + - manifest: |- + { + "s3_import": [ + { + "bucket_name": "mybucket", + "bucket_prefix": "backups", + "ingestion_role": "arn:aws:iam::1234567890:role/role-xtrabackup-rds-restore", + "source_engine": "mysql", + "source_engine_version": "5.6" + } + ] + } + argumentDocs: + address: '- The hostname of the RDS instance. See also endpoint and port.' + allocated_storage: '- The amount of allocated storage.' + allow_major_version_upgrade: |- + - (Optional) Indicates that major version + upgrades are allowed. Changing this parameter does not result in an outage and + the change is asynchronously applied as soon as possible. + apply_immediately: |- + - (Optional) Specifies whether any database modifications + are applied immediately, or during the next maintenance window. Default is + false. See Amazon RDS Documentation for more + information. + arn: '- The ARN of the RDS instance.' + auto_minor_version_upgrade: |- + - (Optional) Indicates that minor engine upgrades + will be applied automatically to the DB instance during the maintenance window. + Defaults to true. + availability_zone: '- The availability zone of the instance.' + backup_retention_period: '- The backup retention period.' + backup_window: '- The backup window.' + bucket_name: '- (Required) The bucket name where your backup is stored' + bucket_prefix: '- (Optional) Can be blank, but is the path to your backup' + ca_cert_identifier: |- + - Specifies the identifier of the CA certificate for the + DB instance. + character_set_name: '- The character set (collation) used on Oracle and Microsoft SQL instances.' + copy_tags_to_snapshot: – (Optional, boolean) Copy all Instance tags to snapshots. Default is false. + create: |- + - (Default 40 minutes) Used for Creating Instances, Replicas, and + restoring from Snapshots. + customer_owned_ip_enabled: '- (Optional) Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See CoIP for RDS on Outposts for more information.' + db_subnet_group_name: |- + - (Optional) Name of DB subnet group. DB instance will + be created in the VPC associated with the DB subnet group. If unspecified, will + be created in the default VPC, or in EC2 Classic, if available. When working + with read replicas, it should be specified only if the source database + specifies an instance in another AWS Region. See DBSubnetGroupName in API + action CreateDBInstanceReadReplica + for additional read replica contraints. + delete: |- + - (Default 60 minutes) Used for destroying databases. This includes + the time required to take snapshots. + delete_automated_backups: '- (Optional) Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is true.' + deletion_protection: '- (Optional) If the DB instance should have deletion protection enabled. The database can''t be deleted when this value is set to true. The default is false.' + domain: '- The ID of the Directory Service Active Directory domain the instance is joined to' + domain_iam_role_name: '- The name of the IAM role to be used when making API calls to the Directory Service.' + enabled_cloudwatch_logs_exports: '- (Optional) Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine). MySQL and MariaDB: audit, error, general, slowquery. PostgreSQL: postgresql, upgrade. MSSQL: agent , error. Oracle: alert, audit, listener, trace.' + endpoint: '- The connection endpoint in address:port format.' + engine: '- The database engine.' + engine_version: |- + - (Optional) The engine version to use. If auto_minor_version_upgrade + is enabled, you can provide a prefix of the version such as 5.7 (for 5.7.10). + The actual engine version used is returned in the attribute engine_version_actual, defined below. + For supported values, see the EngineVersion parameter in API action CreateDBInstance. + Note that for Amazon Aurora instances the engine version must match the DB cluster's engine version'. + engine_version_actual: '- The running version of the database.' + final_snapshot_identifier: |- + - (Optional) The name of your final DB snapshot + when this DB instance is deleted. Must be provided if skip_final_snapshot is + set to false. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica. + hosted_zone_id: |- + - The canonical hosted zone ID of the DB instance (to be used + in a Route 53 Alias record). + iam_database_authentication_enabled: |- + - (Optional) Specifies whether or + mappings of AWS Identity and Access Management (IAM) accounts to database + accounts is enabled. + id: '- The RDS instance ID.' + identifier: |- + - (Optional, Forces new resource) The name of the RDS instance, + if omitted, Terraform will assign a random, unique identifier. Required if restore_to_point_in_time is specified. + identifier_prefix: |- + - (Optional, Forces new resource) Creates a unique + identifier beginning with the specified prefix. Conflicts with identifier. + ingestion_role: '- (Required) Role applied to load the data.' + instance_class: '- The RDS instance class.' + iops: |- + - (Optional) The amount of provisioned IOPS. Setting this implies a + storage_type of "io1". + kms_key_id: |- + - (Optional) The ARN for the KMS encryption key. If creating an + encrypted replica, set this to the destination KMS ARN. + latest_restorable_time: '- The latest time, in UTC RFC3339 format, to which a database can be restored with point-in-time restore.' + license_model: |- + - (Optional, but required for some DB engines, i.e. Oracle + SE1) License model information for this DB instance. + maintenance_window: '- The instance maintenance window.' + max_allocated_storage: '- (Optional) When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to allocated_storage. Must be greater than or equal to allocated_storage or 0 to disable Storage Autoscaling.' + monitoring_interval: |- + - (Optional) The interval, in seconds, between points + when Enhanced Monitoring metrics are collected for the DB instance. To disable + collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid + Values: 0, 1, 5, 10, 15, 30, 60. + monitoring_role_arn: |- + - (Optional) The ARN for the IAM role that permits RDS + to send enhanced monitoring metrics to CloudWatch Logs. You can find more + information on the AWS + Documentation + what IAM permissions are needed to allow Enhanced Monitoring for RDS Instances. + multi_az: '- If the RDS instance is multi AZ enabled.' + name: '- The database name.' + nchar_character_set_name: |- + - (Optional, Forces new resource) The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See Oracle Character Sets + Supported in Amazon RDS. + option_group_name: '- (Optional) Name of the DB option group to associate.' + parameter_group_name: |- + - (Optional) Name of the DB parameter group to + associate. + password: |- + - (Required unless a snapshot_identifier or replicate_source_db + is provided) Password for the master DB user. Note that this may show up in + logs, and it will be stored in the state file. + performance_insights_enabled: '- (Optional) Specifies whether Performance Insights are enabled. Defaults to false.' + performance_insights_kms_key_id: '- (Optional) The ARN for the KMS key to encrypt Performance Insights data. When specifying performance_insights_kms_key_id, performance_insights_enabled needs to be set to true. Once KMS key is set, it can never be changed.' + performance_insights_retention_period: '- (Optional) The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). When specifying performance_insights_retention_period, performance_insights_enabled needs to be set to true. Defaults to ''7''.' + port: '- The database port.' + publicly_accessible: |- + - (Optional) Bool to control if instance is publicly + accessible. Default is false. + replicate_source_db: |- + - (Optional) Specifies that this resource is a Replicate + database, and to use this value as the source database. This correlates to the + identifier of another Amazon RDS Database to replicate (if replicating within + a single region) or ARN of the Amazon RDS Database to replicate (if replicating + cross-region). Note that if you are + creating a cross-region replica of an encrypted database you will also need to + specify a kms_key_id. See DB Instance Replication and Working with + PostgreSQL and MySQL Read Replicas + for more information on using Replication. + resource_id: '- The RDS Resource ID of this instance.' + restore_time: '- (Optional) The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with use_latest_restorable_time.' + restore_to_point_in_time: '- (Optional, Forces new resource) A configuration block for restoring a DB instance to an arbitrary point in time. Requires the identifier argument to be set with the name of the new DB instance to be created. See Restore To Point In Time below for details.' + s3_import: '- (Optional) Restore from a Percona Xtrabackup in S3. See Importing Data into an Amazon RDS MySQL DB Instance' + security_group_names: |- + - (Optional/Deprecated) List of DB Security Groups to + associate. Only used for DB Instances on the . + skip_final_snapshot: |- + - (Optional) Determines whether a final DB snapshot is + created before the DB instance is deleted. If true is specified, no DBSnapshot + is created. If false is specified, a DB snapshot is created before the DB + instance is deleted, using the value from final_snapshot_identifier. Default + is false. + snapshot_identifier: |- + - (Optional) Specifies whether or not to create this + database from a snapshot. This correlates to the snapshot ID you'd find in the + RDS console, e.g: rds:production-2015-06-26-06-05. + source_db_instance_identifier: '- (Optional) The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if source_dbi_resource_id is not specified.' + source_dbi_resource_id: '- (Optional) The resource ID of the source DB instance from which to restore. Required if source_db_instance_identifier is not specified.' + source_engine: '- (Required, as of Feb 2018 only ''mysql'' supported) Source engine for the backup' + source_engine_version: '- (Required, as of Feb 2018 only ''5.6'' supported) Version of the source engine used to make the backup' + status: '- The RDS instance status.' + storage_encrypted: '- Specifies whether the DB instance is encrypted.' + storage_type: |- + - (Optional) One of "standard" (magnetic), "gp2" (general + purpose SSD), or "io1" (provisioned IOPS SSD). The default is "io1" if iops is + specified, "gp2" if not. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timezone: |- + - (Optional) Time zone of the DB instance. timezone is currently + only supported by Microsoft SQL Server. The timezone can only be set on + creation. See MSSQL User + Guide + for more information. + update: '- (Default 80 minutes) Used for Database modifications.' + use_latest_restorable_time: '- (Optional) A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to false. Cannot be specified with restore_time.' + username: '- The master username for the database.' + vpc_security_group_ids: |- + - (Optional) List of VPC security groups to + associate. + aws_db_instance_role_association: + subCategory: RDS + description: Manages an RDS DB Instance association with an IAM Role. + name: aws_db_instance_role_association + titleName: aws_db_instance_role_association + examples: + - manifest: |- + { + "db_instance_identifier": "${aws_db_instance.example.id}", + "feature_name": "S3_INTEGRATION", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + db_instance_identifier: aws_db_instance.id + role_arn: aws_iam_role.arn + argumentDocs: + db_instance_identifier: '- (Required) DB Instance Identifier to associate with the IAM Role.' + feature_name: '- (Required) Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the SupportedFeatureNames list returned by AWS CLI rds describe-db-engine-versions.' + id: '- DB Instance Identifier and IAM Role ARN separated by a comma (,)' + role_arn: '- (Required) Amazon Resource Name (ARN) of the IAM Role to associate with the DB Instance.' + aws_db_option_group: + subCategory: RDS + description: Provides an RDS DB option group resource. + name: aws_db_option_group + titleName: aws_db_option_group + examples: + - manifest: |- + { + "engine_name": "sqlserver-ee", + "major_engine_version": "11.00", + "name": "option-group-test-terraform", + "option": [ + { + "option_name": "Timezone", + "option_settings": [ + { + "name": "TIME_ZONE", + "value": "UTC" + } + ] + }, + { + "option_name": "SQLSERVER_BACKUP_RESTORE", + "option_settings": [ + { + "name": "IAM_ROLE_ARN", + "value": "${aws_iam_role.example.arn}" + } + ] + }, + { + "option_name": "TDE" + } + ], + "option_group_description": "Terraform Option Group" + } + argumentDocs: + arn: '- The ARN of the db option group.' + db_security_group_memberships: '- (Optional) A list of DB Security Groups for which the option is enabled.' + delete: '- (Default 15 minutes)' + engine_name: '- (Required) Specifies the name of the engine that this option group should be associated with.' + id: '- The db option group name.' + major_engine_version: '- (Required) Specifies the major version of the engine that this option group should be associated with.' + name: '- (Optional) The Name of the setting.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name. Must be lowercase, to match as it is stored in AWS.' + option: '- (Optional) A list of Options to apply.' + option_group_description: '- (Optional) The description of the option group. Defaults to "Managed by Terraform".' + option_name: '- (Required) The Name of the Option (e.g. MEMCACHED).' + option_settings: '- (Optional) A list of option settings to apply.' + port: '- (Optional) The Port number when connecting to the Option (e.g. 11211).' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Optional) The Value of the setting.' + version: '- (Optional) The version of the option (e.g. 13.1.0.0).' + vpc_security_group_memberships: '- (Optional) A list of VPC Security Groups for which the option is enabled.' + aws_db_parameter_group: + subCategory: RDS + description: Provides an RDS DB parameter group resource. + name: aws_db_parameter_group + titleName: aws_db_parameter_group + examples: + - manifest: |- + { + "family": "mysql5.6", + "name": "rds-pg", + "parameter": [ + { + "name": "character_set_server", + "value": "utf8" + }, + { + "name": "character_set_client", + "value": "utf8" + } + ] + } + argumentDocs: + apply_method: |- + - (Optional) "immediate" (default), or "pending-reboot". Some + engines can't apply some parameters without a reboot, and you will need to + specify "pending-reboot" here. + arn: '- The ARN of the db parameter group.' + description: '- (Optional, Forces new resource) The description of the DB parameter group. Defaults to "Managed by Terraform".' + family: '- (Required, Forces new resource) The family of the DB parameter group.' + id: '- The db parameter group name.' + name: '- (Required) The name of the DB parameter.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + parameter: '- (Optional) A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via aws rds describe-db-parameters after initial creation of the group.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the DB parameter.' + aws_db_proxy: + subCategory: RDS + description: Provides an RDS DB proxy resource. + name: aws_db_proxy + titleName: aws_db_proxy + examples: + - manifest: |- + { + "auth": [ + { + "auth_scheme": "SECRETS", + "description": "example", + "iam_auth": "DISABLED", + "secret_arn": "${aws_secretsmanager_secret.example.arn}" + } + ], + "debug_logging": false, + "engine_family": "MYSQL", + "idle_client_timeout": 1800, + "name": "example", + "require_tls": true, + "role_arn": "${aws_iam_role.example.arn}", + "tags": { + "Key": "value", + "Name": "example" + }, + "vpc_security_group_ids": [ + "${aws_security_group.example.id}" + ], + "vpc_subnet_ids": [ + "${aws_subnet.example.id}" + ] + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) for the proxy.' + auth: '- (Required) Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters. Described below.' + auth_scheme: '- (Optional) The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of SECRETS.' + create: '- (Default 30 minutes) Used for creating DB proxies.' + debug_logging: '- (Optional) Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.' + delete: '- (Default 60 minutes) Used for destroying DB proxies.' + description: '- (Optional) A user-specified description about the authentication used by a proxy to log in as a specific database user.' + endpoint: '- The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.' + engine_family: '- (Required, Forces new resource) The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. Valid values are MYSQL and POSTGRESQL.' + iam_auth: '- (Optional) Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of DISABLED, REQUIRED.' + id: '- The Amazon Resource Name (ARN) for the proxy.' + idle_client_timeout: '- (Optional) The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.' + name: '- (Required) The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can''t end with a hyphen or contain two consecutive hyphens.' + require_tls: '- (Optional) A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy.' + role_arn: '- (Required) The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.' + secret_arn: '- (Optional) The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager.' + tags: '- (Optional) A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 30 minutes) Used for modifying DB proxies.' + username: '- (Optional) The name of the database user to which the proxy connects.' + vpc_security_group_ids: '- (Optional) One or more VPC security group IDs to associate with the new proxy.' + vpc_subnet_ids: '- (Required) One or more VPC subnet IDs to associate with the new proxy.' + aws_db_proxy_default_target_group: + subCategory: RDS + description: Manage an RDS DB proxy default target group resource. + name: aws_db_proxy_default_target_group + titleName: aws_db_proxy_default_target_group + examples: + - manifest: |- + { + "connection_pool_config": [ + { + "connection_borrow_timeout": 120, + "init_query": "SET x=1, y=2", + "max_connections_percent": 100, + "max_idle_connections_percent": 50, + "session_pinning_filters": [ + "EXCLUDE_VARIABLE_SETS" + ] + } + ], + "db_proxy_name": "${aws_db_proxy.example.name}" + } + references: + db_proxy_name: aws_db_proxy.name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) representing the target group.' + connection_borrow_timeout: '- (Optional) The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.' + connection_pool_config: '- (Optional) The settings that determine the size and behavior of the connection pool for the target group.' + create: '- (Default 30 minutes) Timeout for modifying DB proxy target group on creation.' + db_proxy_name: '- (Required) Name of the RDS DB Proxy.' + id: '- Name of the RDS DB Proxy.' + init_query: '- (Optional) One or more SQL statements for the proxy to run when opening each new database connection. Typically used with SET statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single SET statement, such as SET x=1, y=2.' + max_connections_percent: '- (Optional) The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group.' + max_idle_connections_percent: '- (Optional) Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group.' + name: '- The name of the default target group.' + session_pinning_filters: '- (Optional) Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is EXCLUDE_VARIABLE_SETS.' + update: '- (Default 30 minutes) Timeout for modifying DB proxy target group on update.' + aws_db_proxy_endpoint: + subCategory: RDS + description: Provides an RDS DB proxy endpoint resource. + name: aws_db_proxy_endpoint + titleName: aws_db_proxy_endpoint + examples: + - manifest: |- + { + "db_proxy_endpoint_name": "example", + "db_proxy_name": "${aws_db_proxy.test.name}", + "target_role": "READ_ONLY", + "vpc_subnet_ids": "${aws_subnet.test.*.id}" + } + references: + db_proxy_name: aws_db_proxy.name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) for the proxy endpoint.' + create: '- (Default 30 minutes) Used for creating DB proxy endpoint.' + db_proxy_endpoint_name: '- (Required) The identifier for the proxy endpoint. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can''t end with a hyphen or contain two consecutive hyphens.' + db_proxy_name: '- (Required) The name of the DB proxy associated with the DB proxy endpoint that you create.' + delete: '- (Default 60 minutes) Used for destroying DB proxy endpoint.' + endpoint: '- The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.' + id: '- The name of the proxy and proxy endpoint separated by /, DB-PROXY-NAME/DB-PROXY-ENDPOINT-NAME.' + is_default: '- Indicates whether this endpoint is the default endpoint for the associated DB proxy.' + tags: '- (Optional) A mapping of tags to assign to the resource.' + target_role: '- (Optional) Indicates whether the DB proxy endpoint can be used for read/write or read-only operations. The default is READ_WRITE. Valid values are READ_WRITE and READ_ONLY.' + update: '- (Default 30 minutes) Used for modifying DB proxy endpoint.' + vpc_id: '- The VPC ID of the DB proxy endpoint.' + vpc_security_group_ids: '- (Optional) One or more VPC security group IDs to associate with the new proxy.' + vpc_subnet_ids: '- (Required) One or more VPC subnet IDs to associate with the new proxy.' + aws_db_proxy_target: + subCategory: RDS + description: Provides an RDS DB proxy target resource. + name: aws_db_proxy_target + titleName: aws_db_proxy_target + examples: + - manifest: |- + { + "db_instance_identifier": "${aws_db_instance.example.id}", + "db_proxy_name": "${aws_db_proxy.example.name}", + "target_group_name": "${aws_db_proxy_default_target_group.example.name}" + } + references: + db_instance_identifier: aws_db_instance.id + db_proxy_name: aws_db_proxy.name + target_group_name: aws_db_proxy_default_target_group.name + argumentDocs: + db_cluster_identifier: '- (Optional, Forces new resource) DB cluster identifier.' + db_instance_identifier: '- (Optional, Forces new resource) DB instance identifier.' + db_proxy_name: '- (Required, Forces new resource) The name of the DB proxy.' + endpoint: '- Hostname for the target RDS DB Instance. Only returned for RDS_INSTANCE type.' + id: '- Identifier of db_proxy_name, target_group_name, target type (e.g. RDS_INSTANCE or TRACKED_CLUSTER), and resource identifier separated by forward slashes (/).' + port: '- Port for the target RDS DB Instance or Aurora DB Cluster.' + rds_resource_id: '- Identifier representing the DB Instance or DB Cluster target.' + target_arn: '- Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API.' + target_group_name: '- (Required, Forces new resource) The name of the target group.' + tracked_cluster_id: '- DB Cluster identifier for the DB Instance target. Not returned unless manually importing an RDS_INSTANCE target that is part of a DB Cluster.' + type: '- Type of target. e.g. RDS_INSTANCE or TRACKED_CLUSTER' + aws_db_security_group: + subCategory: RDS + description: Provides an RDS security group resource. + name: aws_db_security_group + titleName: aws_db_security_group + examples: + - manifest: |- + { + "ingress": [ + { + "cidr": "10.0.0.0/24" + } + ], + "name": "rds_sg" + } + argumentDocs: + arn: '- The arn of the DB security group.' + cidr: '- The CIDR block to accept' + description: '- (Optional) The description of the DB security group. Defaults to "Managed by Terraform".' + id: '- The db security group ID.' + ingress: '- (Required) A list of ingress rules.' + name: '- (Required) The name of the DB security group.' + security_group_id: '- The ID of the security group to authorize' + security_group_name: '- The name of the security group to authorize' + security_group_owner_id: |- + - The owner Id of the security group provided + by security_group_name. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_db_snapshot: + subCategory: RDS + description: Manages an RDS database instance snapshot. + name: aws_db_snapshot + titleName: aws_db_snapshot + examples: + - manifest: |- + { + "db_instance_identifier": "${aws_db_instance.bar.id}", + "db_snapshot_identifier": "testsnapshot1234" + } + references: + db_instance_identifier: aws_db_instance.id + argumentDocs: + allocated_storage: '- Specifies the allocated storage size in gigabytes (GB).' + availability_zone: '- Specifies the name of the Availability Zone the DB instance was located in at the time of the DB snapshot.' + db_instance_identifier: '- (Required) The DB Instance Identifier from which to take the snapshot.' + db_snapshot_arn: '- The Amazon Resource Name (ARN) for the DB snapshot.' + db_snapshot_identifier: '- (Required) The Identifier for the snapshot.' + encrypted: '- Specifies whether the DB snapshot is encrypted.' + engine: '- Specifies the name of the database engine.' + engine_version: '- Specifies the version of the database engine.' + iops: '- Specifies the Provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.' + kms_key_id: '- The ARN for the KMS encryption key.' + license_model: '- License model information for the restored DB instance.' + option_group_name: '- Provides the option group name for the DB snapshot.' + read: '- (Default 20 minutes) Length of time to wait for the snapshot to become available' + source_db_snapshot_identifier: '- The DB snapshot Arn that the DB snapshot was copied from. It only has value in case of cross customer or cross region copy.' + source_region: '- The region that the DB snapshot was created in or copied from.' + status: '- Specifies the status of this DB snapshot.' + storage_type: '- Specifies the storage type associated with DB snapshot.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- Specifies the storage type associated with DB snapshot.' + aws_db_subnet_group: + subCategory: RDS + description: Provides an RDS DB subnet group resource. + name: aws_db_subnet_group + titleName: aws_db_subnet_group + examples: + - manifest: |- + { + "name": "main", + "subnet_ids": [ + "${aws_subnet.frontend.id}", + "${aws_subnet.backend.id}" + ], + "tags": { + "Name": "My DB subnet group" + } + } + argumentDocs: + arn: '- The ARN of the db subnet group.' + description: '- (Optional) The description of the DB subnet group. Defaults to "Managed by Terraform".' + id: '- The db subnet group name.' + name: '- (Optional, Forces new resource) The name of the DB subnet group. If omitted, Terraform will assign a random, unique name.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + subnet_ids: '- (Required) A list of VPC subnet IDs.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_default_network_acl: + subCategory: VPC + description: Manage a default network ACL. + name: aws_default_network_acl + titleName: aws_default_network_acl + examples: + - manifest: |- + { + "default_network_acl_id": "${aws_vpc.mainvpc.default_network_acl_id}", + "egress": [ + { + "action": "allow", + "cidr_block": "0.0.0.0/0", + "from_port": 0, + "protocol": -1, + "rule_no": 100, + "to_port": 0 + } + ], + "ingress": [ + { + "action": "allow", + "cidr_block": "${aws_vpc.mainvpc.cidr_block}", + "from_port": 0, + "protocol": -1, + "rule_no": 100, + "to_port": 0 + } + ] + } + references: + default_network_acl_id: aws_vpc.default_network_acl_id + - manifest: |- + { + "default_network_acl_id": "${aws_vpc.mainvpc.default_network_acl_id}", + "ingress": [ + { + "action": "allow", + "cidr_block": "${aws_default_vpc.mainvpc.cidr_block}", + "from_port": 0, + "protocol": -1, + "rule_no": 100, + "to_port": 0 + } + ] + } + references: + default_network_acl_id: aws_vpc.default_network_acl_id + - manifest: |- + { + "default_network_acl_id": "${aws_vpc.mainvpc.default_network_acl_id}" + } + references: + default_network_acl_id: aws_vpc.default_network_acl_id + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${subnet_ids}" + ] + } + ] + } + argumentDocs: + action: '- (Required) The action to take.' + arn: '- ARN of the Default Network ACL' + cidr_block: '- (Optional) The CIDR block to match. This must be a valid network mask.' + default_network_acl_id: '- (Required) Network ACL ID to manage. This attribute is exported from aws_vpc, or manually found via the AWS Console.' + egress: '- (Optional) Configuration block for an egress rule. Detailed below.' + from_port: '- (Required) The from port to match.' + icmp_code: '- (Optional) The ICMP type code to be used. Default 0.' + icmp_type: '- (Optional) The ICMP type to be used. Default 0.' + id: '- ID of the Default Network ACL' + ingress: '- (Optional) Configuration block for an ingress rule. Detailed below.' + ipv6_cidr_block: '- (Optional) The IPv6 CIDR block.' + owner_id: '- ID of the AWS account that owns the Default Network ACL' + protocol: '- (Required) The protocol to match. If using the -1 ''all'' protocol, you must specify a from and to port of 0.' + rule_no: '- (Required) The rule number. Used for ordering.' + subnet_ids: '- (Optional) List of Subnet IDs to apply the ACL to. See the notes below on managing Subnets in the Default Network ACL' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + to_port: '- (Required) The to port to match.' + vpc_id: '- ID of the associated VPC' + aws_default_route_table: + subCategory: VPC + description: Provides a resource to manage a default route table of a VPC. + name: aws_default_route_table + titleName: aws_default_route_table + examples: + - manifest: |- + { + "default_route_table_id": "${aws_vpc.example.default_route_table_id}", + "route": [ + { + "cidr_block": "10.0.1.0/24", + "gateway_id": "${aws_internet_gateway.example.id}" + }, + { + "egress_only_gateway_id": "${aws_egress_only_internet_gateway.example.id}", + "ipv6_cidr_block": "::/0" + } + ], + "tags": { + "Name": "example" + } + } + references: + default_route_table_id: aws_vpc.default_route_table_id + - manifest: |- + { + "default_route_table_id": "${aws_vpc.example.default_route_table_id}", + "route": [], + "tags": { + "Name": "example" + } + } + references: + default_route_table_id: aws_vpc.default_route_table_id + argumentDocs: + arn: '- The ARN of the route table.' + cidr_block: '- (Required) The CIDR block of the route.' + default_route_table_id: '- (Required) ID of the default route table.' + destination_prefix_list_id: '- (Optional) The ID of a managed prefix list destination of the route.' + egress_only_gateway_id: '- (Optional) Identifier of a VPC Egress Only Internet Gateway.' + gateway_id: '- (Optional) Identifier of a VPC internet gateway or a virtual private gateway.' + id: '- ID of the route table.' + instance_id: '- (Optional) Identifier of an EC2 instance.' + ipv6_cidr_block: '- (Optional) The Ipv6 CIDR block of the route' + nat_gateway_id: '- (Optional) Identifier of a VPC NAT gateway.' + network_interface_id: '- (Optional) Identifier of an EC2 network interface.' + owner_id: '- ID of the AWS account that owns the route table.' + propagating_vgws: '- (Optional) List of virtual gateways for propagation.' + route: '- (Optional) Set of objects. Detailed below. This argument is processed in attribute-as-blocks mode. This means that omitting this argument is interpreted as ignoring any existing routes. To remove all managed routes an empty list should be specified. See the example above.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_id: '- (Optional) Identifier of an EC2 Transit Gateway.' + vpc_endpoint_id: '- (Optional) Identifier of a VPC Endpoint. This route must be removed prior to VPC Endpoint deletion.' + vpc_id: '- ID of the VPC.' + vpc_peering_connection_id: '- (Optional) Identifier of a VPC peering connection.' + aws_default_security_group: + subCategory: VPC + description: Manage a default security group resource. + name: aws_default_security_group + titleName: aws_default_security_group + examples: + - manifest: |- + { + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "from_port": 0, + "protocol": "-1", + "to_port": 0 + } + ], + "ingress": [ + { + "from_port": 0, + "protocol": -1, + "self": true, + "to_port": 0 + } + ], + "vpc_id": "${aws_vpc.mainvpc.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "ingress": [ + { + "from_port": 0, + "protocol": -1, + "self": true, + "to_port": 0 + } + ], + "vpc_id": "${aws_vpc.mainvpc.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + arn: '- ARN of the security group.' + cidr_blocks: '- (Optional) List of CIDR blocks.' + description: '- Description of the security group.' + egress: '- (Optional, VPC only) Configuration block. Detailed below.' + from_port: '- (Required) Start port (or ICMP type number if protocol is icmp)' + id: '- ID of the security group.' + ingress: '- (Optional) Configuration block. Detailed below.' + ipv6_cidr_blocks: '- (Optional) List of IPv6 CIDR blocks.' + name: '- Name of the security group.' + owner_id: '- Owner ID.' + prefix_list_ids: '- (Optional) List of prefix list IDs (for allowing access to VPC endpoints)' + protocol: '- (Required) Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.' + security_groups: '- (Optional) List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.' + self: '- (Optional) Whether the security group itself will be added as a source to this egress rule.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + to_port: '- (Required) End range port (or ICMP code if protocol is icmp).' + vpc_id: will not restore any default security group rules that were modified, added, or removed. + aws_default_subnet: + subCategory: VPC + description: Manage a default VPC subnet resource. + name: aws_default_subnet + titleName: aws_default_subnet + examples: + - manifest: |- + { + "availability_zone": "us-west-2a", + "tags": { + "Name": "Default subnet for us-west-2a" + } + } + argumentDocs: + arn: '- ARN for the subnet.' + assign_ipv6_address_on_creation: '- Whether IPv6 addresses are assigned on creation.' + availability_zone: '- (Required) AZ for the subnet.' + availability_zone_id: '- AZ ID of the subnet.' + cidr_block: '- CIDR block for the subnet.' + id: '- ID of the subnet' + ipv6_association_id: '- Association ID for the IPv6 CIDR block.' + ipv6_cidr_block: '- IPv6 CIDR block.' + map_public_ip_on_launch: '- (Optional) Whether instances launched into the subnet should be assigned a public IP address.' + owner_id: '- ID of the AWS account that owns the subnet.' + tags: '- (Optional) Map of tags to assign to the resource.' + vpc_id: '- VPC ID.' + aws_default_vpc: + subCategory: VPC + description: Manage the default VPC resource. + name: aws_default_vpc + titleName: aws_default_vpc + examples: + - manifest: |- + { + "tags": { + "Name": "Default VPC" + } + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of VPC' + assign_generated_ipv6_cidr_block: |- + - Whether or not an Amazon-provided IPv6 CIDR + block with a /56 prefix length for the VPC was assigned + cidr_block: '- The CIDR block of the VPC' + default_network_acl_id: '- The ID of the network ACL created by default on VPC creation' + default_route_table_id: '- The ID of the route table created by default on VPC creation' + default_security_group_id: '- The ID of the security group created by default on VPC creation' + enable_classiclink: '- Whether or not the VPC has Classiclink enabled' + enable_dns_hostnames: '- Whether or not the VPC has DNS hostname support' + enable_dns_support: '- Whether or not the VPC has DNS support' + id: '- The ID of the VPC' + instance_tenancy: '- Tenancy of instances spin up within VPC.' + ipv6_association_id: '- The association ID for the IPv6 CIDR block of the VPC' + ipv6_cidr_block: '- The IPv6 CIDR block of the VPC' + main_route_table_id: |- + - The ID of the main route table associated with + this VPC. Note that you can change a VPC's main route table by using an + aws_main_route_table_association + owner_id: '- The ID of the AWS account that owns the VPC.' + tags: '- (Optional) A map of tags to assign to the resource.' + aws_default_vpc_dhcp_options: + subCategory: VPC + description: Manage the default VPC DHCP Options resource. + name: aws_default_vpc_dhcp_options + titleName: aws_default_vpc_dhcp_options + examples: + - manifest: |- + { + "tags": { + "Name": "Default DHCP Option Set" + } + } + argumentDocs: + arn: '- The ARN of the DHCP Options Set.' + id: '- The ID of the DHCP Options Set.' + netbios_name_servers: '- (Optional) List of NETBIOS name servers.' + netbios_node_type: '- (Optional) The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132.' + owner_id: '- The ID of the AWS account that owns the DHCP options set.' + tags: '- (Optional) A map of tags to assign to the resource.' + aws_devicefarm_project: + subCategory: Device Farm + description: Provides a Devicefarm project + name: aws_devicefarm_project + titleName: aws_devicefarm_project + examples: + - manifest: |- + { + "name": "my-device-farm" + } + argumentDocs: + arn: '- The Amazon Resource Name of this project' + default_job_timeout_minutes: '- (Optional) Sets the execution timeout value (in minutes) for a project. All test runs in this project use the specified execution timeout value unless overridden when scheduling a run.' + name: '- (Required) The name of the project' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_directory_service_conditional_forwarder: + subCategory: Directory Service + description: Provides a conditional forwarder for managed Microsoft AD in AWS Directory Service. + name: aws_directory_service_conditional_forwarder + titleName: aws_directory_service_conditional_forwarder + examples: + - manifest: |- + { + "directory_id": "${aws_directory_service_directory.ad.id}", + "dns_ips": [ + "8.8.8.8", + "8.8.4.4" + ], + "remote_domain_name": "example.com" + } + references: + directory_id: aws_directory_service_directory.id + argumentDocs: + directory_id: '- (Required) The id of directory.' + dns_ips: '- (Required) A list of forwarder IP addresses.' + remote_domain_name: '- (Required) The fully qualified domain name of the remote domain for which forwarders will be used.' + aws_directory_service_directory: + subCategory: Directory Service + description: Provides a directory in AWS Directory Service. + name: aws_directory_service_directory + titleName: aws_directory_service_directory + examples: + - manifest: |- + { + "name": "corp.notexample.com", + "password": "SuperSecretPassw0rd", + "size": "Small", + "tags": { + "Project": "foo" + }, + "vpc_settings": [ + { + "subnet_ids": [ + "${aws_subnet.foo.id}", + "${aws_subnet.bar.id}" + ], + "vpc_id": "${aws_vpc.main.id}" + } + ] + } + - manifest: |- + { + "edition": "Standard", + "name": "corp.notexample.com", + "password": "SuperSecretPassw0rd", + "tags": { + "Project": "foo" + }, + "type": "MicrosoftAD", + "vpc_settings": [ + { + "subnet_ids": [ + "${aws_subnet.foo.id}", + "${aws_subnet.bar.id}" + ], + "vpc_id": "${aws_vpc.main.id}" + } + ] + } + - manifest: |- + { + "connect_settings": [ + { + "customer_dns_ips": [ + "A.B.C.D" + ], + "customer_username": "Admin", + "subnet_ids": [ + "${aws_subnet.foo.id}", + "${aws_subnet.bar.id}" + ], + "vpc_id": "${aws_vpc.main.id}" + } + ], + "name": "corp.notexample.com", + "password": "SuperSecretPassw0rd", + "size": "Small", + "type": "ADConnector" + } + argumentDocs: + access_url: '- The access URL for the directory, such as http://alias.awsapps.com.' + alias: '- (Optional) The alias for the directory (must be unique amongst all aliases in AWS). Required for enable_sso.' + connect_ips: '- The IP addresses of the AD Connector servers.' + connect_settings: '- (Required for ADConnector) Connector related information about the directory. Fields documented below.' + customer_dns_ips: '- (Required) The DNS IP addresses of the domain to connect to.' + customer_username: '- (Required) The username corresponding to the password provided.' + description: '- (Optional) A textual description for the directory.' + dns_ip_addresses: '- A list of IP addresses of the DNS servers for the directory or connector.' + edition: '- (Optional) The MicrosoftAD edition (Standard or Enterprise). Defaults to Enterprise (applies to MicrosoftAD type only).' + enable_sso: '- (Optional) Whether to enable single-sign on for the directory. Requires alias. Defaults to false.' + id: '- The directory identifier.' + name: '- (Required) The fully qualified name for the directory, such as corp.example.com' + password: '- (Required) The password for the directory administrator or connector user.' + security_group_id: '- The ID of the security group created by the directory.' + short_name: '- (Optional) The short name of the directory, such as CORP.' + size: '- (Required for SimpleAD and ADConnector) The size of the directory (Small or Large are accepted values).' + subnet_ids: '- (Required) The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: (Optional) - The directory type (SimpleAD, ADConnector or MicrosoftAD are accepted values). Defaults to SimpleAD. + vpc_id: '- (Required) The identifier of the VPC that the directory is in.' + vpc_settings: '- (Required for SimpleAD and MicrosoftAD) VPC related information about the directory. Fields documented below.' + aws_directory_service_log_subscription: + subCategory: Directory Service + description: Provides a Log subscription for AWS Directory Service that pushes logs to cloudwatch. + name: aws_directory_service_log_subscription + titleName: aws_directory_service_log_subscription + examples: + - manifest: |- + { + "directory_id": "${aws_directory_service_directory.example.id}", + "log_group_name": "${aws_cloudwatch_log_group.example.name}" + } + references: + directory_id: aws_directory_service_directory.id + log_group_name: aws_cloudwatch_log_group.name + argumentDocs: + directory_id: '- (Required) The id of directory.' + log_group_name: '- (Required) Name of the cloudwatch log group to which the logs should be published. The log group should be already created and the directory service principal should be provided with required permission to create stream and publish logs. Changing this value would delete the current subscription and create a new one. A directory can only have one log subscription at a time.' + aws_dlm_lifecycle_policy: + subCategory: Data Lifecycle Manager (DLM) + description: Provides a Data Lifecycle Manager (DLM) lifecycle policy for managing snapshots. + name: aws_dlm_lifecycle_policy + titleName: aws_dlm_lifecycle_policy + examples: + - manifest: |- + { + "description": "example DLM lifecycle policy", + "execution_role_arn": "${aws_iam_role.dlm_lifecycle_role.arn}", + "policy_details": [ + { + "resource_types": [ + "VOLUME" + ], + "schedule": [ + { + "copy_tags": false, + "create_rule": [ + { + "interval": 24, + "interval_unit": "HOURS", + "times": [ + "23:45" + ] + } + ], + "name": "2 weeks of daily snapshots", + "retain_rule": [ + { + "count": 14 + } + ], + "tags_to_add": { + "SnapshotCreator": "DLM" + } + } + ], + "target_tags": { + "Snapshot": "true" + } + } + ], + "state": "ENABLED" + } + references: + execution_role_arn: aws_iam_role.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the DLM Lifecycle Policy.' + copy_tags: '- (Optional) Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.' + count: '- (Required) How many snapshots to keep. Must be an integer between 1 and 1000.' + create_rule: '- (Required) See the create_rule block. Max of 1 per schedule.' + description: '- (Required) A description for the DLM lifecycle policy.' + execution_role_arn: '- (Required) The ARN of an IAM role that is able to be assumed by the DLM service.' + id: '- Identifier of the DLM Lifecycle Policy.' + interval: '- (Required) How often this lifecycle policy should be evaluated. 1, 2,3,4,6,8,12 or 24 are valid values.' + interval_unit: '- (Optional) The unit for how often the lifecycle policy should be evaluated. HOURS is currently the only allowed value and also the default value.' + name: '- (Required) A name for the schedule.' + policy_details: '- (Required) See the policy_details configuration block. Max of 1.' + resource_types: '- (Required) A list of resource types that should be targeted by the lifecycle policy. VOLUME is currently the only allowed value.' + retain_rule: '- (Required) See the retain_rule block. Max of 1 per schedule.' + schedule: '- (Required) See the schedule configuration block.' + state: '- (Optional) Whether the lifecycle policy should be enabled or disabled. ENABLED or DISABLED are valid values. Defaults to ENABLED.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tags_to_add: '- (Optional) A map of tag keys and their values. DLM lifecycle policies will already tag the snapshot with the tags on the volume. This configuration adds extra tags on top of these.' + target_tags: (Required) A map of tag keys and their values. Any resources that match the resource_types and are tagged with any of these tags will be targeted. + times: '- (Optional) A list of times in 24 hour clock format that sets when the lifecycle policy should be evaluated. Max of 1.' + aws_dms_certificate: + subCategory: Database Migration Service (DMS) + description: Provides a DMS (Data Migration Service) certificate resource. + name: aws_dms_certificate + titleName: aws_dms_certificate + examples: + - manifest: |- + { + "certificate_id": "test-dms-certificate-tf", + "certificate_pem": "...", + "tags": { + "Name": "test" + } + } + argumentDocs: + certificate_arn: '- The Amazon Resource Name (ARN) for the certificate.' + certificate_id: '- (Required) The certificate identifier.' + certificate_pem: '- (Optional) The contents of the .pem X.509 certificate file for the certificate. Either certificate_pem or certificate_wallet must be set.' + certificate_wallet: '- (Optional) The contents of the Oracle Wallet certificate for use with SSL, provided as a base64-encoded String. Either certificate_pem or certificate_wallet must be set.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_dms_endpoint: + subCategory: Database Migration Service (DMS) + description: Provides a DMS (Data Migration Service) endpoint resource. + name: aws_dms_endpoint + titleName: aws_dms_endpoint + examples: + - manifest: |- + { + "certificate_arn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012", + "database_name": "test", + "endpoint_id": "test-dms-endpoint-tf", + "endpoint_type": "source", + "engine_name": "aurora", + "extra_connection_attributes": "", + "kms_key_arn": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", + "password": "test", + "port": 3306, + "server_name": "test", + "ssl_mode": "none", + "tags": { + "Name": "test" + }, + "username": "test" + } + argumentDocs: + auth_mechanism: '- (Optional) Authentication mechanism to access the MongoDB source endpoint. Defaults to default.' + auth_source: '- (Optional) Authentication database name. Not used when auth_type is no. Defaults to admin.' + auth_type: '- (Optional) Authentication type to access the MongoDB source endpoint. Defaults to password.' + broker: '- (Required) Kafka broker location. Specify in the form broker-hostname-or-ip:port.' + bucket_folder: '- (Optional) S3 Bucket Object prefix.' + bucket_name: '- (Optional) S3 Bucket name.' + certificate_arn: '- (Optional, Default: empty string) The Amazon Resource Name (ARN) for the certificate.' + compression_type: '- (Optional) Set to compress target files. Defaults to NONE. Valid values are GZIP and NONE.' + csv_delimiter: '- (Optional) Delimiter used to separate columns in the source files. Defaults to ,.' + csv_row_delimiter: '- (Optional) Delimiter used to separate rows in the source files. Defaults to \n.' + data_format: '- (Optional) The output format for the files that AWS DMS uses to create S3 objects. Defaults to csv. Valid values are csv and parquet.' + database_name: '- (Optional) The name of the endpoint database.' + date_partition_enabled: '- (Optional) Partition S3 bucket folders based on transaction commit dates. Defaults to false.' + docs_to_investigate: '- (Optional) Number of documents to preview to determine the document organization. Use this setting when nesting_level is set to one. Defaults to 1000.' + elasticsearch_settings: '- (Optional) Configuration block with Elasticsearch settings. Detailed below.' + encryption_mode: '- (Optional) The server-side encryption mode that you want to encrypt your .csv or .parquet object files copied to S3. Defaults to SSE_S3. Valid values are SSE_S3 and SSE_KMS.' + endpoint_arn: '- The Amazon Resource Name (ARN) for the endpoint.' + endpoint_id: '- (Required) The database endpoint identifier.' + endpoint_type: '- (Required) The type of endpoint. Can be one of source | target.' + endpoint_uri: '- (Required) Endpoint for the Elasticsearch cluster.' + engine_name: '- (Required) The type of engine for the endpoint. Can be one of aurora | aurora-postgresql| azuredb | db2 | docdb | dynamodb | elasticsearch | kafka | kinesis | mariadb | mongodb | mysql | oracle | postgres | redshift | s3 | sqlserver | sybase.' + error_retry_duration: '- (Optional) Maximum number of seconds for which DMS retries failed API requests to the Elasticsearch cluster. Defaults to 300.' + external_table_definition: '- (Optional) JSON document that describes how AWS DMS should interpret the data.' + extra_connection_attributes: '- (Optional) Additional attributes associated with the connection. For available attributes see Using Extra Connection Attributes with AWS Database Migration Service.' + extract_doc_id: '- (Optional) Document ID. Use this setting when nesting_level is set to none. Defaults to false.' + full_load_error_percentage: '- (Optional) Maximum percentage of records that can fail to be written before a full load operation stops. Defaults to 10.' + kafka_settings: '- (Optional) Configuration block with Kafka settings. Detailed below.' + kinesis_settings: '- (Optional) Configuration block with Kinesis settings. Detailed below.' + kms_key_arn: '- (Required when engine_name is mongodb, optional otherwise) The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for kms_key_arn, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.' + message_format: '- (Optional) Output format for the records created. Defaults to json. Valid values are json and json_unformatted (a single line with no tab).' + mongodb_settings: '- (Optional) Configuration block with MongoDB settings. Detailed below.' + nesting_level: '- (Optional) Specifies either document or table mode. Defaults to none. Valid values are one (table mode) and none (document mode).' + parquet_timestamp_in_millisecond: '- (Optional) - Specifies the precision of any TIMESTAMP column values written to an S3 object file in .parquet format. Defaults to false.' + parquet_version: '- (Optional) The version of the .parquet file format. Defaults to parquet-1-0. Valid values are parquet-1-0 and parquet-2-0.' + password: '- (Optional) The password to be used to login to the endpoint database.' + port: '- (Optional) The port used by the endpoint database.' + s3_settings: '- (Optional) Configuration block with S3 settings. Detailed below.' + server_name: '- (Optional) The host name of the server.' + server_side_encryption_kms_key_id: '- (Optional) If you set encryptionMode to SSE_KMS, set this parameter to the Amazon Resource Name (ARN) for the AWS KMS key.' + service_access_role: '- (Optional) The Amazon Resource Name (ARN) used by the service access IAM role for dynamodb endpoints.' + service_access_role_arn: '- (Optional) Amazon Resource Name (ARN) of the IAM Role with permissions to read from or write to the S3 Bucket.' + ssl_mode: '- (Optional, Default: none) The SSL mode to use for the connection. Can be one of none | require | verify-ca | verify-full' + stream_arn: '- (Optional) Amazon Resource Name (ARN) of the Kinesis data stream.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + topic: '- (Optional) Kafka topic for migration. Defaults to kafka-default-topic.' + username: '- (Optional) The user name to be used to login to the endpoint database.' + aws_dms_event_subscription: + subCategory: Database Migration Service (DMS) + description: Provides a DMS (Data Migration Service) event subscription resource. + name: aws_dms_event_subscription + titleName: aws_dms_event_subscription + examples: + - manifest: |- + { + "enabled": true, + "event_categories": [ + "creation", + "failure" + ], + "name": "my-favorite-event-subscription", + "sns_topic_arn": "${aws_sns_topic.example.arn}", + "source_ids": [ + "${aws_dms_replication_task.example.replication_task_id}" + ], + "source_type": "replication-task", + "tags": { + "Name": "example" + } + } + references: + sns_topic_arn: aws_sns_topic.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the DMS Event Subscription.' + create: '- (Default 10m) Used for creating event subscriptions.' + delete: '- (Default 10m) Used for destroying event descriptions.' + enabled: '- (Optional, Default: true) Whether the event subscription should be enabled.' + event_categories: '- (Optional) List of event categories to listen for, see DescribeEventCategories for a canonical list.' + name: '- (Required) Name of event subscription.' + sns_topic_arn: '- (Required) SNS topic arn to send events on.' + source_ids: '- (Required) Ids of sources to listen to.' + source_type: '- (Optional, Default: all events) Type of source for events. Valid values: replication-instance or replication-task' + tags: '- (Optional) Map of resource tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10m) Used for event subscription modifications.' + aws_dms_replication_instance: + subCategory: Database Migration Service (DMS) + description: Provides a DMS (Data Migration Service) replication instance resource. + name: aws_dms_replication_instance + titleName: aws_dms_replication_instance + examples: + - manifest: |- + { + "allocated_storage": 20, + "apply_immediately": true, + "auto_minor_version_upgrade": true, + "availability_zone": "us-west-2c", + "engine_version": "3.1.4", + "kms_key_arn": "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", + "multi_az": false, + "preferred_maintenance_window": "sun:10:30-sun:14:30", + "publicly_accessible": true, + "replication_instance_class": "dms.t2.micro", + "replication_instance_id": "test-dms-replication-instance-tf", + "replication_subnet_group_id": "${aws_dms_replication_subnet_group.test-dms-replication-subnet-group-tf.id}", + "tags": { + "Name": "test" + }, + "vpc_security_group_ids": [ + "sg-12345678" + ] + } + references: + replication_subnet_group_id: aws_dms_replication_subnet_group.id + argumentDocs: + allocated_storage: '- (Optional, Default: 50, Min: 5, Max: 6144) The amount of storage (in gigabytes) to be initially allocated for the replication instance.' + allow_major_version_upgrade: '- (Optional, Default: false) Indicates that major version upgrades are allowed.' + apply_immediately: '- (Optional, Default: false) Indicates whether the changes should be applied immediately or during the next maintenance window. Only used when updating an existing resource.' + auto_minor_version_upgrade: '- (Optional, Default: false) Indicates that minor engine upgrades will be applied automatically to the replication instance during the maintenance window.' + availability_zone: '- (Optional) The EC2 Availability Zone that the replication instance will be created in.' + create: '- (Default 30 minutes) Used for Creating Instances' + delete: '- (Default 30 minutes) Used for destroying databases.' + engine_version: '- (Optional) The engine version number of the replication instance.' + kms_key_arn: '- (Optional) The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for kms_key_arn, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.' + multi_az: '- (Optional) Specifies if the replication instance is a multi-az deployment. You cannot set the availability_zone parameter if the multi_az parameter is set to true.' + preferred_maintenance_window: '- (Optional) The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).' + publicly_accessible: '- (Optional, Default: false) Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address.' + replication_instance_arn: '- The Amazon Resource Name (ARN) of the replication instance.' + replication_instance_class: '- (Required) The compute and memory capacity of the replication instance as specified by the replication instance class. Can be one of dms.t2.micro | dms.t2.small | dms.t2.medium | dms.t2.large | dms.c4.large | dms.c4.xlarge | dms.c4.2xlarge | dms.c4.4xlarge' + replication_instance_id: '- (Required) The replication instance identifier. This parameter is stored as a lowercase string.' + replication_instance_private_ips: '- A list of the private IP addresses of the replication instance.' + replication_instance_public_ips: '- A list of the public IP addresses of the replication instance.' + replication_subnet_group_id: '- (Optional) A subnet group to associate with the replication instance.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 30 minutes) Used for Database modifications' + vpc_security_group_ids: '- (Optional) A list of VPC security group IDs to be used with the replication instance. The VPC security groups must work with the VPC containing the replication instance.' + aws_dms_replication_subnet_group: + subCategory: Database Migration Service (DMS) + description: Provides a DMS (Data Migration Service) subnet group resource. + name: aws_dms_replication_subnet_group + titleName: aws_dms_replication_subnet_group + examples: + - manifest: |- + { + "replication_subnet_group_description": "Test replication subnet group", + "replication_subnet_group_id": "test-dms-replication-subnet-group-tf", + "subnet_ids": [ + "subnet-12345678" + ], + "tags": { + "Name": "test" + } + } + argumentDocs: + replication_subnet_group_description: '- (Required) The description for the subnet group.' + replication_subnet_group_id: '- (Required) The name for the replication subnet group. This value is stored as a lowercase string.' + subnet_ids: '- (Required) A list of the EC2 subnet IDs for the subnet group.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- The ID of the VPC the subnet group is in.' + aws_dms_replication_task: + subCategory: Database Migration Service (DMS) + description: Provides a DMS (Data Migration Service) replication task resource. + name: aws_dms_replication_task + titleName: aws_dms_replication_task + examples: + - manifest: |- + { + "cdc_start_time": 1484346880, + "migration_type": "full-load", + "replication_instance_arn": "${aws_dms_replication_instance.test-dms-replication-instance-tf.replication_instance_arn}", + "replication_task_id": "test-dms-replication-task-tf", + "replication_task_settings": "...", + "source_endpoint_arn": "${aws_dms_endpoint.test-dms-source-endpoint-tf.endpoint_arn}", + "table_mappings": "{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"1\",\"rule-name\":\"1\",\"object-locator\":{\"schema-name\":\"%\",\"table-name\":\"%\"},\"rule-action\":\"include\"}]}", + "tags": { + "Name": "test" + }, + "target_endpoint_arn": "${aws_dms_endpoint.test-dms-target-endpoint-tf.endpoint_arn}" + } + references: + replication_instance_arn: aws_dms_replication_instance.replication_instance_arn + source_endpoint_arn: aws_dms_endpoint.endpoint_arn + target_endpoint_arn: aws_dms_endpoint.endpoint_arn + argumentDocs: + cdc_start_time: '- (Optional) The Unix timestamp integer for the start of the Change Data Capture (CDC) operation.' + migration_type: '- (Required) The migration type. Can be one of full-load | cdc | full-load-and-cdc.' + replication_instance_arn: '- (Required) The Amazon Resource Name (ARN) of the replication instance.' + replication_task_arn: '- The Amazon Resource Name (ARN) for the replication task.' + replication_task_id: '- (Required) The replication task identifier.' + replication_task_settings: '- (Optional) An escaped JSON string that contains the task settings. For a complete list of task settings, see Task Settings for AWS Database Migration Service Tasks.' + source_endpoint_arn: '- (Required) The Amazon Resource Name (ARN) string that uniquely identifies the source endpoint.' + table_mappings: '- (Required) An escaped JSON string that contains the table mappings. For information on table mapping see Using Table Mapping with an AWS Database Migration Service Task to Select and Filter Data' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_endpoint_arn: '- (Required) The Amazon Resource Name (ARN) string that uniquely identifies the target endpoint.' + aws_docdb_cluster: + subCategory: DocumentDB + description: Manages a DocDB Aurora Cluster + name: aws_docdb_cluster + titleName: aws_docdb + examples: + - manifest: |- + { + "backup_retention_period": 5, + "cluster_identifier": "my-docdb-cluster", + "engine": "docdb", + "master_password": "mustbeeightchars", + "master_username": "foo", + "preferred_backup_window": "07:00-09:00", + "skip_final_snapshot": true + } + argumentDocs: + apply_immediately: |- + - (Optional) Specifies whether any cluster modifications + are applied immediately, or during the next maintenance window. Default is + false. + arn: '- Amazon Resource Name (ARN) of cluster' + availability_zones: |- + - (Optional) A list of EC2 Availability Zones that + instances in the DB cluster can be created in. + backup_retention_period: '- (Optional) The days to retain backups for. Default 1' + cluster_identifier: '- (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier.' + cluster_identifier_prefix: '- (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier.' + cluster_members: – List of DocDB Instances that are a part of this cluster + cluster_resource_id: '- The DocDB Cluster Resource ID' + create: '- (Default 120 minutes) Used for Cluster creation' + db_cluster_parameter_group_name: '- (Optional) A cluster parameter group to associate with the cluster.' + db_subnet_group_name: '- (Optional) A DB subnet group to associate with this DB instance.' + delete: |- + - (Default 120 minutes) Used for destroying cluster. This includes + any cleanup task during the destroying process. + deletion_protection: '- (Optional) A value that indicates whether the DB cluster has deletion protection enabled. The database can''t be deleted when deletion protection is enabled. By default, deletion protection is disabled.' + enabled_cloudwatch_logs_exports: |- + - (Optional) List of log types to export to cloudwatch. If omitted, no logs will be exported. + The following log types are supported: audit, profiler. + endpoint: '- The DNS address of the DocDB instance' + engine: '- (Optional) The name of the database engine to be used for this DB cluster. Defaults to docdb. Valid Values: docdb' + engine_version: '- (Optional) The database engine version. Updating this argument results in an outage.' + final_snapshot_identifier: |- + - (Optional) The name of your final DB snapshot + when this DB cluster is deleted. If omitted, no final snapshot will be + made. + hosted_zone_id: '- The Route53 Hosted Zone ID of the endpoint' + id: '- The DocDB Cluster Identifier' + kms_key_id: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true.' + maintenance_window: '- The instance maintenance window' + master_password: |- + - (Required unless a snapshot_identifier is provided) Password for the master DB user. Note that this may + show up in logs, and it will be stored in the state file. Please refer to the DocDB Naming Constraints. + master_username: '- (Required unless a snapshot_identifier is provided) Username for the master DB user.' + port: '- (Optional) The port on which the DB accepts connections' + preferred_backup_window: |- + - (Optional) The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC + Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00 + preferred_maintenance_window: '- (Optional) The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30' + reader_endpoint: '- A read-only endpoint for the DocDB cluster, automatically load-balanced across replicas' + skip_final_snapshot: '- (Optional) Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final_snapshot_identifier. Default is false.' + snapshot_identifier: '- (Optional) Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.' + storage_encrypted: '- (Optional) Specifies whether the DB cluster is encrypted. The default is false.' + tags: '- (Optional) A map of tags to assign to the DB cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 120 minutes) Used for Cluster modifications' + vpc_security_group_ids: |- + - (Optional) List of VPC security groups to associate + with the Cluster + aws_docdb_cluster_instance: + subCategory: DocumentDB + description: Provides an DocDB Cluster Resource Instance + name: aws_docdb_cluster_instance + titleName: aws_docdb_cluster_instance + examples: + - manifest: |- + { + "cluster_identifier": "${aws_docdb_cluster.default.id}", + "count": 2, + "identifier": "docdb-cluster-demo-${count.index}", + "instance_class": "db.r5.large" + } + references: + cluster_identifier: aws_docdb_cluster.id + argumentDocs: + apply_immediately: |- + - (Optional) Specifies whether any database modifications + are applied immediately, or during the next maintenance window. Default isfalse. + arn: '- Amazon Resource Name (ARN) of cluster instance' + auto_minor_version_upgrade: '- (Optional) Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default true.' + availability_zone: '- (Optional, Computed) The EC2 Availability Zone that the DB instance is created in. See docs about the details.' + ca_cert_identifier: '- (Optional) The identifier of the CA certificate for the DB instance.' + cluster_identifier: '- (Required) The identifier of the aws_docdb_cluster in which to launch this instance.' + create: |- + - (Default 90 minutes) Used for Creating Instances, Replicas, and + restoring from Snapshots + db_subnet_group_name: '- The DB subnet group to associate with this DB instance.' + dbi_resource_id: '- The region-unique, immutable identifier for the DB instance.' + delete: |- + - (Default 90 minutes) Used for destroying databases. This includes + the time required to take snapshots + endpoint: '- The DNS address for this instance. May not be writable' + engine: '- (Optional) The name of the database engine to be used for the DocDB instance. Defaults to docdb. Valid Values: docdb.' + engine_version: '- The database engine version' + identifier: '- (Optional, Forces new resource) The identifier for the DocDB instance, if omitted, Terraform will assign a random, unique identifier.' + identifier_prefix: '- (Optional, Forces new resource) Creates a unique identifier beginning with the specified prefix. Conflicts with identifier.' + instance_class: |- + - (Required) The instance class to use. For details on CPU and memory, see Scaling for DocDB Instances. DocDB currently + supports the below instance classes. Please see AWS Documentation for complete details. + kms_key_id: '- The ARN for the KMS encryption key if one is set to the cluster.' + port: '- The database port' + preferred_backup_window: '- The daily time range during which automated backups are created if automated backups are enabled.' + preferred_maintenance_window: |- + - (Optional) The window to perform maintenance in. + Syntax: "ddd:hh24:mi-ddd:hh24:mi". Eg: "Mon:00:00-Mon:03:00". + promotion_tier: '- (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.' + storage_encrypted: '- Specifies whether the DB cluster is encrypted.' + tags: '- (Optional) A map of tags to assign to the instance. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 90 minutes) Used for Database modifications' + writer: – Boolean indicating if this instance is writable. False indicates this instance is a read replica. + aws_docdb_cluster_parameter_group: + subCategory: DocumentDB + description: Manages a DocumentDB Cluster Parameter Group + name: aws_docdb_cluster_parameter_group + titleName: aws_docdb_cluster_parameter_group + examples: + - manifest: |- + { + "description": "docdb cluster parameter group", + "family": "docdb3.6", + "name": "example", + "parameter": [ + { + "name": "tls", + "value": "enabled" + } + ] + } + argumentDocs: + apply_method: '- (Optional) Valid values are immediate and pending-reboot. Defaults to pending-reboot.' + arn: '- The ARN of the documentDB cluster parameter group.' + description: '- (Optional, Forces new resource) The description of the documentDB cluster parameter group. Defaults to "Managed by Terraform".' + family: '- (Required, Forces new resource) The family of the documentDB cluster parameter group.' + id: '- The documentDB cluster parameter group name.' + name: '- (Required) The name of the documentDB parameter.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + parameter: '- (Optional) A list of documentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the documentDB parameter.' + aws_docdb_cluster_snapshot: + subCategory: DocumentDB + description: Manages a DocDB database cluster snapshot. + name: aws_docdb_cluster_snapshot + titleName: aws_docdb_cluster_snapshot + examples: + - manifest: |- + { + "db_cluster_identifier": "${aws_docdb_cluster.example.id}", + "db_cluster_snapshot_identifier": "resourcetestsnapshot1234" + } + references: + db_cluster_identifier: aws_docdb_cluster.id + argumentDocs: + availability_zones: '- List of EC2 Availability Zones that instances in the DocDB cluster snapshot can be restored in.' + create: '- (Default 20m) How long to wait for the snapshot to be available.' + db_cluster_identifier: '- (Required) The DocDB Cluster Identifier from which to take the snapshot.' + db_cluster_snapshot_arn: '- The Amazon Resource Name (ARN) for the DocDB Cluster Snapshot.' + db_cluster_snapshot_identifier: '- (Required) The Identifier for the snapshot.' + engine: '- Specifies the name of the database engine.' + engine_version: '- Version of the database engine for this DocDB cluster snapshot.' + kms_key_id: '- If storage_encrypted is true, the AWS KMS key identifier for the encrypted DocDB cluster snapshot.' + port: '- Port that the DocDB cluster was listening on at the time of the snapshot.' + source_db_cluster_snapshot_identifier: '- The DocDB Cluster Snapshot Arn that the DocDB Cluster Snapshot was copied from. It only has value in case of cross customer or cross region copy.' + status: '- The status of this DocDB Cluster Snapshot.' + storage_encrypted: '- Specifies whether the DocDB cluster snapshot is encrypted.' + vpc_id: '- The VPC ID associated with the DocDB cluster snapshot.' + aws_docdb_subnet_group: + subCategory: DocumentDB + description: Provides an DocumentDB subnet group resource. + name: aws_docdb_subnet_group + titleName: aws_docdb_subnet_group + examples: + - manifest: |- + { + "name": "main", + "subnet_ids": [ + "${aws_subnet.frontend.id}", + "${aws_subnet.backend.id}" + ], + "tags": { + "Name": "My docdb subnet group" + } + } + argumentDocs: + arn: '- The ARN of the docDB subnet group.' + description: '- (Optional) The description of the docDB subnet group. Defaults to "Managed by Terraform".' + id: '- The docDB subnet group name.' + name: '- (Optional, Forces new resource) The name of the docDB subnet group. If omitted, Terraform will assign a random, unique name.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + subnet_ids: '- (Required) A list of VPC subnet IDs.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_dx_bgp_peer: + subCategory: Direct Connect + description: Provides a Direct Connect BGP peer resource. + name: aws_dx_bgp_peer + titleName: aws_dx_bgp_peer + examples: + - manifest: |- + { + "address_family": "ipv6", + "bgp_asn": 65351, + "virtual_interface_id": "${aws_dx_private_virtual_interface.foo.id}" + } + references: + virtual_interface_id: aws_dx_private_virtual_interface.id + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: |- + - (Optional) The IPv4 CIDR address to use to send traffic to Amazon. + Required for IPv4 BGP peers on public virtual interfaces. + aws_device: '- The Direct Connect endpoint on which the BGP peer terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + bgp_peer_id: '- The ID of the BGP peer.' + bgp_status: '- The Up/Down state of the BGP peer.' + create: '- (Default 10 minutes) Used for creating BGP peer' + customer_address: |- + - (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. + Required for IPv4 BGP peers on public virtual interfaces. + delete: '- (Default 10 minutes) Used for destroying BGP peer' + id: '- The ID of the BGP peer resource.' + virtual_interface_id: '- (Required) The ID of the Direct Connect virtual interface on which to create the BGP peer.' + aws_dx_connection: + subCategory: Direct Connect + description: Provides a Connection of Direct Connect. + name: aws_dx_connection + titleName: aws_dx_connection + examples: + - manifest: |- + { + "bandwidth": "1Gbps", + "location": "EqDC2", + "name": "tf-dx-connection" + } + argumentDocs: + arn: '- The ARN of the connection.' + aws_device: '- The Direct Connect endpoint on which the physical connection terminates.' + bandwidth: '- (Required) The bandwidth of the connection. Valid values for dedicated connections: 1Gbps, 10Gbps. Valid values for hosted connections: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.' + has_logical_redundancy: '- Indicates whether the connection supports a secondary BGP peer in the same address family (IPv4/IPv6).' + id: '- The ID of the connection.' + jumbo_frame_capable: '- Boolean value representing if jumbo frames have been enabled for this connection.' + location: '- (Required) The AWS Direct Connect location where the connection is located. See DescribeLocations for the list of AWS Direct Connect locations. Use locationCode.' + name: '- (Required) The name of the connection.' + owner_account_id: '- The ID of the AWS account that owns the connection.' + provider_name: '- (Optional) The name of the service provider associated with the connection.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_dx_connection_association: + subCategory: Direct Connect + description: Associates a Direct Connect Connection with a LAG. + name: aws_dx_connection_association + titleName: aws_dx_connection_association + examples: + - manifest: |- + { + "connection_id": "${aws_dx_connection.example.id}", + "lag_id": "${aws_dx_lag.example.id}" + } + references: + connection_id: aws_dx_connection.id + lag_id: aws_dx_lag.id + argumentDocs: + connection_id: '- (Required) The ID of the connection.' + lag_id: '- (Required) The ID of the LAG with which to associate the connection.' + aws_dx_gateway: + subCategory: Direct Connect + description: Provides a Direct Connect Gateway. + name: aws_dx_gateway + titleName: aws_dx_gateway + examples: + - manifest: |- + { + "amazon_side_asn": "64512", + "name": "tf-dxg-example" + } + argumentDocs: + amazon_side_asn: '- (Required) The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294.' + create: '- (Default 10 minutes) Used for creating the gateway' + delete: '- (Default 10 minutes) Used for destroying the gateway' + id: '- The ID of the gateway.' + name: '- (Required) The name of the connection.' + owner_account_id: '- AWS Account ID of the gateway.' + aws_dx_gateway_association: + subCategory: Direct Connect + description: Associates a Direct Connect Gateway with a VGW or transit gateway. + name: aws_dx_gateway_association + titleName: aws_dx_gateway_association + examples: + - manifest: |- + { + "associated_gateway_id": "${aws_vpn_gateway.example.id}", + "dx_gateway_id": "${aws_dx_gateway.example.id}" + } + references: + associated_gateway_id: aws_vpn_gateway.id + dx_gateway_id: aws_dx_gateway.id + - manifest: |- + { + "allowed_prefixes": [ + "10.255.255.0/30", + "10.255.255.8/30" + ], + "associated_gateway_id": "${aws_ec2_transit_gateway.example.id}", + "dx_gateway_id": "${aws_dx_gateway.example.id}" + } + references: + associated_gateway_id: aws_ec2_transit_gateway.id + dx_gateway_id: aws_dx_gateway.id + - manifest: |- + { + "allowed_prefixes": [ + "210.52.109.0/24", + "175.45.176.0/22" + ], + "associated_gateway_id": "${aws_vpn_gateway.example.id}", + "dx_gateway_id": "${aws_dx_gateway.example.id}" + } + references: + associated_gateway_id: aws_vpn_gateway.id + dx_gateway_id: aws_dx_gateway.id + argumentDocs: + allowed_prefixes: '- (Optional) VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.' + associated_gateway_id: |- + - (Optional) The ID of the VGW or transit gateway with which to associate the Direct Connect gateway. + Used for single account Direct Connect gateway associations. + associated_gateway_owner_account_id: |- + - (Optional) The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway. + Used for cross-account Direct Connect gateway associations. + associated_gateway_type: '- The type of the associated gateway, transitGateway or virtualPrivateGateway.' + create: '- (Default 30 minutes) Used for creating the association' + delete: '- (Default 30 minutes) Used for destroying the association' + dx_gateway_association_id: '- The ID of the Direct Connect gateway association.' + dx_gateway_id: '- (Required) The ID of the Direct Connect gateway.' + dx_gateway_owner_account_id: '- The ID of the AWS account that owns the Direct Connect gateway.' + id: '- The ID of the Direct Connect gateway association resource.' + proposal_id: |- + - (Optional) The ID of the Direct Connect gateway association proposal. + Used for cross-account Direct Connect gateway associations. + update: '- (Default 30 minutes) Used for updating the association' + aws_dx_gateway_association_proposal: + subCategory: Direct Connect + description: Manages a Direct Connect Gateway Association Proposal. + name: aws_dx_gateway_association_proposal + titleName: aws_dx_gateway_association_proposal + examples: + - manifest: |- + { + "associated_gateway_id": "${aws_vpn_gateway.example.id}", + "dx_gateway_id": "${aws_dx_gateway.example.id}", + "dx_gateway_owner_account_id": "${aws_dx_gateway.example.owner_account_id}" + } + references: + associated_gateway_id: aws_vpn_gateway.id + dx_gateway_id: aws_dx_gateway.id + dx_gateway_owner_account_id: aws_dx_gateway.owner_account_id + argumentDocs: + allowed_prefixes: '- (Optional) VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.' + associated_gateway_id: '- (Required) The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.' + associated_gateway_owner_account_id: '- The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway.' + associated_gateway_type: '- The type of the associated gateway, transitGateway or virtualPrivateGateway.' + dx_gateway_id: '- (Required) Direct Connect Gateway identifier.' + dx_gateway_owner_account_id: '- (Required) AWS Account identifier of the Direct Connect Gateway''s owner.' + id: '- Direct Connect Gateway Association Proposal identifier.' + aws_dx_hosted_private_virtual_interface: + subCategory: Direct Connect + description: Provides a Direct Connect hosted private virtual interface resource. + name: aws_dx_hosted_private_virtual_interface + titleName: aws_dx_hosted_private_virtual_interface + examples: + - manifest: |- + { + "address_family": "ipv4", + "bgp_asn": 65352, + "connection_id": "dxcon-zzzzzzzz", + "name": "vif-foo", + "vlan": 4094 + } + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: '- (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.' + arn: '- The ARN of the virtual interface.' + aws_device: '- The Direct Connect endpoint on which the virtual interface terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + connection_id: '- (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + customer_address: '- (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + id: '- The ID of the virtual interface.' + jumbo_frame_capable: '- Indicates whether jumbo frames (9001 MTU) are supported.' + mtu: '- (Optional) The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual private interface can be either 1500 or 9001 (jumbo frames). Default is 1500.' + name: '- (Required) The name for the virtual interface.' + owner_account_id: '- (Required) The AWS account that will own the new virtual interface.' + update: '- (Default 10 minutes) Used for virtual interface modifications' + vlan: '- (Required) The VLAN ID.' + aws_dx_hosted_private_virtual_interface_accepter: + subCategory: Direct Connect + description: Provides a resource to manage the accepter's side of a Direct Connect hosted private virtual interface. + name: aws_dx_hosted_private_virtual_interface_accepter + titleName: aws_dx_hosted_private_virtual_interface_accepter + examples: + - manifest: |- + { + "provider": "${aws.accepter}", + "tags": { + "Side": "Accepter" + }, + "virtual_interface_id": "${aws_dx_hosted_private_virtual_interface.creator.id}", + "vpn_gateway_id": "${aws_vpn_gateway.vpn_gw.id}" + } + references: + provider: aws.accepter + virtual_interface_id: aws_dx_hosted_private_virtual_interface.id + vpn_gateway_id: aws_vpn_gateway.id + argumentDocs: + arn: '- The ARN of the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + dx_gateway_id: '- (Optional) The ID of the Direct Connect gateway to which to connect the virtual interface.' + id: '- The ID of the virtual interface.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + virtual_interface_id: '- (Required) The ID of the Direct Connect virtual interface to accept.' + vpn_gateway_id: '- (Optional) The ID of the virtual private gateway to which to connect the virtual interface.' + aws_dx_hosted_public_virtual_interface: + subCategory: Direct Connect + description: Provides a Direct Connect hosted public virtual interface resource. + name: aws_dx_hosted_public_virtual_interface + titleName: aws_dx_hosted_public_virtual_interface + examples: + - manifest: |- + { + "address_family": "ipv4", + "amazon_address": "175.45.176.2/30", + "bgp_asn": 65352, + "connection_id": "dxcon-zzzzzzzz", + "customer_address": "175.45.176.1/30", + "name": "vif-foo", + "route_filter_prefixes": [ + "210.52.109.0/24", + "175.45.176.0/22" + ], + "vlan": 4094 + } + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: '- (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.' + arn: '- The ARN of the virtual interface.' + aws_device: '- The Direct Connect endpoint on which the virtual interface terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + connection_id: '- (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + customer_address: '- (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + id: '- The ID of the virtual interface.' + name: '- (Required) The name for the virtual interface.' + owner_account_id: '- (Required) The AWS account that will own the new virtual interface.' + route_filter_prefixes: '- (Required) A list of routes to be advertised to the AWS network in this region.' + vlan: '- (Required) The VLAN ID.' + aws_dx_hosted_public_virtual_interface_accepter: + subCategory: Direct Connect + description: Provides a resource to manage the accepter's side of a Direct Connect hosted public virtual interface. + name: aws_dx_hosted_public_virtual_interface_accepter + titleName: aws_dx_hosted_public_virtual_interface_accepter + examples: + - manifest: |- + { + "provider": "${aws.accepter}", + "tags": { + "Side": "Accepter" + }, + "virtual_interface_id": "${aws_dx_hosted_public_virtual_interface.creator.id}" + } + references: + provider: aws.accepter + virtual_interface_id: aws_dx_hosted_public_virtual_interface.id + argumentDocs: + arn: '- The ARN of the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + id: '- The ID of the virtual interface.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + virtual_interface_id: '- (Required) The ID of the Direct Connect virtual interface to accept.' + aws_dx_hosted_transit_virtual_interface: + subCategory: Direct Connect + description: Provides a Direct Connect hosted transit virtual interface resource. + name: aws_dx_hosted_transit_virtual_interface + titleName: aws_dx_hosted_transit_virtual_interface + examples: + - manifest: |- + { + "address_family": "ipv4", + "bgp_asn": 65352, + "connection_id": "${aws_dx_connection.example.id}", + "name": "tf-transit-vif-example", + "vlan": 4094 + } + references: + connection_id: aws_dx_connection.id + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: '- (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.' + arn: '- The ARN of the virtual interface.' + aws_device: '- The Direct Connect endpoint on which the virtual interface terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + connection_id: '- (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + customer_address: '- (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + id: '- The ID of the virtual interface.' + jumbo_frame_capable: '- Indicates whether jumbo frames (8500 MTU) are supported.' + mtu: '- (Optional) The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual transit interface can be either 1500 or 8500 (jumbo frames). Default is 1500.' + name: '- (Required) The name for the virtual interface.' + owner_account_id: '- (Required) The AWS account that will own the new virtual interface.' + update: '- (Default 10 minutes) Used for virtual interface modifications' + vlan: '- (Required) The VLAN ID.' + aws_dx_hosted_transit_virtual_interface_accepter: + subCategory: Direct Connect + description: Provides a resource to manage the accepter's side of a Direct Connect hosted transit virtual interface. + name: aws_dx_hosted_transit_virtual_interface_accepter + titleName: aws_dx_hosted_transit_virtual_interface_accepter + examples: + - manifest: |- + { + "dx_gateway_id": "${aws_dx_gateway.example.id}", + "provider": "${aws.accepter}", + "tags": { + "Side": "Accepter" + }, + "virtual_interface_id": "${aws_dx_hosted_transit_virtual_interface.creator.id}" + } + references: + dx_gateway_id: aws_dx_gateway.id + provider: aws.accepter + virtual_interface_id: aws_dx_hosted_transit_virtual_interface.id + argumentDocs: + arn: '- The ARN of the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + dx_gateway_id: '- (Required) The ID of the Direct Connect gateway to which to connect the virtual interface.' + id: '- The ID of the virtual interface.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + virtual_interface_id: '- (Required) The ID of the Direct Connect virtual interface to accept.' + aws_dx_lag: + subCategory: Direct Connect + description: Provides a Direct Connect LAG. + name: aws_dx_lag + titleName: aws_dx_lag + examples: + - manifest: |- + { + "connections_bandwidth": "1Gbps", + "force_destroy": true, + "location": "EqDC2", + "name": "tf-dx-lag" + } + argumentDocs: + arn: '- The ARN of the LAG.' + connections_bandwidth: '- (Required) The bandwidth of the individual physical connections bundled by the LAG. Valid values: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.' + force_destroy: '- (Optional, Default:false) A boolean that indicates all connections associated with the LAG should be deleted so that the LAG can be destroyed without error. These objects are not recoverable.' + has_logical_redundancy: '- Indicates whether the LAG supports a secondary BGP peer in the same address family (IPv4/IPv6).' + id: '- The ID of the LAG.' + jumbo_frame_capable: -Indicates whether jumbo frames (9001 MTU) are supported. + location: '- (Required) The AWS Direct Connect location in which the LAG should be allocated. See DescribeLocations for the list of AWS Direct Connect locations. Use locationCode.' + name: '- (Required) The name of the LAG.' + owner_account_id: '- The ID of the AWS account that owns the LAG.' + provider_name: '- (Optional) The name of the service provider associated with the LAG.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_dx_private_virtual_interface: + subCategory: Direct Connect + description: Provides a Direct Connect private virtual interface resource. + name: aws_dx_private_virtual_interface + titleName: aws_dx_private_virtual_interface + examples: + - manifest: |- + { + "address_family": "ipv4", + "bgp_asn": 65352, + "connection_id": "dxcon-zzzzzzzz", + "name": "vif-foo", + "vlan": 4094 + } + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: '- (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.' + arn: '- The ARN of the virtual interface.' + aws_device: '- The Direct Connect endpoint on which the virtual interface terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + connection_id: '- (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + customer_address: '- (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + dx_gateway_id: '- (Optional) The ID of the Direct Connect gateway to which to connect the virtual interface.' + id: '- The ID of the virtual interface.' + jumbo_frame_capable: '- Indicates whether jumbo frames (9001 MTU) are supported.' + mtu: |- + - (Optional) The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. + The MTU of a virtual private interface can be either 1500 or 9001 (jumbo frames). Default is 1500. + name: '- (Required) The name for the virtual interface.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10 minutes) Used for virtual interface modifications' + vlan: '- (Required) The VLAN ID.' + vpn_gateway_id: '- (Optional) The ID of the virtual private gateway to which to connect the virtual interface.' + aws_dx_public_virtual_interface: + subCategory: Direct Connect + description: Provides a Direct Connect public virtual interface resource. + name: aws_dx_public_virtual_interface + titleName: aws_dx_public_virtual_interface + examples: + - manifest: |- + { + "address_family": "ipv4", + "amazon_address": "175.45.176.2/30", + "bgp_asn": 65352, + "connection_id": "dxcon-zzzzzzzz", + "customer_address": "175.45.176.1/30", + "name": "vif-foo", + "route_filter_prefixes": [ + "210.52.109.0/24", + "175.45.176.0/22" + ], + "vlan": 4094 + } + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: '- (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.' + arn: '- The ARN of the virtual interface.' + aws_device: '- The Direct Connect endpoint on which the virtual interface terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + connection_id: '- (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + customer_address: '- (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + id: '- The ID of the virtual interface.' + name: '- (Required) The name for the virtual interface.' + route_filter_prefixes: '- (Required) A list of routes to be advertised to the AWS network in this region.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vlan: '- (Required) The VLAN ID.' + aws_dx_transit_virtual_interface: + subCategory: Direct Connect + description: Provides a Direct Connect transit virtual interface resource. + name: aws_dx_transit_virtual_interface + titleName: aws_dx_transit_virtual_interface + examples: + - manifest: |- + { + "address_family": "ipv4", + "bgp_asn": 65352, + "connection_id": "${aws_dx_connection.example.id}", + "dx_gateway_id": "${aws_dx_gateway.example.id}", + "name": "tf-transit-vif-example", + "vlan": 4094 + } + references: + connection_id: aws_dx_connection.id + dx_gateway_id: aws_dx_gateway.id + argumentDocs: + address_family: '- (Required) The address family for the BGP peer. ipv4 or ipv6.' + amazon_address: '- (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.' + arn: '- The ARN of the virtual interface.' + aws_device: '- The Direct Connect endpoint on which the virtual interface terminates.' + bgp_asn: '- (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.' + bgp_auth_key: '- (Optional) The authentication key for BGP configuration.' + connection_id: '- (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.' + create: '- (Default 10 minutes) Used for creating virtual interface' + customer_address: '- (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.' + delete: '- (Default 10 minutes) Used for destroying virtual interface' + dx_gateway_id: '- (Required) The ID of the Direct Connect gateway to which to connect the virtual interface.' + id: '- The ID of the virtual interface.' + jumbo_frame_capable: '- Indicates whether jumbo frames (8500 MTU) are supported.' + mtu: |- + - (Optional) The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. + The MTU of a virtual transit interface can be either 1500 or 8500 (jumbo frames). Default is 1500. + name: '- (Required) The name for the virtual interface.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10 minutes) Used for virtual interface modifications' + vlan: '- (Required) The VLAN ID.' + aws_dynamodb_global_table: + subCategory: DynamoDB + description: Manages DynamoDB Global Tables V1 (version 2017.11.29) + name: aws_dynamodb_global_table + titleName: aws_dynamodb_global_table + examples: + - manifest: |- + { + "depends_on": [ + "${aws_dynamodb_table.us-east-1}", + "${aws_dynamodb_table.us-west-2}" + ], + "name": "myTable", + "provider": "${aws.us-east-1}", + "replica": [ + { + "region_name": "us-east-1" + }, + { + "region_name": "us-west-2" + } + ] + } + references: + provider: aws.us-east-1 + argumentDocs: + arn: '- The ARN of the DynamoDB Global Table' + id: '- The name of the DynamoDB Global Table' + name: '- (Required) The name of the global table. Must match underlying DynamoDB Table names in all regions.' + region_name: '- (Required) AWS region name of replica DynamoDB Table. e.g. us-east-1' + replica: '- (Required) Underlying DynamoDB Table. At least 1 replica must be defined. See below.' + aws_dynamodb_kinesis_streaming_destination: + subCategory: DynamoDB + description: Enables a Kinesis streaming destination for a DynamoDB table + name: aws_dynamodb_kinesis_streaming_destination + titleName: aws_dynamodb_kinesis_streaming_destination + examples: + - manifest: |- + { + "stream_arn": "${aws_kinesis_stream.example.arn}", + "table_name": "${aws_dynamodb_table.example.name}" + } + references: + stream_arn: aws_kinesis_stream.arn + table_name: aws_dynamodb_table.name + argumentDocs: + id: '- The table_name and stream_arn separated by a comma (,).' + stream_arn: '- (Required) The ARN for a Kinesis data stream. This must exist in the same account and region as the DynamoDB table.' + table_name: |- + - (Required) The name of the DynamoDB table. There + can only be one Kinesis streaming destination for a given DynamoDB table. + aws_dynamodb_table: + subCategory: DynamoDB + description: Provides a DynamoDB table resource + name: aws_dynamodb_table + titleName: aws_dynamodb_table + examples: + - manifest: |- + { + "attribute": [ + { + "name": "UserId", + "type": "S" + }, + { + "name": "GameTitle", + "type": "S" + }, + { + "name": "TopScore", + "type": "N" + } + ], + "billing_mode": "PROVISIONED", + "global_secondary_index": [ + { + "hash_key": "GameTitle", + "name": "GameTitleIndex", + "non_key_attributes": [ + "UserId" + ], + "projection_type": "INCLUDE", + "range_key": "TopScore", + "read_capacity": 10, + "write_capacity": 10 + } + ], + "hash_key": "UserId", + "name": "GameScores", + "range_key": "GameTitle", + "read_capacity": 20, + "tags": { + "Environment": "production", + "Name": "dynamodb-table-1" + }, + "ttl": [ + { + "attribute_name": "TimeToExist", + "enabled": false + } + ], + "write_capacity": 20 + } + - manifest: |- + { + "attribute": [ + { + "name": "TestTableHashKey", + "type": "S" + } + ], + "billing_mode": "PAY_PER_REQUEST", + "hash_key": "TestTableHashKey", + "name": "example", + "replica": [ + { + "region_name": "us-east-2" + }, + { + "region_name": "us-west-2" + } + ], + "stream_enabled": true, + "stream_view_type": "NEW_AND_OLD_IMAGES" + } + argumentDocs: + arn: '- The arn of the table' + attribute: '- (Required) List of nested attribute definitions. Only required for hash_key and range_key attributes. Each attribute has two properties:' + attribute_name: '- (Required) The name of the table attribute to store the TTL timestamp in.' + billing_mode: '- (Optional) Controls how you are charged for read and write throughput and how you manage capacity. The valid values are PROVISIONED and PAY_PER_REQUEST. Defaults to PROVISIONED.' + create: '- (Defaults to 10 mins) Used when creating the table' + delete: '- (Defaults to 10 mins) Used when deleting the table' + enabled: '- (Required) Whether to enable point-in-time recovery - note that it can take up to 10 minutes to enable for new tables. If the point_in_time_recovery block is not provided then this defaults to false.' + global_secondary_index: |- + - (Optional) Describe a GSI for the table; + subject to the normal limits on the number of GSIs, projected + attributes, etc. + hash_key: |- + - (Required) The name of the hash key in the index; must be + defined as an attribute in the resource. + id: '- The name of the table' + kms_key_arn: |- + - (Optional) The ARN of the CMK that should be used for the AWS KMS encryption. + This attribute should only be specified if the key is different from the default DynamoDB CMK, alias/aws/dynamodb. + local_secondary_index: |- + - (Optional, Forces new resource) Describe an LSI on the table; + these can only be allocated at creation so you cannot change this + definition after you have created the resource. + name: '- (Required) The name of the index' + non_key_attributes: |- + - (Optional) Only required with INCLUDE as a + projection type; a list of attributes to project into the index. These + do not need to be defined as attributes on the table. + point_in_time_recovery: '- (Optional) Point-in-time recovery options.' + projection_type: |- + - (Required) One of ALL, INCLUDE or KEYS_ONLY + where ALL projects every attribute into the index, KEYS_ONLY + projects just the hash and range key into the index, and INCLUDE + projects only the keys specified in the non_key_attributes + parameter. + range_key: '- (Optional) The name of the range key; must be defined' + read_capacity: '- (Optional) The number of read units for this index. Must be set if billing_mode is set to PROVISIONED.' + region_name: '- (Required) Region name of the replica.' + replica: '- (Optional) Configuration block(s) with DynamoDB Global Tables V2 (version 2019.11.21) replication configurations. Detailed below.' + server_side_encryption: '- (Optional) Encryption at rest options. AWS DynamoDB tables are automatically encrypted at rest with an AWS owned Customer Master Key if this argument isn''t specified.' + stream_arn: '- The ARN of the Table Stream. Only available when stream_enabled = true' + stream_enabled: '- (Optional) Indicates whether Streams are to be enabled (true) or disabled (false).' + stream_label: |- + - A timestamp, in ISO 8601 format, for this stream. Note that this timestamp is not + a unique identifier for the stream on its own. However, the combination of AWS customer ID, + table name and this field is guaranteed to be unique. + It can be used for creating CloudWatch Alarms. Only available when stream_enabled = true + stream_view_type: '- (Optional) When an item in the table is modified, StreamViewType determines what information is written to the table''s stream. Valid values are KEYS_ONLY, NEW_IMAGE, OLD_IMAGE, NEW_AND_OLD_IMAGES.' + tags: '- (Optional) A map of tags to populate on the created table. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + ttl: '- (Optional) Defines ttl, has two properties, and can only be specified once:' + type: '- (Required) Attribute type, which must be a scalar type: S, N, or B for (S)tring, (N)umber or (B)inary data' + update: '- (Defaults to 60 mins) Used when updating the table configuration and reset for each individual Global Secondary Index and Replica update' + write_capacity: '- (Optional) The number of write units for this index. Must be set if billing_mode is set to PROVISIONED.' + aws_dynamodb_table_item: + subCategory: DynamoDB + description: Provides a DynamoDB table item resource + name: aws_dynamodb_table_item + titleName: aws_dynamodb_table_item + examples: + - manifest: |- + { + "hash_key": "${aws_dynamodb_table.example.hash_key}", + "item": "{\n \"exampleHashKey\": {\"S\": \"something\"},\n \"one\": {\"N\": \"11111\"},\n \"two\": {\"N\": \"22222\"},\n \"three\": {\"N\": \"33333\"},\n \"four\": {\"N\": \"44444\"}\n}\n", + "table_name": "${aws_dynamodb_table.example.name}" + } + references: + hash_key: aws_dynamodb_table.hash_key + table_name: aws_dynamodb_table.name + argumentDocs: + hash_key: '- (Required) Hash key to use for lookups and identification of the item' + item: |- + - (Required) JSON representation of a map of attribute name/value pairs, one for each attribute. + Only the primary key attributes are required; you can optionally provide other attribute name-value pairs for the item. + range_key: '- (Optional) Range key to use for lookups and identification of the item. Required if there is range key defined in the table.' + table_name: '- (Required) The name of the table to contain the item.' + aws_dynamodb_tag: + subCategory: DynamoDB + description: Manages an individual DynamoDB resource tag + name: aws_dynamodb_tag + titleName: aws_dynamodb_tag + examples: + - manifest: |- + { + "key": "testkey", + "provider": "aws.replica", + "resource_arn": "${replace(aws_dynamodb_table.test.arn, data.aws_region.current.name, data.aws_region.replica.name)}", + "value": "testvalue" + } + argumentDocs: + id: '- DynamoDB resource identifier and key, separated by a comma (,)' + key: '- (Required) Tag name.' + resource_arn: '- (Required) Amazon Resource Name (ARN) of the DynamoDB resource to tag.' + value: '- (Required) Tag value.' + aws_ebs_default_kms_key: + subCategory: EC2 + description: Manages the default customer master key (CMK) that your AWS account uses to encrypt EBS volumes. + name: aws_ebs_default_kms_key + titleName: aws_ebs_default_kms_key + examples: + - manifest: |- + { + "key_arn": "${aws_kms_key.example.arn}" + } + references: + key_arn: aws_kms_key.arn + argumentDocs: + key_arn: '- (Required, ForceNew) The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume.' + aws_ebs_encryption_by_default: + subCategory: EC2 + description: Manages whether default EBS encryption is enabled for your AWS account in the current AWS region. + name: aws_ebs_encryption_by_default + titleName: aws_ebs_encryption_by_default + examples: + - manifest: |- + { + "enabled": true + } + argumentDocs: + enabled: '- (Optional) Whether or not default EBS encryption is enabled. Valid values are true or false. Defaults to true.' + aws_ebs_snapshot: + subCategory: EC2 + description: Provides an elastic block storage snapshot resource. + name: aws_ebs_snapshot + titleName: aws_ebs_snapshot + examples: + - manifest: |- + { + "tags": { + "Name": "HelloWorld_snap" + }, + "volume_id": "${aws_ebs_volume.example.id}" + } + references: + volume_id: aws_ebs_volume.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the EBS Snapshot.' + create: '- (Default 10 minutes) Used for creating the ebs snapshot' + data_encryption_key_id: '- The data encryption key identifier for the snapshot.' + delete: '- (Default 10 minutes) Used for deleting the ebs snapshot' + description: '- (Optional) A description of what the snapshot is.' + encrypted: '- Whether the snapshot is encrypted.' + id: '- The snapshot ID (e.g. snap-59fcb34e).' + kms_key_id: '- The ARN for the KMS encryption key.' + owner_alias: '- Value from an Amazon-maintained list (amazon, aws-marketplace, microsoft) of snapshot owners.' + owner_id: '- The AWS account ID of the EBS snapshot owner.' + tags: '- A map of tags for the snapshot.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + volume_id: '- (Required) The Volume ID of which to make a snapshot.' + volume_size: '- The size of the drive in GiBs.' + aws_ebs_snapshot_copy: + subCategory: EC2 + description: Duplicates an existing Amazon snapshot + name: aws_ebs_snapshot_copy + titleName: aws_ebs_snapshot_copy + examples: + - manifest: |- + { + "source_region": "us-west-2", + "source_snapshot_id": "${aws_ebs_snapshot.example_snapshot.id}", + "tags": { + "Name": "HelloWorld_copy_snap" + } + } + references: + source_snapshot_id: aws_ebs_snapshot.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the EBS Snapshot.' + data_encryption_key_id: '- The data encryption key identifier for the snapshot.' + description: '- (Optional) A description of what the snapshot is.' + encrypted: '- Whether the snapshot is encrypted.' + id: '- The snapshot ID (e.g. snap-59fcb34e).' + kms_key_id: '- The ARN for the KMS encryption key.' + owner_alias: '- Value from an Amazon-maintained list (amazon, aws-marketplace, microsoft) of snapshot owners.' + owner_id: '- The AWS account ID of the snapshot owner.' + source_region: The region of the source snapshot. + source_snapshot_id: The ARN of the copied snapshot. + tags: '- A map of tags for the snapshot.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + volume_size: '- The size of the drive in GiBs.' + aws_ebs_snapshot_import: + subCategory: EC2 + description: Provides an elastic block storage snapshot import resource. + name: aws_ebs_snapshot_import + titleName: aws_ebs_snapshot_import + examples: + - manifest: |- + { + "disk_container": [ + { + "format": "VHD", + "user_bucket": [ + { + "s3_bucket": "disk-images", + "s3_key": "source.vhd" + } + ] + } + ], + "role_name": "disk-image-import", + "tags": { + "Name": "HelloWorld" + } + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the EBS Snapshot.' + client_data: '- (Optional) The client-specific data. Detailed below.' + comment: '- (Optional) A user-defined comment about the disk upload.' + create: '- (Default 60 minutes) Used for importing the EBS snapshot' + data_encryption_key_id: '- The data encryption key identifier for the snapshot.' + delete: '- (Default 10 minutes) Used for deleting the EBS snapshot' + description: '- (Optional) The description of the disk image being imported.' + disk_container: '- (Required) Information about the disk container. Detailed below.' + encrypted: '- (Optional) Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId.' + format: '- (Required) The format of the disk image being imported. One of VHD or VMDK.' + id: '- The snapshot ID (e.g. snap-59fcb34e).' + kms_key_id: '- (Optional) An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.' + owner_alias: '- Value from an Amazon-maintained list (amazon, aws-marketplace, microsoft) of snapshot owners.' + owner_id: '- The AWS account ID of the EBS snapshot owner.' + role_name: '- (Optional) The name of the IAM Role the VM Import/Export service will assume. This role needs certain permissions. See https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role. Default: vmimport' + s3_bucket: '- The name of the Amazon S3 bucket where the disk image is located.' + s3_key: '- The file name of the disk image.' + tags: '- A map of tags for the snapshot.' + upload_end: '- (Optional) The time that the disk upload ends.' + upload_size: '- (Optional) The size of the uploaded disk image, in GiB.' + upload_start: '- (Optional) The time that the disk upload starts.' + url: '- (Optional) The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon S3 URL (s3://..). One of url or user_bucket must be set.' + user_bucket: '- (Optional) The Amazon S3 bucket for the disk image. One of url or user_bucket must be set. Detailed below.' + volume_size: '- The size of the drive in GiBs.' + aws_ebs_volume: + subCategory: EC2 + description: Provides an elastic block storage resource. + name: aws_ebs_volume + titleName: aws_ebs_volume + examples: + - manifest: |- + { + "availability_zone": "us-west-2a", + "size": 40, + "tags": { + "Name": "HelloWorld" + } + } + argumentDocs: + arn: '- The volume ARN (e.g. arn:aws:ec2:us-east-1:0123456789012:volume/vol-59fcb34e).' + availability_zone: '- (Required) The AZ where the EBS volume will exist.' + encrypted: '- (Optional) If true, the disk will be encrypted.' + id: '- The volume ID (e.g. vol-59fcb34e).' + iops: '- (Optional) The amount of IOPS to provision for the disk. Only valid for type of io1, io2 or gp3.' + kms_key_id: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true. Note: Terraform must be running with credentials which have the GenerateDataKeyWithoutPlaintext permission on the specified KMS key as required by the EBS KMS CMK volume provisioning process to prevent a volume from being created and almost immediately deleted.' + multi_attach_enabled: '- (Optional) Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported exclusively on io1 volumes.' + outpost_arn: '- (Optional) The Amazon Resource Name (ARN) of the Outpost.' + size: '- (Optional) The size of the drive in GiBs.' + snapshot_id: (Optional) A snapshot to base the EBS volume off of. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + throughput: '- (Optional) The throughput that the volume supports, in MiB/s. Only valid for type of gp3.' + type: '- (Optional) The type of EBS volume. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp2).' + aws_ec2_availability_zone_group: + subCategory: EC2 + description: Manages an EC2 Availability Zone Group. + name: aws_ec2_availability_zone_group + titleName: aws_ec2_availability_zone_group + examples: + - manifest: |- + { + "group_name": "us-west-2-lax-1", + "opt_in_status": "opted-in" + } + argumentDocs: + group_name: '- (Required) Name of the Availability Zone Group.' + id: '- Name of the Availability Zone Group.' + opt_in_status: '- (Required) Indicates whether to enable or disable Availability Zone Group. Valid values: opted-in or not-opted-in.' + aws_ec2_capacity_reservation: + subCategory: EC2 + description: Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. + name: aws_ec2_capacity_reservation + titleName: aws_ec2_capacity_reservation + examples: + - manifest: |- + { + "availability_zone": "eu-west-1a", + "instance_count": 1, + "instance_platform": "Linux/UNIX", + "instance_type": "t2.micro" + } + argumentDocs: + arn: '- The ARN of the Capacity Reservation.' + availability_zone: '- (Required) The Availability Zone in which to create the Capacity Reservation.' + ebs_optimized: '- (Optional) Indicates whether the Capacity Reservation supports EBS-optimized instances.' + end_date: '- (Optional) The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. Valid values: RFC3339 time string (YYYY-MM-DDTHH:MM:SSZ)' + end_date_type: '- (Optional) Indicates the way in which the Capacity Reservation ends. Specify either unlimited or limited.' + ephemeral_storage: '- (Optional) Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.' + id: '- The Capacity Reservation ID.' + instance_count: '- (Required) The number of instances for which to reserve capacity.' + instance_match_criteria: '- (Optional) Indicates the type of instance launches that the Capacity Reservation accepts. Specify either open or targeted.' + instance_platform: '- (Required) The type of operating system for which to reserve capacity. Valid options are Linux/UNIX, Red Hat Enterprise Linux, SUSE Linux, Windows, Windows with SQL Server, Windows with SQL Server Enterprise, Windows with SQL Server Standard or Windows with SQL Server Web.' + instance_type: '- (Required) The instance type for which to reserve capacity.' + outpost_arn: '- (Optional) The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.' + owner_id: '- The ID of the AWS account that owns the Capacity Reservation.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block' + tenancy: '- (Optional) Indicates the tenancy of the Capacity Reservation. Specify either default or dedicated.' + aws_ec2_carrier_gateway: + subCategory: EC2 + description: Manages an EC2 Carrier Gateway. + name: aws_ec2_carrier_gateway + titleName: aws_ec2_carrier_gateway + examples: + - manifest: |- + { + "tags": { + "Name": "example-carrier-gateway" + }, + "vpc_id": "${aws_vpc.example.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + arn: '- The ARN of the carrier gateway.' + id: '- The ID of the carrier gateway.' + owner_id: '- The AWS account ID of the owner of the carrier gateway.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Required) The ID of the VPC to associate with the carrier gateway.' + aws_ec2_client_vpn_authorization_rule: + subCategory: EC2 + description: Provides authorization rules for AWS Client VPN endpoints. + name: aws_ec2_client_vpn_authorization_rule + titleName: aws_ec2_client_vpn_authorization_rule + examples: + - manifest: |- + { + "authorize_all_groups": true, + "client_vpn_endpoint_id": "${aws_ec2_client_vpn_endpoint.example.id}", + "target_network_cidr": "${aws_subnet.example.cidr_block}" + } + references: + client_vpn_endpoint_id: aws_ec2_client_vpn_endpoint.id + target_network_cidr: aws_subnet.cidr_block + argumentDocs: + access_group_id: '- (Optional) The ID of the group to which the authorization rule grants access. One of access_group_id or authorize_all_groups must be set.' + authorize_all_groups: '- (Optional) Indicates whether the authorization rule grants access to all clients. One of access_group_id or authorize_all_groups must be set.' + client_vpn_endpoint_id: '- (Required) The ID of the Client VPN endpoint.' + description: '- (Optional) A brief description of the authorization rule.' + target_network_cidr: '- (Required) The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.' + aws_ec2_client_vpn_endpoint: + subCategory: EC2 + description: Provides an AWS Client VPN endpoint for OpenVPN clients. + name: aws_ec2_client_vpn_endpoint + titleName: aws_ec2_client_vpn_endpoint + examples: + - manifest: |- + { + "authentication_options": [ + { + "root_certificate_chain_arn": "${aws_acm_certificate.root_cert.arn}", + "type": "certificate-authentication" + } + ], + "client_cidr_block": "10.0.0.0/16", + "connection_log_options": [ + { + "cloudwatch_log_group": "${aws_cloudwatch_log_group.lg.name}", + "cloudwatch_log_stream": "${aws_cloudwatch_log_stream.ls.name}", + "enabled": true + } + ], + "description": "terraform-clientvpn-example", + "server_certificate_arn": "${aws_acm_certificate.cert.arn}" + } + references: + server_certificate_arn: aws_acm_certificate.arn + argumentDocs: + active_directory_id: '- (Optional) The ID of the Active Directory to be used for authentication if type is directory-service-authentication.' + arn: '- The ARN of the Client VPN endpoint.' + authentication_options: '- (Required) Information about the authentication method to be used to authenticate clients.' + client_cidr_block: '- (Required) The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.' + cloudwatch_log_group: '- (Optional) The name of the CloudWatch Logs log group.' + cloudwatch_log_stream: '- (Optional) The name of the CloudWatch Logs log stream to which the connection data is published.' + connection_log_options: '- (Required) Information about the client connection logging options.' + description: '- (Optional) Name of the repository.' + dns_name: '- The DNS name to be used by clients when establishing their VPN session.' + dns_servers: '- (Optional) Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.' + enabled: '- (Required) Indicates whether connection logging is enabled.' + id: '- The ID of the Client VPN endpoint.' + root_certificate_chain_arn: '- (Optional) The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to certificate-authentication.' + saml_provider_arn: '- (Optional) The ARN of the IAM SAML identity provider if type is federated-authentication.' + server_certificate_arn: '- (Required) The ARN of the ACM server certificate.' + split_tunnel: '- (Optional) Indicates whether split-tunnel is enabled on VPN endpoint. Default value is false.' + status: '- The current state of the Client VPN endpoint.' + tags: '- (Optional) A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transport_protocol: '- (Optional) The transport protocol to be used by the VPN session. Default value is udp.' + type: '- (Required) The type of client authentication to be used. Specify certificate-authentication to use certificate-based authentication, directory-service-authentication to use Active Directory authentication, or federated-authentication to use Federated Authentication via SAML 2.0.' + aws_ec2_client_vpn_network_association: + subCategory: EC2 + description: Provides network associations for AWS Client VPN endpoints. + name: aws_ec2_client_vpn_network_association + titleName: aws_ec2_client_vpn_network_association + examples: + - manifest: |- + { + "client_vpn_endpoint_id": "${aws_ec2_client_vpn_endpoint.example.id}", + "subnet_id": "${aws_subnet.example.id}" + } + references: + client_vpn_endpoint_id: aws_ec2_client_vpn_endpoint.id + subnet_id: aws_subnet.id + - manifest: |- + { + "client_vpn_endpoint_id": "${aws_ec2_client_vpn_endpoint.example.id}", + "security_groups": [ + "${aws_security_group.example1.id}", + "${aws_security_group.example2.id}" + ], + "subnet_id": "${aws_subnet.example.id}" + } + references: + client_vpn_endpoint_id: aws_ec2_client_vpn_endpoint.id + subnet_id: aws_subnet.id + argumentDocs: + association_id: '- The unique ID of the target network association.' + client_vpn_endpoint_id: '- (Required) The ID of the Client VPN endpoint.' + id: '- The unique ID of the target network association.' + security_groups: '- The IDs of the security groups applied to the target network association.' + status: '- The current state of the target network association.' + subnet_id: '- (Required) The ID of the subnet to associate with the Client VPN endpoint.' + vpc_id: '- The ID of the VPC in which the target subnet is located.' + aws_ec2_client_vpn_route: + subCategory: EC2 + description: Provides additional routes for AWS Client VPN endpoints. + name: aws_ec2_client_vpn_route + titleName: aws_ec2_client_vpn_route + examples: + - manifest: |- + { + "client_vpn_endpoint_id": "${aws_ec2_client_vpn_endpoint.example.id}", + "destination_cidr_block": "0.0.0.0/0", + "target_vpc_subnet_id": "${aws_ec2_client_vpn_network_association.example.subnet_id}" + } + references: + client_vpn_endpoint_id: aws_ec2_client_vpn_endpoint.id + target_vpc_subnet_id: aws_ec2_client_vpn_network_association.subnet_id + argumentDocs: + client_vpn_endpoint_id: '- (Required) The ID of the Client VPN endpoint.' + description: '- (Optional) A brief description of the authorization rule.' + destination_cidr_block: '- (Required) The IPv4 address range, in CIDR notation, of the route destination.' + id: '- The ID of the Client VPN endpoint.' + origin: '- Indicates how the Client VPN route was added. Will be add-route for routes created by this resource.' + target_vpc_subnet_id: '- (Required) The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.' + type: '- The type of the route.' + aws_ec2_fleet: + subCategory: EC2 + description: Provides a resource to manage EC2 Fleets + name: aws_ec2_fleet + titleName: aws_ec2_fleet + examples: + - manifest: |- + { + "launch_template_config": [ + { + "launch_template_specification": [ + { + "launch_template_id": "${aws_launch_template.example.id}", + "version": "${aws_launch_template.example.latest_version}" + } + ] + } + ], + "target_capacity_specification": [ + { + "default_target_capacity_type": "spot", + "total_target_capacity": 5 + } + ] + } + - manifest: |- + { + "launch_template_config": [ + { + "override": [ + { + "instance_type": "m4.xlarge", + "weighted_capacity": 1 + }, + { + "instance_type": "m4.2xlarge", + "weighted_capacity": 2 + } + ] + } + ] + } + argumentDocs: + allocation_strategy: '- (Optional) How to allocate the target capacity across the Spot pools. Valid values: diversified, lowestPrice. Default: lowestPrice.' + availability_zone: '- (Optional) Availability Zone in which to launch the instances.' + capacity_rebalance: '- (Optional) Nested argument containing the capacity rebalance for your fleet request. Defined below.' + create: '- (Default 10m) How long to wait for a fleet to be active.' + default_target_capacity_type: '- (Required) Default target capacity type. Valid values: on-demand, spot.' + delete: '- (Default 10m) How long to wait for a fleet to be deleted. If terminate_instances is true, how long to wait for instances to terminate.' + excess_capacity_termination_policy: '- (Optional) Whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2. Valid values: no-termination, termination. Defaults to termination.' + id: '- Fleet identifier' + instance_interruption_behavior: '- (Optional) Behavior when a Spot Instance is interrupted. Valid values: hibernate, stop, terminate. Default: terminate.' + instance_pools_to_use_count: '- (Optional) Number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot allocation_strategy is set to lowestPrice. Default: 1.' + instance_type: '- (Optional) Instance type.' + launch_template_config: '- (Required) Nested argument containing EC2 Launch Template configurations. Defined below.' + launch_template_id: '- (Optional) ID of the launch template.' + launch_template_name: '- (Optional) Name of the launch template.' + launch_template_specification: '- (Required) Nested argument containing EC2 Launch Template to use. Defined below.' + maintenance_strategies: '- (Optional) Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below.' + max_price: '- (Optional) Maximum price per unit hour that you are willing to pay for a Spot Instance.' + on_demand_options: '- (Optional) Nested argument containing On-Demand configurations. Defined below.' + on_demand_target_capacity: '- (Optional) The number of On-Demand units to request.' + override: '- (Optional) Nested argument(s) containing parameters to override the same parameters in the Launch Template. Defined below.' + priority: '- (Optional) Priority for the launch template override. If on_demand_options allocation_strategy is set to prioritized, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity. The highest priority is launched first. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. Valid values are whole numbers starting at 0.' + replace_unhealthy_instances: '- (Optional) Whether EC2 Fleet should replace unhealthy instances. Defaults to false.' + replacement_strategy: '- (Optional) The replacement strategy to use. Only available for fleets of type set to maintain. Valid values: launch.' + spot_options: '- (Optional) Nested argument containing Spot configurations. Defined below.' + spot_target_capacity: '- (Optional) The number of Spot units to request.' + subnet_id: '- (Optional) ID of the subnet in which to launch the instances.' + tags: '- (Optional) Map of Fleet tags. To tag instances at launch, specify the tags in the Launch Template. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_capacity_specification: '- (Required) Nested argument containing target capacity configurations. Defined below.' + terminate_instances: '- (Optional) Whether to terminate instances for an EC2 Fleet if it is deleted successfully. Defaults to false.' + terminate_instances_with_expiration: '- (Optional) Whether running instances should be terminated when the EC2 Fleet expires. Defaults to false.' + total_target_capacity: '- (Required) The number of units to request, filled using default_target_capacity_type.' + type: '- (Optional) The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. Valid values: maintain, request. Defaults to maintain.' + update: '- (Default 10m) How long to wait for a fleet to be modified.' + version: '- (Required) Version number of the launch template.' + weighted_capacity: '- (Optional) Number of units provided by the specified instance type.' + aws_ec2_local_gateway_route: + subCategory: EC2 + description: Manages an EC2 Local Gateway Route + name: aws_ec2_local_gateway_route + titleName: aws_ec2_local_gateway_route + examples: + - manifest: |- + { + "destination_cidr_block": "172.16.0.0/16", + "local_gateway_route_table_id": "${data.aws_ec2_local_gateway_route_table.example.id}", + "local_gateway_virtual_interface_group_id": "${data.aws_ec2_local_gateway_virtual_interface_group.example.id}" + } + references: + local_gateway_route_table_id: data.id + local_gateway_virtual_interface_group_id: data.id + argumentDocs: + destination_cidr_block: '- (Required) IPv4 CIDR range used for destination matches. Routing decisions are based on the most specific match.' + id: '- EC2 Local Gateway Route Table identifier and destination CIDR block separated by underscores (_)' + local_gateway_route_table_id: '- (Required) Identifier of EC2 Local Gateway Route Table.' + local_gateway_virtual_interface_group_id: '- (Required) Identifier of EC2 Local Gateway Virtual Interface Group.' + aws_ec2_local_gateway_route_table_vpc_association: + subCategory: EC2 + description: Manages an EC2 Local Gateway Route Table VPC Association + name: aws_ec2_local_gateway_route_table_vpc_association + titleName: aws_ec2_local_gateway_route_table_vpc_association + examples: + - manifest: |- + { + "local_gateway_route_table_id": "${data.aws_ec2_local_gateway_route_table.example.id}", + "vpc_id": "${aws_vpc.example.id}" + } + references: + local_gateway_route_table_id: data.id + vpc_id: aws_vpc.id + argumentDocs: + id: '- Identifier of EC2 Local Gateway Route Table VPC Association.' + local_gateway_route_table_id: '- (Required) Identifier of EC2 Local Gateway Route Table.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Required) Identifier of EC2 VPC.' + aws_ec2_managed_prefix_list: + subCategory: VPC + description: Provides a managed prefix list resource. + name: aws_ec2_managed_prefix_list + titleName: aws_ec2_managed_prefix_list + examples: + - manifest: |- + { + "address_family": "IPv4", + "entry": [ + { + "cidr": "${aws_vpc.example.cidr_block}", + "description": "Primary" + }, + { + "cidr": "${aws_vpc_ipv4_cidr_block_association.example.cidr_block}", + "description": "Secondary" + } + ], + "max_entries": 5, + "name": "All VPC CIDR-s", + "tags": { + "Env": "live" + } + } + argumentDocs: + address_family: '- (Required, Forces new resource) Address family (IPv4 or IPv6) of this prefix list.' + arn: '- ARN of the prefix list.' + cidr: '- (Required) CIDR block of this entry.' + description: '- (Optional) Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry.' + entry: '- (Optional) Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.' + id: '- ID of the prefix list.' + max_entries: '- (Required, Forces new resource) Maximum number of entries that this prefix list can contain.' + name: '- (Required) Name of this resource. The name must not start with com.amazonaws.' + owner_id: '- ID of the AWS account that owns this prefix list.' + tags: '- (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version: '- Latest version of this prefix list.' + aws_ec2_tag: + subCategory: EC2 + description: Manages an individual EC2 resource tag + name: aws_ec2_tag + titleName: aws_ec2_tag + examples: + - manifest: |- + { + "key": "Name", + "resource_id": "${aws_vpn_connection.example.transit_gateway_attachment_id}", + "value": "Hello World" + } + references: + resource_id: aws_vpn_connection.transit_gateway_attachment_id + argumentDocs: + id: '- EC2 resource identifier and key, separated by a comma (,)' + key: '- (Required) The tag name.' + resource_id: '- (Required) The ID of the EC2 resource to manage the tag for.' + value: '- (Required) The value of the tag.' + aws_ec2_traffic_mirror_filter: + subCategory: EC2 + description: Provides an Traffic mirror filter + name: aws_ec2_traffic_mirror_filter + titleName: aws_ec2_traffic_mirror_filter + examples: + - manifest: |- + { + "description": "traffic mirror filter - terraform example", + "network_services": [ + "amazon-dns" + ] + } + argumentDocs: + arn: '- The ARN of the traffic mirror filter.' + description: '- (Optional, Forces new resource) A description of the filter.' + id: '- The name of the filter.' + network_services: '- (Optional) List of amazon network services that should be mirrored. Valid values: amazon-dns.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ec2_traffic_mirror_filter_rule: + subCategory: EC2 + description: Provides an Traffic mirror filter rule + name: aws_ec2_traffic_mirror_filter_rule + titleName: aws_ec2_traffic_mirror_filter_rule + examples: + - manifest: |- + { + "description": "test rule", + "destination_cidr_block": "10.0.0.0/8", + "rule_action": "accept", + "rule_number": 1, + "source_cidr_block": "10.0.0.0/8", + "traffic_direction": "egress", + "traffic_mirror_filter_id": "${aws_ec2_traffic_mirror_filter.filter.id}" + } + references: + traffic_mirror_filter_id: aws_ec2_traffic_mirror_filter.id + - manifest: |- + { + "description": "test rule", + "destination_cidr_block": "10.0.0.0/8", + "destination_port_range": [ + { + "from_port": 22, + "to_port": 53 + } + ], + "protocol": 6, + "rule_action": "accept", + "rule_number": 1, + "source_cidr_block": "10.0.0.0/8", + "source_port_range": [ + { + "from_port": 0, + "to_port": 10 + } + ], + "traffic_direction": "ingress", + "traffic_mirror_filter_id": "${aws_ec2_traffic_mirror_filter.filter.id}" + } + references: + traffic_mirror_filter_id: aws_ec2_traffic_mirror_filter.id + argumentDocs: + arn: '- ARN of the traffic mirror filter rule.' + description: '- (Optional) Description of the traffic mirror filter rule.' + destination_cidr_block: '- (Required) Destination CIDR block to assign to the Traffic Mirror rule.' + destination_port_range: '- (Optional) Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below' + from_port: '- (Optional) Starting port of the range' + id: '- Name of the traffic mirror filter rule.' + protocol: '- (Optional) Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.' + rule_action: '- (Required) Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject' + rule_number: '- (Required) Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.' + source_cidr_block: '- (Required) Source CIDR block to assign to the Traffic Mirror rule.' + source_port_range: '- (Optional) Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below' + to_port: '- (Optional) Ending port of the range' + traffic_direction: '- (Required) Direction of traffic to be captured. Valid values are ingress and egress' + traffic_mirror_filter_id: '- (Required) ID of the traffic mirror filter to which this rule should be added' + aws_ec2_traffic_mirror_session: + subCategory: EC2 + description: Provides a Traffic mirror session + name: aws_ec2_traffic_mirror_session + titleName: aws_ec2_traffic_mirror_session + examples: + - manifest: |- + { + "description": "traffic mirror session - terraform example", + "network_interface_id": "${aws_instance.test.primary_network_interface_id}", + "session_number": 1, + "traffic_mirror_filter_id": "${aws_ec2_traffic_mirror_filter.filter.id}", + "traffic_mirror_target_id": "${aws_ec2_traffic_mirror_target.target.id}" + } + references: + network_interface_id: aws_instance.primary_network_interface_id + traffic_mirror_filter_id: aws_ec2_traffic_mirror_filter.id + traffic_mirror_target_id: aws_ec2_traffic_mirror_target.id + argumentDocs: + arn: '- The ARN of the traffic mirror session.' + description: '- (Optional) A description of the traffic mirror session.' + id: '- The name of the session.' + network_interface_id: '- (Required, Forces new) ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.' + owner_id: '- The AWS account ID of the session owner.' + packet_length: '- (Optional) The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.' + session_number: '- (Required) - The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + traffic_mirror_filter_id: '- (Required) ID of the traffic mirror filter to be used' + traffic_mirror_target_id: '- (Required) ID of the traffic mirror target to be used' + virtual_network_id: '- (Optional) - The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.' + aws_ec2_traffic_mirror_target: + subCategory: EC2 + description: Provides a Traffic mirror target + name: aws_ec2_traffic_mirror_target + titleName: aws_ec2_traffic_mirror_target + examples: + - manifest: |- + { + "description": "NLB target", + "network_load_balancer_arn": "${aws_lb.lb.arn}" + } + references: + network_load_balancer_arn: aws_lb.arn + - manifest: |- + { + "description": "ENI target", + "network_interface_id": "${aws_instance.test.primary_network_interface_id}" + } + references: + network_interface_id: aws_instance.primary_network_interface_id + argumentDocs: + arn: '- The ARN of the traffic mirror target.' + description: '- (Optional, Forces new) A description of the traffic mirror session.' + id: '- The ID of the Traffic Mirror target.' + network_interface_id: '- (Optional, Forces new) The network interface ID that is associated with the target.' + network_load_balancer_arn: '- (Optional, Forces new) The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target.' + owner_id: '- The ID of the AWS account that owns the traffic mirror target.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ec2_transit_gateway: + subCategory: EC2 + description: Manages an EC2 Transit Gateway + name: aws_ec2_transit_gateway + titleName: aws_ec2_transit_gateway + examples: + - manifest: |- + { + "description": "example" + } + argumentDocs: + amazon_side_asn: '- (Optional) Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. Default value: 64512.' + arn: '- EC2 Transit Gateway Amazon Resource Name (ARN)' + association_default_route_table_id: '- Identifier of the default association route table' + auto_accept_shared_attachments: '- (Optional) Whether resource attachment requests are automatically accepted. Valid values: disable, enable. Default value: disable.' + default_route_table_association: '- (Optional) Whether resource attachments are automatically associated with the default association route table. Valid values: disable, enable. Default value: enable.' + default_route_table_propagation: '- (Optional) Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: disable, enable. Default value: enable.' + description: '- (Optional) Description of the EC2 Transit Gateway.' + dns_support: '- (Optional) Whether DNS support is enabled. Valid values: disable, enable. Default value: enable.' + id: '- EC2 Transit Gateway identifier' + owner_id: '- Identifier of the AWS account that owns the EC2 Transit Gateway' + propagation_default_route_table_id: '- Identifier of the default propagation route table' + tags: '- (Optional) Key-value tags for the EC2 Transit Gateway. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpn_ecmp_support: '- (Optional) Whether VPN Equal Cost Multipath Protocol support is enabled. Valid values: disable, enable. Default value: enable.' + aws_ec2_transit_gateway_peering_attachment: + subCategory: EC2 + description: Manages an EC2 Transit Gateway Peering Attachment + name: aws_ec2_transit_gateway_peering_attachment + titleName: aws_ec2_transit_gateway_peering_attachment + examples: + - manifest: |- + { + "peer_account_id": "${aws_ec2_transit_gateway.peer.owner_id}", + "peer_region": "${data.aws_region.peer.name}", + "peer_transit_gateway_id": "${aws_ec2_transit_gateway.peer.id}", + "tags": { + "Name": "TGW Peering Requestor" + }, + "transit_gateway_id": "${aws_ec2_transit_gateway.local.id}" + } + references: + peer_account_id: aws_ec2_transit_gateway.owner_id + peer_region: data.name + peer_transit_gateway_id: aws_ec2_transit_gateway.id + transit_gateway_id: aws_ec2_transit_gateway.id + argumentDocs: + id: '- EC2 Transit Gateway Attachment identifier' + peer_account_id: '- (Optional) Account ID of EC2 Transit Gateway to peer with. Defaults to the account ID the AWS provider is currently connected to.' + peer_region: '- (Required) Region of EC2 Transit Gateway to peer with.' + peer_transit_gateway_id: '- (Required) Identifier of EC2 Transit Gateway to peer with.' + tags: '- (Optional) Key-value tags for the EC2 Transit Gateway Peering Attachment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_id: '- (Required) Identifier of EC2 Transit Gateway.' + aws_ec2_transit_gateway_peering_attachment_accepter: + subCategory: EC2 + description: Manages the accepter's side of an EC2 Transit Gateway peering Attachment + name: aws_ec2_transit_gateway_peering_attachment_accepter + titleName: aws_ec2_transit_gateway_peering_attachment_accepter + examples: + - manifest: |- + { + "tags": { + "Name": "Example cross-account attachment" + }, + "transit_gateway_attachment_id": "${aws_ec2_transit_gateway_peering_attachment.example.id}" + } + references: + transit_gateway_attachment_id: aws_ec2_transit_gateway_peering_attachment.id + argumentDocs: + id: '- EC2 Transit Gateway Attachment identifier' + peer_account_id: '- Identifier of the AWS account that owns the EC2 TGW peering.' + peer_transit_gateway_id: '- Identifier of EC2 Transit Gateway to peer with.' + tags: '- (Optional) Key-value tags for the EC2 Transit Gateway Peering Attachment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_attachment_id: '- (Required) The ID of the EC2 Transit Gateway Peering Attachment to manage.' + transit_gateway_id: '- Identifier of EC2 Transit Gateway.' + aws_ec2_transit_gateway_prefix_list_reference: + subCategory: EC2 + description: Manages an EC2 Transit Gateway Prefix List Reference + name: aws_ec2_transit_gateway_prefix_list_reference + titleName: aws_ec2_transit_gateway_prefix_list_reference + examples: + - manifest: |- + { + "prefix_list_id": "${aws_ec2_managed_prefix_list.example.id}", + "transit_gateway_attachment_id": "${aws_ec2_transit_gateway_vpc_attachment.example.id}", + "transit_gateway_route_table_id": "${aws_ec2_transit_gateway.example.association_default_route_table_id}" + } + references: + prefix_list_id: aws_ec2_managed_prefix_list.id + transit_gateway_attachment_id: aws_ec2_transit_gateway_vpc_attachment.id + transit_gateway_route_table_id: aws_ec2_transit_gateway.association_default_route_table_id + - manifest: |- + { + "blackhole": true, + "prefix_list_id": "${aws_ec2_managed_prefix_list.example.id}", + "transit_gateway_route_table_id": "${aws_ec2_transit_gateway.example.association_default_route_table_id}" + } + references: + prefix_list_id: aws_ec2_managed_prefix_list.id + transit_gateway_route_table_id: aws_ec2_transit_gateway.association_default_route_table_id + argumentDocs: + blackhole: '- (Optional) Indicates whether to drop traffic that matches the Prefix List. Defaults to false.' + id: '- EC2 Transit Gateway Route Table identifier and EC2 Prefix List identifier, separated by an underscore (_)' + prefix_list_id: '- (Required) Identifier of EC2 Prefix List.' + transit_gateway_attachment_id: '- (Optional) Identifier of EC2 Transit Gateway Attachment.' + transit_gateway_route_table_id: '- (Required) Identifier of EC2 Transit Gateway Route Table.' + aws_ec2_transit_gateway_route: + subCategory: EC2 + description: Manages an EC2 Transit Gateway Route + name: aws_ec2_transit_gateway_route + titleName: aws_ec2_transit_gateway_route + examples: + - manifest: |- + { + "destination_cidr_block": "0.0.0.0/0", + "transit_gateway_attachment_id": "${aws_ec2_transit_gateway_vpc_attachment.example.id}", + "transit_gateway_route_table_id": "${aws_ec2_transit_gateway.example.association_default_route_table_id}" + } + references: + transit_gateway_attachment_id: aws_ec2_transit_gateway_vpc_attachment.id + transit_gateway_route_table_id: aws_ec2_transit_gateway.association_default_route_table_id + - manifest: |- + { + "blackhole": true, + "destination_cidr_block": "0.0.0.0/0", + "transit_gateway_route_table_id": "${aws_ec2_transit_gateway.example.association_default_route_table_id}" + } + references: + transit_gateway_route_table_id: aws_ec2_transit_gateway.association_default_route_table_id + argumentDocs: + blackhole: '- (Optional) Indicates whether to drop traffic that matches this route (default to false).' + destination_cidr_block: '- (Required) IPv4 or IPv6 RFC1924 CIDR used for destination matches. Routing decisions are based on the most specific match.' + id: '- EC2 Transit Gateway Route Table identifier combined with destination' + transit_gateway_attachment_id: '- (Optional) Identifier of EC2 Transit Gateway Attachment (required if blackhole is set to false).' + transit_gateway_route_table_id: '- (Required) Identifier of EC2 Transit Gateway Route Table.' + aws_ec2_transit_gateway_route_table: + subCategory: EC2 + description: Manages an EC2 Transit Gateway Route Table + name: aws_ec2_transit_gateway_route_table + titleName: aws_ec2_transit_gateway_route_table + examples: + - manifest: |- + { + "transit_gateway_id": "${aws_ec2_transit_gateway.example.id}" + } + references: + transit_gateway_id: aws_ec2_transit_gateway.id + argumentDocs: + arn: '- EC2 Transit Gateway Route Table Amazon Resource Name (ARN).' + default_association_route_table: '- Boolean whether this is the default association route table for the EC2 Transit Gateway.' + default_propagation_route_table: '- Boolean whether this is the default propagation route table for the EC2 Transit Gateway.' + id: '- EC2 Transit Gateway Route Table identifier' + tags: '- (Optional) Key-value tags for the EC2 Transit Gateway Route Table. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_id: '- (Required) Identifier of EC2 Transit Gateway.' + aws_ec2_transit_gateway_route_table_association_table_association: + subCategory: EC2 + description: Manages an EC2 Transit Gateway Route Table association + name: aws_ec2_transit_gateway_route_table_association_table_association + titleName: aws_ec2_transit_gateway_route_table_association_table_association + argumentDocs: + id: '- EC2 Transit Gateway Route Table identifier combined with EC2 Transit Gateway Attachment identifier' + resource_id: '- Identifier of the resource' + resource_type: '- Type of the resource' + transit_gateway_attachment_id: '- (Required) Identifier of EC2 Transit Gateway Attachment.' + transit_gateway_route_table_id: '- (Required) Identifier of EC2 Transit Gateway Route Table.' + aws_ec2_transit_gateway_route_table_propagation_table_propagation: + subCategory: EC2 + description: Manages an EC2 Transit Gateway Route Table propagation + name: aws_ec2_transit_gateway_route_table_propagation_table_propagation + titleName: aws_ec2_transit_gateway_route_table_propagation_table_propagation + argumentDocs: + id: '- EC2 Transit Gateway Route Table identifier combined with EC2 Transit Gateway Attachment identifier' + resource_id: '- Identifier of the resource' + resource_type: '- Type of the resource' + transit_gateway_attachment_id: '- (Required) Identifier of EC2 Transit Gateway Attachment.' + transit_gateway_route_table_id: '- (Required) Identifier of EC2 Transit Gateway Route Table.' + aws_ec2_transit_gateway_vpc_attachment: + subCategory: EC2 + description: Manages an EC2 Transit Gateway VPC Attachment + name: aws_ec2_transit_gateway_vpc_attachment + titleName: aws_ec2_transit_gateway_vpc_attachment + examples: + - manifest: |- + { + "subnet_ids": [ + "${aws_subnet.example.id}" + ], + "transit_gateway_id": "${aws_ec2_transit_gateway.example.id}", + "vpc_id": "${aws_vpc.example.id}" + } + references: + transit_gateway_id: aws_ec2_transit_gateway.id + vpc_id: aws_vpc.id + argumentDocs: + appliance_mode_support: '- (Optional) Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: disable, enable. Default value: disable.' + dns_support: '- (Optional) Whether DNS support is enabled. Valid values: disable, enable. Default value: enable.' + id: '- EC2 Transit Gateway Attachment identifier' + ipv6_support: '- (Optional) Whether IPv6 support is enabled. Valid values: disable, enable. Default value: disable.' + subnet_ids: '- (Required) Identifiers of EC2 Subnets.' + tags: '- (Optional) Key-value tags for the EC2 Transit Gateway VPC Attachment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_default_route_table_association: '- (Optional) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true.' + transit_gateway_default_route_table_propagation: '- (Optional) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: true.' + transit_gateway_id: '- (Required) Identifier of EC2 Transit Gateway.' + vpc_id: '- (Required) Identifier of EC2 VPC.' + vpc_owner_id: '- Identifier of the AWS account that owns the EC2 VPC.' + aws_ec2_transit_gateway_vpc_attachment_accepter: + subCategory: EC2 + description: Manages the accepter's side of an EC2 Transit Gateway VPC Attachment + name: aws_ec2_transit_gateway_vpc_attachment_accepter + titleName: aws_ec2_transit_gateway_vpc_attachment_accepter + examples: + - manifest: |- + { + "tags": { + "Name": "Example cross-account attachment" + }, + "transit_gateway_attachment_id": "${aws_ec2_transit_gateway_vpc_attachment.example.id}" + } + references: + transit_gateway_attachment_id: aws_ec2_transit_gateway_vpc_attachment.id + argumentDocs: + appliance_mode_support: '- Whether Appliance Mode support is enabled. Valid values: disable, enable.' + dns_support: '- Whether DNS support is enabled. Valid values: disable, enable.' + id: '- EC2 Transit Gateway Attachment identifier' + ipv6_support: '- Whether IPv6 support is enabled. Valid values: disable, enable.' + subnet_ids: '- Identifiers of EC2 Subnets.' + tags: '- (Optional) Key-value tags for the EC2 Transit Gateway VPC Attachment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_attachment_id: '- (Required) The ID of the EC2 Transit Gateway Attachment to manage.' + transit_gateway_default_route_table_association: '- (Optional) Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. Default value: true.' + transit_gateway_default_route_table_propagation: '- (Optional) Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. Default value: true.' + transit_gateway_id: '- Identifier of EC2 Transit Gateway.' + vpc_id: '- Identifier of EC2 VPC.' + vpc_owner_id: '- Identifier of the AWS account that owns the EC2 VPC.' + aws_ecr_lifecycle_policy: + subCategory: ECR + description: Manages an ECR repository lifecycle policy. + name: aws_ecr_lifecycle_policy + titleName: aws_ecr_lifecycle_policy + examples: + - manifest: |- + { + "policy": "{\n \"rules\": [\n {\n \"rulePriority\": 1,\n \"description\": \"Expire images older than 14 days\",\n \"selection\": {\n \"tagStatus\": \"untagged\",\n \"countType\": \"sinceImagePushed\",\n \"countUnit\": \"days\",\n \"countNumber\": 14\n },\n \"action\": {\n \"type\": \"expire\"\n }\n }\n ]\n}\n", + "repository": "${aws_ecr_repository.foo.name}" + } + references: + repository: aws_ecr_repository.name + - manifest: |- + { + "policy": "{\n \"rules\": [\n {\n \"rulePriority\": 1,\n \"description\": \"Keep last 30 images\",\n \"selection\": {\n \"tagStatus\": \"tagged\",\n \"tagPrefixList\": [\"v\"],\n \"countType\": \"imageCountMoreThan\",\n \"countNumber\": 30\n },\n \"action\": {\n \"type\": \"expire\"\n }\n }\n ]\n}\n", + "repository": "${aws_ecr_repository.foo.name}" + } + references: + repository: aws_ecr_repository.name + argumentDocs: + policy: '- (Required) The policy document. This is a JSON formatted string. See more details about Policy Parameters in the official AWS docs.' + registry_id: '- The registry ID where the repository was created.' + repository: '- The name of the repository.' + aws_ecr_registry_policy: + subCategory: ECR + description: Provides an Elastic Container Registry Policy. + name: aws_ecr_registry_policy + titleName: aws_ecr_registry_policy + examples: + - manifest: |- + { + "policy": "${jsonencode({\n Version = \"2012-10-17\",\n Statement = [\n {\n Sid = \"testpolicy\",\n Effect = \"Allow\",\n Principal = {\n \"AWS\" : \"arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root\"\n },\n Action = [\n \"ecr:ReplicateImage\"\n ],\n Resource = [\n \"arn:${data.aws_partition.current.partition}:ecr:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:repository/*\"\n ]\n }\n ]\n })}" + } + argumentDocs: + policy: '- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide' + registry_id: '- The registry ID where the registry was created.' + aws_ecr_replication_configuration: + subCategory: ECR + description: Provides an Elastic Container Registry Replication Configuration. + name: aws_ecr_replication_configuration + titleName: aws_ecr_replication_configuration + examples: + - manifest: |- + { + "replication_configuration": [ + { + "rule": [ + { + "destination": [ + { + "region": "${data.aws_regions.example.names[0]}", + "registry_id": "${data.aws_caller_identity.current.account_id}" + } + ] + } + ] + } + ] + } + - manifest: |- + { + "replication_configuration": [ + { + "rule": [ + { + "destination": [ + { + "region": "${data.aws_regions.example.names[0]}", + "registry_id": "${data.aws_caller_identity.current.account_id}" + }, + { + "region": "${data.aws_regions.example.names[1]}", + "registry_id": "${data.aws_caller_identity.current.account_id}" + } + ] + } + ] + } + ] + } + argumentDocs: + destination: '- (Required) the details of a replication destination. See Destination.' + region: '- (Required) A Region to replicate to.' + registry_id: '- The registry ID where the replication configuration was created.' + replication_configuration: '- (Required) Replication configuration for a registry. See Replication Configuration.' + rule: '- (Required) The replication rules for a replication configuration. See Rule.' + aws_ecr_repository: + subCategory: ECR + description: Provides an Elastic Container Registry Repository. + name: aws_ecr_repository + titleName: aws_ecr_repository + examples: + - manifest: |- + { + "image_scanning_configuration": [ + { + "scan_on_push": true + } + ], + "image_tag_mutability": "MUTABLE", + "name": "bar" + } + argumentDocs: + arn: '- Full ARN of the repository.' + delete: '- (Default 20 minutes) How long to wait for a repository to be deleted.' + encryption_configuration: '- (Optional) Encryption configuration for the repository. See below for schema.' + encryption_type: '- (Optional) The encryption type to use for the repository. Valid values are AES256 or KMS. Defaults to AES256.' + image_scanning_configuration: '- (Optional) Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the ECR User Guide for more information about image scanning.' + image_tag_mutability: '- (Optional) The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE.' + kms_key: '- (Optional) The ARN of the KMS key to use when encryption_type is KMS. If not specified, uses the default AWS managed key for ECR.' + name: '- (Required) Name of the repository.' + registry_id: '- The registry ID where the repository was created.' + repository_url: '- The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName).' + scan_on_push: '- (Required) Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false).' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ecr_repository_policy: + subCategory: ECR + description: Provides an Elastic Container Registry Repository Policy. + name: aws_ecr_repository_policy + titleName: aws_ecr_repository_policy + examples: + - manifest: |- + { + "policy": "{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"new policy\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\"\n ]\n }\n ]\n}\n", + "repository": "${aws_ecr_repository.foo.name}" + } + references: + repository: aws_ecr_repository.name + argumentDocs: + policy: '- (Required) The policy document. This is a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide' + registry_id: '- The registry ID where the repository was created.' + repository: '- The name of the repository.' + aws_ecrpublic_repository: + subCategory: ECR + description: Provides a Public Elastic Container Registry Repository. + name: aws_ecrpublic_repository + titleName: aws_ecrpublic_repository + examples: + - manifest: |- + { + "catalog_data": [ + { + "about_text": "About Text", + "architectures": [ + "ARM" + ], + "description": "Description", + "logo_image_blob": "${filebase64(image.png)}", + "operating_systems": [ + "Linux" + ], + "usage_text": "Usage Text" + } + ], + "provider": "${aws.us_east_1}", + "repository_name": "bar" + } + references: + provider: aws.us_east_1 + argumentDocs: + about_text: '- (Optional) A detailed description of the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The text must be in markdown format.' + architectures: '- (Optional) The system architecture that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported architectures will appear as badges on the repository and are used as search filters: ARM, ARM 64, x86, x86-64' + arn: '- Full ARN of the repository.' + catalog_data: '- (Optional) Catalog data configuration for the repository. See below for schema.' + delete: '- (Default 20 minutes) How long to wait for a repository to be deleted.' + description: '- (Optional) A short description of the contents of the repository. This text appears in both the image details and also when searching for repositories on the Amazon ECR Public Gallery.' + id: '- The repository name.' + logo_image_blob: '- (Optional) The base64-encoded repository logo payload. (Only visible for verified accounts) Note that drift detection is disabled for this attribute.' + operating_systems: '- (Optional) The operating systems that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported operating systems will appear as badges on the repository and are used as search filters: Linux, Windows' + registry_id: '- The registry ID where the repository was created.' + repository_name: '- (Required) Name of the repository.' + repository_uri: '- The URI of the repository.' + usage_text: '- (Optional) Detailed information on how to use the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The usage text provides context, support information, and additional usage details for users of the repository. The text must be in markdown format.' + aws_ecs_capacity_provider: + subCategory: ECS + description: Provides an ECS cluster capacity provider. + name: aws_ecs_capacity_provider + titleName: aws_ecs_capacity_provider + examples: + - manifest: |- + { + "auto_scaling_group_provider": [ + { + "auto_scaling_group_arn": "${aws_autoscaling_group.test.arn}", + "managed_scaling": [ + { + "maximum_scaling_step_size": 1000, + "minimum_scaling_step_size": 1, + "status": "ENABLED", + "target_capacity": 10 + } + ], + "managed_termination_protection": "ENABLED" + } + ], + "name": "test" + } + argumentDocs: + arn: '- ARN that identifies the capacity provider.' + auto_scaling_group_arn: '- (Required) - ARN of the associated auto scaling group.' + auto_scaling_group_provider: '- (Required) Configuration block for the provider for the ECS auto scaling group. Detailed below.' + id: '- ARN that identifies the capacity provider.' + instance_warmup_period: '- (Optional) Period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of 300 seconds is used.' + managed_scaling: '- (Optional) - Configuration block defining the parameters of the auto scaling. Detailed below.' + managed_termination_protection: '- (Optional) - Enables or disables container-aware termination of instances in the auto scaling group when scale-in happens. Valid values are ENABLED and DISABLED.' + maximum_scaling_step_size: '- (Optional) Maximum step adjustment size. A number between 1 and 10,000.' + minimum_scaling_step_size: '- (Optional) Minimum step adjustment size. A number between 1 and 10,000.' + name: '- (Required) Name of the capacity provider.' + status: '- (Optional) Whether auto scaling is managed by ECS. Valid values are ENABLED and DISABLED.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_capacity: '- (Optional) Target utilization for the capacity provider. A number between 1 and 100.' + aws_ecs_cluster: + subCategory: ECS + description: Provides an ECS cluster. + name: aws_ecs_cluster + titleName: aws_ecs_cluster + examples: + - manifest: |- + { + "name": "white-hart", + "setting": [ + { + "name": "containerInsights", + "value": "enabled" + } + ] + } + - manifest: |- + { + "configuration": [ + { + "execute_command_configuration": [ + { + "kms_key_id": "${aws_kms_key.example.arn}", + "log_configuration": [ + { + "cloud_watch_encryption_enabled": true, + "cloud_watch_log_group_name": "${aws_cloudwatch_log_group.example.name}" + } + ], + "logging": "OVERRIDE" + } + ] + } + ], + "name": "example" + } + argumentDocs: + arn: '- ARN that identifies the cluster.' + base: '- (Optional) The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined.' + capacity_provider: '- (Required) The short name of the capacity provider.' + capacity_providers: '- (Optional) List of short names of one or more capacity providers to associate with the cluster. Valid values also include FARGATE and FARGATE_SPOT.' + cloud_watch_encryption_enabled: '- (Optional) Whether or not to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled.' + cloud_watch_log_group_name: '- (Optional) The name of the CloudWatch log group to send logs to.' + configuration: '- (Optional) The execute command configuration for the cluster. Detailed below.' + default_capacity_provider_strategy: '- (Optional) Configuration block for capacity provider strategy to use by default for the cluster. Can be one or more. Detailed below.' + execute_command_configuration: '- (Optional) The details of the execute command configuration. Detailed below.' + id: '- ARN that identifies the cluster.' + kms_key_id: '- (Optional) The AWS Key Management Service key ID to encrypt the data between the local client and the container.' + log_configuration: '- (Optional) The log configuration for the results of the execute command actions Required when logging is OVERRIDE. Detailed below.' + logging: '- (Optional) The log setting to use for redirecting logs for your execute command results. Valid values are NONE, DEFAULT, and OVERRIDE.' + name: '- (Required) Name of the setting to manage. Valid values: containerInsights.' + s3_bucket_encryption_enabled: '- (Optional) Whether or not to enable encryption on the logs sent to S3. If not specified, encryption will be disabled.' + s3_bucket_name: '- (Optional) The name of the S3 bucket to send logs to.' + s3_key_prefix: '- (Optional) An optional folder in the S3 bucket to place logs in.' + setting: '- (Optional) Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster. Detailed below.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value to assign to the setting. Value values are enabled and disabled.' + weight: '- (Optional) The relative percentage of the total number of launched tasks that should use the specified capacity provider.' + aws_ecs_service: + subCategory: ECS + description: Provides an ECS service. + name: aws_ecs_service + titleName: aws_ecs_service + examples: + - manifest: |- + { + "cluster": "${aws_ecs_cluster.foo.id}", + "depends_on": [ + "${aws_iam_role_policy.foo}" + ], + "desired_count": 3, + "iam_role": "${aws_iam_role.foo.arn}", + "load_balancer": [ + { + "container_name": "mongo", + "container_port": 8080, + "target_group_arn": "${aws_lb_target_group.foo.arn}" + } + ], + "name": "mongodb", + "ordered_placement_strategy": [ + { + "field": "cpu", + "type": "binpack" + } + ], + "placement_constraints": [ + { + "expression": "attribute:ecs.availability-zone in [us-west-2a, us-west-2b]", + "type": "memberOf" + } + ], + "task_definition": "${aws_ecs_task_definition.mongo.arn}" + } + references: + cluster: aws_ecs_cluster.id + iam_role: aws_iam_role.arn + task_definition: aws_ecs_task_definition.arn + - manifest: |- + { + "desired_count": 2, + "lifecycle": [ + { + "ignore_changes": [ + "${desired_count}" + ] + } + ] + } + - manifest: |- + { + "cluster": "${aws_ecs_cluster.foo.id}", + "name": "bar", + "scheduling_strategy": "DAEMON", + "task_definition": "${aws_ecs_task_definition.bar.arn}" + } + references: + cluster: aws_ecs_cluster.id + task_definition: aws_ecs_task_definition.arn + - manifest: |- + { + "cluster": "${aws_ecs_cluster.example.id}", + "deployment_controller": [ + { + "type": "EXTERNAL" + } + ], + "name": "example" + } + references: + cluster: aws_ecs_cluster.id + argumentDocs: + CODE_DEPLOY: or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy + assign_public_ip: '- (Optional) Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false.' + base: '- (Optional) Number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined.' + capacity_provider: '- (Required) Short name of the capacity provider.' + capacity_provider_strategy: '- (Optional) Capacity provider strategy to use for the service. Can be one or more. Detailed below.' + cluster: '- Amazon Resource Name (ARN) of cluster which the service runs on.' + container_name: '- (Optional) Container name value, already specified in the task definition, to be used for your service discovery service.' + container_port: '- (Optional) Port value, already specified in the task definition, to be used for your service discovery service.' + delete: '- (Default 20 minutes)' + deployment_circuit_breaker: '- (Optional) Configuration block for deployment circuit breaker. Detailed below.' + deployment_controller: '- (Optional) Configuration block for deployment controller configuration. Detailed below.' + deployment_maximum_percent: '- (Optional) Upper limit (as a percentage of the service''s desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the DAEMON scheduling strategy.' + deployment_minimum_healthy_percent: '- (Optional) Lower limit (as a percentage of the service''s desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.' + desired_count: '- Number of instances of the task definition.' + elb_name: '- (Required for ELB Classic) Name of the ELB (Classic) to associate with the service.' + enable: '- (Required) Whether to enable the deployment circuit breaker logic for the service.' + enable_ecs_managed_tags: '- (Optional) Specifies whether to enable Amazon ECS managed tags for the tasks within the service.' + enable_execute_command: '- (Optional) Specifies whether to enable Amazon ECS Exec for the tasks within the service.' + expression: '- (Optional) Cluster Query Language expression to apply to the constraint. Does not need to be specified for the distinctInstance type. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.' + field: |- + - (Optional) For the spread placement strategy, valid values are instanceId (or host, + which has the same effect), or any platform or custom attribute that is applied to a container instance. + For the binpack type, valid values are memory and cpu. For the random type, this attribute is not + needed. For more information, see Placement Strategy. + force_new_deployment: '- (Optional) Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version, or immediately deploy ordered_placement_strategy and placement_constraints updates.' + health_check_grace_period_seconds: '- (Optional) Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Only valid for services configured to use load balancers.' + iam_role: '- ARN of IAM role used for ELB.' + id: '- ARN that identifies the service.' + launch_type: '- (Optional) Launch type on which to run your service. The valid values are EC2, FARGATE, and EXTERNAL. Defaults to EC2.' + load_balancer: '- (Optional) Configuration block for load balancers. Detailed below.' + name: '- Name of the service.' + network_configuration: '- (Optional) Network configuration for the service. This parameter is required for task definitions that use the awsvpc network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.' + ordered_placement_strategy: '- (Optional) Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless force_new_deployment is enabled. The maximum number of ordered_placement_strategy blocks is 5. Detailed below.' + placement_constraints: '- (Optional) Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless force_new_deployment is enabled. Maximum number of placement_constraints is 10. Detailed below.' + platform_version: '- (Optional) Platform version on which to run your service. Only applicable for launch_type set to FARGATE. Defaults to LATEST. More information about Fargate platform versions can be found in the AWS ECS User Guide.' + port: '- (Optional) Port value used if your Service Discovery service specified an SRV record.' + propagate_tags: '- (Optional) Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION.' + registry_arn: '- (Required) ARN of the Service Registry. The currently supported service registry is Amazon Route 53 Auto Naming Service(aws_service_discovery_service). For more information, see Service' + rollback: '- (Required) Whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.' + scheduling_strategy: '- (Optional) Scheduling strategy to use for the service. The valid values are REPLICA and DAEMON. Defaults to REPLICA. Note that Tasks using the Fargate launch type or the .' + security_groups: '- (Optional) Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.' + service_registries: '- (Optional) Service discovery registries for the service. The maximum number of service_registries blocks is 1. Detailed below.' + subnets: '- (Required) Subnets associated with the task or service.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_group_arn: '- (Required for ALB/NLB) ARN of the Load Balancer target group to associate with the service.' + task_definition: '- (Optional) Family and revision (family:revision) or full ARN of the task definition that you want to run in your service. Required unless using the EXTERNAL deployment controller. If a revision is not specified, the latest ACTIVE revision is used.' + type: '- (Required) Type of constraint. The only valid values at this time are memberOf and distinctInstance.' + wait_for_steady_state: '- (Optional) If true, Terraform will wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing. Default false.' + weight: '- (Required) Relative percentage of the total number of launched tasks that should use the specified capacity provider.' + aws_ecs_tag: + subCategory: ECS + description: Manages an individual ECS resource tag + name: aws_ecs_tag + titleName: aws_ecs_tag + examples: + - manifest: |- + { + "key": "Name", + "resource_arn": "${aws_batch_compute_environment.example.ecs_cluster_arn}", + "value": "Hello World" + } + references: + resource_arn: aws_batch_compute_environment.ecs_cluster_arn + argumentDocs: + id: '- ECS resource identifier and key, separated by a comma (,)' + key: '- (Required) Tag name.' + resource_arn: '- (Required) Amazon Resource Name (ARN) of the ECS resource to tag.' + value: '- (Required) Tag value.' + aws_ecs_task_definition: + subCategory: ECS + description: Manages a revision of an ECS task definition. + name: aws_ecs_task_definition + titleName: aws_ecs_task_definition + examples: + - manifest: |- + { + "container_definitions": "${jsonencode([\n {\n name = \"first\"\n image = \"service-first\"\n cpu = 10\n memory = 512\n essential = true\n portMappings = [\n {\n containerPort = 80\n hostPort = 80\n }\n ]\n },\n {\n name = \"second\"\n image = \"service-second\"\n cpu = 10\n memory = 256\n essential = true\n portMappings = [\n {\n containerPort = 443\n hostPort = 443\n }\n ]\n }\n ])}", + "family": "service", + "placement_constraints": [ + { + "expression": "attribute:ecs.availability-zone in [us-west-2a, us-west-2b]", + "type": "memberOf" + } + ], + "volume": [ + { + "host_path": "/ecs/service-storage", + "name": "service-storage" + } + ] + } + - manifest: |- + { + "container_definitions": "${file(\"task-definitions/service.json\")}", + "family": "service", + "proxy_configuration": [ + { + "container_name": "applicationContainerName", + "properties": { + "AppPorts": "8080", + "EgressIgnoredIPs": "169.254.170.2,169.254.169.254", + "IgnoredUID": "1337", + "ProxyEgressPort": 15001, + "ProxyIngressPort": 15000 + }, + "type": "APPMESH" + } + ] + } + - manifest: |- + { + "container_definitions": "${file(\"task-definitions/service.json\")}", + "family": "service", + "volume": [ + { + "docker_volume_configuration": [ + { + "autoprovision": true, + "driver": "local", + "driver_opts": { + "device": "${aws_efs_file_system.fs.dns_name}:/", + "o": "addr=${aws_efs_file_system.fs.dns_name},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport", + "type": "nfs" + }, + "scope": "shared" + } + ], + "name": "service-storage" + } + ] + } + - manifest: |- + { + "container_definitions": "${file(\"task-definitions/service.json\")}", + "family": "service", + "volume": [ + { + "efs_volume_configuration": [ + { + "authorization_config": [ + { + "access_point_id": "${aws_efs_access_point.test.id}", + "iam": "ENABLED" + } + ], + "file_system_id": "${aws_efs_file_system.fs.id}", + "root_directory": "/opt/data", + "transit_encryption": "ENABLED", + "transit_encryption_port": 2999 + } + ], + "name": "service-storage" + } + ] + } + - manifest: |- + { + "container_definitions": "${file(\"task-definitions/service.json\")}", + "family": "service", + "volume": [ + { + "fsx_windows_file_server_volume_configuration": [ + { + "authorization_config": [ + { + "credentials_parameter": "${aws_secretsmanager_secret_version.test.arn}", + "domain": "${aws_directory_service_directory.test.name}" + } + ], + "file_system_id": "${aws_fsx_windows_file_system.test.id}", + "root_directory": "\\data" + } + ], + "name": "service-storage" + } + ] + } + - manifest: |- + { + "container_definitions": "[\n\t{\n\t\t\"cpu\": 10,\n\t\t\"command\": [\"sleep\", \"10\"],\n\t\t\"entryPoint\": [\"/\"],\n\t\t\"environment\": [\n\t\t\t{\"name\": \"VARNAME\", \"value\": \"VARVAL\"}\n\t\t],\n\t\t\"essential\": true,\n\t\t\"image\": \"jenkins\",\n\t\t\"memory\": 128,\n\t\t\"name\": \"jenkins\",\n\t\t\"portMappings\": [\n\t\t\t{\n\t\t\t\t\"containerPort\": 80,\n\t\t\t\t\"hostPort\": 8080\n\t\t\t}\n\t\t],\n \"resourceRequirements\":[\n {\n \"type\":\"InferenceAccelerator\",\n \"value\":\"device_1\"\n }\n ]\n\t}\n]\n", + "family": "test", + "inference_accelerator": [ + { + "device_name": "device_1", + "device_type": "eia1.medium" + } + ] + } + argumentDocs: + access_point_id: '- (Optional) Access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration.' + arn: '- Full ARN of the Task Definition (including both family and revision).' + authorization_config: '- (Required) Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below.' + autoprovision: '- (Optional) If this value is true, the Docker volume is created if it does not already exist. Note: This field is only used if the scope is shared.' + container_definitions: '- (Required) A list of valid container definitions provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the Task Definition Parameters section from the official Developer Guide.' + container_name: '- (Required) Name of the container that will serve as the App Mesh proxy.' + cpu: '- (Optional) Number of cpu units used by the task. If the requires_compatibilities is FARGATE this field is required.' + credentials_parameter: '- (Required) The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an AWS Secrets Manager secret or AWS Systems Manager Parameter Store parameter. The ARNs refer to the stored credentials.' + device_name: '- (Required) Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement.' + device_type: '- (Required) Elastic Inference accelerator type to use.' + docker_volume_configuration: '- (Optional) Configuration block to configure a docker volume. Detailed below.' + domain: '- (Required) A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.' + driver: '- (Optional) Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement.' + driver_opts: '- (Optional) Map of Docker driver specific options.' + efs_volume_configuration: '- (Optional) Configuration block for an EFS volume. Detailed below.' + ephemeral_storage: '- (Optional) The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.' + execution_role_arn: '- (Optional) ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.' + expression: '- (Optional) Cluster Query Language expression to apply to the constraint. For more information, see Cluster Query Language in the Amazon EC2 Container Service Developer Guide.' + family: '- (Required) A unique name for your task definition.' + file_system_id: '- (Required) The Amazon FSx for Windows File Server file system ID to use.' + fsx_windows_file_server_volume_configuration: '- (Optional) Configuration block for an FSX Windows File Server volume. Detailed below.' + host_path: '- (Optional) Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished.' + iam: '- (Optional) Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. Valid values: ENABLED, DISABLED. If this parameter is omitted, the default value of DISABLED is used.' + inference_accelerator: '- (Optional) Configuration block(s) with Inference Accelerators settings. Detailed below.' + ipc_mode: '- (Optional) IPC resource namespace to be used for the containers in the task The valid values are host, task, and none.' + labels: '- (Optional) Map of custom metadata to add to your Docker volume.' + memory: '- (Optional) Amount (in MiB) of memory used by the task. If the requires_compatibilities is FARGATE this field is required.' + name: |- + - (Required) Name of the volume. This name is referenced in the sourceVolume + parameter of container definition in the mountPoints section. + network_mode: '- (Optional) Docker networking mode to use for the containers in the task. Valid values are none, bridge, awsvpc, and host.' + pid_mode: '- (Optional) Process namespace to use for the containers in the task. The valid values are host and task.' + placement_constraints: '- (Optional) Configuration block for rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Detailed below.' + properties: '- (Required) Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping.' + proxy_configuration: '- (Optional) Configuration block for the App Mesh proxy. Detailed below.' + requires_compatibilities: '- (Optional) Set of launch types required by the task. The valid values are EC2 and FARGATE.' + revision: '- Revision of the task in a particular family.' + root_directory: '- (Required) The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.' + scope: '- (Optional) Scope for the Docker volume, which determines its lifecycle, either task or shared. Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared persist after the task stops.' + size_in_gib: '- (Required) The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + task_role_arn: '- (Optional) ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.' + transit_encryption: '- (Optional) Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. Valid values: ENABLED, DISABLED. If this parameter is omitted, the default value of DISABLED is used.' + transit_encryption_port: '- (Optional) Port to use for transit encryption. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses.' + type: '- (Optional) Proxy type. The default value is APPMESH. The only supported value is APPMESH.' + volume: '- (Optional) Configuration block for volumes that containers in your task may use. Detailed below.' + aws_efs_access_point: + subCategory: EFS + description: Provides an Elastic File System (EFS) access point. + name: aws_efs_access_point + titleName: aws_efs_access_point + examples: + - manifest: |- + { + "file_system_id": "${aws_efs_file_system.foo.id}" + } + references: + file_system_id: aws_efs_file_system.id + argumentDocs: + arn: '- ARN of the access point.' + creation_info: '- (Optional) POSIX IDs and permissions to apply to the access point''s Root Directory. See Creation Info below.' + file_system_arn: '- ARN of the file system.' + file_system_id: '- (Required) ID of the file system for which the access point is intended.' + gid: '- (Required) POSIX group ID used for all file system operations using this access point.' + id: '- ID of the access point.' + owner_gid: '- (Required) POSIX group ID to apply to the root_directory.' + owner_uid: '- (Required) POSIX user ID to apply to the root_directory.' + path: '- (Optional) Path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified path does not exist, you are required to provide creation_info.' + permissions: '- (Required) POSIX permissions to apply to the RootDirectory, in the format of an octal number representing the file''s mode bits.' + posix_user: '- (Optional) Operating system user and group applied to all file system requests made using the access point. Detailed below.' + root_directory: '- (Optional) Directory on the Amazon EFS file system that the access point provides access to. Detailed below.' + secondary_gids: '- (Optional) Secondary POSIX group IDs used for all file system operations using this access point.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + uid: '- (Required) POSIX user ID used for all file system operations using this access point.' + aws_efs_backup_policy: + subCategory: EFS + description: Provides an Elastic File System (EFS) Backup Policy resource. + name: aws_efs_backup_policy + titleName: aws_efs_backup_policy + examples: + - manifest: |- + { + "backup_policy": [ + { + "status": "ENABLED" + } + ], + "file_system_id": "${aws_efs_file_system.fs.id}" + } + references: + file_system_id: aws_efs_file_system.id + argumentDocs: + backup_policy: '- (Required) A backup_policy object (documented below).' + file_system_id: '- (Required) The ID of the EFS file system.' + id: '- The ID that identifies the file system (e.g. fs-ccfc0d65).' + status: '- (Required) A status of the backup policy. Valid values: ENABLED, DISABLED.' + aws_efs_file_system: + subCategory: EFS + description: Provides an Elastic File System (EFS) File System resource. + name: aws_efs_file_system + titleName: aws_efs_file_system + examples: + - manifest: |- + { + "creation_token": "my-product", + "tags": { + "Name": "MyProduct" + } + } + - manifest: |- + { + "creation_token": "my-product", + "lifecycle_policy": [ + { + "transition_to_ia": "AFTER_30_DAYS" + } + ] + } + argumentDocs: + arn: '- Amazon Resource Name of the file system.' + availability_zone_id: '- The identifier of the Availability Zone in which the file system''s One Zone storage classes exist.' + availability_zone_name: '- (Optional) the AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes. See user guide for more information.' + creation_token: |- + - (Optional) A unique name (a maximum of 64 characters are allowed) + used as reference when creating the Elastic File System to ensure idempotent file + system creation. By default generated by Terraform. See Elastic File System + user guide for more information. + dns_name: '- The DNS name for the filesystem per documented convention.' + encrypted: '- (Optional) If true, the disk will be encrypted.' + id: '- The ID that identifies the file system (e.g. fs-ccfc0d65).' + kms_key_id: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true.' + lifecycle_policy: '- (Optional) A file system lifecycle policy object (documented below).' + number_of_mount_targets: '- The current number of mount targets that the file system has.' + owner_id: '- The AWS account that created the file system. If the file system was createdby an IAM user, the parent account to which the user belongs is the owner.' + performance_mode: '- (Optional) The file system performance mode. Can be either "generalPurpose" or "maxIO" (Default: "generalPurpose").' + provisioned_throughput_in_mibps: '- (Optional) The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput_mode set to provisioned.' + size_in_bytes: '- The latest known metered size (in bytes) of data stored in the file system, the value is not the exact size that the file system was at any point in time. See Size In Bytes.' + tags: '- (Optional) A map of tags to assign to the file system. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + throughput_mode: '- (Optional) Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned. When using provisioned, also set provisioned_throughput_in_mibps.' + transition_to_ia: '- (Required) Indicates how long it takes to transition files to the IA storage class. Valid values: AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, or AFTER_90_DAYS.' + value: '- The latest known metered size (in bytes) of data stored in the file system.' + value_in_ia: '- The latest known metered size (in bytes) of data stored in the Infrequent Access storage class.' + value_in_standard: '- The latest known metered size (in bytes) of data stored in the Standard storage class.' + aws_efs_file_system_policy: + subCategory: EFS + description: Provides an Elastic File System (EFS) File System Policy resource. + name: aws_efs_file_system_policy + titleName: aws_efs_file_system_policy + examples: + - manifest: |- + { + "file_system_id": "${aws_efs_file_system.fs.id}", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"ExamplePolicy01\",\n \"Statement\": [\n {\n \"Sid\": \"ExampleStatement01\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Resource\": \"${aws_efs_file_system.test.arn}\",\n \"Action\": [\n \"elasticfilesystem:ClientMount\",\n \"elasticfilesystem:ClientWrite\"\n ],\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"true\"\n }\n }\n }\n ]\n}\n" + } + references: + file_system_id: aws_efs_file_system.id + argumentDocs: + file_system_id: '- (Required) The ID of the EFS file system.' + id: '- The ID that identifies the file system (e.g. fs-ccfc0d65).' + policy: '- (Required) The JSON formatted file system policy for the EFS file system. see Docs for more info.' + aws_efs_mount_target: + subCategory: EFS + description: Provides an Elastic File System (EFS) mount target. + name: aws_efs_mount_target + titleName: aws_efs_mount_target + examples: + - manifest: |- + { + "file_system_id": "${aws_efs_file_system.foo.id}", + "subnet_id": "${aws_subnet.alpha.id}" + } + references: + file_system_id: aws_efs_file_system.id + subnet_id: aws_subnet.id + argumentDocs: + availability_zone_id: '- The unique and consistent identifier of the Availability Zone (AZ) that the mount target resides in.' + availability_zone_name: '- The name of the Availability Zone (AZ) that the mount target resides in.' + dns_name: '- The DNS name for the EFS file system.' + file_system_arn: '- Amazon Resource Name of the file system.' + file_system_id: '- (Required) The ID of the file system for which the mount target is intended.' + id: '- The ID of the mount target.' + ip_address: |- + - (Optional) The address (within the address range of the specified subnet) at + which the file system may be mounted via the mount target. + mount_target_dns_name: '- The DNS name for the given subnet/AZ per documented convention.' + network_interface_id: '- The ID of the network interface that Amazon EFS created when it created the mount target.' + owner_id: '- AWS account ID that owns the resource.' + security_groups: |- + - (Optional) A list of up to 5 VPC security group IDs (that must + be for the same VPC as subnet specified) in effect for the mount target. + subnet_id: '- (Required) The ID of the subnet to add the mount target in.' + aws_egress_only_internet_gateway: + subCategory: VPC + description: Provides a resource to create an egress-only Internet gateway. + name: aws_egress_only_internet_gateway + titleName: aws_egress_only_internet_gateway + examples: + - manifest: |- + { + "tags": { + "Name": "main" + }, + "vpc_id": "${aws_vpc.example.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + id: '- The ID of the egress-only Internet gateway.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Required) The VPC ID to create in.' + aws_eip: + subCategory: EC2 + description: Provides an Elastic IP resource. + name: aws_eip + titleName: aws_eip + examples: + - manifest: |- + { + "instance": "${aws_instance.web.id}", + "vpc": true + } + references: + instance: aws_instance.id + - manifest: |- + { + "associate_with_private_ip": "10.0.0.10", + "network_interface": "${aws_network_interface.multi-ip.id}", + "vpc": true + } + references: + network_interface: aws_network_interface.id + - manifest: |- + { + "associate_with_private_ip": "10.0.0.11", + "network_interface": "${aws_network_interface.multi-ip.id}", + "vpc": true + } + references: + network_interface: aws_network_interface.id + - manifest: |- + { + "associate_with_private_ip": "10.0.0.12", + "depends_on": [ + "${aws_internet_gateway.gw}" + ], + "instance": "${aws_instance.foo.id}", + "vpc": true + } + references: + instance: aws_instance.id + - manifest: |- + { + "public_ipv4_pool": "ipv4pool-ec2-012345", + "vpc": true + } + argumentDocs: + address: '- (Optional) IP address from an EC2 BYOIP pool. This option is only available for VPC EIPs.' + allocation_id: '- ID that AWS assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.' + associate_with_private_ip: '- (Optional) User-specified primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.' + association_id: '- ID representing the association of the address with an instance in a VPC.' + carrier_ip: '- Carrier IP address.' + customer_owned_ip: '- Customer owned IP.' + customer_owned_ipv4_pool: '- (Optional) ID of a customer-owned address pool. For more on customer owned IP addressed check out Customer-owned IP addresses guide.' + delete: '- (Default 3 minutes) How long to wait for an EIP to be deleted.' + domain: '- Indicates if this EIP is for use in VPC (vpc) or EC2 Classic (standard).' + id: '- Contains the EIP allocation ID.' + instance: '- (Optional) EC2 instance ID.' + network_border_group: '- (Optional) Location from which the IP address is advertised. Use this parameter to limit the address to this location.' + network_interface: '- (Optional) Network interface ID to associate with.' + private_dns: '- The Private DNS associated with the Elastic IP address (if in VPC).' + private_ip: '- Contains the private IP address (if in VPC).' + public_dns: '- Public DNS associated with the Elastic IP address.' + public_ip: '- Contains the public IP address.' + public_ipv4_pool: '- (Optional) EC2 IPv4 address pool identifier or amazon. This option is only available for VPC EIPs.' + read: '- (Default 15 minutes) How long to wait querying for information about EIPs.' + tags: '- (Optional) Map of tags to assign to the resource. Tags can only be applied to EIPs in a VPC. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 5 minutes) How long to wait for an EIP to be updated.' + vpc: '- (Optional) Boolean if the EIP is in a VPC or not.' + aws_eip_association: + subCategory: EC2 + description: Provides an AWS EIP Association + name: aws_eip_association + titleName: aws_eip_association + examples: + - manifest: |- + { + "allocation_id": "${aws_eip.example.id}", + "instance_id": "${aws_instance.web.id}" + } + references: + allocation_id: aws_eip.id + instance_id: aws_instance.id + argumentDocs: + allocation_id: '- As above' + allow_reassociation: |- + - (Optional, Boolean) Whether to allow an Elastic IP to + be re-associated. Defaults to true in VPC. + association_id: |- + - The ID that represents the association of the Elastic IP + address with an instance. + instance_id: '- As above' + network_interface_id: '- As above' + private_ip_address: '- As above' + public_ip: '- As above' + aws_eks_addon: + subCategory: EKS + description: Manages an EKS add-on + name: aws_eks_addon + titleName: aws_eks_addon + examples: + - manifest: |- + { + "addon_name": "vpc-cni", + "cluster_name": "${aws_eks_cluster.example.name}" + } + references: + cluster_name: aws_eks_cluster.name + argumentDocs: + addon_name: |- + – (Required) Name of the EKS add-on. The name must match one of + the names returned by list-addon. + addon_version: |- + – (Optional) The version of the EKS add-on. The version must + match one of the versions returned by describe-addon-versions. + arn: '- Amazon Resource Name (ARN) of the EKS add-on.' + cluster_name: – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (^[0-9A-Za-z][A-Za-z0-9\-_]+$). + created_at: '- Date and time in RFC3339 format that the EKS add-on was created.' + id: '- EKS Cluster name and EKS Addon name separated by a colon (:).' + modified_at: '- Date and time in RFC3339 format that the EKS add-on was updated.' + resolve_conflicts: |- + - (Optional) Define how to resolve parameter value conflicts + when migrating an existing add-on to an Amazon EKS add-on or when applying + version updates to the add-on. Valid values are NONE and OVERWRITE. + service_account_role_arn: |- + - (Optional) The Amazon Resource Name (ARN) of an + existing IAM role to bind to the add-on's service account. The role must be + assigned the IAM permissions required by the add-on. If you don't specify + an existing IAM role, then the add-on uses the permissions assigned to the node + IAM role. For more information, see Amazon EKS node IAM role + in the Amazon EKS User Guide. + status: '- Status of the EKS add-on.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- (Optional) Key-value map of resource tags, including those inherited from the provider default_tags configuration block.' + aws_eks_cluster: + subCategory: EKS + description: Manages an EKS Cluster + name: aws_eks_cluster + titleName: aws_eks_cluster + examples: + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy}", + "${aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController}" + ], + "name": "example", + "role_arn": "${aws_iam_role.example.arn}", + "vpc_config": [ + { + "subnet_ids": [ + "${aws_subnet.example1.id}", + "${aws_subnet.example2.id}" + ] + } + ] + } + references: + role_arn: aws_iam_role.arn + - manifest: |- + { + "depends_on": [ + "${aws_cloudwatch_log_group.example}" + ], + "enabled_cluster_log_types": [ + "api", + "audit" + ], + "name": "${var.cluster_name}" + } + references: + name: var.cluster_name + - manifest: '{}' + argumentDocs: + arn: '- ARN of the cluster.' + certificate_authority: '- Attribute block containing certificate-authority-data for your cluster. Detailed below.' + cluster_security_group_id: '- Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.' + create: '- (Default 30 minutes) How long to wait for the EKS Cluster to be created.' + created_at: '- Unix epoch timestamp in seconds for when the cluster was created.' + data: '- Base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.' + delete: '- (Default 15 minutes) How long to wait for the EKS Cluster to be deleted.' + enabled_cluster_log_types: '- (Optional) List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.' + encryption_config: '- (Optional) Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.' + endpoint: '- Endpoint for your Kubernetes API server.' + endpoint_private_access: '- (Optional) Whether the Amazon EKS private API server endpoint is enabled. Default is false.' + endpoint_public_access: '- (Optional) Whether the Amazon EKS public API server endpoint is enabled. Default is true.' + id: '- Name of the cluster.' + identity: '- Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.' + issuer: '- Issuer URL for the OpenID Connect identity provider.' + key_arn: '- (Required) ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.' + kubernetes_network_config: '- (Optional) Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, Terraform will only perform drift detection if a configuration value is provided.' + name: – (Required) Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (^[0-9A-Za-z][A-Za-z0-9\-_]+$). + oidc: '- Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.' + platform_version: '- Platform version for the cluster.' + provider: '- (Required) Configuration block with provider for encryption. Detailed below.' + public_access_cidrs: '- (Optional) List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. Terraform will only perform drift detection of its value when present in a configuration.' + resources: '- (Required) List of strings with resources to be encrypted. Valid values: secrets.' + role_arn: '- (Required) ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding depends_on if using the aws_iam_role_policy resource or aws_iam_role_policy_attachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.' + security_group_ids: – (Optional) List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. + service_ipv4_cidr: '- (Optional) The CIDR block to assign Kubernetes service IP addresses from. If you don''t specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:' + status: '- Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.' + subnet_ids: – (Required) List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane. + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: |- + - (Default 60 minutes) How long to wait for the EKS Cluster to be updated. + Note that the update timeout is used separately for both version and vpc_config update timeouts. + version: – (Optional) Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS. + vpc_config: '- Configuration block argument that also includes attributes for the VPC associated with your cluster. Detailed below.' + vpc_id: '- ID of the VPC associated with your cluster.' + aws_eks_fargate_profile: + subCategory: EKS + description: Manages an EKS Fargate Profile + name: aws_eks_fargate_profile + titleName: aws_eks_fargate_profile + examples: + - manifest: |- + { + "cluster_name": "${aws_eks_cluster.example.name}", + "fargate_profile_name": "example", + "pod_execution_role_arn": "${aws_iam_role.example.arn}", + "selector": [ + { + "namespace": "example" + } + ], + "subnet_ids": "${aws_subnet.example[*].id}" + } + references: + cluster_name: aws_eks_cluster.name + pod_execution_role_arn: aws_iam_role.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the EKS Fargate Profile.' + cluster_name: – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (^[0-9A-Za-z][A-Za-z0-9\-_]+$). + create: '- (Default 10 minutes) How long to wait for the EKS Fargate Profile to be created.' + delete: '- (Default 10 minutes) How long to wait for the EKS Fargate Profile to be deleted.' + fargate_profile_name: – (Required) Name of the EKS Fargate Profile. + id: '- EKS Cluster name and EKS Fargate Profile name separated by a colon (:).' + labels: '- (Optional) Key-value map of Kubernetes labels for selection.' + namespace: '- (Required) Kubernetes namespace for selection.' + pod_execution_role_arn: – (Required) Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile. + selector: '- (Required) Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.' + status: '- Status of the EKS Fargate Profile.' + subnet_ids: '– (Required) Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_eks_identity_provider_config: + subCategory: EKS + description: Manages an EKS Identity Provider Configuration. + name: aws_eks_identity_provider_config + titleName: aws_eks_identity_provider_config + examples: + - manifest: |- + { + "cluster_name": "${aws_eks_cluster.example.name}", + "oidc": [ + { + "client_id": "your client_id", + "identity_provider_config_name": "example", + "issuer_url": "your issuer_url" + } + ] + } + references: + cluster_name: aws_eks_cluster.name + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the EKS Identity Provider Configuration.' + client_id: – (Required) Client ID for the OpenID Connect identity provider. + cluster_name: – (Required) Name of the EKS Cluster. + create: '- (Default 40 minutes) How long to wait for the EKS Identity Provider Configuration to be associated.' + delete: '- (Default 40 minutes) How long to wait for the EKS Identity Provider Configuration to be disassociated.' + groups_claim: '- (Optional) The JWT claim that the provider will use to return groups.' + groups_prefix: '- (Optional) A prefix that is prepended to group claims e.g. oidc:.' + id: '- EKS Cluster name and EKS Identity Provider Configuration name separated by a colon (:).' + identity_provider_config_name: – (Required) The name of the identity provider config. + issuer_url: '- (Required) Issuer URL for the OpenID Connect identity provider.' + oidc: '- (Required) Nested attribute containing OpenID Connect identity provider information for the cluster. Detailed below.' + required_claims: '- (Optional) The key value pairs that describe required claims in the identity token.' + status: '- Status of the EKS Identity Provider Configuration.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + username_claim: '- (Optional) The JWT claim that the provider will use as the username.' + username_prefix: '- (Optional) A prefix that is prepended to username claims.' + aws_eks_node_group: + subCategory: EKS + description: Manages an EKS Node Group + name: aws_eks_node_group + titleName: aws_eks_node_group + examples: + - manifest: |- + { + "cluster_name": "${aws_eks_cluster.example.name}", + "depends_on": [ + "${aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy}", + "${aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy}", + "${aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly}" + ], + "node_group_name": "example", + "node_role_arn": "${aws_iam_role.example.arn}", + "scaling_config": [ + { + "desired_size": 1, + "max_size": 1, + "min_size": 1 + } + ], + "subnet_ids": "${aws_subnet.example[*].id}", + "update_config": [ + { + "max_unavailable": 2 + } + ] + } + references: + cluster_name: aws_eks_cluster.name + node_role_arn: aws_iam_role.arn + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${scaling_config[0].desired_size}" + ] + } + ], + "scaling_config": [ + { + "desired_size": 2 + } + ] + } + argumentDocs: + ami_type: '- (Optional) Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. Valid values: AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64, CUSTOM. Terraform will only perform drift detection if a configuration value is provided.' + arn: '- Amazon Resource Name (ARN) of the EKS Node Group.' + autoscaling_groups: '- List of objects containing information about AutoScaling Groups.' + capacity_type: '- (Optional) Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. Terraform will only perform drift detection if a configuration value is provided.' + cluster_name: – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (^[0-9A-Za-z][A-Za-z0-9\-_]+$). + create: '- (Default 60 minutes) How long to wait for the EKS Node Group to be created.' + delete: '- (Default 60 minutes) How long to wait for the EKS Node Group to be deleted.' + desired_size: '- (Required) Desired number of worker nodes.' + disk_size: '- (Optional) Disk size in GiB for worker nodes. Defaults to 20. Terraform will only perform drift detection if a configuration value is provided.' + ec2_ssh_key: '- (Optional) EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify source_security_group_ids when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).' + effect: '- (Required) The effect of the taint. Valid values: NO_SCHEDULE, NO_EXECUTE, PREFER_NO_SCHEDULE.' + force_update_version: '- (Optional) Force version update if existing pods are unable to be drained due to a pod disruption budget issue.' + id: '- EKS Cluster name and EKS Node Group name separated by a colon (:).' + instance_types: '- (Optional) Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. Terraform will only perform drift detection if a configuration value is provided.' + key: '- (Required) The key of the taint. Maximum length of 63.' + labels: '- (Optional) Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.' + launch_template: '- (Optional) Configuration block with Launch Template settings. Detailed below.' + max_size: '- (Required) Maximum number of worker nodes.' + max_unavailable: '- (Optional) Desired max number of unavailable worker nodes during node group update.' + max_unavailable_percentage: '- (Optional) Desired max percentage of unavailable worker nodes during node group update.' + min_size: '- (Required) Minimum number of worker nodes.' + name: '- Name of the AutoScaling Group.' + node_group_name: – (Optional) Name of the EKS Node Group. If omitted, Terraform will assign a random, unique name. Conflicts with node_group_name_prefix. + node_group_name_prefix: – (Optional) Creates a unique name beginning with the specified prefix. Conflicts with node_group_name. + node_role_arn: – (Required) Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group. + release_version: – (Optional) AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version. + remote_access: '- (Optional) Configuration block with remote access settings. Detailed below.' + remote_access_security_group_id: '- Identifier of the remote access EC2 Security Group.' + resources: '- List of objects containing information about underlying resources.' + scaling_config: '- (Required) Configuration block with scaling settings. Detailed below.' + source_security_group_ids: '- (Optional) Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify ec2_ssh_key, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).' + status: '- Status of the EKS Node Group.' + subnet_ids: '– (Required) Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + taint: '- (Optional) The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group. Detailed below.' + update: '- (Default 60 minutes) How long to wait for the EKS Node Group to be updated. Note that the update timeout is used separately for both configuration and version update operations.' + value: '- (Optional) The value of the taint. Maximum length of 63.' + version: '- (Required) EC2 Launch Template version number. While the API accepts values like $Default and $Latest, the API will convert the value to the associated version number (e.g. 1) on read and Terraform will show a difference on next plan. Using the default_version or latest_version attribute of the aws_launch_template resource or data source is recommended for this argument.' + aws_elastic_beanstalk_application: + subCategory: Elastic Beanstalk + description: Provides an Elastic Beanstalk Application Resource + name: aws_elastic_beanstalk_application + titleName: aws_elastic_beanstalk_application + examples: + - manifest: |- + { + "appversion_lifecycle": [ + { + "delete_source_from_s3": true, + "max_count": 128, + "service_role": "${aws_iam_role.beanstalk_service.arn}" + } + ], + "description": "tf-test-desc", + "name": "tf-test-name" + } + argumentDocs: + arn: '- The ARN assigned by AWS for this Elastic Beanstalk Application.' + delete_source_from_s3: '- (Optional) Set to true to delete a version''s source bundle from S3 when the application version is deleted.' + description: '- (Optional) Short description of the application' + max_age_in_days: '- (Optional) The number of days to retain an application version (''max_age_in_days'' and ''max_count'' cannot be enabled simultaneously.).' + max_count: '- (Optional) The maximum number of application versions to retain (''max_age_in_days'' and ''max_count'' cannot be enabled simultaneously.).' + name: '- (Required) The name of the application, must be unique within your account' + service_role: '- (Required) The ARN of an IAM service role under which the application version is deleted. Elastic Beanstalk must have permission to assume this role.' + tags: '- (Optional) Key-value map of tags for the Elastic Beanstalk Application. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_elastic_beanstalk_application_version: + subCategory: Elastic Beanstalk + description: Provides an Elastic Beanstalk Application Version Resource + name: aws_elastic_beanstalk_application_version + titleName: aws_elastic_beanstalk_application_version + examples: + - manifest: |- + { + "application": "tf-test-name", + "bucket": "${aws_s3_bucket.default.id}", + "description": "application version created by terraform", + "key": "${aws_s3_bucket_object.default.id}", + "name": "tf-test-version-label" + } + references: + bucket: aws_s3_bucket.id + key: aws_s3_bucket_object.id + argumentDocs: + application: '- (Required) Name of the Beanstalk Application the version is associated with.' + arn: '- ARN assigned by AWS for this Elastic Beanstalk Application.' + bucket: '- (Required) S3 bucket that contains the Application Version source bundle.' + description: '- (Optional) Short description of the Application Version.' + force_delete: '- (Optional) On delete, force an Application Version to be deleted when it may be in use by multiple Elastic Beanstalk Environments.' + key: '- (Required) S3 object that is the Application Version source bundle.' + name: '- (Required) Unique name for the this Application Version.' + tags: '- (Optional) Key-value map of tags for the Elastic Beanstalk Application Version. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_elastic_beanstalk_configuration_template: + subCategory: Elastic Beanstalk + description: Provides an Elastic Beanstalk Configuration Template + name: aws_elastic_beanstalk_configuration_template + titleName: aws_elastic_beanstalk_configuration_template + examples: + - manifest: |- + { + "application": "${aws_elastic_beanstalk_application.tftest.name}", + "name": "tf-test-template-config", + "solution_stack_name": "64bit Amazon Linux 2015.09 v2.0.8 running Go 1.4" + } + references: + application: aws_elastic_beanstalk_application.name + argumentDocs: + application: – (Required) name of the application to associate with this configuration template + description: '- (Optional) Short description of the Template' + environment_id: – (Optional) The ID of the environment used with this configuration template + name: '- name of the configuration option' + namespace: '- unique namespace identifying the option''s associated AWS resource' + resource: '- (Optional) resource name for scheduled action' + setting: |- + – (Optional) Option settings to configure the new Environment. These + override specific values that are set as defaults. The format is detailed + below in Option Settings + solution_stack_name: |- + – (Optional) A solution stack to base your Template + off of. Example stacks can be found in the Amazon API documentation + value: '- value for the configuration option' + aws_elastic_beanstalk_environment: + subCategory: Elastic Beanstalk + description: Provides an Elastic Beanstalk Environment Resource + name: aws_elastic_beanstalk_environment + titleName: aws_elastic_beanstalk_environment + examples: + - manifest: |- + { + "application": "${aws_elastic_beanstalk_application.tftest.name}", + "name": "tf-test-name", + "solution_stack_name": "64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4" + } + references: + application: aws_elastic_beanstalk_application.name + - manifest: |- + { + "application": "${aws_elastic_beanstalk_application.tftest.name}", + "name": "tf-test-name", + "setting": [ + { + "name": "VPCId", + "namespace": "aws:ec2:vpc", + "value": "vpc-xxxxxxxx" + }, + { + "name": "Subnets", + "namespace": "aws:ec2:vpc", + "value": "subnet-xxxxxxxx" + } + ], + "solution_stack_name": "64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4" + } + references: + application: aws_elastic_beanstalk_application.name + argumentDocs: + all_settings: |- + – List of all option settings configured in this Environment. These + are a combination of default settings and their overrides from setting in + the configuration. + application: – The Elastic Beanstalk Application specified for this environment. + autoscaling_groups: '- The autoscaling groups used by this Environment.' + cname: '- Fully qualified DNS name for this Environment.' + cname_prefix: |- + - (Optional) Prefix to use for the fully qualified DNS name of + the Environment. + description: '- Description of the Elastic Beanstalk Environment.' + endpoint_url: '- The URL to the Load Balancer for this Environment' + id: '- ID of the Elastic Beanstalk Environment.' + instances: '- Instances used by this Environment.' + launch_configurations: '- Launch configurations in use by this Environment.' + load_balancers: '- Elastic load balancers in use by this Environment.' + name: '- Name of the Elastic Beanstalk Environment.' + namespace: '- unique namespace identifying the option''s associated AWS resource' + platform_arn: |- + – (Optional) The ARN of the Elastic Beanstalk Platform + to use in deployment + poll_interval: |- + – The time between polling the AWS API to + check if changes have been applied. Use this to adjust the rate of API calls + for any create or update action. Minimum 10s, maximum 180s. Omit this to + use the default behavior, which is an exponential backoff + queues: '- SQS queues in use by this Environment.' + resource: '- (Optional) resource name for scheduled action' + setting: – Settings specifically set for this Environment. + solution_stack_name: |- + – (Optional) A solution stack to base your environment + off of. Example stacks can be found in the Amazon API documentation + tags: '- (Optional) A set of tags to apply to the Environment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + template_name: |- + – (Optional) The name of the Elastic Beanstalk Configuration + template to use in deployment + tier: '- The environment tier specified.' + triggers: '- Autoscaling triggers in use by this Environment.' + value: '- value for the configuration option' + version_label: |- + - (Optional) The name of the Elastic Beanstalk Application Version + to use in deployment. + wait_for_ready_timeout: |- + - (Default: 20m) The maximum + duration that Terraform should + wait for an Elastic Beanstalk Environment to be in a ready state before timing + out. + aws_elasticache_cluster: + subCategory: ElastiCache + description: Provides an ElastiCache Cluster resource. + name: aws_elasticache_cluster + titleName: aws_elasticache_cluster + examples: + - manifest: |- + { + "cluster_id": "cluster-example", + "engine": "memcached", + "node_type": "cache.m4.large", + "num_cache_nodes": 2, + "parameter_group_name": "default.memcached1.4", + "port": 11211 + } + - manifest: |- + { + "cluster_id": "cluster-example", + "engine": "redis", + "engine_version": "3.2.10", + "node_type": "cache.m4.large", + "num_cache_nodes": 1, + "parameter_group_name": "default.redis3.2", + "port": 6379 + } + - manifest: |- + { + "cluster_id": "cluster-example", + "replication_group_id": "${aws_elasticache_replication_group.example.id}" + } + references: + replication_group_id: aws_elasticache_replication_group.id + argumentDocs: + apply_immediately: '- (Optional) Whether any database modifications are applied immediately, or during the next maintenance window. Default is false. See Amazon ElastiCache Documentation for more information..' + arn: '- The ARN of the created ElastiCache Cluster.' + availability_zone: '- (Optional) Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use preferred_availability_zones instead. Default: System chosen Availability Zone. Changing this value will re-create the resource.' + az_mode: '- (Optional, Memcached only) Whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster''s region. Valid values for this parameter are single-az or cross-az, default is single-az. If you want to choose cross-az, num_cache_nodes must be greater than 1.' + cache_nodes: '- List of node objects including id, address, port and availability_zone.' + cluster_address: '- (Memcached only) DNS name of the cache cluster without the port appended.' + cluster_id: – (Required) Group identifier. ElastiCache converts this name to lowercase. Changing this value will re-create the resource. + configuration_endpoint: '- (Memcached only) Configuration endpoint to allow host discovery.' + engine: – (Required unless replication_group_id is provided) Name of the cache engine to be used for this cache cluster. Valid values are memcached or redis. + engine_version: |- + – (Optional) Version number of the cache engine to be used. + See Describe Cache Engine Versions + in the AWS Documentation for supported versions. When engine is redis and the version is 6 or higher, only the major version can be set, e.g. 6.x, otherwise, specify the full version desired, e.g. 5.0.6. The actual engine version used is returned in the attribute engine_version_actual, defined below. + engine_version_actual: '- The running version of the cache engine.' + final_snapshot_identifier: '- (Optional, Redis only) Name of your final cluster snapshot. If omitted, no final snapshot will be made.' + maintenance_window: |- + – (Optional) Specifies the weekly time range for when maintenance + on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). + The minimum maintenance window is a 60 minute period. Example: sun:05:00-sun:09:00. + node_type: – (Required unless replication_group_id is provided) The instance class used. See AWS documentation for information on supported node types for Redis and guidance on selecting node types for Redis. See AWS documentation for information on supported node types for Memcached and guidance on selecting node types for Memcached. For Memcached, changing this value will re-create the resource. + notification_topic_arn: '– (Optional) ARN of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my_sns_topic.' + num_cache_nodes: – (Required unless replication_group_id is provided) The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcached, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed. + parameter_group_name: – (Required unless replication_group_id is provided) The name of the parameter group to associate with this cache cluster. + port: – (Optional) The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with replication_group_id. Changing this value will re-create the resource. + preferred_availability_zones: '- (Optional, Memcached only) List of the Availability Zones in which cache nodes are created. If you are creating your cluster in an Amazon VPC you can only locate nodes in Availability Zones that are associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of num_cache_nodes. If you want all the nodes in the same Availability Zone, use availability_zone instead, or repeat the Availability Zone multiple times in the list. Default: System chosen Availability Zones. Detecting drift of existing node availability zone is not currently supported. Updating this argument by itself to migrate existing node availability zones is not currently supported and will show a perpetual difference.' + replication_group_id: '- (Optional) ID of the replication group to which this cluster should belong. If this parameter is specified, the cluster is added to the specified replication group as a read replica; otherwise, the cluster is a standalone primary that is not part of any replication group.' + security_group_ids: – (Optional, VPC only) One or more VPC security groups associated with the cache cluster + security_group_names: – (Optional, EC2 Classic only) List of security group names to associate with this cache cluster. Changing this value will re-create the resource. + snapshot_arns: – (Optional, Redis only) Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. The object name cannot contain any commas. Changing snapshot_arns forces a new resource. + snapshot_name: '- (Optional, Redis only) Name of a snapshot from which to restore data into the new node group. Changing snapshot_name forces a new resource.' + snapshot_retention_limit: '- (Optional, Redis only) Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro cache nodes' + snapshot_window: '- (Optional, Redis only) Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00' + subnet_group_name: – (Optional, VPC only) Name of the subnet group to be used for the cache cluster. Changing this value will re-create the resource. + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_elasticache_global_replication_group: + subCategory: ElastiCache + description: Provides an ElastiCache Global Replication Group resource. + name: aws_elasticache_global_replication_group + titleName: aws_elasticache_global_replication_group + examples: + - manifest: |- + { + "global_replication_group_id_suffix": "example", + "primary_replication_group_id": "${aws_elasticache_replication_group.primary.id}" + } + references: + primary_replication_group_id: aws_elasticache_replication_group.id + argumentDocs: + actual_engine_version: '- (DEPRECATED use engine_version_actual instead) The full version number of the cache engine running on the members of this global replication group.' + arn: '- The ARN of the ElastiCache Global Replication Group.' + at_rest_encryption_enabled: '- A flag that indicate whether the encryption at rest is enabled.' + auth_token_enabled: '- A flag that indicate whether AuthToken (password) is enabled.' + cache_node_type: '- The instance class used. See AWS documentation for information on supported node types and guidance on selecting node types.' + cluster_enabled: '- Indicates whether the Global Datastore is cluster enabled.' + engine: '- The name of the cache engine to be used for the clusters in this global replication group.' + engine_version_actual: '- The full version number of the cache engine running on the members of this global replication group.' + global_replication_group_description: – (Optional) A user-created description for the global replication group. + global_replication_group_id: '- The full ID of the global replication group.' + global_replication_group_id_suffix: – (Required) The suffix name of a Global Datastore. If global_replication_group_id_suffix is changed, creates a new resource. + id: '- The ID of the ElastiCache Global Replication Group.' + primary_replication_group_id: – (Required) The ID of the primary cluster that accepts writes and will replicate updates to the secondary cluster. If primary_replication_group_id is changed, creates a new resource. + transit_encryption_enabled: '- A flag that indicates whether the encryption in transit is enabled.' + aws_elasticache_parameter_group: + subCategory: ElastiCache + description: Provides an ElastiCache parameter group resource. + name: aws_elasticache_parameter_group + titleName: aws_elasticache_parameter_group + examples: + - manifest: |- + { + "family": "redis2.8", + "name": "cache-params", + "parameter": [ + { + "name": "activerehashing", + "value": "yes" + }, + { + "name": "min-slaves-to-write", + "value": "2" + } + ] + } + argumentDocs: + arn: '- The AWS ARN associated with the parameter group.' + description: '- (Optional) The description of the ElastiCache parameter group. Defaults to "Managed by Terraform".' + family: '- (Required) The family of the ElastiCache parameter group.' + id: '- The ElastiCache parameter group name.' + name: '- (Required) The name of the ElastiCache parameter.' + parameter: '- (Optional) A list of ElastiCache parameters to apply.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the ElastiCache parameter.' + aws_elasticache_replication_group: + subCategory: ElastiCache + description: Provides an ElastiCache Replication Group resource. + name: aws_elasticache_replication_group + titleName: aws_elasticache_replication_group + examples: + - manifest: |- + { + "automatic_failover_enabled": true, + "availability_zones": [ + "us-west-2a", + "us-west-2b" + ], + "node_type": "cache.m4.large", + "number_cache_clusters": 2, + "parameter_group_name": "default.redis3.2", + "port": 6379, + "replication_group_description": "test description", + "replication_group_id": "tf-rep-group-1" + } + - manifest: |- + { + "automatic_failover_enabled": true, + "availability_zones": [ + "us-west-2a", + "us-west-2b" + ], + "lifecycle": [ + { + "ignore_changes": [ + "${number_cache_clusters}" + ] + } + ], + "node_type": "cache.m4.large", + "number_cache_clusters": 2, + "parameter_group_name": "default.redis3.2", + "port": 6379, + "replication_group_description": "test description", + "replication_group_id": "tf-rep-group-1" + } + - manifest: |- + { + "automatic_failover_enabled": true, + "cluster_mode": [ + { + "num_node_groups": 2, + "replicas_per_node_group": 1 + } + ], + "node_type": "cache.t2.small", + "parameter_group_name": "default.redis3.2.cluster.on", + "port": 6379, + "replication_group_description": "test description", + "replication_group_id": "tf-redis-cluster" + } + - manifest: |- + { + "global_replication_group_id": "${aws_elasticache_global_replication_group.example.global_replication_group_id}", + "number_cache_clusters": 1, + "replication_group_description": "secondary replication group", + "replication_group_id": "example-secondary" + } + references: + global_replication_group_id: aws_elasticache_global_replication_group.global_replication_group_id + - manifest: |- + { + "engine": "redis", + "engine_version": "5.0.6", + "node_type": "cache.m5.large", + "number_cache_clusters": 1, + "provider": "${aws.other_region}", + "replication_group_description": "primary replication group", + "replication_group_id": "example-primary" + } + references: + provider: aws.other_region + argumentDocs: + apply_immediately: '- (Optional) Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is false.' + arn: '- The Amazon Resource Name (ARN) of the created ElastiCache Replication Group.' + at_rest_encryption_enabled: '- (Optional) Whether to enable encryption at rest.' + auth_token: '- (Optional) The password used to access a password protected server. Can be specified only if transit_encryption_enabled = true.' + auto_minor_version_upgrade: '- (Optional) Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. This parameter is currently not supported by the AWS API. Defaults to true.' + automatic_failover_enabled: '- (Optional) Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If enabled, number_cache_clusters must be greater than 1. Must be enabled for Redis (cluster mode enabled) replication groups. Defaults to false.' + availability_zones: '- (Optional) A list of EC2 availability zones in which the replication group''s cache clusters will be created. The order of the availability zones in the list is not important.' + aws_elasticache_cluster: resource + cluster_enabled: '- Indicates if cluster mode is enabled.' + cluster_mode: '- (Optional) Create a native Redis cluster. automatic_failover_enabled must be set to true. Cluster Mode documented below. Only 1 cluster_mode block is allowed. Note that configuring this block does not enable cluster mode, i.e. data sharding, this requires using a parameter group that has the parameter cluster-enabled set to true.' + configuration_endpoint_address: '- The address of the replication group configuration endpoint when cluster mode is enabled.' + create: '- (Default 60m) How long to wait for a replication group to be created.' + delete: '- (Default 40m) How long to wait for a replication group to be deleted.' + engine: '- (Optional) The name of the cache engine to be used for the clusters in this replication group. The only valid value is redis.' + engine_version: '- (Optional) The version number of the cache engine to be used for the cache clusters in this replication group. If the version is 6 or higher, only the major version can be set, e.g. 6.x, otherwise, specify the full version desired, e.g. 5.0.6. The actual engine version used is returned in the attribute engine_version_actual, defined below.' + engine_version_actual: '- The running version of the cache engine.' + final_snapshot_identifier: '- (Optional) The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made.' + global_replication_group_id: '- (Optional) The ID of the global replication group to which this replication group should belong. If this parameter is specified, the replication group is added to the specified global replication group as a secondary replication group; otherwise, the replication group is not part of any global replication group. If global_replication_group_id is set, the num_node_groups parameter of the cluster_mode block cannot be set.' + id: '- The ID of the ElastiCache Replication Group.' + kms_key_id: '- (Optional) The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true.' + maintenance_window: '– (Optional) Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: sun:05:00-sun:09:00' + member_clusters: '- The identifiers of all the nodes that are part of this replication group.' + multi_az_enabled: '- (Optional) Specifies whether to enable Multi-AZ Support for the replication group. If true, automatic_failover_enabled must also be enabled. Defaults to false.' + node_type: '- (Optional) The instance class to be used. See AWS documentation for information on supported node types and guidance on selecting node types. Required unless global_replication_group_id is set. Cannot be set if global_replication_group_id is set.' + notification_topic_arn: '– (Optional) An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: arn:aws:sns:us-east-1:012345678999:my_sns_topic' + num_node_groups: '- (Optional) Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications. Required unless global_replication_group_id is set.' + number_cache_clusters: '- (Optional) The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. One of number_cache_clusters or cluster_mode is required.' + parameter_group_name: '- (Optional) The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. To enable "cluster mode", i.e. data sharding, use a parameter group that has the parameter cluster-enabled set to true.' + port: – (Optional) The port number on which each of the cache nodes will accept connections. For Memcache the default is 11211, and for Redis the default port is 6379. + primary_endpoint_address: '- (Redis only) The address of the endpoint for the primary node in the replication group, if the cluster mode is disabled.' + reader_endpoint_address: '- (Redis only) The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled.' + replicas_per_node_group: '- (Required) Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will trigger an online resizing operation before other settings modifications.' + replication_group_description: – (Required) A user-created description for the replication group. + replication_group_id: – (Required) The replication group identifier. This parameter is stored as a lowercase string. + security_group_ids: '- (Optional) One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud' + security_group_names: '- (Optional) A list of cache security group names to associate with this replication group.' + snapshot_arns: – (Optional) A list of Amazon Resource Names (ARNs) that identify Redis RDB snapshot files stored in Amazon S3. The names object names cannot contain any commas. + snapshot_name: '- (Optional) The name of a snapshot from which to restore data into the new node group. Changing the snapshot_name forces a new resource.' + snapshot_retention_limit: '- (Optional, Redis only) The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a snapshot_retention_limit is not supported on cache.t1.micro cache nodes' + snapshot_window: '- (Optional, Redis only) The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. Example: 05:00-09:00' + subnet_group_name: '- (Optional) The name of the cache subnet group to be used for the replication group.' + tags: '- (Optional) A map of tags to assign to the resource. Adding tags to this resource will add or overwrite any existing tags on the clusters in the replication group and not to the group itself. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_encryption_enabled: '- (Optional) Whether to enable encryption in transit.' + update: '- (Default 40m) How long to wait for replication group settings to be updated. This is also separately used for adding/removing replicas and online resize operation completion, if necessary.' + aws_elasticache_security_group: + subCategory: ElastiCache + description: Provides an ElastiCache Security Group to control access to one or more cache clusters. + name: aws_elasticache_security_group + titleName: aws_elasticache_security_group + examples: + - manifest: |- + { + "name": "elasticache-security-group", + "security_group_names": [ + "${aws_security_group.bar.name}" + ] + } + argumentDocs: + description: – (Optional) description for the cache security group. Defaults to "Managed by Terraform". + name: – (Required) Name for the cache security group. This value is stored as a lowercase string. + security_group_names: |- + – (Required) List of EC2 security group names to be + authorized for ingress to the cache security group + aws_elasticache_subnet_group: + subCategory: ElastiCache + description: Provides an ElastiCache Subnet Group resource. + name: aws_elasticache_subnet_group + titleName: aws_elasticache_subnet_group + examples: + - manifest: |- + { + "name": "tf-test-cache-subnet", + "subnet_ids": [ + "${aws_subnet.foo.id}" + ] + } + argumentDocs: + description: '- The Description of the ElastiCache Subnet Group.' + name: '- The Name of the ElastiCache Subnet Group.' + subnet_ids: '- The Subnet IDs of the ElastiCache Subnet Group.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_elasticache_user: + subCategory: ElastiCache + description: Provides an ElastiCache user. + name: aws_elasticache_user + titleName: aws_elasticache_user + examples: + - manifest: |- + { + "access_string": "on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember", + "engine": "REDIS", + "passwords": [ + "password123456789" + ], + "user_id": "testUserId", + "user_name": "testUserName" + } + argumentDocs: + access_string: '- (Required) Access permissions string used for this user. See Specifying Permissions Using an Access String for more details.' + arn: '- The ARN of the created ElastiCache User.' + engine: '- (Required) The current supported value is REDIS.' + no_password_required: '- (Optional) Indicates a password is not required for this user.' + passwords: '- (Optional) Passwords used for this user. You can create up to two passwords for each user.' + tags: '- (Optional) A list of tags to be added to this resource. A tag is a key-value pair.' + user_id: '- (Required) The ID of the user.' + user_name: '- (Required) The username of the user.' + aws_elasticache_user_group: + subCategory: ElastiCache + description: Provides an ElastiCache user group. + name: aws_elasticache_user_group + titleName: aws_elasticache_user_group + examples: + - manifest: |- + { + "engine": "REDIS", + "user_group_id": "userGroupId", + "user_ids": [ + "${aws_elasticache_user.test.user_id}" + ] + } + argumentDocs: + engine: '- (Required) The current supported value is REDIS.' + id: '- The user group identifier.' + user_group_id: '- (Required) The ID of the user group.' + user_ids: '- (Optional) The list of user IDs that belong to the user group.' + aws_elasticsearch_domain: + subCategory: ElasticSearch + description: Provides an Elasticsearch Domain Policy. + name: aws_elasticsearch_domain + titleName: aws_elasticsearch_domain + examples: + - manifest: |- + { + "domain_name": "tf-test", + "elasticsearch_version": "2.3" + } + argumentDocs: + access_policies: '- (Optional) IAM policy document specifying the access policies for the domain' + domain_name: '- (Required) Name of the domain.' + aws_elasticsearch_domain_saml_options: + subCategory: ElasticSearch + description: Terraform resource for managing SAML authentication options for an AWS Elasticsearch Domain. + name: aws_elasticsearch_domain_saml_options + titleName: aws_elasticsearch_domain_saml_options + examples: + - manifest: |- + { + "domain_name": "${aws_elasticsearch_domain.example.domain_name}", + "saml_options": [ + { + "enabled": true, + "idp": [ + { + "entity_id": "https://example.com", + "metadata_content": "${file(\"./saml-metadata.xml\")}" + } + ] + } + ] + } + references: + domain_name: aws_elasticsearch_domain.domain_name + argumentDocs: + domain_name: '- (Required) Name of the domain.' + enabled: '- (Required) Whether SAML authentication is enabled.' + entity_id: '- (Required) The unique Entity ID of the application in SAML Identity Provider.' + id: '- The name of the domain the SAML options are associated with.' + idp: '- (Optional) Information from your identity provider.' + master_backend_role: '- (Optional) This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.' + master_user_name: '- (Optional) This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.' + metadata_content: '- (Required) The Metadata of the SAML application in xml format.' + roles_key: '- (Optional) Element of the SAML assertion to use for backend roles. Default is roles.' + saml_options: '- (Optional) The SAML authentication options for an AWS Elasticsearch Domain.' + session_timeout_minutes: '- (Optional) Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.' + subject_key: '- (Optional) Element of the SAML assertion to use for username. Default is NameID.' + aws_elastictranscoder_pipeline: + subCategory: Elastic Transcoder + description: Provides an Elastic Transcoder pipeline resource. + name: aws_elastictranscoder_pipeline + titleName: aws_elastictranscoder_pipeline + examples: + - manifest: |- + { + "content_config": [ + { + "bucket": "${aws_s3_bucket.content_bucket.bucket}", + "storage_class": "Standard" + } + ], + "input_bucket": "${aws_s3_bucket.input_bucket.bucket}", + "name": "aws_elastictranscoder_pipeline_tf_test_", + "role": "${aws_iam_role.test_role.arn}", + "thumbnail_config": [ + { + "bucket": "${aws_s3_bucket.thumb_bucket.bucket}", + "storage_class": "Standard" + } + ] + } + references: + input_bucket: aws_s3_bucket.bucket + role: aws_iam_role.arn + argumentDocs: + access: '- The permission that you want to give to the AWS user that you specified in thumbnail_config_permissions.grantee. Valid values are Read, ReadAcp, WriteAcp or FullControl.' + arn: '- The ARN of the Elastictranscoder pipeline.' + aws_kms_key_arn: '- (Optional) The AWS Key Management Service (AWS KMS) key that you want to use with this pipeline.' + bucket: '- The Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files.' + completed: '- The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder has finished processing a job in this pipeline.' + content_config: '- (Optional) The ContentConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists. (documented below)' + content_config_permissions: '- (Optional) The permissions for the content_config object. (documented below)' + error: '- The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters an error condition while processing a job in this pipeline.' + grantee: '- The AWS user or group that you want to have access to thumbnail files.' + grantee_type: '- Specify the type of value that appears in the thumbnail_config_permissions.grantee object. Valid values are Canonical, Email or Group.' + id: '- The ID of the Elastictranscoder pipeline.' + input_bucket: '- (Required) The Amazon S3 bucket in which you saved the media files that you want to transcode and the graphics that you want to use as watermarks.' + name: '- (Optional, Forces new resource) The name of the pipeline. Maximum 40 characters' + notifications: '- (Optional) The Amazon Simple Notification Service (Amazon SNS) topic that you want to notify to report job status. (documented below)' + output_bucket: '- (Optional) The Amazon S3 bucket in which you want Elastic Transcoder to save the transcoded files.' + progressing: '- The topic ARN for the Amazon Simple Notification Service (Amazon SNS) topic that you want to notify when Elastic Transcoder has started to process a job in this pipeline.' + role: '- (Required) The IAM Amazon Resource Name (ARN) for the role that you want Elastic Transcoder to use to transcode jobs for this pipeline.' + storage_class: '- The Amazon S3 storage class, Standard or ReducedRedundancy, that you want Elastic Transcoder to assign to the thumbnails that it stores in your Amazon S3 bucket.' + thumbnail_config: '- (Optional) The ThumbnailConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files. (documented below)' + thumbnail_config_permissions: '- (Optional) The permissions for the thumbnail_config object. (documented below)' + warning: '- The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters a warning condition while processing a job in this pipeline.' + aws_elastictranscoder_preset: + subCategory: Elastic Transcoder + description: Provides an Elastic Transcoder preset resource. + name: aws_elastictranscoder_preset + titleName: aws_elastictranscoder_preset + examples: + - manifest: |- + { + "audio": [ + { + "audio_packing_mode": "SingleTrack", + "bit_rate": 96, + "channels": 2, + "codec": "AAC", + "sample_rate": 44100 + } + ], + "audio_codec_options": [ + { + "profile": "AAC-LC" + } + ], + "container": "mp4", + "description": "Sample Preset", + "name": "sample_preset", + "thumbnails": [ + { + "format": "png", + "interval": 120, + "max_height": "auto", + "max_width": "auto", + "padding_policy": "Pad", + "sizing_policy": "Fit" + } + ], + "video": [ + { + "bit_rate": "1600", + "codec": "H.264", + "display_aspect_ratio": "16:9", + "fixed_gop": "false", + "frame_rate": "auto", + "keyframes_max_dist": 240, + "max_frame_rate": "60", + "max_height": "auto", + "max_width": "auto", + "padding_policy": "Pad", + "sizing_policy": "Fit" + } + ], + "video_codec_options": { + "ColorSpaceConversionMode": "None", + "InterlacedMode": "Progressive", + "Level": "2.2", + "MaxReferenceFrames": 3, + "Profile": "main" + }, + "video_watermarks": [ + { + "horizontal_align": "Right", + "horizontal_offset": "10px", + "id": "Terraform Test", + "max_height": "20%", + "max_width": "20%", + "opacity": "55.5", + "sizing_policy": "ShrinkToFit", + "target": "Content", + "vertical_align": "Bottom", + "vertical_offset": "10px" + } + ] + } + argumentDocs: + BufferSize: '- The maximum number of kilobits in any x seconds of the output video. This window is commonly 10 seconds, the standard segment duration when you''re using ts for the container type of the output video. Specify an integer greater than 0. If you specify MaxBitRate and omit BufferSize, Elastic Transcoder sets BufferSize to 10 times the value of MaxBitRate. (Optional, H.264/MPEG2/VP8/VP9 only)' + ChromaSubsampling: '- The sampling pattern for the chroma (color) channels of the output video. Valid values are yuv420p and yuv422p.' + ColorSpaceConversion: '- The color space conversion Elastic Transcoder applies to the output video. Valid values are None, Bt709toBt601, Bt601toBt709, and Auto. (Optional, H.264/MPEG2 Only)' + InterlacedMode: '- The interlace mode for the output video. (Optional, H.264/MPEG2 Only)' + Level: '- The H.264 level that you want to use for the output file. Elastic Transcoder supports the following levels: 1, 1b, 1.1, 1.2, 1.3, 2, 2.1, 2.2, 3, 3.1, 3.2, 4, 4.1 (H.264 only)' + LoopCount: '- The number of times you want the output gif to loop (Gif only)' + MaxBitRate: '- The maximum number of kilobits per second in the output video. Specify a value between 16 and 62,500 inclusive, or auto. (Optional, H.264/MPEG2/VP8/VP9 only)' + MaxReferenceFrames: '- The maximum number of previously decoded frames to use as a reference for decoding future frames. Valid values are integers 0 through 16. (H.264 only)' + Profile: '- The codec profile that you want to use for the output file. (H.264/VP8 Only)' + arn: '- Amazon Resource Name (ARN) of the Elastic Transcoder Preset.' + aspect_ratio: '- The display aspect ratio of the video in the output file. Valid values are: auto, 1:1, 4:3, 3:2, 16:9. (Note; to better control resolution and aspect ratio of output videos, we recommend that you use the values max_width, max_height, sizing_policy, padding_policy, and display_aspect_ratio instead of resolution and aspect_ratio.)' + audio: '- (Optional, Forces new resource) Audio parameters object (documented below).' + audio_codec_options: '- (Optional, Forces new resource) Codec options for the audio parameters (documented below)' + audio_packing_mode: '- The method of organizing audio channels and tracks. Use Audio:Channels to specify the number of channels in your output, and Audio:AudioPackingMode to specify the number of tracks and their relation to the channels. If you do not specify an Audio:AudioPackingMode, Elastic Transcoder uses SingleTrack.' + bit_depth: '- The bit depth of a sample is how many bits of information are included in the audio samples. Valid values are 16 and 24. (FLAC/PCM Only)' + bit_order: '- The order the bits of a PCM sample are stored in. The supported value is LittleEndian. (PCM Only)' + bit_rate: '- The bit rate of the video stream in the output file, in kilobits/second. You can configure variable bit rate or constant bit rate encoding.' + channels: '- The number of audio channels in the output file' + codec: '- The video codec for the output file. Valid values are gif, H.264, mpeg2, vp8, and vp9.' + container: '- (Required, Forces new resource) The container type for the output file. Valid values are flac, flv, fmp4, gif, mp3, mp4, mpg, mxf, oga, ogg, ts, and webm.' + description: '- (Optional, Forces new resource) A description of the preset (maximum 255 characters)' + display_aspect_ratio: '- The value that Elastic Transcoder adds to the metadata in the output file. If you set DisplayAspectRatio to auto, Elastic Transcoder chooses an aspect ratio that ensures square pixels. If you specify another option, Elastic Transcoder sets that value in the output file.' + fixed_gop: '- Whether to use a fixed value for Video:FixedGOP. Not applicable for containers of type gif. Valid values are true and false. Also known as, Fixed Number of Frames Between Keyframes.' + format: '- The format of thumbnails, if any. Valid formats are jpg and png.' + frame_rate: '- The frames per second for the video stream in the output file. The following values are valid: auto, 10, 15, 23.97, 24, 25, 29.97, 30, 50, 60.' + horizontal_align: '- The horizontal position of the watermark unless you specify a nonzero value for horzontal_offset.' + horizontal_offset: '- The amount by which you want the horizontal position of the watermark to be offset from the position specified by horizontal_align.' + id: '- A unique identifier for the settings for one watermark. The value of Id can be up to 40 characters long. You can specify settings for up to four watermarks.' + interval: '- The approximate number of seconds between thumbnails. The value must be an integer. The actual interval can vary by several seconds from one thumbnail to the next.' + keyframes_max_dist: '- The maximum number of frames between key frames. Not applicable for containers of type gif.' + max_frame_rate: '- If you specify auto for FrameRate, Elastic Transcoder uses the frame rate of the input video for the frame rate of the output video, up to the maximum frame rate. If you do not specify a MaxFrameRate, Elastic Transcoder will use a default of 30.' + max_height: '- The maximum height of the watermark.' + max_width: '- The maximum width of the watermark.' + name: '- (Optional, Forces new resource) The name of the preset. (maximum 40 characters)' + opacity: '- A percentage that indicates how much you want a watermark to obscure the video in the location where it appears.' + padding_policy: '- When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of the output video to make the total size of the output video match the values that you specified for max_width and max_height.' + profile: '- If you specified AAC for Audio:Codec, choose the AAC profile for the output file.' + resolution: '- The width and height of the video in the output file, in pixels. Valid values are auto and widthxheight. (see note for aspect_ratio)' + sample_rate: '- The sample rate of the audio stream in the output file, in hertz. Valid values are: auto, 22050, 32000, 44100, 48000, 96000' + signed: '- Whether audio samples are represented with negative and positive numbers (signed) or only positive numbers (unsigned). The supported value is Signed. (PCM Only)' + sizing_policy: '- A value that controls scaling of the watermark. Valid values are: Fit, Stretch, ShrinkToFit' + target: '- A value that determines how Elastic Transcoder interprets values that you specified for video_watermarks.horizontal_offset, video_watermarks.vertical_offset, video_watermarks.max_width, and video_watermarks.max_height. Valid values are Content and Frame.' + thumbnails: '- (Optional, Forces new resource) Thumbnail parameters object (documented below)' + vertical_align: '- The vertical position of the watermark unless you specify a nonzero value for vertical_align. Valid values are Top, Bottom, Center.' + vertical_offset: '- The amount by which you want the vertical position of the watermark to be offset from the position specified by vertical_align' + video: '- (Optional, Forces new resource) Video parameters object (documented below)' + video_codec_options: (Optional, Forces new resource) Codec options for the video parameters + video_watermarks: '- (Optional, Forces new resource) Watermark parameters for the video parameters (documented below)' + aws_elb: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides an Elastic Load Balancer resource. + name: aws_elb + titleName: aws_elb + examples: + - manifest: |- + { + "access_logs": [ + { + "bucket": "foo", + "bucket_prefix": "bar", + "interval": 60 + } + ], + "availability_zones": [ + "us-west-2a", + "us-west-2b", + "us-west-2c" + ], + "connection_draining": true, + "connection_draining_timeout": 400, + "cross_zone_load_balancing": true, + "health_check": [ + { + "healthy_threshold": 2, + "interval": 30, + "target": "HTTP:8000/", + "timeout": 3, + "unhealthy_threshold": 2 + } + ], + "idle_timeout": 400, + "instances": [ + "${aws_instance.foo.id}" + ], + "listener": [ + { + "instance_port": 8000, + "instance_protocol": "http", + "lb_port": 80, + "lb_protocol": "http" + }, + { + "instance_port": 8000, + "instance_protocol": "http", + "lb_port": 443, + "lb_protocol": "https", + "ssl_certificate_id": "arn:aws:iam::123456789012:server-certificate/certName" + } + ], + "name": "foobar-terraform-elb", + "tags": { + "Name": "foobar-terraform-elb" + } + } + argumentDocs: + HTTP: ', HTTPS - PORT and PATH are required' + TCP: ', SSL - PORT is required, PATH is not supported' + access_logs: '- (Optional) An Access Logs block. Access Logs documented below.' + arn: '- The ARN of the ELB' + availability_zones: '- (Required for an EC2-classic ELB) The AZ''s to serve traffic in.' + bucket: '- (Required) The S3 bucket name to store the logs in.' + bucket_prefix: '- (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.' + connection_draining: '- (Optional) Boolean to enable connection draining. Default: false' + connection_draining_timeout: '- (Optional) The time in seconds to allow for connections to drain. Default: 300' + cross_zone_load_balancing: '- (Optional) Enable cross-zone load balancing. Default: true' + dns_name: '- The DNS name of the ELB' + enabled: '- (Optional) Boolean to enable / disable access_logs. Default is true' + health_check: '- (Optional) A health_check block. Health Check documented below.' + healthy_threshold: '- (Required) The number of checks before the instance is declared healthy.' + id: '- The name of the ELB' + idle_timeout: '- (Optional) The time in seconds that the connection is allowed to be idle. Default: 60' + instance_port: '- (Required) The port on the instance to route to' + instance_protocol: |- + - (Required) The protocol to use to the instance. Valid + values are HTTP, HTTPS, TCP, or SSL + instances: '- The list of instances in the ELB' + internal: '- (Optional) If true, ELB will be an internal ELB.' + interval: '- (Required) The interval between checks.' + lb_port: '- (Required) The port to listen on for the load balancer' + lb_protocol: is either HTTPS or SSL + listener: '- (Required) A list of listener blocks. Listeners documented below.' + name: '- The name of the ELB' + name_prefix: |- + - (Optional, Forces new resource) Creates a unique name beginning with the specified + prefix. Conflicts with name. + security_groups: |- + - (Optional) A list of security group IDs to assign to the ELB. + Only valid if creating an ELB within a VPC + source_security_group: |- + - The name of the security group that you can use as + part of your inbound rules for your load balancer's back-end application + instances. Use this for Classic or Default VPC only. + source_security_group_id: |- + - The ID of the security group that you can use as + part of your inbound rules for your load balancer's back-end application + instances. Only available on ELBs launched in a VPC. + ssl_certificate_id: |- + - (Optional) The ARN of an SSL certificate you have + uploaded to AWS IAM. Note ECDSA-specific restrictions below. Only valid when + subnets: '- (Required for a VPC ELB) A list of subnet IDs to attach to the ELB.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target: |- + - (Required) The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL + values are: + timeout: '- (Required) The length of time before the check times out.' + unhealthy_threshold: '- (Required) The number of checks before the instance is declared unhealthy.' + zone_id: '- The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)' + aws_elb_attachment: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides an Elastic Load Balancer Attachment resource. + name: aws_elb_attachment + titleName: aws_elb_attachment + examples: + - manifest: |- + { + "elb": "${aws_elb.bar.id}", + "instance": "${aws_instance.foo.id}" + } + references: + elb: aws_elb.id + instance: aws_instance.id + argumentDocs: + elb: '- (Required) The name of the ELB.' + instance: '- (Required) Instance ID to place in the ELB pool.' + aws_emr_cluster: + subCategory: Elastic Map Reduce (EMR) + description: Provides an Elastic MapReduce Cluster + name: aws_emr_cluster + titleName: aws_emr_cluster + examples: + - manifest: |- + { + "additional_info": "{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n", + "applications": [ + "Spark" + ], + "bootstrap_action": [ + { + "args": [ + "instance.isMaster=true", + "echo running on master node" + ], + "name": "runif", + "path": "s3://elasticmapreduce/bootstrap-actions/run-if" + } + ], + "configurations_json": " [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n", + "core_instance_group": [ + { + "autoscaling_policy": "{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n", + "bid_price": "0.30", + "ebs_config": [ + { + "size": "40", + "type": "gp2", + "volumes_per_instance": 1 + } + ], + "instance_count": 1, + "instance_type": "c4.large" + } + ], + "ebs_root_volume_size": 100, + "ec2_attributes": [ + { + "emr_managed_master_security_group": "${aws_security_group.sg.id}", + "emr_managed_slave_security_group": "${aws_security_group.sg.id}", + "instance_profile": "${aws_iam_instance_profile.emr_profile.arn}", + "subnet_id": "${aws_subnet.main.id}" + } + ], + "keep_job_flow_alive_when_no_steps": true, + "master_instance_group": [ + { + "instance_type": "m4.large" + } + ], + "name": "emr-test-arn", + "release_label": "emr-4.6.0", + "service_role": "${aws_iam_role.iam_emr_service_role.arn}", + "tags": { + "env": "env", + "role": "rolename" + }, + "termination_protection": false + } + references: + service_role: aws_iam_role.arn + - manifest: |- + { + "core_instance_fleet": [ + { + "instance_type_configs": [ + { + "bid_price_as_percentage_of_on_demand_price": 80, + "ebs_config": [ + { + "size": 100, + "type": "gp2", + "volumes_per_instance": 1 + } + ], + "instance_type": "m3.xlarge", + "weighted_capacity": 1 + }, + { + "bid_price_as_percentage_of_on_demand_price": 100, + "ebs_config": [ + { + "size": 100, + "type": "gp2", + "volumes_per_instance": 1 + } + ], + "instance_type": "m4.xlarge", + "weighted_capacity": 1 + }, + { + "bid_price_as_percentage_of_on_demand_price": 100, + "ebs_config": [ + { + "size": 100, + "type": "gp2", + "volumes_per_instance": 1 + } + ], + "instance_type": "m4.2xlarge", + "weighted_capacity": 2 + } + ], + "launch_specifications": [ + { + "spot_specification": [ + { + "allocation_strategy": "capacity-optimized", + "block_duration_minutes": 0, + "timeout_action": "SWITCH_TO_ON_DEMAND", + "timeout_duration_minutes": 10 + } + ] + } + ], + "name": "core fleet", + "target_on_demand_capacity": 2, + "target_spot_capacity": 2 + } + ], + "master_instance_fleet": [ + { + "instance_type_configs": [ + { + "instance_type": "m4.xlarge" + } + ], + "target_on_demand_capacity": 1 + } + ] + } + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${step}" + ] + } + ], + "step": [ + { + "action_on_failure": "TERMINATE_CLUSTER", + "hadoop_jar_step": [ + { + "args": [ + "state-pusher-script" + ], + "jar": "command-runner.jar" + } + ], + "name": "Setup Hadoop Debugging" + } + ] + } + - manifest: |- + { + "core_instance_group": [ + {} + ], + "ec2_attributes": [ + { + "subnet_id": "${aws_subnet.example.id}" + } + ], + "master_instance_group": [ + { + "instance_count": 3 + } + ], + "release_label": "emr-5.24.1", + "termination_protection": true + } + - manifest: |- + { + "configurations_json": " [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n" + } + - manifest: |- + { + "applications": [ + "Spark" + ], + "bootstrap_action": [ + { + "args": [ + "instance.isMaster=true", + "echo running on master node" + ], + "name": "runif", + "path": "s3://elasticmapreduce/bootstrap-actions/run-if" + } + ], + "configurations_json": " [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n", + "core_instance_group": [ + { + "instance_count": 1, + "instance_type": "m5.xlarge" + } + ], + "ec2_attributes": [ + { + "emr_managed_master_security_group": "${aws_security_group.allow_all.id}", + "emr_managed_slave_security_group": "${aws_security_group.allow_all.id}", + "instance_profile": "${aws_iam_instance_profile.emr_profile.arn}", + "subnet_id": "${aws_subnet.main.id}" + } + ], + "master_instance_group": [ + { + "instance_type": "m5.xlarge" + } + ], + "name": "emr-test-arn", + "release_label": "emr-4.6.0", + "service_role": "${aws_iam_role.iam_emr_service_role.arn}", + "tags": { + "dns_zone": "env_zone", + "env": "env", + "name": "name-env", + "role": "rolename" + } + } + references: + service_role: aws_iam_role.arn + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${kerberos_attributes}" + ] + } + ] + } + argumentDocs: + action_on_failure: '- (Required) The action to take if the step fails. Valid values: TERMINATE_JOB_FLOW, TERMINATE_CLUSTER, CANCEL_AND_WAIT, and CONTINUE' + ad_domain_join_password: '- (Optional) The Active Directory password for ad_domain_join_user. Terraform cannot perform drift detection of this configuration.' + ad_domain_join_user: '- (Optional) Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. Terraform cannot perform drift detection of this configuration.' + additional_info: '- (Optional) A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore Terraform cannot detect drift from the actual EMR cluster if its value is changed outside Terraform.' + additional_master_security_groups: '- (Optional) String containing a comma separated list of additional Amazon EC2 security group IDs for the master node' + additional_slave_security_groups: '- (Optional) String containing a comma separated list of additional Amazon EC2 security group IDs for the slave nodes as a comma separated string' + allocation_strategy: '- (Required) Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is capacity-optimized (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.' + applications: '- The applications installed on this cluster.' + args: '- (Optional) List of command line arguments passed to the JAR file''s main function when executed.' + arn: '- The ARN of the cluster.' + autoscaling_policy: '- (Optional) String containing the EMR Auto Scaling Policy JSON.' + autoscaling_role: '- (Optional) An IAM role for automatic scaling policies. The IAM role provides permissions that the automatic scaling feature requires to launch and terminate EC2 instances in an instance group.' + bid_price: '- (Optional) The bid price for each EC2 Spot instance type as defined by instance_type. Expressed in USD. If neither bid_price nor bid_price_as_percentage_of_on_demand_price is provided, bid_price_as_percentage_of_on_demand_price defaults to 100%.' + bid_price_as_percentage_of_on_demand_price: '- (Optional) The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by instance_type. Expressed as a number (for example, 20 specifies 20%). If neither bid_price nor bid_price_as_percentage_of_on_demand_price is provided, bid_price_as_percentage_of_on_demand_price defaults to 100%.' + block_duration_minutes: '- (Optional) The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.' + bootstrap_action: '- A list of bootstrap actions that will be run before Hadoop is started on the cluster nodes.' + classification: '- (Optional) The classification within a configuration.' + configurations: '- The list of Configurations supplied to the EMR cluster.' + configurations_json: '- (Optional) A JSON string for supplying list of configurations for the EMR cluster.' + core_instance_fleet: '- (Optional) Configuration block to use an Instance Fleet for the core node type. Cannot be specified if any core_instance_group configuration blocks are set. Detailed below.' + core_instance_group: '- (Optional) Configuration block to use an Instance Group for the core node type.' + core_instance_group.0.id: '- Core node type Instance Group ID, if using Instance Group for this node type.' + cross_realm_trust_principal_password: '- (Optional) Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. Terraform cannot perform drift detection of this configuration.' + custom_ami_id: '- (Optional) A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later.' + ebs_config: '- (Optional) Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.' + ebs_root_volume_size: '- (Optional) Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later.' + ec2_attributes: '- Provides information about the EC2 instances in a cluster grouped by category: key name, subnet ID, IAM instance profile, and so on.' + emr_managed_master_security_group: '- (Optional) Identifier of the Amazon EC2 EMR-Managed security group for the master node' + emr_managed_slave_security_group: '- (Optional) Identifier of the Amazon EC2 EMR-Managed security group for the slave nodes' + hadoop_jar_step: '- (Required) The JAR file used for the step. Defined below.' + id: '- The ID of the EMR Cluster' + instance_count: '- (Optional) Target number of instances for the instance group. Must be 1 or 3. Defaults to 1. Launching with multiple master nodes is only supported in EMR version 5.23.0+, and requires this resource''s core_instance_group to be configured. Public (Internet accessible) instances must be created in VPC subnets that have map public IP on launch enabled. Termination protection is automatically enabled when launched with multiple master nodes and Terraform must have the termination_protection = false configuration applied before destroying this resource.' + instance_profile: '- (Required) Instance Profile for EC2 instances of the cluster assume this role' + instance_type: '- (Required) An EC2 instance type, such as m4.xlarge.' + instance_type_configs: '- (Optional) Configuration block for instance fleet' + iops: '- (Optional) The number of I/O operations per second (IOPS) that the volume supports' + jar: '- (Required) Path to a JAR file run during the step.' + kdc_admin_password: '- (Required) The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. Terraform cannot perform drift detection of this configuration.' + keep_job_flow_alive_when_no_steps: '- (Optional) Switch on/off run cluster with no steps or when all steps are complete (default is on)' + kerberos_attributes: '- (Optional) Kerberos configuration for the cluster. Defined below' + key_name: '- (Optional) Amazon EC2 key pair that can be used to ssh to the master node as the user called hadoop' + launch_specifications: '- (Optional) Configuration block for launch specification' + log_uri: '- The path to the Amazon S3 location where logs for this cluster are stored.' + main_class: '- (Optional) Name of the main class in the specified Java file. If not specified, the JAR file should specify a Main-Class in its manifest file.' + master_instance_fleet: '- (Optional) Configuration block to use an Instance Fleet for the master node type. Cannot be specified if any master_instance_group configuration blocks are set. Detailed below.' + master_instance_group: '- (Optional) Configuration block to use an Instance Group for the master node type.' + master_instance_group.0.id: '- Master node type Instance Group ID, if using Instance Group for this node type.' + master_public_dns: '- The public DNS name of the master EC2 instance.' + name: '- The name of the cluster.' + on_demand_specification: '- (Optional) Configuration block for on demand instances launch specifications' + path: '- (Required) Location of the script to run during a bootstrap action. Can be either a location in Amazon S3 or on a local file system' + properties: '- (Optional) A map of properties specified within a configuration classification' + realm: '- (Required) The name of the Kerberos realm to which all nodes in a cluster belong. For example, EC2.INTERNAL' + release_label: '- The release label for the Amazon EMR release.' + scale_down_behavior: '- (Optional) The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized.' + security_configuration: '- (Optional) The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with release_label 4.8.0 or greater' + service_access_security_group: '- (Optional) Identifier of the Amazon EC2 service-access security group - required when the cluster runs on a private subnet' + service_role: '- The IAM role that will be assumed by the Amazon EMR service to access AWS resources on your behalf.' + size: '- (Required) The volume size, in gibibytes (GiB).' + spot_specification: '- (Optional) Configuration block for spot instances launch specifications' + step: '- (Optional) List of steps to run when creating the cluster. Defined below. It is highly recommended to utilize the lifecycle configuration block with ignore_changes if other steps are being managed outside of Terraform. This argument is processed in attribute-as-blocks mode.' + step_concurrency_level: '- (Optional) The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with release_label 5.28.0 or greater. (default is 1)' + subnet_id: '- (Optional) VPC subnet id where you want the job flow to launch. Cannot specify the cc1.4xlarge instance type for nodes of a job flow launched in a Amazon VPC' + subnet_ids: '- (Optional) List of VPC subnet id-s where you want the job flow to launch. Amazon EMR identifies the best Availability Zone to launch instances according to your fleet specifications' + tags: '- (Optional) list of tags to apply to the EMR Cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_on_demand_capacity: '- (Optional) The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.' + target_spot_capacity: '- (Optional) The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.' + termination_protection: '- (Optional) Switch on/off termination protection (default is false, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to false.' + timeout_action: '- (Required) The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are TERMINATE_CLUSTER and SWITCH_TO_ON_DEMAND. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity.' + timeout_duration_minutes: '- (Required) The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created.' + type: '- (Required) The volume type. Valid options are gp2, io1, standard and st1. See EBS Volume Types.' + visible_to_all_users: '- Indicates whether the job flow is visible to all IAM users of the AWS account associated with the job flow.' + volumes_per_instance: '- (Optional) The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)' + weighted_capacity: '- (Optional) The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in aws_emr_instance_fleet.' + aws_emr_instance_fleet: + subCategory: Elastic Map Reduce (EMR) + description: Provides an Elastic MapReduce Cluster Instance Fleet + name: aws_emr_instance_fleet + titleName: aws_emr_instance_fleet + examples: + - manifest: |- + { + "cluster_id": "${aws_emr_cluster.cluster.id}", + "instance_type_configs": [ + { + "bid_price_as_percentage_of_on_demand_price": 100, + "ebs_config": [ + { + "size": 100, + "type": "gp2", + "volumes_per_instance": 1 + } + ], + "instance_type": "m4.xlarge", + "weighted_capacity": 1 + }, + { + "bid_price_as_percentage_of_on_demand_price": 100, + "ebs_config": [ + { + "size": 100, + "type": "gp2", + "volumes_per_instance": 1 + } + ], + "instance_type": "m4.2xlarge", + "weighted_capacity": 2 + } + ], + "launch_specifications": [ + { + "spot_specification": [ + { + "allocation_strategy": "capacity-optimized", + "block_duration_minutes": 0, + "timeout_action": "TERMINATE_CLUSTER", + "timeout_duration_minutes": 10 + } + ] + } + ], + "name": "task fleet", + "target_on_demand_capacity": 1, + "target_spot_capacity": 1 + } + references: + cluster_id: aws_emr_cluster.id + argumentDocs: + allocation_strategy: '- (Required) Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is capacity-optimized (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.' + bid_price: '- (Optional) The bid price for each EC2 Spot instance type as defined by instance_type. Expressed in USD. If neither bid_price nor bid_price_as_percentage_of_on_demand_price is provided, bid_price_as_percentage_of_on_demand_price defaults to 100%.' + bid_price_as_percentage_of_on_demand_price: '- (Optional) The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by instance_type. Expressed as a number (for example, 20 specifies 20%). If neither bid_price nor bid_price_as_percentage_of_on_demand_price is provided, bid_price_as_percentage_of_on_demand_price defaults to 100%.' + block_duration_minutes: '- (Optional) The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.' + classification: '- (Optional) The classification within a configuration.' + cluster_id: '- (Required) ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.' + configurations: '- (Optional) A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of configuration blocks.' + ebs_config: '- (Optional) Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.' + id: '- The unique identifier of the instance fleet.' + instance_type: '- (Required) An EC2 instance type, such as m4.xlarge.' + instance_type_configs: '- (Optional) Configuration block for instance fleet' + iops: '- (Optional) The number of I/O operations per second (IOPS) that the volume supports' + launch_specifications: '- (Optional) Configuration block for launch specification' + name: '- (Optional) Friendly name given to the instance fleet.' + on_demand_specification: '- (Optional) Configuration block for on demand instances launch specifications' + properties: '- (Optional) A map of properties specified within a configuration classification' + provisioned_on_demand_capacity: |- + The number of On-Demand units that have been provisioned for the instance + fleet to fulfill TargetOnDemandCapacity. This provisioned capacity might be less than or greater than TargetOnDemandCapacity. + provisioned_spot_capacity: |- + The number of Spot units that have been provisioned for this instance fleet + to fulfill TargetSpotCapacity. This provisioned capacity might be less than or greater than TargetSpotCapacity. + size: '- (Required) The volume size, in gibibytes (GiB).' + spot_specification: '- (Optional) Configuration block for spot instances launch specifications' + status: The current status of the instance fleet. + target_on_demand_capacity: '- (Optional) The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.' + target_spot_capacity: '- (Optional) The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.' + timeout_action: '- (Required) The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are TERMINATE_CLUSTER and SWITCH_TO_ON_DEMAND. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity.' + timeout_duration_minutes: '- (Required) The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created.' + type: '- (Required) The volume type. Valid options are gp2, io1, standard and st1. See EBS Volume Types.' + volumes_per_instance: '- (Optional) The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)' + weighted_capacity: '- (Optional) The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in aws_emr_instance_fleet.' + aws_emr_instance_group: + subCategory: Elastic Map Reduce (EMR) + description: Provides an Elastic MapReduce Cluster Instance Group + name: aws_emr_instance_group + titleName: aws_emr_instance_group + examples: + - manifest: |- + { + "cluster_id": "${aws_emr_cluster.tf-test-cluster.id}", + "instance_count": 1, + "instance_type": "m5.xlarge", + "name": "my little instance group" + } + references: + cluster_id: aws_emr_cluster.id + - manifest: |- + { + "configurations_json": " [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n" + } + argumentDocs: + autoscaling_policy: '- (Optional) The autoscaling policy document. This is a JSON formatted string. See EMR Auto Scaling' + bid_price: '- (Optional) If set, the bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances.' + cluster_id: (Required) ID of the EMR Cluster to attach to. Changing this forces a new resource to be created. + configurations_json: '- (Optional) A JSON string for supplying list of configurations specific to the EMR instance group. Note that this can only be changed when using EMR release 5.21 or later.' + ebs_config: (Optional) One or more ebs_config blocks as defined below. Changing this forces a new resource to be created. + ebs_optimized: (Optional) Indicates whether an Amazon EBS volume is EBS-optimized. Changing this forces a new resource to be created. + id: '- The EMR Instance ID' + instance_count: (optional) target number of instances for the instance group. defaults to 0. + instance_type: (Required) The EC2 instance type for all instances in the instance group. Changing this forces a new resource to be created. + iops: '- (Optional) The number of I/O operations per second (IOPS) that the volume supports.' + name: (Required) Human friendly name given to the instance group. Changing this forces a new resource to be created. + running_instance_count: The number of instances currently running in this instance group. + size: '- (Optional) The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10.' + status: The current status of the instance group. + type: '- (Optional) The volume type. Valid options are ''gp2'', ''io1'' and ''standard''.' + volumes_per_instance: '- (Optional) The number of EBS Volumes to attach per instance.' + aws_emr_managed_scaling_policy: + subCategory: Elastic Map Reduce (EMR) + description: Provides a resource for EMR Managed Scaling policy + name: aws_emr_managed_scaling_policy + titleName: aws_emr_managed_scaling_policy + examples: + - manifest: |- + { + "cluster_id": "${aws_emr_cluster.sample.id}", + "compute_limits": [ + { + "maximum_capacity_units": 10, + "maximum_core_capacity_units": 10, + "maximum_ondemand_capacity_units": 2, + "minimum_capacity_units": 2, + "unit_type": "Instances" + } + ] + } + references: + cluster_id: aws_emr_cluster.id + argumentDocs: + cluster_id: '- (Required) The id of the EMR cluster' + compute_limits: '- (Required) Configuration block with compute limit settings. Described below.' + maximum_capacity_units: '- (Required) The upper boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration.' + maximum_core_capacity_units: '- (Optional) The upper boundary of EC2 units for core node type in a cluster. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The core units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between core and task nodes.' + maximum_ondemand_capacity_units: '- (Optional) The upper boundary of On-Demand EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The On-Demand units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between On-Demand and Spot instances.' + minimum_capacity_units: '- (Required) The lower boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration.' + unit_type: '- (Required) The unit type used for specifying a managed scaling policy. Valid Values: InstanceFleetUnits | Instances | VCPU' + aws_emr_security_configuration: + subCategory: Elastic Map Reduce (EMR) + description: Provides a resource to manage AWS EMR Security Configurations + name: aws_emr_security_configuration + titleName: aws_emr_security_configuration + examples: + - manifest: |- + { + "configuration": "{\n \"EncryptionConfiguration\": {\n \"AtRestEncryptionConfiguration\": {\n \"S3EncryptionConfiguration\": {\n \"EncryptionMode\": \"SSE-S3\"\n },\n \"LocalDiskEncryptionConfiguration\": {\n \"EncryptionKeyProviderType\": \"AwsKms\",\n \"AwsKmsKey\": \"arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key\"\n }\n },\n \"EnableInTransitEncryption\": false,\n \"EnableAtRestEncryption\": true\n }\n}\n", + "name": "emrsc_other" + } + argumentDocs: + configuration: '- The JSON formatted Security Configuration' + creation_date: '- Date the Security Configuration was created' + id: '- The ID of the EMR Security Configuration (Same as the name)' + name: '- The Name of the EMR Security Configuration' + name_prefix: |- + - (Optional) Creates a unique name beginning with the specified + prefix. Conflicts with name. + aws_flow_log: + subCategory: VPC + description: Provides a VPC/Subnet/ENI Flow Log + name: aws_flow_log + titleName: aws_flow_log + examples: + - manifest: |- + { + "iam_role_arn": "${aws_iam_role.example.arn}", + "log_destination": "${aws_cloudwatch_log_group.example.arn}", + "traffic_type": "ALL", + "vpc_id": "${aws_vpc.example.id}" + } + references: + iam_role_arn: aws_iam_role.arn + log_destination: aws_cloudwatch_log_group.arn + vpc_id: aws_vpc.id + - manifest: |- + { + "log_destination": "${aws_s3_bucket.example.arn}", + "log_destination_type": "s3", + "traffic_type": "ALL", + "vpc_id": "${aws_vpc.example.id}" + } + references: + log_destination: aws_s3_bucket.arn + vpc_id: aws_vpc.id + argumentDocs: + arn: '- The ARN of the Flow Log.' + eni_id: '- (Optional) Elastic Network Interface ID to attach to' + iam_role_arn: '- (Optional) The ARN for the IAM role that''s used to post flow logs to a CloudWatch Logs log group' + id: '- The Flow Log ID' + log_destination: '- (Optional) The ARN of the logging destination.' + log_destination_type: '- (Optional) The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.' + log_format: '- (Optional) The fields to include in the flow log record, in the order in which they should appear.' + log_group_name: '- (Optional) Deprecated: Use log_destination instead. The name of the CloudWatch log group.' + max_aggregation_interval: |- + - (Optional) The maximum interval of time + during which a flow of packets is captured and aggregated into a flow + log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 + minutes). Default: 600. + subnet_id: '- (Optional) Subnet ID to attach to' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + traffic_type: '- (Required) The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.' + vpc_id: '- (Optional) VPC ID to attach to' + aws_fms_admin_account: + subCategory: Firewall Manager (FMS) + description: Provides a resource to associate/disassociate an AWS Firewall Manager administrator account + name: aws_fms_admin_account + titleName: aws_fms_admin_account + examples: + - manifest: '{}' + argumentDocs: + account_id: '- (Optional) The AWS account ID to associate with AWS Firewall Manager as the AWS Firewall Manager administrator account. This can be an AWS Organizations master account or a member account. Defaults to the current account. Must be configured to perform drift detection.' + id: '- The AWS account ID of the AWS Firewall Manager administrator account.' + aws_fms_policy: + subCategory: Firewall Manager (FMS) + description: Provides a resource to create an AWS Firewall Manager policy + name: aws_fms_policy + titleName: aws_fms_policy + examples: + - manifest: |- + { + "exclude_resource_tags": false, + "name": "FMS-Policy-Example", + "remediation_enabled": false, + "resource_type_list": [ + "AWS::ElasticLoadBalancingV2::LoadBalancer" + ], + "security_service_policy_data": [ + { + "managed_service_data": "${jsonencode({\n type = \"WAF\",\n ruleGroups = [{\n id = aws_wafregional_rule_group.example.id\n overrideAction = {\n type = \"COUNT\"\n }\n }]\n defaultAction = {\n type = \"BLOCK\"\n }\n overrideCustomerWebACLAssociation = false\n })}", + "type": "WAF" + } + ] + } + argumentDocs: + account: '- (Optional) A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.' + delete_all_policy_resources: '- (Optional) If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy' + exclude_map: '- (Optional) A map of lists of accounts and OU''s to exclude from the policy.' + exclude_resource_tags: '- (Required, Forces new resource) A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.' + id: '- The AWS account ID of the AWS Firewall Manager administrator account.' + include_map: '- (Optional) A map of lists of accounts and OU''s to include in the policy.' + managed_service_data: (Optional) Details about the service that are specific to the service type, in JSON format. For service type SHIELD_ADVANCED, this is an empty string. Examples depending on type can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. + name: '- (Required, Forces new resource) The friendly name of the AWS Firewall Manager Policy.' + orgunit: '- (Optional) A list of AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.' + policy_update_token: '- A unique identifier for each update to the policy.' + remediation_enabled: '- (Required) A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.' + resource_tags: '- (Optional) A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.' + resource_type: '- (Optional) A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.' + resource_type_list: '- (Optional) A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values.' + security_service_policy_data: '- (Required) The objects to include in Security Service Policy Data. Documented below.' + type: '- (Required, Forces new resource) The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.' + aws_fsx_backup: + subCategory: File System (FSx) + description: Manages a FSx Backup. + name: aws_fsx_backup + titleName: aws_fsx_backup + examples: + - manifest: |- + { + "file_system_id": "${aws_fsx_lustre_file_system.example.id}" + } + references: + file_system_id: aws_fsx_lustre_file_system.id + argumentDocs: + arn: '- Amazon Resource Name of the backup.' + create: '- (Default 10m) How long to wait for the backup to be created.' + delete: '- (Default 10m) How long to wait for the backup to be deleted.' + file_system_id: '- (Required) The ID of the file system to back up.' + id: '- Identifier of the backup, e.g. fs-12345678' + kms_key_id: '- The ID of the AWS Key Management Service (AWS KMS) key used to encrypt the backup of the Amazon FSx file system''s data at rest.' + owner_id: '- AWS account identifier that created the file system.' + tags: '- (Optional) A map of tags to assign to the file system. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. If you have set copy_tags_to_backups to true, and you specify one or more tags, no existing file system tags are copied from the file system to the backup.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- The type of the file system backup.' + aws_fsx_lustre_file_system: + subCategory: File System (FSx) + description: Manages a FSx Lustre File System. + name: aws_fsx_lustre_file_system + titleName: aws_fsx_lustre_file_system + examples: + - manifest: |- + { + "import_path": "s3://${aws_s3_bucket.example.bucket}", + "storage_capacity": 1200, + "subnet_ids": [ + "${aws_subnet.example.id}" + ] + } + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${security_group_ids}" + ] + } + ], + "security_group_ids": [ + "${aws_security_group.example.id}" + ] + } + argumentDocs: + arn: '- Amazon Resource Name of the file system.' + auto_import_policy: '- (Optional) How Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. see Auto Import Data Repo for more details.' + automatic_backup_retention_days: '- (Optional) The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. only valid for PERSISTENT_1 deployment_type.' + backup_id: '- (Optional) The ID of the source backup to create the filesystem from.' + copy_tags_to_backups: '- (Optional) A boolean flag indicating whether tags for the file system should be copied to backups. Applicable for PERSISTENT_1 deployment_type. The default value is false.' + create: '- (Default 30m) How long to wait for the file system to be created.' + daily_automatic_backup_start_time: '- (Optional) A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. For example, 05:00 specifies 5 AM daily. only valid for PERSISTENT_1 deployment_type. Requires automatic_backup_retention_days to be set.' + data_compression_type: '- (Optional) Sets the data compression configuration for the file system. Valid values are LZ4 and NONE. Default value is NONE. Unsetting this value reverts the compression type back to NONE.' + delete: '- (Default 30m) How long to wait for the file system to be deleted.' + deployment_type: '- (Optional) - The filesystem deployment type. One of: SCRATCH_1, SCRATCH_2, PERSISTENT_1.' + dns_name: '- DNS name for the file system, e.g. fs-12345678.fsx.us-west-2.amazonaws.com' + drive_cache_type: '- (Optional) - The type of drive cache used by PERSISTENT_1 filesystems that are provisioned with HDD storage_type. Required for HDD storage_type, set to either READ or NONE.' + export_path: '- (Optional) S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with import_path argument and the path must use the same Amazon S3 bucket as specified in import_path. Set equal to import_path to overwrite files on export. Defaults to s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}.' + id: '- Identifier of the file system, e.g. fs-12345678' + import_path: '- (Optional) S3 URI (with optional prefix) that you''re using as the data repository for your FSx for Lustre file system. For example, s3://example-bucket/optional-prefix/.' + imported_file_chunk_size: '- (Optional) For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. Can only be specified with import_path argument. Defaults to 1024. Minimum of 1 and maximum of 512000.' + kms_key_id: '- (Optional) ARN for the KMS Key to encrypt the file system at rest, applicable for PERSISTENT_1 deployment_type. Defaults to an AWS managed KMS Key.' + mount_name: '- The value to be used when mounting the filesystem.' + network_interface_ids: '- Set of Elastic Network Interface identifiers from which the file system is accessible. As explained in the documentation, the first network interface returned is the primary network interface.' + owner_id: '- AWS account identifier that created the file system.' + per_unit_storage_throughput: '- (Optional) - Describes the amount of read and write throughput for each 1 tebibyte of storage, in MB/s/TiB, required for the PERSISTENT_1 deployment_type. Valid values for SSD storage_type are 50, 100, 200. Valid values for HDD storage_type are 12, 40.' + security_group_ids: '- (Optional) A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.' + storage_capacity: '- (Optional) The storage capacity (GiB) of the file system. Minimum of 1200. See more details at Allowed values for Fsx storage capacity. Update is allowed only for SCRATCH_2 and PERSISTENT_1 deployment types, See more details at Fsx Storage Capacity Update. Required when not creating filesystem for a backup.' + storage_type: '- (Optional) - The filesystem storage type. Either SSD or HDD, defaults to SSD. HDD is only supported on PERSISTENT_1 deployment types.' + subnet_ids: '- (Required) A list of IDs for the subnets that the file system will be accessible from. File systems currently support only one subnet. The file server is also launched in that subnet''s Availability Zone.' + tags: '- (Optional) A map of tags to assign to the file system. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- Identifier of the Virtual Private Cloud for the file system.' + weekly_maintenance_start_time: '- (Optional) The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone.' + aws_fsx_windows_file_system: + subCategory: File System (FSx) + description: Manages a FSx Windows File System. + name: aws_fsx_windows_file_system + titleName: aws_fsx_windows_file_system + examples: + - manifest: |- + { + "active_directory_id": "${aws_directory_service_directory.example.id}", + "kms_key_id": "${aws_kms_key.example.arn}", + "storage_capacity": 300, + "subnet_ids": [ + "${aws_subnet.example.id}" + ], + "throughput_capacity": 1024 + } + references: + active_directory_id: aws_directory_service_directory.id + kms_key_id: aws_kms_key.arn + - manifest: |- + { + "kms_key_id": "${aws_kms_key.example.arn}", + "self_managed_active_directory": [ + { + "dns_ips": [ + "10.0.0.111", + "10.0.0.222" + ], + "domain_name": "corp.example.com", + "password": "avoid-plaintext-passwords", + "username": "Admin" + } + ], + "storage_capacity": 300, + "subnet_ids": [ + "${aws_subnet.example.id}" + ], + "throughput_capacity": 1024 + } + references: + kms_key_id: aws_kms_key.arn + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${security_group_ids}" + ] + } + ], + "security_group_ids": [ + "${aws_security_group.example.id}" + ] + } + argumentDocs: + active_directory_id: '- (Optional) The ID for an existing Microsoft Active Directory instance that the file system should join when it''s created. Cannot be specified with self_managed_active_directory.' + aliases: '- (Optional) An array DNS alias names that you want to associate with the Amazon FSx file system. For more information, see Working with DNS Aliases' + arn: '- Amazon Resource Name of the file system.' + audit_log_configuration: '- (Optional) The configuration that Amazon FSx for Windows File Server uses to audit and log user accesses of files, folders, and file shares on the Amazon FSx for Windows File Server file system. See below.' + audit_log_destination: '- (Optional) The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN. Can be specified when file_access_audit_log_level and file_share_access_audit_log_level are not set to DISABLED. The name of the Amazon CloudWatch Logs log group must begin with the /aws/fsx prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the aws-fsx prefix. If you do not provide a destination in audit_log_destionation, Amazon FSx will create and use a log stream in the CloudWatch Logs /aws/fsx/windows log group.' + automatic_backup_retention_days: '- (Optional) The number of days to retain automatic backups. Minimum of 0 and maximum of 90. Defaults to 7. Set to 0 to disable.' + backup_id: '- (Optional) The ID of the source backup to create the filesystem from.' + copy_tags_to_backups: '- (Optional) A boolean flag indicating whether tags on the file system should be copied to backups. Defaults to false.' + create: '- (Default 45m) How long to wait for the file system to be created.' + daily_automatic_backup_start_time: '- (Optional) The preferred time (in HH:MM format) to take daily automatic backups, in the UTC time zone.' + delete: '- (Default 30m) How long to wait for the file system to be deleted.' + deployment_type: '- (Optional) Specifies the file system deployment type, valid values are MULTI_AZ_1, SINGLE_AZ_1 and SINGLE_AZ_2. Default value is SINGLE_AZ_1.' + dns_ips: '- (Required) A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in RFC 1918.' + dns_name: '- DNS name for the file system, e.g. fs-12345678.corp.example.com (domain name matching the Active Directory domain name)' + domain_name: '- (Required) The fully qualified domain name of the self-managed AD directory. For example, corp.example.com.' + file_access_audit_log_level: '- (Optional) Sets which attempt type is logged by Amazon FSx for file and folder accesses. Valid values are SUCCESS_ONLY, FAILURE_ONLY, SUCCESS_AND_FAILURE, and DISABLED. Default value is DISABLED.' + file_share_access_audit_log_level: '- (Optional) Sets which attempt type is logged by Amazon FSx for file share accesses. Valid values are SUCCESS_ONLY, FAILURE_ONLY, SUCCESS_AND_FAILURE, and DISABLED. Default value is DISABLED.' + file_system_administrators_group: '- (Optional) The name of the domain group whose members are granted administrative privileges for the file system. Administrative privileges include taking ownership of files and folders, and setting audit controls (audit ACLs) on files and folders. The group that you specify must already exist in your domain. Defaults to Domain Admins.' + id: '- Identifier of the file system, e.g. fs-12345678' + kms_key_id: '- (Optional) ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key.' + network_interface_ids: '- Set of Elastic Network Interface identifiers from which the file system is accessible.' + organizational_unit_distinguished_name: '- (Optional) The fully qualified distinguished name of the organizational unit within your self-managed AD directory that the Windows File Server instance will join. For example, OU=FSx,DC=yourdomain,DC=corp,DC=com. Only accepts OU as the direct parent of the file system. If none is provided, the FSx file system is created in the default location of your self-managed AD directory. To learn more, see RFC 2253.' + owner_id: '- AWS account identifier that created the file system.' + password: '- (Required) The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.' + preferred_file_server_ip: '- The IP address of the primary, or preferred, file server.' + preferred_subnet_id: '- (Optional) Specifies the subnet in which you want the preferred file server to be located. Required for when deployment type is MULTI_AZ_1.' + remote_administration_endpoint: '- For MULTI_AZ_1 deployment types, use this endpoint when performing administrative tasks on the file system using Amazon FSx Remote PowerShell. For SINGLE_AZ_1 deployment types, this is the DNS name of the file system.' + security_group_ids: '- (Optional) A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.' + self_managed_active_directory: '- (Optional) Configuration block that Amazon FSx uses to join the Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory. Cannot be specified with active_directory_id. Detailed below.' + skip_final_backup: '- (Optional) When enabled, will skip the default final backup taken when the file system is deleted. This configuration must be applied separately before attempting to delete the resource to have the desired behavior. Defaults to false.' + storage_capacity: '- (Optional) Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to HDD the minimum value is 2000. Required when not creating filesystem for a backup.' + storage_type: '- (Optional) Specifies the storage type, Valid values are SSD and HDD. HDD is supported on SINGLE_AZ_2 and MULTI_AZ_1 Windows file system deployment types. Default value is SSD.' + subnet_ids: '- (Required) A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set deployment_type to MULTI_AZ_1.' + tags: '- (Optional) A map of tags to assign to the file system. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + throughput_capacity: '- (Required) Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of 8 and maximum of 2048.' + update: '- (Default 45m) How long to wait for the file system to be updated.' + username: '- (Required) The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.' + vpc_id: '- Identifier of the Virtual Private Cloud for the file system.' + weekly_maintenance_start_time: '- (Optional) The preferred start time (in d:HH:MM format) to perform weekly maintenance, in the UTC time zone.' + aws_gamelift_alias: + subCategory: Gamelift + description: Provides a Gamelift Alias resource. + name: aws_gamelift_alias + titleName: aws_gamelift_alias + examples: + - manifest: |- + { + "description": "Example Description", + "name": "example-alias", + "routing_strategy": [ + { + "message": "Example Message", + "type": "TERMINAL" + } + ] + } + argumentDocs: + arn: '- Alias ARN.' + description: '- (Optional) Description of the alias.' + fleet_id: '- (Optional) ID of the Gamelift Fleet to point the alias to.' + id: '- Alias ID.' + message: '- (Optional) Message text to be used with the TERMINAL routing strategy.' + name: '- (Required) Name of the alias.' + routing_strategy: '- (Required) Specifies the fleet and/or routing type to use for the alias.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) Type of routing strategy. e.g. SIMPLE or TERMINAL' + aws_gamelift_build: + subCategory: Gamelift + description: Provides a Gamelift Build resource. + name: aws_gamelift_build + titleName: aws_gamelift_build + examples: + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy.test}" + ], + "name": "example-build", + "operating_system": "WINDOWS_2012", + "storage_location": [ + { + "bucket": "${aws_s3_bucket.test.bucket}", + "key": "${aws_s3_bucket_object.test.key}", + "role_arn": "${aws_iam_role.test.arn}" + } + ] + } + argumentDocs: + arn: '- Gamelift Build ARN.' + bucket: '- (Required) Name of your S3 bucket.' + id: '- Gamelift Build ID.' + key: '- (Required) Name of the zip file containing your build files.' + name: '- (Required) Name of the build' + operating_system: '- (Required) Operating system that the game server binaries are built to run on. e.g. WINDOWS_2012, AMAZON_LINUX or AMAZON_LINUX_2.' + role_arn: '- (Required) ARN of the access role that allows Amazon GameLift to access your S3 bucket.' + storage_location: '- (Required) Information indicating where your game build files are stored. See below.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version: '- (Optional) Version that is associated with this build.' + aws_gamelift_fleet: + subCategory: Gamelift + description: Provides a Gamelift Fleet resource. + name: aws_gamelift_fleet + titleName: aws_gamelift_fleet + examples: + - manifest: |- + { + "build_id": "${aws_gamelift_build.example.id}", + "ec2_instance_type": "t2.micro", + "fleet_type": "ON_DEMAND", + "name": "example-fleet-name", + "runtime_configuration": [ + { + "server_process": [ + { + "concurrent_executions": 1, + "launch_path": "C:\\game\\GomokuServer.exe" + } + ] + } + ] + } + references: + build_id: aws_gamelift_build.id + argumentDocs: + arn: '- Fleet ARN.' + build_id: '- (Required) ID of the Gamelift Build to be deployed on the fleet.' + concurrent_executions: '- (Required) Number of server processes using this configuration to run concurrently on an instance.' + create: '- (Default 70m) How long to wait for a fleet to be created.' + delete: '- (Default 20m) How long to wait for a fleet to be deleted.' + description: '- (Optional) Human-readable description of the fleet.' + ec2_inbound_permission: '- (Optional) Range of IP addresses and port settings that permit inbound traffic to access server processes running on the fleet. See below.' + ec2_instance_type: '- (Required) Name of an EC2 instance type. e.g. t2.micro' + fleet_type: '- (Optional) Type of fleet. This value must be ON_DEMAND or SPOT. Defaults to ON_DEMAND.' + from_port: '- (Required) Starting value for a range of allowed port numbers.' + game_session_activation_timeout_seconds: '- (Optional) Maximum amount of time (in seconds) that a game session can remain in status ACTIVATING.' + id: '- Fleet ID.' + instance_role_arn: '- (Optional) ARN of an IAM role that instances in the fleet can assume.' + ip_range: '- (Required) Range of allowed IP addresses expressed in CIDR notation. e.g. 000.000.000.000/[subnet mask] or 0.0.0.0/[subnet mask].' + launch_path: '- (Required) Location of the server executable in a game build. All game builds are installed on instances at the root : for Windows instances C:\game, and for Linux instances /local/game.' + max_concurrent_game_session_activations: '- (Optional) Maximum number of game sessions with status ACTIVATING to allow on an instance simultaneously.' + metric_groups: '- (Optional) List of names of metric groups to add this fleet to. A metric group tracks metrics across all fleets in the group. Defaults to default.' + name: '- (Required) The name of the fleet.' + new_game_session_protection_policy: '- (Optional) Game session protection policy to apply to all instances in this fleet. e.g. FullProtection. Defaults to NoProtection.' + new_game_sessions_per_creator: '- (Optional) Maximum number of game sessions that an individual can create during the policy period.' + operating_system: '- Operating system of the fleet''s computing resources.' + parameters: '- (Optional) Optional list of parameters to pass to the server executable on launch.' + policy_period_in_minutes: '- (Optional) Time span used in evaluating the resource creation limit policy.' + protocol: '- (Required) Network communication protocol used by the fleet. e.g. TCP or UDP' + resource_creation_limit_policy: '- (Optional) Policy that limits the number of game sessions an individual player can create over a span of time for this fleet. See below.' + runtime_configuration: '- (Optional) Instructions for launching server processes on each instance in the fleet. See below.' + server_process: '- (Optional) Collection of server process configurations that describe which server processes to run on each instance in a fleet. See below.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + to_port: '- (Required) Ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than from_port.' + aws_gamelift_game_session_queue: + subCategory: Gamelift + description: Provides a Gamelift Game Session Queue resource. + name: aws_gamelift_game_session_queue + titleName: aws_gamelift_game_session_queue + examples: + - manifest: |- + { + "destinations": [ + "${aws_gamelift_fleet.us_west_2_fleet.arn}", + "${aws_gamelift_fleet.eu_central_1_fleet.arn}" + ], + "name": "example-session-queue", + "player_latency_policy": [ + { + "maximum_individual_player_latency_milliseconds": 100, + "policy_duration_seconds": 5 + }, + { + "maximum_individual_player_latency_milliseconds": 200 + } + ], + "timeout_in_seconds": 60 + } + argumentDocs: + arn: '- Game Session Queue ARN.' + destinations: '- (Optional) List of fleet/alias ARNs used by session queue for placing game sessions.' + maximum_individual_player_latency_milliseconds: '- (Required) Maximum latency value that is allowed for any player.' + name: '- (Required) Name of the session queue.' + player_latency_policy: '- (Optional) One or more policies used to choose fleet based on player latency. See below.' + policy_duration_seconds: '- (Optional) Length of time that the policy is enforced while placing a new game session. Absence of value for this attribute means that the policy is enforced until the queue times out.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout_in_seconds: '- (Required) Maximum time a game session request can remain in the queue.' + aws_glacier_vault: + subCategory: Glacier + description: Provides a Glacier Vault. + name: aws_glacier_vault + titleName: aws_glacier_vault + examples: + - manifest: |- + { + "access_policy": "{\n \"Version\":\"2012-10-17\",\n \"Statement\":[\n {\n \"Sid\": \"add-read-only-perm\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\"\n ],\n \"Resource\": \"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"\n }\n ]\n}\n", + "name": "MyArchive", + "notification": [ + { + "events": [ + "ArchiveRetrievalCompleted", + "InventoryRetrievalCompleted" + ], + "sns_topic": "${aws_sns_topic.aws_sns_topic.arn}" + } + ], + "tags": { + "Test": "MyArchive" + } + } + argumentDocs: + access_policy: |- + - (Optional) The policy document. This is a JSON formatted string. + The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy + arn: '- The ARN of the vault.' + events: '- (Required) You can configure a vault to publish a notification for ArchiveRetrievalCompleted and InventoryRetrievalCompleted events.' + location: '- The URI of the vault that was created.' + name: '- (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, ''_'' (underscore), ''-'' (hyphen), and ''.'' (period).' + notification: '- (Optional) The notifications for the Vault. Fields documented below.' + sns_topic: '- (Required) The SNS Topic ARN.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_glacier_vault_lock: + subCategory: Glacier + description: Manages a Glacier Vault Lock. + name: aws_glacier_vault_lock + titleName: aws_glacier_vault_lock + examples: + - manifest: |- + { + "complete_lock": false, + "policy": "${data.aws_iam_policy_document.example.json}", + "vault_name": "${aws_glacier_vault.example.name}" + } + references: + policy: data.json + vault_name: aws_glacier_vault.name + - manifest: |- + { + "complete_lock": true, + "policy": "${data.aws_iam_policy_document.example.json}", + "vault_name": "${aws_glacier_vault.example.name}" + } + references: + policy: data.json + vault_name: aws_glacier_vault.name + argumentDocs: + complete_lock: '- (Required) Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to false, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the Terraform resource will show as needing recreation. Changing this from false to true will show as resource recreation, which is expected. Changing this from true to false is not possible unless the Glacier Vault is recreated at the same time.' + id: '- Glacier Vault name.' + ignore_deletion_error: '- (Optional) Allow Terraform to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via Terraform, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with complete_lock being set to true.' + policy: '- (Required) JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.' + vault_name: '- (Required) The name of the Glacier Vault.' + aws_globalaccelerator_accelerator: + subCategory: Global Accelerator + description: Provides a Global Accelerator accelerator. + name: aws_globalaccelerator_accelerator + titleName: aws_globalaccelerator_accelerator + examples: + - manifest: |- + { + "attributes": [ + { + "flow_logs_enabled": true, + "flow_logs_s3_bucket": "example-bucket", + "flow_logs_s3_prefix": "flow-logs/" + } + ], + "enabled": true, + "ip_address_type": "IPV4", + "name": "Example" + } + argumentDocs: + attributes: '- (Optional) The attributes of the accelerator. Fields documented below.' + create: '- (Default 30 minutes) How long to wait for the Global Accelerator Accelerator to be created.' + dns_name: '- The DNS name of the accelerator. For example, a5d53ff5ee6bca4ce.awsglobalaccelerator.com.' + enabled: '- (Optional) Indicates whether the accelerator is enabled. Defaults to true. Valid values: true, false.' + flow_logs_enabled: '- (Optional) Indicates whether flow logs are enabled. Defaults to false. Valid values: true, false.' + flow_logs_s3_bucket: '- (Optional) The name of the Amazon S3 bucket for the flow logs. Required if flow_logs_enabled is true.' + flow_logs_s3_prefix: '- (Optional) The prefix for the location in the Amazon S3 bucket for the flow logs. Required if flow_logs_enabled is true.' + hosted_zone_id: |- + -- The Global Accelerator Route 53 zone ID that can be used to + route an Alias Resource Record Set to the Global Accelerator. This attribute + is simply an alias for the zone ID Z2BJ6XQ5FK7U4H. + id: '- The Amazon Resource Name (ARN) of the accelerator.' + ip_address_type: '- (Optional) The value for the address type. Defaults to IPV4. Valid values: IPV4.' + ip_addresses: '- A list of IP addresses in the IP address set.' + ip_family: '- The type of IP addresses included in this IP set.' + ip_sets: '- IP address set associated with the accelerator.' + name: '- (Required) The name of the accelerator.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 30 minutes) How long to wait for the Global Accelerator Accelerator to be updated.' + aws_globalaccelerator_endpoint_group: + subCategory: Global Accelerator + description: Provides a Global Accelerator endpoint group. + name: aws_globalaccelerator_endpoint_group + titleName: aws_globalaccelerator_endpoint_group + examples: + - manifest: |- + { + "endpoint_configuration": [ + { + "endpoint_id": "${aws_lb.example.arn}", + "weight": 100 + } + ], + "listener_arn": "${aws_globalaccelerator_listener.example.id}" + } + references: + listener_arn: aws_globalaccelerator_listener.id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the endpoint group.' + client_ip_preservation_enabled: |- + - (Optional) Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the AWS documentation for more details. The default value is false. + Note: When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named GlobalAccelerator that must be deleted (potentially outside of Terraform) before the VPC will successfully delete. If this EC2 Security Group is not deleted, Terraform will retry the VPC deletion for a few minutes before reporting a DependencyViolation error. This cannot be resolved by re-running Terraform. + create: '- (Default 30 minutes) How long to wait for the Global Accelerator Endpoint Group to be created.' + delete: '- (Default 30 minutes) How long to wait for the Global Accelerator Endpoint Group to be deleted.' + endpoint_configuration: '- (Optional) The list of endpoint objects. Fields documented below.' + endpoint_group_region: (Optional) - The name of the AWS Region where the endpoint group is located. + endpoint_id: '- (Optional) An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID.' + endpoint_port: '- (Required) The endpoint port that you want a listener port to be mapped to. This is the port on the endpoint, such as the Application Load Balancer or Amazon EC2 instance.' + health_check_interval_seconds: '- (Optional) The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30.' + health_check_path: '- (Optional) If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (/). Terraform will only perform drift detection of its value when present in a configuration.' + health_check_port: |- + - (Optional) The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list. + Terraform will only perform drift detection of its value when present in a configuration. + health_check_protocol: '- (Optional) The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP.' + id: '- The Amazon Resource Name (ARN) of the endpoint group.' + listener_arn: '- (Required) The Amazon Resource Name (ARN) of the listener.' + listener_port: '- (Required) The listener port that you want to map to a specific endpoint port. This is the port that user traffic arrives to the Global Accelerator on.' + port_override: '- (Optional) Override specific listener ports used to route traffic to endpoints that are part of this endpoint group. Fields documented below.' + threshold_count: '- (Optional) The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3.' + traffic_dial_percentage: '- (Optional) The percentage of traffic to send to an AWS Region. Additional traffic is distributed to other endpoint groups for this listener. The default value is 100.' + update: '- (Default 30 minutes) How long to wait for the Global Accelerator Endpoint Group to be updated.' + weight: '- (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify.' + aws_globalaccelerator_listener: + subCategory: Global Accelerator + description: Provides a Global Accelerator listener. + name: aws_globalaccelerator_listener + titleName: aws_globalaccelerator_listener + examples: + - manifest: |- + { + "accelerator_arn": "${aws_globalaccelerator_accelerator.example.id}", + "client_affinity": "SOURCE_IP", + "port_range": [ + { + "from_port": 80, + "to_port": 80 + } + ], + "protocol": "TCP" + } + references: + accelerator_arn: aws_globalaccelerator_accelerator.id + argumentDocs: + accelerator_arn: '- (Required) The Amazon Resource Name (ARN) of your accelerator.' + client_affinity: '- (Optional) Direct all requests from a user to the same endpoint. Valid values are NONE, SOURCE_IP. Default: NONE. If NONE, Global Accelerator uses the "five-tuple" properties of source IP address, source port, destination IP address, destination port, and protocol to select the hash value. If SOURCE_IP, Global Accelerator uses the "two-tuple" properties of source (client) IP address and destination IP address to select the hash value.' + create: '- (Default 30 minutes) How long to wait for the Global Accelerator Listener to be created.' + delete: '- (Default 30 minutes) How long to wait for the Global Accelerator Listener to be deleted.' + from_port: '- (Optional) The first port in the range of ports, inclusive.' + id: '- The Amazon Resource Name (ARN) of the listener.' + port_range: '- (Optional) The list of port ranges for the connections from clients to the accelerator. Fields documented below.' + protocol: '- (Optional) The protocol for the connections from clients to the accelerator. Valid values are TCP, UDP.' + to_port: '- (Optional) The last port in the range of ports, inclusive.' + update: '- (Default 30 minutes) How long to wait for the Global Accelerator Listener to be updated.' + aws_glue_catalog_database: + subCategory: Glue + description: Provides a Glue Catalog Database. + name: aws_glue_catalog_database + titleName: aws_glue_catalog_database + examples: + - manifest: |- + { + "name": "MyCatalogDatabase" + } + argumentDocs: + arn: '- ARN of the Glue Catalog Database.' + catalog_id: '- (Required) ID of the Data Catalog in which the database resides.' + database_name: '- (Required) Name of the catalog database.' + description: '- (Optional) Description of the database.' + id: '- Catalog ID and name of the database' + location_uri: '- (Optional) Location of the database (for example, an HDFS path).' + name: '- (Required) Name of the database. The acceptable characters are lowercase letters, numbers, and the underscore character.' + parameters: '- (Optional) List of key-value pairs that define parameters and properties of the database.' + target_database: '- (Optional) Configuration block for a target database for resource linking. See target_database below.' + aws_glue_catalog_table: + subCategory: Glue + description: Provides a Glue Catalog Table. + name: aws_glue_catalog_table + titleName: aws_glue_catalog_table + examples: + - manifest: |- + { + "database_name": "MyCatalogDatabase", + "name": "MyCatalogTable" + } + - manifest: |- + { + "database_name": "MyCatalogDatabase", + "name": "MyCatalogTable", + "parameters": { + "EXTERNAL": "TRUE", + "parquet.compression": "SNAPPY" + }, + "storage_descriptor": [ + { + "columns": [ + { + "name": "my_string", + "type": "string" + }, + { + "name": "my_double", + "type": "double" + }, + { + "comment": "", + "name": "my_date", + "type": "date" + }, + { + "comment": "", + "name": "my_bigint", + "type": "bigint" + }, + { + "comment": "", + "name": "my_struct", + "type": "struct\u003cmy_nested_string:string\u003e" + } + ], + "input_format": "org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat", + "location": "s3://my-bucket/event-streams/my-stream", + "output_format": "org.apache.hadoop.hive.ql.io.parquet.MapredParquetOutputFormat", + "ser_de_info": [ + { + "name": "my-stream", + "parameters": { + "serialization.format": 1 + }, + "serialization_library": "org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe" + } + ] + } + ], + "table_type": "EXTERNAL_TABLE" + } + argumentDocs: + arn: '- The ARN of the Glue Table.' + bucket_columns: '- (Optional) List of reducer grouping columns, clustering columns, and bucketing columns in the table.' + catalog_id: '- (Required) ID of the Data Catalog in which the table resides.' + column: '- (Required) Name of the column.' + columns: '- (Optional) Configuration block for columns in the table. See columns below.' + comment: '- (Optional) Free-form text comment.' + compressed: '- (Optional) Whether the data in the table is compressed.' + database_name: '- (Required) Name of the catalog database that contains the target table.' + description: '- (Optional) Description of the table.' + id: '- Catalog ID, Database name and of the name table.' + index_name: '- (Required) Name of the partition index.' + input_format: '- (Optional) Input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format.' + keys: '- (Required) Keys for the partition index.' + location: '- (Optional) Physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.' + name: '- (Required) Name of the target table.' + number_of_buckets: '- (Optional) Must be specified if the table contains any dimension columns.' + output_format: '- (Optional) Output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format.' + owner: '- (Optional) Owner of the table.' + parameters: '- (Optional) Map of initialization parameters for the SerDe, in key-value form.' + partition_index: '- (Optional) Configuration block for a maximum of 3 partition indexes. See partition_index below.' + partition_keys: '- (Optional) Configuration block of columns by which the table is partitioned. Only primitive types are supported as partition keys. See partition_keys below.' + registry_name: '- (Optional) Name of the schema registry that contains the schema. Must be provided when schema_name is specified and conflicts with schema_arn.' + retention: '- (Optional) Retention time for this table.' + schema_arn: '- (Optional) ARN of the schema. One of schema_arn or schema_name has to be provided.' + schema_id: '- (Optional) Configuration block that contains schema identity fields. Either this or the schema_version_id has to be provided. See schema_id below.' + schema_name: '- (Optional) Name of the schema. One of schema_arn or schema_name has to be provided.' + schema_reference: '- (Optional) Object that references a schema stored in the AWS Glue Schema Registry. When creating a table, you can pass an empty list of columns for the schema, and instead use a schema reference. See Schema Reference below.' + schema_version_id: '- (Optional) Unique ID assigned to a version of the schema. Either this or the schema_id has to be provided.' + schema_version_number: '- (Required) Version number of the schema.' + ser_de_info: '- (Optional) Configuration block for serialization and deserialization ("SerDe") information. See ser_de_info below.' + serialization_library: '- (Optional) Usually the class that implements the SerDe. An example is org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe.' + skewed_column_names: '- (Optional) List of names of columns that contain skewed values.' + skewed_column_value_location_maps: '- (Optional) List of values that appear so frequently as to be considered skewed.' + skewed_column_values: '- (Optional) Map of skewed values to the columns that contain them.' + skewed_info: '- (Optional) Configuration block with information about values that appear very frequently in a column (skewed values). See skewed_info below.' + sort_columns: '- (Optional) Configuration block for the sort order of each bucket in the table. See sort_columns below.' + sort_order: '- (Required) Whether the column is sorted in ascending (1) or descending order (0).' + storage_descriptor: '- (Optional) Configuration block for information about the physical storage of this table. For more information, refer to the Glue Developer Guide. See storage_descriptor below.' + stored_as_sub_directories: '- (Optional) Whether the table data is stored in subdirectories.' + table_type: '- (Optional) Type of this table (EXTERNAL_TABLE, VIRTUAL_VIEW, etc.). While optional, some Athena DDL queries such as ALTER TABLE and SHOW CREATE TABLE will fail if this argument is empty.' + target_table: '- (Optional) Configuration block of a target table for resource linking. See target_table below.' + type: '- (Optional) Datatype of data in the Column.' + view_expanded_text: '- (Optional) If the table is a view, the expanded text of the view; otherwise null.' + view_original_text: '- (Optional) If the table is a view, the original text of the view; otherwise null.' + aws_glue_classifier: + subCategory: Glue + description: Provides an Glue Classifier resource. + name: aws_glue_classifier + titleName: aws_glue_classifier + examples: + - manifest: |- + { + "csv_classifier": [ + { + "allow_single_column": false, + "contains_header": "PRESENT", + "delimiter": ",", + "disable_value_trimming": false, + "header": [ + "example1", + "example2" + ], + "quote_symbol": "'" + } + ], + "name": "example" + } + - manifest: |- + { + "grok_classifier": [ + { + "classification": "example", + "grok_pattern": "example" + } + ], + "name": "example" + } + - manifest: |- + { + "json_classifier": [ + { + "json_path": "example" + } + ], + "name": "example" + } + - manifest: |- + { + "name": "example", + "xml_classifier": [ + { + "classification": "example", + "row_tag": "example" + } + ] + } + argumentDocs: + allow_single_column: '- (Optional) Enables the processing of files that contain only one column.' + classification: '- (Required) An identifier of the data format that the classifier matches.' + contains_header: '- (Optional) Indicates whether the CSV file contains a header. This can be one of "ABSENT", "PRESENT", or "UNKNOWN".' + csv_classifier: '- (Optional) A classifier for Csv content. Defined below.' + custom_patterns: '- (Optional) Custom grok patterns used by this classifier.' + delimiter: '- (Optional) The delimiter used in the Csv to separate columns.' + disable_value_trimming: '- (Optional) Specifies whether to trim column values.' + grok_classifier: – (Optional) A classifier that uses grok patterns. Defined below. + grok_pattern: '- (Required) The grok pattern used by this classifier.' + header: '- (Optional) A list of strings representing column names.' + id: '- Name of the classifier' + json_classifier: – (Optional) A classifier for JSON content. Defined below. + json_path: '- (Required) A JsonPath string defining the JSON data for the classifier to classify. AWS Glue supports a subset of JsonPath, as described in Writing JsonPath Custom Classifiers.' + name: – (Required) The name of the classifier. + quote_symbol: '- (Optional) A custom symbol to denote what combines content into a single column value. It must be different from the column delimiter.' + row_tag: '- (Required) The XML tag designating the element that contains each record in an XML document being parsed. Note that this cannot identify a self-closing element (closed by />). An empty row element that contains only attributes can be parsed as long as it ends with a closing tag (for example, is okay, but is not).' + xml_classifier: – (Optional) A classifier for XML content. Defined below. + aws_glue_connection: + subCategory: Glue + description: Provides an Glue Connection resource. + name: aws_glue_connection + titleName: aws_glue_connection + examples: + - manifest: |- + { + "connection_properties": { + "JDBC_CONNECTION_URL": "jdbc:mysql://example.com/exampledatabase", + "PASSWORD": "examplepassword", + "USERNAME": "exampleusername" + }, + "name": "example" + } + - manifest: |- + { + "connection_properties": { + "JDBC_CONNECTION_URL": "jdbc:mysql://${aws_rds_cluster.example.endpoint}/exampledatabase", + "PASSWORD": "examplepassword", + "USERNAME": "exampleusername" + }, + "name": "example", + "physical_connection_requirements": [ + { + "availability_zone": "${aws_subnet.example.availability_zone}", + "security_group_id_list": [ + "${aws_security_group.example.id}" + ], + "subnet_id": "${aws_subnet.example.id}" + } + ] + } + argumentDocs: + arn: '- The ARN of the Glue Connection.' + availability_zone: '- (Optional) The availability zone of the connection. This field is redundant and implied by subnet_id, but is currently an api requirement.' + catalog_id: – (Optional) The ID of the Data Catalog in which to create the connection. If none is supplied, the AWS account ID is used by default. + connection_properties: – (Optional) A map of key-value pairs used as parameters for this connection. + connection_type: '– (Optional) The type of the connection. Supported are: JDBC, MONGODB, KAFKA, and NETWORK. Defaults to JBDC.' + description: – (Optional) Description of the connection. + id: '- Catalog ID and name of the connection' + match_criteria: – (Optional) A list of criteria that can be used in selecting this connection. + name: – (Required) The name of the connection. + physical_connection_requirements: '- (Optional) A map of physical connection requirements, such as VPC and SecurityGroup. Defined below.' + security_group_id_list: '- (Optional) The security group ID list used by the connection.' + subnet_id: '- (Optional) The subnet ID used by the connection.' + aws_glue_crawler: + subCategory: Glue + description: Manages a Glue Crawler + name: aws_glue_crawler + titleName: aws_glue_crawler + examples: + - manifest: |- + { + "database_name": "${aws_glue_catalog_database.example.name}", + "dynamodb_target": [ + { + "path": "table-name" + } + ], + "name": "example", + "role": "${aws_iam_role.example.arn}" + } + references: + database_name: aws_glue_catalog_database.name + role: aws_iam_role.arn + - manifest: |- + { + "database_name": "${aws_glue_catalog_database.example.name}", + "jdbc_target": [ + { + "connection_name": "${aws_glue_connection.example.name}", + "path": "database-name/%" + } + ], + "name": "example", + "role": "${aws_iam_role.example.arn}" + } + references: + database_name: aws_glue_catalog_database.name + role: aws_iam_role.arn + - manifest: |- + { + "database_name": "${aws_glue_catalog_database.example.name}", + "name": "example", + "role": "${aws_iam_role.example.arn}", + "s3_target": [ + { + "path": "s3://${aws_s3_bucket.example.bucket}" + } + ] + } + references: + database_name: aws_glue_catalog_database.name + role: aws_iam_role.arn + - manifest: |- + { + "catalog_target": [ + { + "database_name": "${aws_glue_catalog_database.example.name}", + "tables": [ + "${aws_glue_catalog_table.example.name}" + ] + } + ], + "configuration": "{\n \"Version\":1.0,\n \"Grouping\": {\n \"TableGroupingPolicy\": \"CombineCompatibleSchemas\"\n }\n}\n", + "database_name": "${aws_glue_catalog_database.example.name}", + "name": "example", + "role": "${aws_iam_role.example.arn}", + "schema_change_policy": [ + { + "delete_behavior": "LOG" + } + ] + } + references: + database_name: aws_glue_catalog_database.name + role: aws_iam_role.arn + - manifest: |- + { + "database_name": "${aws_glue_catalog_database.example.name}", + "mongodb_target": [ + { + "connection_name": "${aws_glue_connection.example.name}", + "path": "database-name/%" + } + ], + "name": "example", + "role": "${aws_iam_role.example.arn}" + } + references: + database_name: aws_glue_catalog_database.name + role: aws_iam_role.arn + - manifest: |- + { + "configuration": "${jsonencode(\n {\n Grouping = {\n TableGroupingPolicy = \"CombineCompatibleSchemas\"\n }\n CrawlerOutput = {\n Partitions = { AddOrUpdateBehavior = \"InheritFromTable\" }\n }\n Version = 1\n }\n )}", + "database_name": "${aws_glue_catalog_database.glue_database.name}", + "name": "events_crawler_${var.environment_name}", + "role": "${aws_iam_role.glue_role.arn}", + "s3_target": [ + { + "path": "s3://${aws_s3_bucket.data_lake_bucket.bucket}" + } + ], + "schedule": "cron(0 1 * * ? *)", + "tags": "${var.tags}" + } + references: + database_name: aws_glue_catalog_database.name + role: aws_iam_role.arn + tags: var.tags + argumentDocs: + arn: '- The ARN of the crawler' + classifiers: (Optional) List of custom classifiers. By default, all AWS classifiers are included in a crawl, but these custom classifiers always override the default classifiers for a given classification. + configuration: (Optional) JSON string of configuration information. For more details see Setting Crawler Configuration Options. + connection_name: '- (Required) The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target.' + crawler_lineage_settings: '- (Optional) Specifies whether data lineage is enabled for the crawler. Valid values are: ENABLE and DISABLE. Default value is Disable.' + database_name: '- (Required) The name of the Glue database to be synchronized.' + delete_behavior: '- (Optional) The deletion behavior when the crawler finds a deleted object. Valid values: LOG, DELETE_FROM_DATABASE, or DEPRECATE_IN_DATABASE. Defaults to DEPRECATE_IN_DATABASE.' + description: (Optional) Description of the crawler. + dynamodb_target: (Optional) List of nested DynamoDB target arguments. See Dynamodb Target below. + exclusions: '- (Optional) A list of glob patterns used to exclude from the crawl.' + id: '- Crawler name' + jdbc_target: (Optional) List of nested JBDC target arguments. See JDBC Target below. + lineage_configuration: (Optional) Specifies data lineage configuration settings for the crawler. See Lineage Configuration below. + mongodb_target: (Optional) List nested MongoDB target arguments. See MongoDB Target below. + name: (Required) Name of the crawler. + path: '- (Required) The path of the Amazon DocumentDB or MongoDB target (database/collection).' + recrawl_behavior: '- (Optional) Specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. Valid Values are: CRAWL_EVERYTHING and CRAWL_NEW_FOLDERS_ONLY. Default value is CRAWL_EVERYTHING.' + recrawl_policy: (Optional) A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run.. See Recrawl Policy below. + role: (Required) The IAM role friendly name (including path without leading slash), or ARN of an IAM role, used by the crawler to access other resources. + s3_target: (Optional) List nested Amazon S3 target arguments. See S3 Target below. + sample_size: '- (Optional) Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249.' + scan_all: '- (Optional) Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. Default value is true.' + scan_rate: '- (Optional) The percentage of the configured read capacity units to use by the AWS Glue crawler. The valid values are null or a value between 0.1 to 1.5.' + schedule: '(Optional) A cron expression used to specify the schedule. For more information, see Time-Based Schedules for Jobs and Crawlers. For example, to run something every day at 12:15 UTC, you would specify: cron(15 12 * * ? *).' + schema_change_policy: (Optional) Policy for the crawler's update and deletion behavior. See Schema Change Policy below. + security_configuration: (Optional) The name of Security Configuration to be used by the crawler + table_prefix: (Optional) The table prefix used for catalog tables that are created. + tables: '- (Required) A list of catalog tables to be synchronized.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update_behavior: '- (Optional) The update behavior when the crawler finds a changed schema. Valid values: LOG or UPDATE_IN_DATABASE. Defaults to UPDATE_IN_DATABASE.' + aws_glue_data_catalog_encryption_settings: + subCategory: Glue + description: Provides a Glue Data Catalog Encryption Settings resource. + name: aws_glue_data_catalog_encryption_settings + titleName: aws_glue_data_catalog_encryption_settings + examples: + - manifest: |- + { + "data_catalog_encryption_settings": [ + { + "connection_password_encryption": [ + { + "aws_kms_key_id": "${aws_kms_key.test.arn}", + "return_connection_password_encrypted": true + } + ], + "encryption_at_rest": [ + { + "catalog_encryption_mode": "SSE-KMS", + "sse_aws_kms_key_id": "${aws_kms_key.test.arn}" + } + ] + } + ] + } + argumentDocs: + aws_kms_key_id: '- (Optional) A KMS key ARN that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least kms:Encrypt permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog.' + catalog_encryption_mode: '- (Required) The encryption-at-rest mode for encrypting Data Catalog data. Valid values are DISABLED and SSE-KMS.' + catalog_id: – (Optional) The ID of the Data Catalog to set the security configuration for. If none is provided, the AWS account ID is used by default. + connection_password_encryption: '- (Required) When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption.' + data_catalog_encryption_settings: – (Required) The security configuration to set. see Data Catalog Encryption Settings. + encryption_at_rest: '- (Required) Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest.' + id: '- The ID of the Data Catalog to set the security configuration for.' + return_connection_password_encrypted: '- (Required) When set to true, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption.' + sse_aws_kms_key_id: '- (Optional) The ARN of the AWS KMS key to use for encryption at rest.' + aws_glue_dev_endpoint: + subCategory: Glue + description: Provides a Glue Development Endpoint resource. + name: aws_glue_dev_endpoint + titleName: aws_glue_dev_endpoint + examples: + - manifest: |- + { + "name": "foo", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + arguments: '- (Optional) A map of arguments used to configure the endpoint.' + arn: '- The ARN of the endpoint.' + availability_zone: '- The AWS availability zone where this endpoint is located.' + extra_jars_s3_path: '- (Optional) Path to one or more Java Jars in an S3 bucket that should be loaded in this endpoint.' + extra_python_libs_s3_path: '- (Optional) Path(s) to one or more Python libraries in an S3 bucket that should be loaded in this endpoint. Multiple values must be complete paths separated by a comma.' + failure_reason: '- The reason for a current failure in this endpoint.' + glue_version: '- (Optional) - Specifies the versions of Python and Apache Spark to use. Defaults to AWS Glue version 0.9.' + name: '- The name of the new endpoint.' + number_of_nodes: '- (Optional) The number of AWS Glue Data Processing Units (DPUs) to allocate to this endpoint. Conflicts with worker_type.' + number_of_workers: '- (Optional) The number of workers of a defined worker type that are allocated to this endpoint. This field is available only when you choose worker type G.1X or G.2X.' + private_address: '- A private IP address to access the endpoint within a VPC, if this endpoint is created within one.' + public_address: '- The public IP address used by this endpoint. The PublicAddress field is present only when you create a non-VPC endpoint.' + public_key: '- (Optional) The public key to be used by this endpoint for authentication.' + public_keys: '- (Optional) A list of public keys to be used by this endpoint for authentication.' + role_arn: '- (Required) The IAM role for this endpoint.' + security_configuration: '- (Optional) The name of the Security Configuration structure to be used with this endpoint.' + security_group_ids: '- (Optional) Security group IDs for the security groups to be used by this endpoint.' + status: '- The current status of this endpoint.' + subnet_id: '- (Optional) The subnet ID for the new endpoint to use.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- he ID of the VPC used by this endpoint.' + worker_type: '- (Optional) The type of predefined worker that is allocated to this endpoint. Accepts a value of Standard, G.1X, or G.2X.' + yarn_endpoint_address: '- The YARN endpoint address used by this endpoint.' + zeppelin_remote_spark_interpreter_port: '- The Apache Zeppelin port for the remote Apache Spark interpreter.' + aws_glue_job: + subCategory: Glue + description: Provides an Glue Job resource. + name: aws_glue_job + titleName: aws_glue_job + examples: + - manifest: |- + { + "command": [ + { + "script_location": "s3://${aws_s3_bucket.example.bucket}/example.py" + } + ], + "name": "example", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + role_arn: aws_iam_role.arn + - manifest: |- + { + "command": [ + { + "script_location": "s3://${aws_s3_bucket.example.bucket}/example.scala" + } + ], + "default_arguments": { + "--job-language": "scala" + }, + "name": "example", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + role_arn: aws_iam_role.arn + - manifest: |- + { + "default_arguments": { + "--continuous-log-logGroup": "${aws_cloudwatch_log_group.example.name}", + "--enable-continuous-cloudwatch-log": "true", + "--enable-continuous-log-filter": "true", + "--enable-metrics": "" + } + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of Glue Job' + command: – (Required) The command of the job. Defined below. + connections: – (Optional) The list of connections used for this job. + default_arguments: – (Optional) The map of default arguments for this job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. For information about how to specify and consume your own Job arguments, see the Calling AWS Glue APIs in Python topic in the developer guide. For information about the key-value pairs that AWS Glue consumes to set up your job, see the Special Parameters Used by AWS Glue topic in the developer guide. + description: – (Optional) Description of the job. + execution_property: – (Optional) Execution property of the job. Defined below. + glue_version: '- (Optional) The version of glue to use, for example "1.0". For information about available versions, see the AWS Glue Release Notes.' + id: '- Job name' + max_capacity: – (Optional) The maximum number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. Required when pythonshell is set, accept either 0.0625 or 1.0. Use number_of_workers and worker_type arguments instead with glue_version 2.0 and above. + max_concurrent_runs: '- (Optional) The maximum number of concurrent runs allowed for a job. The default is 1.' + max_retries: – (Optional) The maximum number of times to retry this job if it fails. + name: '- (Optional) The name of the job command. Defaults to glueetl. Use pythonshell for Python Shell Job Type, max_capacity needs to be set if pythonshell is chosen.' + non_overridable_arguments: – (Optional) Non-overridable arguments for this job, specified as name-value pairs. + notification_property: '- (Optional) Notification property of the job. Defined below.' + notify_delay_after: '- (Optional) After a job run starts, the number of minutes to wait before sending a job run delay notification.' + number_of_workers: '- (Optional) The number of workers of a defined workerType that are allocated when a job runs.' + python_version: '- (Optional) The Python version being used to execute a Python shell job. Allowed values are 2 or 3.' + role_arn: – (Required) The ARN of the IAM role associated with this job. + script_location: '- (Required) Specifies the S3 path to a script that executes a job.' + security_configuration: '- (Optional) The name of the Security Configuration to be associated with the job.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout: – (Optional) The job timeout in minutes. The default is 2880 minutes (48 hours). + worker_type: '- (Optional) The type of predefined worker that is allocated when a job runs. Accepts a value of Standard, G.1X, or G.2X.' + aws_glue_ml_transform: + subCategory: Glue + description: Provides a Glue ML Transform resource. + name: aws_glue_ml_transform + titleName: aws_glue_ml_transform + examples: + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy_attachment.test}" + ], + "input_record_tables": [ + { + "database_name": "${aws_glue_catalog_table.test.database_name}", + "table_name": "${aws_glue_catalog_table.test.name}" + } + ], + "name": "example", + "parameters": [ + { + "find_matches_parameters": [ + { + "primary_key_column_name": "my_column_1" + } + ], + "transform_type": "FIND_MATCHES" + } + ], + "role_arn": "${aws_iam_role.test.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + accuracy_cost_trade_off: '- (Optional) The value that is selected when tuning your transform for a balance between accuracy and cost.' + arn: '- Amazon Resource Name (ARN) of Glue ML Transform.' + catalog_id: '- (Optional) A unique identifier for the AWS Glue Data Catalog.' + connection_name: '- (Optional) The name of the connection to the AWS Glue Data Catalog.' + data_type: '- The type of data in the column.' + database_name: '- (Required) A database name in the AWS Glue Data Catalog.' + description: – (Optional) Description of the ML Transform. + enforce_provided_labels: '- (Optional) The value to switch on or off to force the output to match the provided labels from users.' + find_matches_parameters: '- (Required) The parameters for the find matches algorithm. see Find Matches Parameters.' + glue_version: '- (Optional) The version of glue to use, for example "1.0". For information about available versions, see the AWS Glue Release Notes.' + id: '- Glue ML Transform ID.' + input_record_tables: '- (Required) A list of AWS Glue table definitions used by the transform. see Input Record Tables.' + label_count: '- The number of labels available for this transform.' + max_capacity: – (Optional) The number of AWS Glue data processing units (DPUs) that are allocated to task runs for this transform. You can allocate from 2 to 100 DPUs; the default is 10. max_capacity is a mutually exclusive option with number_of_workers and worker_type. + max_retries: – (Optional) The maximum number of times to retry this ML Transform if it fails. + name: '- The name of the column.' + number_of_workers: '- (Optional) The number of workers of a defined worker_type that are allocated when an ML Transform runs. Required with worker_type.' + parameters: '- (Required) The algorithmic parameters that are specific to the transform type used. Conditionally dependent on the transform type. see Parameters.' + precision_recall_trade_off: '- (Optional) The value selected when tuning your transform for a balance between precision and recall.' + primary_key_column_name: '- (Optional) The name of a column that uniquely identifies rows in the source table.' + role_arn: – (Required) The ARN of the IAM role associated with this ML Transform. + schema: '- The object that represents the schema that this transform accepts. see Schema.' + table_name: '- (Required) A table name in the AWS Glue Data Catalog.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout: – (Optional) The ML Transform timeout in minutes. The default is 2880 minutes (48 hours). + transform_type: '- (Required) The type of machine learning transform. For information about the types of machine learning transforms, see Creating Machine Learning Transforms.' + worker_type: '- (Optional) The type of predefined worker that is allocated when an ML Transform runs. Accepts a value of Standard, G.1X, or G.2X. Required with number_of_workers.' + aws_glue_partition: + subCategory: Glue + description: Provides a Glue Partition. + name: aws_glue_partition + titleName: aws_glue_partition + examples: + - manifest: |- + { + "database_name": "some-database", + "table_name": "some-table", + "values": [ + "some-value" + ] + } + argumentDocs: + bucket_columns: '- (Optional) A list of reducer grouping columns, clustering columns, and bucketing columns in the table.' + catalog_id: '- (Optional) ID of the Glue Catalog and database to create the table in. If omitted, this defaults to the AWS Account ID plus the database name.' + column: '- (Required) The name of the column.' + columns: '- (Optional) A list of the Columns in the table.' + comment: '- (Optional) Free-form text comment.' + compressed: '- (Optional) True if the data in the table is compressed, or False if not.' + creation_time: '- The time at which the partition was created.' + database_name: '- (Required) Name of the metadata database where the table metadata resides. For Hive compatibility, this must be all lowercase.' + id: '- partition id.' + input_format: '- (Optional) The input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format.' + last_accessed_time: '- The last time at which the partition was accessed.' + last_analyzed_time: '- The last time at which column statistics were computed for this partition.' + location: '- (Optional) The physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.' + name: '- (Optional) Name of the SerDe.' + number_of_buckets: '- (Optional) Must be specified if the table contains any dimension columns.' + output_format: '- (Optional) The output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format.' + parameters: '- (Optional) A map of initialization parameters for the SerDe, in key-value form.' + partition_values: '- (Required) The values that define the partition.' + ser_de_info: '- (Optional) Serialization/deserialization (SerDe) information.' + serialization_library: '- (Optional) Usually the class that implements the SerDe. An example is: org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe.' + skewed_column_names: '- (Optional) A list of names of columns that contain skewed values.' + skewed_column_value_location_maps: '- (Optional) A list of values that appear so frequently as to be considered skewed.' + skewed_column_values: '- (Optional) A map of skewed values to the columns that contain them.' + skewed_info: '- (Optional) Information about values that appear very frequently in a column (skewed values).' + sort_columns: '- (Optional) A list of Order objects specifying the sort order of each bucket in the table.' + sort_order: '- (Required) Indicates that the column is sorted in ascending order (== 1), or in descending order (==0).' + storage_descriptor: '- (Optional) A storage descriptor object containing information about the physical storage of this table. You can refer to the Glue Developer Guide for a full explanation of this object.' + stored_as_sub_directories: '- (Optional) True if the table data is stored in subdirectories, or False if not.' + type: '- (Optional) The datatype of data in the Column.' + aws_glue_registry: + subCategory: Glue + description: Provides a Glue Registry resource. + name: aws_glue_registry + titleName: aws_glue_registry + examples: + - manifest: |- + { + "registry_name": "example" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of Glue Registry.' + description: – (Optional) A description of the registry. + id: '- Amazon Resource Name (ARN) of Glue Registry.' + registry_name: – (Required) The Name of the registry. + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_glue_resource_policy: + subCategory: Glue + description: Provides a resource to configure the aws glue resource policy. + name: aws_glue_resource_policy + titleName: aws_glue_resource_policy + examples: + - manifest: |- + { + "policy": "${data.aws_iam_policy_document.glue-example-policy.json}" + } + references: + policy: data.json + argumentDocs: + policy: – (Required) The policy to be applied to the aws glue data catalog. + aws_glue_schema: + subCategory: Glue + description: Provides a Glue Schema resource. + name: aws_glue_schema + titleName: aws_glue_schema + examples: + - manifest: |- + { + "compatibility": "NONE", + "data_format": "AVRO", + "registry_arn": "${aws_glue_registry.test.arn}", + "schema_definition": "{\"type\": \"record\", \"name\": \"r1\", \"fields\": [ {\"name\": \"f1\", \"type\": \"int\"}, {\"name\": \"f2\", \"type\": \"string\"} ]}", + "schema_name": "example" + } + references: + registry_arn: aws_glue_registry.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the schema.' + compatibility: '- (Required) The compatibility mode of the schema. Values values are: NONE, DISABLED, BACKWARD, BACKWARD_ALL, FORWARD, FORWARD_ALL, FULL, and FULL_ALL.' + data_format: '- (Required) The data format of the schema definition. Currently only AVRO is supported.' + description: – (Optional) A description of the schema. + id: '- Amazon Resource Name (ARN) of the schema.' + latest_schema_version: '- The latest version of the schema associated with the returned schema definition.' + next_schema_version: '- The next version of the schema associated with the returned schema definition.' + registry_arn: '- (Required) The ARN of the Glue Registry to create the schema in.' + registry_name: '- The name of the Glue Registry.' + schema_checkpoint: '- The version number of the checkpoint (the last time the compatibility mode was changed).' + schema_definition: '- (Required) The schema definition using the data_format setting for schema_name.' + schema_name: – (Required) The Name of the schema. + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_glue_security_configuration: + subCategory: Glue + description: Manages a Glue Security Configuration + name: aws_glue_security_configuration + titleName: aws_glue_security_configuration + examples: + - manifest: |- + { + "encryption_configuration": [ + { + "cloudwatch_encryption": [ + { + "cloudwatch_encryption_mode": "DISABLED" + } + ], + "job_bookmarks_encryption": [ + { + "job_bookmarks_encryption_mode": "DISABLED" + } + ], + "s3_encryption": [ + { + "kms_key_arn": "${data.aws_kms_key.example.arn}", + "s3_encryption_mode": "SSE-KMS" + } + ] + } + ], + "name": "example" + } + argumentDocs: + 'cloudwatch_encryption ': '- (Required) A cloudwatch_encryption block as described below, which contains encryption configuration for CloudWatch.' + cloudwatch_encryption_mode: '- (Optional) Encryption mode to use for CloudWatch data. Valid values: DISABLED, SSE-KMS. Default value: DISABLED.' + encryption_configuration: – (Required) Configuration block containing encryption configuration. Detailed below. + id: '- Glue security configuration name' + 'job_bookmarks_encryption ': '- (Required) A job_bookmarks_encryption block as described below, which contains encryption configuration for job bookmarks.' + job_bookmarks_encryption_mode: '- (Optional) Encryption mode to use for job bookmarks data. Valid values: CSE-KMS, DISABLED. Default value: DISABLED.' + kms_key_arn: '- (Optional) Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.' + name: – (Required) Name of the security configuration. + s3_encryption: '- (Required) A s3_encryption block as described below, which contains encryption configuration for S3 data.' + s3_encryption_mode: '- (Optional) Encryption mode to use for S3 data. Valid values: DISABLED, SSE-KMS, SSE-S3. Default value: DISABLED.' + aws_glue_trigger: + subCategory: Glue + description: Manages a Glue Trigger resource. + name: aws_glue_trigger + titleName: aws_glue_trigger + examples: + - manifest: |- + { + "actions": [ + { + "job_name": "${aws_glue_job.example1.name}" + } + ], + "name": "example", + "predicate": [ + { + "conditions": [ + { + "job_name": "${aws_glue_job.example2.name}", + "state": "SUCCEEDED" + } + ] + } + ], + "type": "CONDITIONAL" + } + - manifest: |- + { + "actions": [ + { + "job_name": "${aws_glue_job.example.name}" + } + ], + "name": "example", + "type": "ON_DEMAND" + } + - manifest: |- + { + "actions": [ + { + "job_name": "${aws_glue_job.example.name}" + } + ], + "name": "example", + "schedule": "cron(15 12 * * ? *)", + "type": "SCHEDULED" + } + - manifest: |- + { + "actions": [ + { + "crawler_name": "${aws_glue_crawler.example1.name}" + } + ], + "name": "example", + "predicate": [ + { + "conditions": [ + { + "job_name": "${aws_glue_job.example2.name}", + "state": "SUCCEEDED" + } + ] + } + ], + "type": "CONDITIONAL" + } + - manifest: |- + { + "actions": [ + { + "job_name": "${aws_glue_job.example1.name}" + } + ], + "name": "example", + "predicate": [ + { + "conditions": [ + { + "crawl_state": "SUCCEEDED", + "crawler_name": "${aws_glue_crawler.example2.name}" + } + ] + } + ], + "type": "CONDITIONAL" + } + argumentDocs: + actions: – (Required) List of actions initiated by this trigger when it fires. See Actions Below. + arguments: '- (Optional) Arguments to be passed to the job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes.' + arn: '- Amazon Resource Name (ARN) of Glue Trigger' + conditions: '- (Required) A list of the conditions that determine when the trigger will fire. See Conditions.' + crawl_state: '- (Optional) The condition crawl state. Currently, the values supported are RUNNING, SUCCEEDED, CANCELLED, and FAILED. If this is specified, crawler_name must also be specified. Conflicts with state.' + crawler_name: '- (Optional) The name of the crawler to watch. If this is specified, crawl_state must also be specified. Conflicts with job_name.' + create: '- (Default 5m) How long to wait for a trigger to be created.' + delete: '- (Default 5m) How long to wait for a trigger to be deleted.' + description: – (Optional) A description of the new trigger. + enabled: – (Optional) Start the trigger. Defaults to true. + id: '- Trigger name' + job_name: '- (Optional) The name of the job to watch. If this is specified, state must also be specified. Conflicts with crawler_name.' + logical: '- (Optional) How to handle multiple conditions. Defaults to AND. Valid values are AND or ANY.' + logical_operator: '- (Optional) A logical operator. Defaults to EQUALS.' + name: – (Required) The name of the trigger. + notification_property: '- (Optional) Specifies configuration properties of a job run notification. See Notification Property details below.' + notify_delay_after: '- (Optional) After a job run starts, the number of minutes to wait before sending a job run delay notification.' + predicate: – (Optional) A predicate to specify when the new trigger should fire. Required when trigger type is CONDITIONAL. See Predicate Below. + schedule: – (Optional) A cron expression used to specify the schedule. Time-Based Schedules for Jobs and Crawlers + security_configuration: '- (Optional) The name of the Security Configuration structure to be used with this action.' + state: '- The current state of the trigger.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout: '- (Optional) The job run timeout in minutes. It overrides the timeout value of the job.' + type: – (Required) The type of trigger. Valid values are CONDITIONAL, ON_DEMAND, and SCHEDULED. + workflow_name: '- (Optional) A workflow to which the trigger should be associated to. Every workflow graph (DAG) needs a starting trigger (ON_DEMAND or SCHEDULED type) and can contain multiple additional CONDITIONAL triggers.' + aws_glue_user_defined_function: + subCategory: Glue + description: Provides a Glue User Defined Function. + name: aws_glue_user_defined_function + titleName: aws_glue_user_defined_function + examples: + - manifest: |- + { + "catalog_id": "${aws_glue_catalog_database.example.catalog_id}", + "class_name": "class", + "database_name": "${aws_glue_catalog_database.example.name}", + "name": "my_func", + "owner_name": "owner", + "owner_type": "GROUP", + "resource_uris": [ + { + "resource_type": "ARCHIVE", + "uri": "uri" + } + ] + } + references: + catalog_id: aws_glue_catalog_database.catalog_id + database_name: aws_glue_catalog_database.name + argumentDocs: + arn: '- The ARN of the Glue User Defined Function.' + catalog_id: '- (Optional) ID of the Glue Catalog to create the function in. If omitted, this defaults to the AWS Account ID.' + class_name: '- (Required) The Java class that contains the function code.' + create_date: '- The time at which the function was created.' + database_name: '- (Required) The name of the Database to create the Function.' + id: '- The id of the Glue User Defined Function.' + name: '- (Required) The name of the function.' + owner_name: '- (Required) The owner of the function.' + owner_type: '- (Required) The owner type. can be one of USER, ROLE, and GROUP.' + resource_type: '- (Required) The type of the resource. can be one of JAR, FILE, and ARCHIVE.' + resource_uris: '- (Optional) The configuration block for Resource URIs. See resource uris below for more details.' + uri: '- (Required) The URI for accessing the resource.' + aws_glue_workflow: + subCategory: Glue + description: Provides a Glue Workflow resource. + name: aws_glue_workflow + titleName: aws_glue_workflow + examples: + - manifest: |- + { + "name": "example" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of Glue Workflow' + default_run_properties: – (Optional) A map of default run properties for this workflow. These properties are passed to all jobs associated to the workflow. + description: – (Optional) Description of the workflow. + id: '- Workflow name' + max_concurrent_runs: '- (Optional) Prevents exceeding the maximum number of concurrent runs of any of the component jobs. If you leave this parameter blank, there is no limit to the number of concurrent workflow runs.' + name: – (Required) The name you assign to this workflow. + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_guardduty_detector: + subCategory: GuardDuty + description: Provides a resource to manage a GuardDuty detector + name: aws_guardduty_detector + titleName: aws_guardduty_detector + examples: + - manifest: |- + { + "datasources": [ + { + "s3_logs": [ + { + "enable": true + } + ] + } + ], + "enable": true + } + argumentDocs: + account_id: '- The AWS account ID of the GuardDuty detector' + arn: '- Amazon Resource Name (ARN) of the GuardDuty detector' + datasources: '- (Optional) Describes which data sources will be enabled for the detector. See Data Sources below for more details.' + enable: '- (Required) If true, enables S3 Protection. Defaults to true.' + finding_publishing_frequency: '- (Optional) Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to SIX_HOURS. For standalone and GuardDuty primary accounts, it must be configured in Terraform to enable drift detection. Valid values for standalone and primary accounts: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS. See AWS Documentation for more information.' + id: '- The ID of the GuardDuty detector' + s3_logs: '- (Optional) Describes whether S3 data event logs are enabled as a data source. See S3 Logs below for more details.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_guardduty_filter: + subCategory: GuardDuty + description: Provides a resource to manage a GuardDuty filter + name: aws_guardduty_filter + titleName: aws_guardduty_filter + examples: + - manifest: |- + { + "action": "ARCHIVE", + "detector_id": "${aws_guardduty_detector.example.id}", + "finding_criteria": [ + { + "criterion": [ + { + "equals": [ + "eu-west-1" + ], + "field": "region" + }, + { + "field": "service.additionalInfo.threatListName", + "not_equals": [ + "some-threat", + "another-threat" + ] + }, + { + "field": "updatedAt", + "greater_than": "2020-01-01T00:00:00Z", + "less_than": "2020-02-01T00:00:00Z" + }, + { + "field": "severity", + "greater_than_or_equal": "4" + } + ] + } + ], + "name": "MyFilter", + "rank": 1 + } + references: + detector_id: aws_guardduty_detector.id + argumentDocs: + action: '- (Required) Specifies the action that is to be applied to the findings that match the filter. Can be one of ARCHIVE or NOOP.' + arn: '- The ARN of the GuardDuty filter.' + description: '- (Optional) Description of the filter.' + detector_id: '- (Required) ID of a GuardDuty detector, attached to your account.' + equals: '- (Optional) List of string values to be evaluated.' + field: '- (Required) The name of the field to be evaluated. The full list of field names can be found in AWS documentation.' + finding_criteria: (Required) - Represents the criteria to be used in the filter for querying findings. Contains one or more criterion blocks, documented below. + greater_than: '- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.' + greater_than_or_equal: '- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.' + id: '- A compound field, consisting of the ID of the GuardDuty detector and the name of the filter.' + less_than: '- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.' + less_than_or_equal: '- (Optional) A value to be evaluated. Accepts either an integer or a date in RFC 3339 format.' + name: '- (Required) The name of your filter.' + not_equals: '- (Optional) List of string values to be evaluated.' + rank: '- (Required) Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.' + tags: (Optional) - The tags that you want to add to the Filter resource. A tag consists of a key and a value. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_guardduty_invite_accepter: + subCategory: GuardDuty + description: Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct primary account on read, and disassociate with the primary account upon removal. + name: aws_guardduty_invite_accepter + titleName: aws_guardduty_invite_accepter + examples: + - manifest: |- + { + "depends_on": [ + "${aws_guardduty_member.member}" + ], + "detector_id": "${aws_guardduty_detector.member.id}", + "master_account_id": "${aws_guardduty_detector.primary.account_id}", + "provider": "${aws.member}" + } + references: + detector_id: aws_guardduty_detector.id + master_account_id: aws_guardduty_detector.account_id + provider: aws.member + argumentDocs: + create: '- (Default 1m) How long to wait for an invite to accept.' + detector_id: '- (Required) The detector ID of the member GuardDuty account.' + id: '- GuardDuty member detector ID' + master_account_id: '- (Required) AWS account ID for primary account.' + aws_guardduty_ipset': + subCategory: GuardDuty + description: Provides a resource to manage a GuardDuty IPSet + name: aws_guardduty_ipset' + titleName: aws_guardduty_ipset' + argumentDocs: + activate: '- (Required) Specifies whether GuardDuty is to start using the uploaded IPSet.' + arn: '- Amazon Resource Name (ARN) of the GuardDuty IPSet.' + detector_id: '- (Required) The detector ID of the GuardDuty.' + format: '- (Required) The format of the file that contains the IPSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE' + id: '- The ID of the GuardDuty IPSet.' + location: '- (Required) The URI of the file that contains the IPSet.' + name: '- (Required) The friendly name to identify the IPSet.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_guardduty_member: + subCategory: GuardDuty + description: Provides a resource to manage a GuardDuty member + name: aws_guardduty_member + titleName: aws_guardduty_member + examples: + - manifest: |- + { + "account_id": "${aws_guardduty_detector.member.account_id}", + "detector_id": "${aws_guardduty_detector.primary.id}", + "email": "required@example.com", + "invitation_message": "please accept guardduty invitation", + "invite": true + } + references: + account_id: aws_guardduty_detector.account_id + detector_id: aws_guardduty_detector.id + argumentDocs: + account_id: '- (Required) AWS account ID for member account.' + create: '- (Default 60s) How long to wait for a verification to be done against inviting GuardDuty member account.' + detector_id: '- (Required) The detector ID of the GuardDuty account where you want to create member accounts.' + disable_email_notification: '- (Optional) Boolean whether an email notification is sent to the accounts. Defaults to false.' + email: '- (Required) Email address for member account.' + id: '- The ID of the GuardDuty member' + invitation_message: '- (Optional) Message for invitation.' + invite: '- (Optional) Boolean whether to invite the account to GuardDuty as a member. Defaults to false. To detect if an invitation needs to be (re-)sent, the Terraform state value is true based on a relationship_status of Disabled, Enabled, Invited, or EmailVerificationInProgress.' + relationship_status: '- The status of the relationship between the member account and its primary account. More information can be found in Amazon GuardDuty API Reference.' + update: '- (Default 60s) How long to wait for a verification to be done against inviting GuardDuty member account.' + aws_guardduty_organization_admin_account: + subCategory: GuardDuty + description: Manages a GuardDuty Organization Admin Account + name: aws_guardduty_organization_admin_account + titleName: aws_guardduty_organization_admin_account + examples: + - manifest: |- + { + "admin_account_id": "123456789012", + "depends_on": [ + "${aws_organizations_organization.example}" + ] + } + argumentDocs: + admin_account_id: '- (Required) AWS account identifier to designate as a delegated administrator for GuardDuty.' + id: '- AWS account identifier.' + aws_guardduty_organization_configuration: + subCategory: GuardDuty + description: Manages the GuardDuty Organization Configuration + name: aws_guardduty_organization_configuration + titleName: aws_guardduty_organization_configuration + examples: + - manifest: |- + { + "auto_enable": true, + "datasources": [ + { + "s3_logs": [ + { + "auto_enable": true + } + ] + } + ], + "detector_id": "${aws_guardduty_detector.example.id}" + } + references: + detector_id: aws_guardduty_detector.id + argumentDocs: + auto_enable: '- (Optional) Set to true if you want S3 data event logs to be automatically enabled for new members of the organization. Default: false' + datasources: '- (Optional) Configuration for the collected datasources.' + detector_id: '- (Required) The detector ID of the GuardDuty account.' + id: '- Identifier of the GuardDuty Detector.' + s3_logs: '- (Optional) Configuration for the builds to store logs to S3.' + aws_guardduty_publishing_destination': + subCategory: GuardDuty + description: Provides a resource to manage a GuardDuty PublishingDestination + name: aws_guardduty_publishing_destination' + titleName: aws_guardduty_publishing_destination' + argumentDocs: + destination_arn: '- (Required) The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be AWSLogs/[Account-ID]/GuardDuty/[Region]/ if not provided' + destination_type: '- (Optional) Currently there is only "S3" available as destination type which is also the default value' + detector_id: '- (Required) The detector ID of the GuardDuty.' + id: '- The ID of the GuardDuty PublishingDestination and the detector ID. Format: :' + kms_key_arn: '- (Required) The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.' + aws_guardduty_threatintelset': + subCategory: GuardDuty + description: Provides a resource to manage a GuardDuty ThreatIntelSet + name: aws_guardduty_threatintelset' + titleName: aws_guardduty_threatintelset' + argumentDocs: + activate: '- (Required) Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.' + arn: '- Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.' + detector_id: '- (Required) The detector ID of the GuardDuty.' + format: '- (Required) The format of the file that contains the ThreatIntelSet. Valid values: TXT | STIX | OTX_CSV | ALIEN_VAULT | PROOF_POINT | FIRE_EYE' + id: '- The ID of the GuardDuty ThreatIntelSet and the detector ID. Format: :' + location: '- (Required) The URI of the file that contains the ThreatIntelSet.' + name: '- (Required) The friendly name to identify the ThreatIntelSet.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_iam_access_key: + subCategory: IAM + description: Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user. + name: aws_iam_access_key + titleName: aws_iam_access_key + examples: + - manifest: |- + { + "pgp_key": "keybase:some_person_that_exists", + "user": "${aws_iam_user.lb.name}" + } + references: + user: aws_iam_user.name + - manifest: |- + { + "user": "${aws_iam_user.test.name}" + } + references: + user: aws_iam_user.name + argumentDocs: + create_date: '- Date and time in RFC3339 format that the access key was created.' + encrypted_secret: '- Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line, for example: terraform output -raw encrypted_secret | base64 --decode | keybase pgp decrypt.' + encrypted_ses_smtp_password_v4: '- Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line, for example: terraform output -raw encrypted_ses_smtp_password_v4 | base64 --decode | keybase pgp decrypt.' + id: '- Access key ID.' + key_fingerprint: '- Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.' + pgp_key: '- (Optional) Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute.' + secret: '- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.' + ses_smtp_password_v4: '- Secret access key converted into an SES SMTP password by applying AWS''s documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.' + status: '- (Optional) Access key status to apply. Defaults to Active. Valid values are Active and Inactive.' + user: '- (Required) IAM user to associate with this access key.' + aws_iam_account_alias: + subCategory: IAM + description: Manages the account alias for the AWS Account. + name: aws_iam_account_alias + titleName: aws_iam_account_alias + examples: + - manifest: |- + { + "account_alias": "my-account-alias" + } + argumentDocs: + account_alias: '- (Required) The account alias' + aws_iam_account_password_policy: + subCategory: IAM + description: Manages Password Policy for the AWS Account. + name: aws_iam_account_password_policy + titleName: aws_iam_account_password_policy + examples: + - manifest: |- + { + "allow_users_to_change_password": true, + "minimum_password_length": 8, + "require_lowercase_characters": true, + "require_numbers": true, + "require_symbols": true, + "require_uppercase_characters": true + } + argumentDocs: + allow_users_to_change_password: '- (Optional) Whether to allow users to change their own password' + expire_passwords: '- Indicates whether passwords in the account expire. Returns true if max_password_age contains a value greater than 0. Returns false if it is 0 or not present.' + hard_expiry: '- (Optional) Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)' + max_password_age: '- (Optional) The number of days that an user password is valid.' + minimum_password_length: '- (Optional) Minimum length to require for user passwords.' + password_reuse_prevention: '- (Optional) The number of previous passwords that users are prevented from reusing.' + require_lowercase_characters: '- (Optional) Whether to require lowercase characters for user passwords.' + require_numbers: '- (Optional) Whether to require numbers for user passwords.' + require_symbols: '- (Optional) Whether to require symbols for user passwords.' + require_uppercase_characters: '- (Optional) Whether to require uppercase characters for user passwords.' + aws_iam_group: + subCategory: IAM + description: Provides an IAM group. + name: aws_iam_group + titleName: aws_iam_group + examples: + - manifest: |- + { + "name": "developers", + "path": "/users/" + } + argumentDocs: + arn: '- The ARN assigned by AWS for this group.' + id: '- The group''s ID.' + name: '- The group''s name.' + path: '- The path of the group in IAM.' + unique_id: '- The unique ID assigned by AWS.' + aws_iam_group_membership: + subCategory: IAM + description: Provides a top level resource to manage IAM Group membership for IAM Users. + name: aws_iam_group_membership + titleName: aws_iam_group_membership + examples: + - manifest: |- + { + "group": "${aws_iam_group.group.name}", + "name": "tf-testing-group-membership", + "users": [ + "${aws_iam_user.user_one.name}", + "${aws_iam_user.user_two.name}" + ] + } + references: + group: aws_iam_group.name + argumentDocs: + group: – IAM Group name + name: '- The name to identify the Group Membership' + users: '- list of IAM User names' + aws_iam_group_policy: + subCategory: IAM + description: Provides an IAM policy attached to a group. + name: aws_iam_group_policy + titleName: aws_group_policy + examples: + - manifest: |- + { + "group": "${aws_iam_group.my_developers.name}", + "name": "my_developer_policy", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\n \"ec2:Describe*\",\n ]\n Effect = \"Allow\"\n Resource = \"*\"\n },\n ]\n })}" + } + references: + group: aws_iam_group.name + argumentDocs: + group: '- The group to which this policy applies.' + id: '- The group policy ID.' + name: '- The name of the policy.' + name_prefix: |- + - (Optional) Creates a unique name beginning with the specified + prefix. Conflicts with name. + policy: '- The policy document attached to the group.' + aws_iam_group_policy_attachment: + subCategory: IAM + description: Attaches a Managed IAM Policy to an IAM group + name: aws_iam_group_policy_attachment + titleName: aws_iam_group_policy_attachment + examples: + - manifest: |- + { + "group": "${aws_iam_group.group.name}", + "policy_arn": "${aws_iam_policy.policy.arn}" + } + references: + group: aws_iam_group.name + policy_arn: aws_iam_policy.arn + argumentDocs: + group: (Required) - The group the policy should be applied to + policy_arn: (Required) - The ARN of the policy you want to apply + aws_iam_instance_profile: + subCategory: IAM + description: Provides an IAM instance profile. + name: aws_iam_instance_profile + titleName: aws_iam_instance_profile + examples: + - manifest: |- + { + "name": "test_profile", + "role": "${aws_iam_role.role.name}" + } + references: + role: aws_iam_role.name + argumentDocs: + arn: '- ARN assigned by AWS to the instance profile.' + create_date: '- Creation timestamp of the instance profile.' + id: '- Instance profile''s ID.' + name: '- (Optional, Forces new resource) Name of the instance profile. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix. Can be a string of characters consisting of upper and lowercase alphanumeric characters and these special characters: _, +, =, ,, ., @, -. Spaces are not allowed.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + path: '- (Optional, default "/") Path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide. Can be a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. Can include any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercase letters.' + role: '- (Optional) Name of the role to add to the profile.' + tags: '- (Optional) Map of resource tags for the IAM Instance Profile. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + unique_id: '- Unique ID assigned by AWS.' + aws_iam_openid_connect_provider: + subCategory: IAM + description: Provides an IAM OpenID Connect provider. + name: aws_iam_openid_connect_provider + titleName: aws_iam_openid_connect_provider + examples: + - manifest: |- + { + "client_id_list": [ + "266362248691-342342xasdasdasda-apps.googleusercontent.com" + ], + "thumbprint_list": [], + "url": "https://accounts.google.com" + } + argumentDocs: + arn: '- The ARN assigned by AWS for this provider.' + client_id_list: '- (Required) A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that''s sent as the client_id parameter on OAuth requests.)' + tags: '- (Optional) Map of resource tags for the IAM OIDC provider. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + thumbprint_list: '- (Required) A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider''s server certificate(s).' + url: '- (Required) The URL of the identity provider. Corresponds to the iss claim.' + aws_iam_policy: + subCategory: IAM + description: Provides an IAM policy. + name: aws_iam_policy + titleName: aws_iam_policy + examples: + - manifest: |- + { + "description": "My test policy", + "name": "test_policy", + "path": "/", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\n \"ec2:Describe*\",\n ]\n Effect = \"Allow\"\n Resource = \"*\"\n },\n ]\n })}" + } + argumentDocs: + arn: '- The ARN assigned by AWS to this policy.' + description: '- The description of the policy.' + id: '- The ARN assigned by AWS to this policy.' + name: '- The name of the policy.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + path: '- The path of the policy in IAM.' + policy: '- The policy document.' + policy_id: '- The policy''s ID.' + tags: '- (Optional) Map of resource tags for the IAM Policy. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_iam_policy_attachment: + subCategory: IAM + description: Attaches a Managed IAM Policy to user(s), role(s), and/or group(s) + name: aws_iam_policy_attachment + titleName: aws_iam_policy_attachment + examples: + - manifest: |- + { + "groups": [ + "${aws_iam_group.group.name}" + ], + "name": "test-attachment", + "policy_arn": "${aws_iam_policy.policy.arn}", + "roles": [ + "${aws_iam_role.role.name}" + ], + "users": [ + "${aws_iam_user.user.name}" + ] + } + references: + policy_arn: aws_iam_policy.arn + argumentDocs: + groups: (Optional) - The group(s) the policy should be applied to + id: '- The policy''s ID.' + name: '- The name of the attachment.' + policy_arn: (Required) - The ARN of the policy you want to apply + roles: (Optional) - The role(s) the policy should be applied to + users: (Optional) - The user(s) the policy should be applied to + aws_iam_role: + subCategory: IAM + description: Provides an IAM role. + name: aws_iam_role + titleName: aws_iam_role + examples: + - manifest: |- + { + "assume_role_policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = \"sts:AssumeRole\"\n Effect = \"Allow\"\n Sid = \"\"\n Principal = {\n Service = \"ec2.amazonaws.com\"\n }\n },\n ]\n })}", + "name": "test_role", + "tags": { + "tag-key": "tag-value" + } + } + - manifest: |- + { + "assume_role_policy": "${data.aws_iam_policy_document.instance-assume-role-policy.json}", + "name": "instance_role", + "path": "/system/" + } + references: + assume_role_policy: data.json + - manifest: |- + { + "assume_role_policy": "${data.aws_iam_policy_document.instance_assume_role_policy.json}", + "inline_policy": [ + { + "name": "my_inline_policy", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\"ec2:Describe*\"]\n Effect = \"Allow\"\n Resource = \"*\"\n },\n ]\n })}" + }, + { + "name": "policy-8675309", + "policy": "${data.aws_iam_policy_document.inline_policy.json}" + } + ], + "name": "yak_role" + } + references: + assume_role_policy: data.json + - manifest: |- + { + "assume_role_policy": "${data.aws_iam_policy_document.instance_assume_role_policy.json}", + "inline_policy": [ + {} + ], + "name": "yak_role" + } + references: + assume_role_policy: data.json + - manifest: |- + { + "assume_role_policy": "${data.aws_iam_policy_document.instance_assume_role_policy.json}", + "managed_policy_arns": [ + "${aws_iam_policy.policy_one.arn}", + "${aws_iam_policy.policy_two.arn}" + ], + "name": "yak_role" + } + references: + assume_role_policy: data.json + - manifest: |- + { + "assume_role_policy": "${data.aws_iam_policy_document.instance_assume_role_policy.json}", + "managed_policy_arns": [], + "name": "yak_role" + } + references: + assume_role_policy: data.json + argumentDocs: + arn: '- Amazon Resource Name (ARN) specifying the role.' + assume_role_policy: '- (Required) Policy that grants an entity permission to assume the role.' + create_date: '- Creation date of the IAM role.' + description: '- (Optional) Description of the role.' + force_detach_policies: '- (Optional) Whether to force detaching any policies the role has before destroying it. Defaults to false.' + id: '- Name of the role.' + inline_policy: '- (Optional) Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. Defined below. If no blocks are configured, Terraform will ignore any managing any inline policies in this resource. Configuring one empty block (i.e., inline_policy {}) will cause Terraform to remove all inline policies.' + managed_policy_arns: '- (Optional) Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Terraform will ignore policy attachments to this resource. When configured, Terraform will align the role''s managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed_policy_arns = []) will cause Terraform to remove all managed policy attachments.' + max_session_duration: '- (Optional) Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.' + name: '- Name of the role.' + name_prefix: '- (Optional, Forces new resource) Creates a unique friendly name beginning with the specified prefix. Conflicts with name.' + path: '- (Optional) Path to the role. See IAM Identifiers for more information.' + permissions_boundary: '- (Optional) ARN of the policy that is used to set the permissions boundary for the role.' + policy: '- (Required) Policy document as a JSON formatted string. For more information about building IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + tags: '- Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + unique_id: '- Stable and unique string identifying the role.' + aws_iam_role_policy: + subCategory: IAM + description: Provides an IAM role policy. + name: aws_iam_role_policy + titleName: aws_iam_role_policy + examples: + - manifest: |- + { + "name": "test_policy", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\n \"ec2:Describe*\",\n ]\n Effect = \"Allow\"\n Resource = \"*\"\n },\n ]\n })}", + "role": "${aws_iam_role.test_role.id}" + } + references: + role: aws_iam_role.id + argumentDocs: + id: '- The role policy ID, in the form of role_name:role_policy_name.' + name: '- The name of the policy.' + name_prefix: |- + - (Optional) Creates a unique name beginning with the specified + prefix. Conflicts with name. + policy: '- The policy document attached to the role.' + role: '- The name of the role associated with the policy.' + aws_iam_role_policy_attachment: + subCategory: IAM + description: Attaches a Managed IAM Policy to an IAM role + name: aws_iam_role_policy_attachment + titleName: aws_iam_role_policy_attachment + examples: + - manifest: |- + { + "policy_arn": "${aws_iam_policy.policy.arn}", + "role": "${aws_iam_role.role.name}" + } + references: + policy_arn: aws_iam_policy.arn + role: aws_iam_role.name + argumentDocs: + policy_arn: (Required) - The ARN of the policy you want to apply + role: (Required) - The name of the IAM role to which the policy should be applied + aws_iam_saml_provider: + subCategory: IAM + description: Provides an IAM SAML provider. + name: aws_iam_saml_provider + titleName: aws_iam_saml_provider + examples: + - manifest: |- + { + "name": "myprovider", + "saml_metadata_document": "${file(\"saml-metadata.xml\")}" + } + argumentDocs: + arn: '- The ARN assigned by AWS for this provider.' + name: '- (Required) The name of the provider to create.' + saml_metadata_document: '- (Required) An XML document generated by an identity provider that supports SAML 2.0.' + tags: '- (Optional) Map of resource tags for the IAM SAML provider. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + valid_until: '- The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST.' + aws_iam_server_certificate: + subCategory: IAM + description: Provides an IAM Server Certificate + name: aws_iam_server_certificate + titleName: aws_iam_server_certificate + examples: + - manifest: |- + { + "certificate_body": "${file(\"self-ca-cert.pem\")}", + "name": "some_test_cert", + "private_key": "${file(\"test-key.pem\")}" + } + - manifest: |- + { + "certificate_body": "-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n", + "name": "alt_test_cert", + "private_key": "-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n" + } + - manifest: |- + { + "certificate_body": "${file(\"self-ca-cert.pem\")}", + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "name_prefix": "example-cert", + "private_key": "${file(\"test-key.pem\")}" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the server certificate.' + certificate_body: |- + – (Required) The contents of the public key certificate in + PEM-encoded format. + certificate_chain: |- + – (Optional) The contents of the certificate chain. + This is typically a concatenation of the PEM-encoded public key certificates + of the chain. + expiration: '- Date and time in RFC3339 format on which the certificate is set to expire.' + id: '- The unique Server Certificate name' + name: '- The name of the Server Certificate' + name_prefix: |- + - (Optional) Creates a unique name beginning with the specified + prefix. Conflicts with name. + path: |- + - (Optional) The IAM path for the server certificate. If it is not + included, it defaults to a slash (/). If this certificate is for use with + AWS CloudFront, the path must be in format /cloudfront/your_path_here. + See IAM Identifiers for more details on IAM Paths. + private_key: – (Required) The contents of the private key in PEM-encoded format. + tags: '- (Optional) Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + upload_date: '- Date and time in RFC3339 format when the server certificate was uploaded.' + aws_iam_service_linked_role: + subCategory: IAM + description: Provides an IAM service-linked role. + name: aws_iam_service_linked_role + titleName: aws_iam_service_linked_role + examples: + - manifest: |- + { + "aws_service_name": "elasticbeanstalk.amazonaws.com" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the role.' + aws_service_name: '- (Required, Forces new resource) The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.' + create_date: '- The creation date of the IAM role.' + custom_suffix: '- (Optional, forces new resource) Additional string appended to the role name. Not all AWS services support custom suffixes.' + description: '- (Optional) The description of the role.' + id: '- The Amazon Resource Name (ARN) of the role.' + name: '- The name of the role.' + path: '- The path of the role.' + unique_id: '- The stable and unique string identifying the role.' + aws_iam_user: + subCategory: IAM + description: Provides an IAM user. + name: aws_iam_user + titleName: aws_iam_user + examples: + - manifest: |- + { + "name": "loadbalancer", + "path": "/system/", + "tags": { + "tag-key": "tag-value" + } + } + argumentDocs: + arn: '- The ARN assigned by AWS for this user.' + force_destroy: |- + - (Optional, default false) When destroying this user, destroy even if it + has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy + a user with non-Terraform-managed access keys and login profile will fail to be destroyed. + name: '- The user''s name.' + path: '- (Optional, default "/") Path in which to create the user.' + permissions_boundary: '- (Optional) The ARN of the policy that is used to set the permissions boundary for the user.' + tags: '- Key-value map of tags for the IAM user. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + unique_id: '- The unique ID assigned by AWS.' + aws_iam_user_group_membership: + subCategory: IAM + description: Provides a resource for adding an IAM User to IAM Groups without conflicting with itself. + name: aws_iam_user_group_membership + titleName: aws_iam_user_group_membership + examples: + - manifest: |- + { + "groups": [ + "${aws_iam_group.group1.name}", + "${aws_iam_group.group2.name}" + ], + "user": "${aws_iam_user.user1.name}" + } + references: + user: aws_iam_user.name + - manifest: |- + { + "groups": [ + "${aws_iam_group.group3.name}" + ], + "user": "${aws_iam_user.user1.name}" + } + references: + user: aws_iam_user.name + argumentDocs: + groups: '- (Required) A list of IAM Groups to add the user to' + user: '- (Required) The name of the IAM User to add to groups' + aws_iam_user_login_profile: + subCategory: IAM + description: Manages an IAM User Login Profile + name: aws_iam_user_login_profile + titleName: aws_iam_user_login_profile + examples: + - manifest: |- + { + "pgp_key": "keybase:some_person_that_exists", + "user": "${aws_iam_user.example.name}" + } + references: + user: aws_iam_user.name + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${password_length}", + "${password_reset_required}", + "${pgp_key}" + ] + } + ] + } + argumentDocs: + encrypted_password: '- The encrypted password, base64 encoded. Only available if password was handled on Terraform resource creation, not import.' + key_fingerprint: '- The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on Terraform resource creation, not import.' + password_length: '- (Optional, default 20) The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.' + password_reset_required: '- (Optional, default "true") Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.' + pgp_key: '- (Required) Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.' + user: '- (Required) The IAM user''s name.' + aws_iam_user_policy: + subCategory: IAM + description: Provides an IAM policy attached to a user. + name: aws_iam_user_policy + titleName: aws_iam_user_policy + examples: + - manifest: |- + { + "name": "test", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\n \"ec2:Describe*\",\n ]\n Effect = \"Allow\"\n Resource = \"*\"\n },\n ]\n })}", + "user": "${aws_iam_user.lb.name}" + } + references: + user: aws_iam_user.name + argumentDocs: + id: '- The user policy ID, in the form of user_name:user_policy_name.' + name: '- The name of the policy (always set).' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + policy: '- (Required) The policy document. This is a JSON formatted string. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + user: '- (Required) IAM user to which to attach this policy.' + aws_iam_user_policy_attachment: + subCategory: IAM + description: Attaches a Managed IAM Policy to an IAM user + name: aws_iam_user_policy_attachment + titleName: aws_iam_user_policy_attachment + examples: + - manifest: |- + { + "policy_arn": "${aws_iam_policy.policy.arn}", + "user": "${aws_iam_user.user.name}" + } + references: + policy_arn: aws_iam_policy.arn + user: aws_iam_user.name + argumentDocs: + policy_arn: (Required) - The ARN of the policy you want to apply + user: (Required) - The user the policy should be applied to + aws_iam_user_ssh_key: + subCategory: IAM + description: Uploads an SSH public key and associates it with the specified IAM user. + name: aws_iam_user_ssh_key + titleName: aws_iam_user_ssh_key + examples: + - manifest: |- + { + "encoding": "SSH", + "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com", + "username": "${aws_iam_user.user.name}" + } + references: + username: aws_iam_user.name + argumentDocs: + encoding: '- (Required) Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.' + fingerprint: '- The MD5 message digest of the SSH public key.' + public_key: '- (Required) The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.' + ssh_public_key_id: '- The unique identifier for the SSH public key.' + status: '- (Optional) The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.' + username: '- (Required) The name of the IAM user to associate the SSH public key with.' + aws_imagebuilder_component: + subCategory: Image Builder + description: Manage an Image Builder Component + name: aws_imagebuilder_component + titleName: aws_imagebuilder_component + examples: + - manifest: |- + { + "data": "${yamlencode({\n phases = [{\n name = \"build\"\n steps = [{\n action = \"ExecuteBash\"\n inputs = {\n commands = [\"echo 'hello world'\"]\n }\n name = \"example\"\n onFailure = \"Continue\"\n }]\n }]\n schemaVersion = 1.0\n })}", + "name": "example", + "platform": "Linux", + "version": "1.0.0" + } + - manifest: |- + { + "name": "example", + "platform": "Linux", + "uri": "s3://${aws_s3_bucket_object.example.bucket}/${aws_s3_bucket_object.example.key}", + "version": "1.0.0" + } + argumentDocs: + arn: '- (Required) Amazon Resource Name (ARN) of the component.' + change_description: '- (Optional) Change description of the component.' + data: '- (Optional) Inline YAML string with data of the component. Exactly one of data and uri can be specified. Terraform will only perform drift detection of its value when present in a configuration.' + date_created: '- Date the component was created.' + description: '- (Optional) Description of the component.' + encrypted: '- Encryption status of the component.' + kms_key_id: '- (Optional) Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.' + name: '- (Required) Name of the component.' + owner: '- Owner of the component.' + platform: '- (Required) Platform of the component.' + supported_os_versions: '- (Optional) Set of Operating Systems (OS) supported by the component.' + tags: '- (Optional) Key-value map of resource tags for the component. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- Type of the component.' + uri: '- (Optional) S3 URI with data of the component. Exactly one of data and uri can be specified.' + version: '- (Required) Version of the component.' + aws_imagebuilder_distribution_configuration: + subCategory: Image Builder + description: Manage an Image Builder Distribution Configuration + name: aws_imagebuilder_distribution_configuration + titleName: aws_imagebuilder_distribution_configuration + examples: + - manifest: |- + { + "distribution": [ + { + "ami_distribution_configuration": [ + { + "ami_tags": { + "CostCenter": "IT" + }, + "launch_permission": [ + { + "user_ids": [ + "123456789012" + ] + } + ], + "name": "example-{{ imagebuilder:buildDate }}" + } + ], + "region": "us-east-1" + } + ], + "name": "example" + } + argumentDocs: + ami_distribution_configuration: '- (Optional) Configuration block with Amazon Machine Image (AMI) distribution settings. Detailed below.' + ami_tags: '- (Optional) Key-value map of tags to apply to the distributed AMI.' + arn: '- (Required) Amazon Resource Name (ARN) of the distribution configuration.' + date_created: '- Date the distribution configuration was created.' + date_updated: '- Date the distribution configuration was updated.' + description: '- (Optional) Description to apply to the distributed AMI.' + distribution: '- (Required) One or more configuration blocks with distribution settings. Detailed below.' + kms_key_id: '- (Optional) Amazon Resource Name (ARN) of the Key Management Service (KMS) Key to encrypt the distributed AMI.' + launch_permission: '- (Optional) Configuration block of EC2 launch permissions to apply to the distributed AMI. Detailed below.' + license_configuration_arns: '- (Optional) Set of Amazon Resource Names (ARNs) of License Manager License Configurations.' + name: '- (Optional) Name to apply to the distributed AMI.' + region: '- (Required) AWS Region for the distribution.' + tags: '- (Optional) Key-value map of resource tags for the distribution configuration. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_account_ids: '- (Optional) Set of AWS Account identifiers to distribute the AMI.' + user_groups: '- (Optional) Set of EC2 launch permission user groups to assign. Use all to distribute a public AMI.' + user_ids: '- (Optional) Set of AWS Account identifiers to assign.' + aws_imagebuilder_image: + subCategory: Image Builder + description: Manages an Image Builder Image + name: aws_imagebuilder_image + titleName: aws_imagebuilder_image + examples: + - manifest: |- + { + "distribution_configuration_arn": "${aws_imagebuilder_distribution_configuration.example.arn}", + "image_recipe_arn": "${aws_imagebuilder_image_recipe.example.arn}", + "infrastructure_configuration_arn": "${aws_imagebuilder_infrastructure_configuration.example.arn}" + } + references: + distribution_configuration_arn: aws_imagebuilder_distribution_configuration.arn + image_recipe_arn: aws_imagebuilder_image_recipe.arn + infrastructure_configuration_arn: aws_imagebuilder_infrastructure_configuration.arn + argumentDocs: + account_id: '- Account identifier of the AMI.' + amis: '- Set of objects with each Amazon Machine Image (AMI) created.' + arn: '- Amazon Resource Name (ARN) of the image.' + create: '- (Default 60m) How long to wait for the image to be built, tested, and distributed.' + date_created: '- Date the image was created.' + description: '- Description of the AMI.' + distribution_configuration_arn: '- (Optional) Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.' + enhanced_image_metadata_enabled: '- (Optional) Whether additional information about the image being created is collected. Defaults to true.' + image: '- Identifier of the AMI.' + image_recipe_arn: '- (Required) Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.' + image_tests_configuration: '- (Optional) Configuration block with image tests configuration. Detailed below.' + image_tests_enabled: '- (Optional) Whether image tests are enabled. Defaults to true.' + infrastructure_configuration_arn: '- (Required) Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.' + name: '- Name of the AMI.' + os_version: '- Operating System version of the image.' + output_resources: '- List of objects with resources created by the image.' + platform: '- Platform of the image.' + region: '- Region of the AMI.' + tags: '- (Optional) Key-value map of resource tags for the Image Builder Image. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout_minutes: '- (Optional) Number of minutes before image tests time out. Valid values are between 60 and 1440. Defaults to 720.' + version: '- Version of the image.' + aws_imagebuilder_image_pipeline: + subCategory: Image Builder + description: Manages an Image Builder Image Pipeline + name: aws_imagebuilder_image_pipeline + titleName: aws_imagebuilder_image_pipeline + examples: + - manifest: |- + { + "image_recipe_arn": "${aws_imagebuilder_image_recipe.example.arn}", + "infrastructure_configuration_arn": "${aws_imagebuilder_infrastructure_configuration.example.arn}", + "name": "example", + "schedule": [ + { + "schedule_expression": "cron(0 0 * * ? *)" + } + ] + } + references: + image_recipe_arn: aws_imagebuilder_image_recipe.arn + infrastructure_configuration_arn: aws_imagebuilder_infrastructure_configuration.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the image pipeline.' + date_created: '- Date the image pipeline was created.' + date_last_run: '- Date the image pipeline was last run.' + date_next_run: '- Date the image pipeline will run next.' + date_updated: '- Date the image pipeline was updated.' + description: '- (Optional) Description of the image pipeline.' + distribution_configuration_arn: '- (Optional) Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.' + enhanced_image_metadata_enabled: '- (Optional) Whether additional information about the image being created is collected. Defaults to true.' + image_recipe_arn: '- (Required) Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.' + image_tests_configuration: '- (Optional) Configuration block with image tests configuration. Detailed below.' + image_tests_enabled: '- (Optional) Whether image tests are enabled. Defaults to true.' + infrastructure_configuration_arn: '- (Required) Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.' + name: '- (Required) Name of the image pipeline.' + pipeline_execution_start_condition: '- (Optional) Condition when the pipeline should trigger a new image build. Valid values are EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE and EXPRESSION_MATCH_ONLY. Defaults to EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE.' + platform: '- Platform of the image pipeline.' + schedule: '- (Optional) Configuration block with schedule settings. Detailed below.' + schedule_expression: '- (Required) Cron expression of how often the pipeline start condition is evaluated. For example, cron(0 0 * * ? *) is evaluated every day at midnight UTC. Configurations using the five field syntax that was previously accepted by the API, such as cron(0 0 * * *), must be updated to the six field syntax. For more information, see the Image Builder User Guide.' + status: '- (Optional) Status of the image pipeline. Valid values are DISABLED and ENABLED. Defaults to ENABLED.' + tags: '- (Optional) Key-value map of resource tags for the image pipeline. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout_minutes: '- (Optional) Number of minutes before image tests time out. Valid values are between 60 and 1440. Defaults to 720.' + aws_imagebuilder_image_recipe: + subCategory: Image Builder + description: Manage an Image Builder Image Recipe + name: aws_imagebuilder_image_recipe + titleName: aws_imagebuilder_image_recipe + examples: + - manifest: |- + { + "block_device_mapping": [ + { + "device_name": "/dev/xvdb", + "ebs": [ + { + "delete_on_termination": true, + "volume_size": 100, + "volume_type": "gp2" + } + ] + } + ], + "component": [ + { + "component_arn": "${aws_imagebuilder_component.example.arn}" + } + ], + "name": "example", + "parent_image": "arn:${data.aws_partition.current.partition}:imagebuilder:${data.aws_region.current.name}:aws:image/amazon-linux-2-x86/x.x.x", + "version": "1.0.0" + } + argumentDocs: + arn: '- (Required) Amazon Resource Name (ARN) of the image recipe.' + block_device_mapping: '- (Optional) Configuration block(s) with block device mappings for the the image recipe. Detailed below.' + component: '- (Required) Ordered configuration block(s) with components for the image recipe. Detailed below.' + component_arn: '- (Required) Amazon Resource Name (ARN) of the Image Builder Component to associate.' + date_created: '- Date the image recipe was created.' + delete_on_termination: '- (Optional) Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image.' + description: '- (Optional) Description of the image recipe.' + device_name: '- (Optional) Name of the device. For example, /dev/sda or /dev/xvdb.' + ebs: '- (Optional) Configuration block with Elastic Block Storage (EBS) block device mapping settings. Detailed below.' + encrypted: '- (Optional) Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image.' + iops: '- (Optional) Number of Input/Output (I/O) operations per second to provision for an io1 or io2 volume.' + kms_key_id: '- (Optional) Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption.' + name: '- (Required) Name of the image recipe.' + no_device: '- (Optional) Set to true to remove a mapping from the parent image.' + owner: '- Owner of the image recipe.' + parent_image: '- (Required) Platform of the image recipe.' + platform: '- Platform of the image recipe.' + snapshot_id: '- (Optional) Identifier of the EC2 Volume Snapshot.' + tags: '- (Optional) Key-value map of resource tags for the image recipe. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version: '- (Required) Version of the image recipe.' + virtual_name: '- (Optional) Virtual device name. For example, ephemeral0. Instance store volumes are numbered starting from 0.' + volume_size: '- (Optional) Size of the volume, in GiB.' + volume_type: '- (Optional) Type of the volume. For example, gp2 or io2.' + working_directory: '- (Optional) The working directory to be used during build and test workflows.' + aws_imagebuilder_infrastructure_configuration: + subCategory: Image Builder + description: Manages an Image Builder Infrastructure Configuration + name: aws_imagebuilder_infrastructure_configuration + titleName: aws_imagebuilder_infrastructure_configuration + examples: + - manifest: |- + { + "description": "example description", + "instance_profile_name": "${aws_iam_instance_profile.example.name}", + "instance_types": [ + "t2.nano", + "t3.micro" + ], + "key_pair": "${aws_key_pair.example.key_name}", + "logging": [ + { + "s3_logs": [ + { + "s3_bucket_name": "${aws_s3_bucket.example.bucket}", + "s3_key_prefix": "logs" + } + ] + } + ], + "name": "example", + "security_group_ids": [ + "${aws_security_group.example.id}" + ], + "sns_topic_arn": "${aws_sns_topic.example.arn}", + "subnet_id": "${aws_subnet.main.id}", + "tags": { + "foo": "bar" + }, + "terminate_instance_on_failure": true + } + references: + instance_profile_name: aws_iam_instance_profile.name + key_pair: aws_key_pair.key_name + sns_topic_arn: aws_sns_topic.arn + subnet_id: aws_subnet.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the configuration.' + date_created: '- Date when the configuration was created.' + date_updated: '- Date when the configuration was updated.' + description: '- (Optional) Description for the configuration.' + id: '- Amazon Resource Name (ARN) of the configuration.' + instance_profile_name: '- (Required) Name of IAM Instance Profile.' + instance_types: '- (Optional) Set of EC2 Instance Types.' + key_pair: '- (Optional) Name of EC2 Key Pair.' + logging: '- (Optional) Configuration block with logging settings. Detailed below.' + name: '- (Required) Name for the configuration.' + resource_tags: '- (Optional) Key-value map of resource tags to assign to infrastructure created by the configuration.' + s3_bucket_name: '- (Required) Name of the S3 Bucket.' + s3_key_prefix: '- (Optional) Prefix to use for S3 logs. Defaults to /.' + s3_logs: '- (Required) Configuration block with S3 logging settings. Detailed below.' + security_group_ids: '- (Optional) Set of EC2 Security Group identifiers.' + sns_topic_arn: '- (Optional) Amazon Resource Name (ARN) of SNS Topic.' + subnet_id: '- (Optional) EC2 Subnet identifier. Also requires security_group_ids argument.' + tags: '- (Optional) Key-value map of resource tags to assign to the configuration. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + terminate_instance_on_failure: '- (Optional) Enable if the instance should be terminated when the pipeline fails. Defaults to false.' + aws_inspector_assessment_target: + subCategory: Inspector + description: Provides a Inspector assessment target. + name: aws_inspector_assessment_target + titleName: aws_inspector_assessment_target + examples: + - manifest: |- + { + "name": "assessment target", + "resource_group_arn": "${aws_inspector_resource_group.bar.arn}" + } + references: + resource_group_arn: aws_inspector_resource_group.arn + argumentDocs: + arn: '- The target assessment ARN.' + name: '- (Required) The name of the assessment target.' + resource_group_arn: (Optional) Inspector Resource Group Amazon Resource Name (ARN) stating tags for instance matching. If not specified, all EC2 instances in the current AWS account and region are included in the assessment target. + aws_inspector_assessment_template: + subCategory: Inspector + description: Provides a Inspector assessment template. + name: aws_inspector_assessment_template + titleName: aws_inspector_assessment_template + examples: + - manifest: |- + { + "duration": 3600, + "name": "example", + "rules_package_arns": [ + "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p", + "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc", + "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ", + "arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD" + ], + "target_arn": "${aws_inspector_assessment_target.example.arn}" + } + references: + target_arn: aws_inspector_assessment_target.arn + argumentDocs: + arn: '- The template assessment ARN.' + duration: '- (Required) The duration of the inspector run.' + name: '- (Required) The name of the assessment template.' + rules_package_arns: '- (Required) The rules to be used during the run.' + tags: '- (Optional) Key-value map of tags for the Inspector assessment template. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_arn: '- (Required) The assessment target ARN to attach the template to.' + aws_inspector_resource_group: + subCategory: Inspector + description: Provides an Amazon Inspector resource group resource. + name: aws_inspector_resource_group + titleName: aws_inspector_resource_group + examples: + - manifest: |- + { + "tags": { + "Env": "bar", + "Name": "foo" + } + } + argumentDocs: + arn: '- The resource group ARN.' + tags: '- (Required) Key-value map of tags that are used to select the EC2 instances to be included in an Amazon Inspector assessment target.' + aws_instance: + subCategory: EC2 + description: Provides an EC2 instance resource. This allows instances to be created, updated, and deleted. Instances also support provisioning. + name: aws_instance + titleName: aws_instance + examples: + - manifest: |- + { + "ami": "${data.aws_ami.ubuntu.id}", + "instance_type": "t3.micro", + "tags": { + "Name": "HelloWorld" + } + } + references: + ami: data.id + - manifest: |- + { + "ami": "ami-005e54dee72cc1d00", + "credit_specification": [ + { + "cpu_credits": "unlimited" + } + ], + "instance_type": "t2.micro", + "network_interface": [ + { + "device_index": 0, + "network_interface_id": "${aws_network_interface.foo.id}" + } + ] + } + argumentDocs: + ami: '- (Optional) AMI to use for the instance. Required unless launch_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template.' + arn: '- The ARN of the instance.' + associate_public_ip_address: '- (Optional) Whether to associate a public IP address with an instance in a VPC.' + availability_zone: '- (Optional) AZ to start the instance in.' + aws_key_pair: resource + capacity_reservation_id: '- (Optional) The ID of the Capacity Reservation in which to run the instance.' + capacity_reservation_preference: '- (Optional) Indicates the instance''s Capacity Reservation preferences. Can be "open" or "none". (Default: "open").' + capacity_reservation_specification: '- Capacity reservation specification of the instance.' + capacity_reservation_target: '- (Optional) Information about the target Capacity Reservation. See Capacity Reservation Target below for more details.' + cpu_core_count: '- (Optional) Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API.' + cpu_credits: '- (Optional) Credit option for CPU usage. Valid values include standard or unlimited. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.' + cpu_threads_per_core: '- (Optional - has no effect unless cpu_core_count is also set) If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See Optimizing CPU Options for more information.' + create: '- (Defaults to 10 mins) Used when launching the instance (until it reaches the initial running state)' + credit_specification: '- (Optional) Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. Terraform will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.' + delete: '- (Defaults to 20 mins) Used when terminating the instance' + delete_on_termination: '- (Optional) Whether or not to delete the network interface on instance termination. Defaults to false. Currently, the only valid value is false, as this is only supported when creating new network interfaces when launching an instance.' + device_index: '- (Required) Integer index of the network interface attachment. Limited by instance type.' + device_name: '- Device name, e.g. /dev/sdh or xvdh.' + disable_api_termination: '- (Optional) If true, enables EC2 Instance Termination Protection.' + ebs_block_device: '- (Optional) One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.' + ebs_optimized: '- (Optional) If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information.' + enabled: '- (Optional) Whether Nitro Enclaves will be enabled on the instance. Defaults to false.' + enclave_options: '- (Optional) Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.' + encrypted: '- (Optional) Enables EBS encryption on the volume. Defaults to false. Cannot be used with snapshot_id. Must be configured to perform drift detection.' + ephemeral_block_device: '- (Optional) One or more configuration blocks to customize Ephemeral (also known as "Instance Store") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.' + get_password_data: '- (Optional) If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the password_data attribute. See GetPasswordData for more information.' + hibernation: '- (Optional) If true, the launched EC2 instance will support hibernation.' + host_id: '- (Optional) ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.' + http_endpoint: '- (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled.' + http_put_response_hop_limit: '- (Optional) Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from 1 to 64. Defaults to 1.' + http_tokens: '- (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional.' + iam_instance_profile: '- (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole.' + id: '- The ID of the launch template. Conflicts with name.' + instance_initiated_shutdown_behavior: '- (Optional) Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information.' + instance_state: '- The state of the instance. One of: pending, running, shutting-down, terminated, stopping, stopped. See Instance Lifecycle for more information.' + instance_type: '- (Optional) The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.' + iops: '- (Optional) Amount of provisioned IOPS. Only valid for volume_type of io1, io2 or gp3.' + ipv6_address_count: '- (Optional) A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.' + ipv6_addresses: '- (Optional) Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface' + key_name: '- (Optional) Key name of the Key Pair to use for the instance; which can be managed using the .' + kms_key_id: '- (Optional) Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.' + launch_template: |- + - (Optional) Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template. + See Launch Template Specification below for more details. + metadata_options: '- (Optional) Customize the metadata options of the instance. See Metadata Options below for more details.' + monitoring: '- (Optional) If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)' + name: '- The name of the launch template. Conflicts with id.' + network_interface: '- (Optional) Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.' + network_interface_id: '- (Required) ID of the network interface to attach.' + no_device: '- (Optional) Suppresses the specified device included in the AMI''s block device mapping.' + outpost_arn: '- The ARN of the Outpost the instance is assigned to.' + password_data: '- Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if get_password_data is true. Note that this encrypted value will be stored in the state file, as with all exported attributes. See GetPasswordData for more information.' + placement_group: '- (Optional) Placement Group to start the instance in.' + primary_network_interface_id: '- The ID of the instance''s primary network interface.' + private_dns: '- The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you''ve enabled DNS hostnames for your VPC.' + private_ip: '- (Optional) Private IP address to associate with the instance in a VPC.' + public_dns: '- The public DNS name assigned to the instance. For EC2-VPC, this is only available if you''ve enabled DNS hostnames for your VPC.' + public_ip: '- The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP''s address directly and not use public_ip as this field will change after the EIP is attached.' + root_block_device: '- (Optional) Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.' + secondary_private_ips: '- (Optional) A list of secondary private IPv4 addresses to assign to the instance''s primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a network_interface block. Refer to the Elastic network interfaces documentation to see the maximum number of private IP addresses allowed per instance type.' + security_groups: '- (Optional, EC2-Classic and default VPC only) A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.' + snapshot_id: '- (Optional) Snapshot ID to mount.' + source_dest_check: '- (Optional) Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.' + subnet_id: '- (Optional) VPC Subnet ID to launch in.' + tags: '- (Optional) A map of tags to assign to the device.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tenancy: '- (Optional) Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.' + throughput: '- (Optional) Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for volume_type of gp3.' + update: '- (Defaults to 10 mins) Used when stopping and starting the instance when necessary during update - e.g. when changing instance type' + user_data: '- (Optional) User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead.' + user_data_base64: '- (Optional) Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.' + version: '- Template version. Can be a specific version number, $Latest or $Default. The default value is $Default.' + virtual_name: '- (Optional) Instance Store Device Name (e.g. ephemeral0).' + volume_id: '- ID of the volume. For example, the ID can be accessed like this, aws_instance.web.root_block_device.0.volume_id.' + volume_size: '- (Optional) Size of the volume in gibibytes (GiB).' + volume_tags: '- (Optional) A map of tags to assign, at instance-creation time, to root and EBS volumes.' + volume_type: '- (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp2.' + vpc_security_group_ids: '- (Optional, VPC only) A list of security group IDs to associate with.' + aws_internet_gateway: + subCategory: VPC + description: Provides a resource to create a VPC Internet Gateway. + name: aws_internet_gateway + titleName: aws_internet_gateway + examples: + - manifest: |- + { + "tags": { + "Name": "main" + }, + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + arn: '- The ARN of the Internet Gateway.' + id: '- The ID of the Internet Gateway.' + owner_id: '- The ID of the AWS account that owns the internet gateway.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Required) The VPC ID to create in.' + aws_iot_certificate: + subCategory: IoT + description: Creates and manages an AWS IoT certificate. + name: aws_iot_certificate + titleName: aws_iot_certificate + examples: + - manifest: |- + { + "active": true, + "csr": "${file(\"/my/csr.pem\")}" + } + - manifest: |- + { + "active": true + } + argumentDocs: + active: '- (Required) Boolean flag to indicate if the certificate should be active' + arn: '- The ARN of the created certificate.' + certificate_pem: '- The certificate data, in PEM format.' + csr: |- + - (Optional) The certificate signing request. Review + CreateCertificateFromCsr + for more information on generating a certificate from a certificate signing request (CSR). + If none is specified both the certificate and keys will be generated, review CreateKeysAndCertificate + for more information on generating keys and a certificate. + id: '- The internal ID assigned to this certificate.' + private_key: '- When no CSR is provided, the private key.' + public_key: '- When no CSR is provided, the public key.' + aws_iot_policy: + subCategory: IoT + description: Provides an IoT policy. + name: aws_iot_policy + titleName: aws_iot_policy + examples: + - manifest: |- + { + "name": "PubSubToAnyTopic", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Statement = [\n {\n Action = [\n \"iot:*\",\n ]\n Effect = \"Allow\"\n Resource = \"*\"\n },\n ]\n })}" + } + argumentDocs: + arn: '- The ARN assigned by AWS to this policy.' + default_version_id: '- The default version of this policy.' + name: '- The name of this policy.' + policy: '- The policy document.' + aws_iot_policy_attachment: + subCategory: IoT + description: Provides an IoT policy attachment. + name: aws_iot_policy_attachment + titleName: aws_iot_policy_attachment + examples: + - manifest: |- + { + "policy": "${aws_iot_policy.pubsub.name}", + "target": "${aws_iot_certificate.cert.arn}" + } + references: + policy: aws_iot_policy.name + target: aws_iot_certificate.arn + argumentDocs: + policy: '- (Required) The name of the policy to attach.' + target: '- (Required) The identity to which the policy is attached.' + aws_iot_role_alias: + subCategory: IoT + description: Provides an IoT role alias. + name: aws_iot_role_alias + titleName: aws_iot_role_alias + examples: + - manifest: |- + { + "alias": "Thermostat-dynamodb-access-role-alias", + "role_arn": "${aws_iam_role.role.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + alias: '- (Required) The name of the role alias.' + arn: '- The ARN assigned by AWS to this role alias.' + credential_duration: '- (Optional) The duration of the credential, in seconds. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 900 seconds (15 minutes) to 3600 seconds (60 minutes).' + role_arn: '- (Required) The identity of the role to which the alias refers.' + aws_iot_thing: + subCategory: IoT + description: Creates and manages an AWS IoT Thing. + name: aws_iot_thing + titleName: aws_iot_thing + examples: + - manifest: |- + { + "attributes": { + "First": "examplevalue" + }, + "name": "example" + } + argumentDocs: + arn: '- The ARN of the thing.' + attributes: '- (Optional) Map of attributes of the thing.' + default_client_id: '- The default client ID.' + name: '- (Required) The name of the thing.' + thing_type_name: '- (Optional) The thing type name.' + version: '- The current version of the thing record in the registry.' + aws_iot_thing_principal_attachment: + subCategory: IoT + description: Provides AWS IoT Thing Principal attachment. + name: aws_iot_thing_principal_attachment + titleName: aws_iot_thing_principal_attachment + examples: + - manifest: |- + { + "principal": "${aws_iot_certificate.cert.arn}", + "thing": "${aws_iot_thing.example.name}" + } + references: + principal: aws_iot_certificate.arn + thing: aws_iot_thing.name + argumentDocs: + principal: '- (Required) The AWS IoT Certificate ARN or Amazon Cognito Identity ID.' + thing: '- (Required) The name of the thing.' + aws_iot_thing_type: + subCategory: IoT + description: Creates and manages an AWS IoT Thing Type. + name: aws_iot_thing_type + titleName: aws_iot_thing_type + examples: + - manifest: |- + { + "name": "my_iot_thing" + } + argumentDocs: + arn: '- The ARN of the created AWS IoT Thing Type.' + deprecated: '- (Optional, Defaults to false) Whether the thing type is deprecated. If true, no new things could be associated with this type.' + description: '- (Optional, Forces New Resource) The description of the thing type.' + name: '- (Required, Forces New Resource) The name of the thing type.' + properties: '- (Optional), Configuration block that can contain the following properties of the thing type:' + searchable_attributes: '- (Optional, Forces New Resource) A list of searchable thing attribute names.' + aws_iot_topic_rule: + subCategory: IoT + description: Creates and manages an AWS IoT topic rule + name: aws_iot_topic_rule + titleName: aws_iot_topic_rule + examples: + - manifest: |- + { + "description": "Example rule", + "enabled": true, + "error_action": [ + { + "sns": [ + { + "message_format": "RAW", + "role_arn": "${aws_iam_role.role.arn}", + "target_arn": "${aws_sns_topic.myerrortopic.arn}" + } + ] + } + ], + "name": "MyRule", + "sns": [ + { + "message_format": "RAW", + "role_arn": "${aws_iam_role.role.arn}", + "target_arn": "${aws_sns_topic.mytopic.arn}" + } + ], + "sql": "SELECT * FROM 'topic/test'", + "sql_version": "2016-03-23" + } + argumentDocs: + alarm_name: '- (Required) The CloudWatch alarm name.' + arn: '- The ARN of the topic rule' + bucket_name: '- (Required) The Amazon S3 bucket name.' + channel_name: '- (Required) Name of AWS IOT Analytics channel.' + delivery_stream_name: '- (Required) The delivery stream name.' + description: '- (Optional) The description of the rule.' + enabled: '- (Required) Specifies whether the rule is enabled.' + endpoint: '- (Required) The endpoint of your Elasticsearch domain.' + error_action: '- (Optional) Configuration block with error action to be associated with the rule. See the documentation for cloudwatch_alarm, cloudwatch_metric, dynamodb, dynamodbv2, elasticsearch, firehose, iot_analytics, iot_events, kinesis, lambda, republish, s3, step_functions, sns, sqs configuration blocks for further configuration details.' + execution_name_prefix: '- (Optional) The prefix used to generate, along with a UUID, the unique state machine execution name.' + function_arn: '- (Required) The ARN of the Lambda function.' + hash_key_field: '- (Required) The hash key name.' + hash_key_type: '- (Optional) The hash key type. Valid values are "STRING" or "NUMBER".' + hash_key_value: '- (Required) The hash key value.' + id: '- The name of the topic rule' + index: '- (Required) The Elasticsearch index where you want to store your data.' + input_name: '- (Required) The name of the AWS IoT Events input.' + key: '- (Required) The object key.' + message_format: '- (Required) The message format of the message to publish. Accepted values are "JSON" and "RAW".' + message_id: '- (Optional) Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector.' + metric_name: '- (Required) The CloudWatch metric name.' + metric_namespace: '- (Required) The CloudWatch metric namespace name.' + metric_timestamp: '- (Optional) An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp).' + metric_unit: '- (Required) The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit)' + metric_value: '- (Required) The CloudWatch metric value.' + name: '- (Required) The name of the rule.' + operation: '- (Optional) The operation. Valid values are "INSERT", "UPDATE", or "DELETE".' + partition_key: '- (Optional) The partition key.' + payload_field: '- (Optional) The action payload.' + put_item: '- (Required) Configuration block with DynamoDB Table to which the message will be written. Nested arguments below.' + qos: '- (Optional) The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0.' + queue_url: '- (Required) The URL of the Amazon SQS queue.' + range_key_field: '- (Optional) The range key name.' + range_key_type: '- (Optional) The range key type. Valid values are "STRING" or "NUMBER".' + range_key_value: '- (Optional) The range key value.' + role_arn: '- (Required) The ARN of the IAM role that grants access.' + separator: '- (Optional) A character separator that is used to separate records written to the Firehose stream. Valid values are: ''\n'' (newline), ''\t'' (tab), ''\r\n'' (Windows newline), '','' (comma).' + sql: '- (Required) The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference (http://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference) in the AWS IoT Developer Guide.' + sql_version: '- (Required) The version of the SQL rules engine to use when evaluating the rule.' + state_machine_name: '- (Required) The name of the Step Functions state machine whose execution will be started.' + state_reason: '- (Required) The reason for the alarm change.' + state_value: '- (Required) The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.' + stream_name: '- (Required) The name of the Amazon Kinesis stream.' + table_name: '- (Required) The name of the DynamoDB table.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_arn: '- (Required) The ARN of the SNS topic.' + topic: '- (Required) The name of the MQTT topic the message should be republished to.' + type: '- (Required) The type of document you are storing.' + use_base64: '- (Required) Specifies whether to use Base64 encoding.' + aws_key_pair: + subCategory: EC2 + description: Provides a Key Pair resource. Currently this supports importing an existing key pair but not creating a new key pair. + name: aws_key_pair + titleName: aws_key_pair + examples: + - manifest: |- + { + "key_name": "deployer-key", + "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com" + } + argumentDocs: + arn: '- The key pair ARN.' + fingerprint: '- The MD5 public key fingerprint as specified in section 4 of RFC 4716.' + id: '- The key pair name.' + key_name: '- The key pair name.' + key_name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with key_name.' + key_pair_id: '- The key pair ID.' + public_key: '- (Required) The public key material.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_kinesis_analytics_application: + subCategory: Kinesis Data Analytics (SQL Applications) + description: Provides a AWS Kinesis Analytics Application + name: aws_kinesis_analytics_application + titleName: aws_kinesis_analytics_application + examples: + - manifest: |- + { + "inputs": [ + { + "kinesis_stream": [ + { + "resource_arn": "${aws_kinesis_stream.test_stream.arn}", + "role_arn": "${aws_iam_role.test.arn}" + } + ], + "name_prefix": "test_prefix", + "parallelism": [ + { + "count": 1 + } + ], + "schema": [ + { + "record_columns": [ + { + "mapping": "$.test", + "name": "test", + "sql_type": "VARCHAR(8)" + } + ], + "record_encoding": "UTF-8", + "record_format": [ + { + "mapping_parameters": [ + { + "json": [ + { + "record_row_path": "$" + } + ] + } + ] + } + ] + } + ] + } + ], + "name": "kinesis-analytics-application-test" + } + - manifest: |- + { + "cloudwatch_logging_options": [ + { + "log_stream_arn": "${aws_cloudwatch_log_stream.example.arn}", + "role_arn": "${aws_iam_role.example.arn}" + } + ], + "inputs": [ + { + "kinesis_stream": [ + { + "resource_arn": "${aws_kinesis_stream.example.arn}", + "role_arn": "${aws_iam_role.example.arn}" + } + ], + "name_prefix": "example_prefix", + "schema": [ + { + "record_columns": [ + { + "name": "COLUMN_1", + "sql_type": "INTEGER" + } + ], + "record_format": [ + { + "mapping_parameters": [ + { + "csv": [ + { + "record_column_delimiter": ",", + "record_row_delimiter": "|" + } + ] + } + ] + } + ] + } + ], + "starting_position_configuration": [ + { + "starting_position": "NOW" + } + ] + } + ], + "name": "example-application", + "outputs": [ + { + "kinesis_firehose": [ + { + "resource_arn": "${aws_kinesis_firehose_delivery_stream.example.arn}", + "role_arn": "${aws_iam_role.example.arn}" + } + ], + "name": "OUTPUT_1", + "schema": [ + { + "record_format_type": "CSV" + } + ] + } + ], + "start_application": true + } + argumentDocs: + arn: '- The ARN of the Kinesis Analytics Appliation.' + bucket_arn: '- (Required) The S3 Bucket ARN.' + cloudwatch_logging_options: |- + - (Optional) The CloudWatch log stream options to monitor application errors. + See CloudWatch Logging Options below for more details. + code: '- (Optional) SQL Code to transform input data, and generate output.' + count: '- (Required) The Count of streams.' + create_timestamp: '- The Timestamp when the application version was created.' + csv: |- + - (Optional) Mapping information when the record format uses delimiters. + See CSV Mapping Parameters below for more details. + description: '- (Optional) Description of the application.' + file_key: '- (Required) The File Key name containing reference data.' + id: '- The ARN of the Kinesis Analytics Application.' + inputs: '- (Optional) Input configuration of the application. See Inputs below for more details.' + json: |- + - (Optional) Mapping information when JSON is the record format on the streaming source. + See JSON Mapping Parameters below for more details. + kinesis_firehose: |- + - (Optional) The Kinesis Firehose configuration for the destination stream. Conflicts with kinesis_stream. + See Kinesis Firehose below for more details. + kinesis_stream: |- + - (Optional) The Kinesis Stream configuration for the destination stream. Conflicts with kinesis_firehose. + See Kinesis Stream below for more details. + lambda: '- (Required) The Lambda function configuration. See Lambda below for more details.' + last_update_timestamp: '- The Timestamp when the application was last updated.' + log_stream_arn: '- (Required) The ARN of the CloudWatch Log Stream.' + mapping: '- (Optional) The Mapping reference to the data element.' + mapping_parameters: |- + - (Optional) The Mapping Information for the record format. + See Mapping Parameters below for more details. + name: '- (Required) Name of the column.' + name_prefix: '- (Required) The Name Prefix to use when creating an in-application stream.' + outputs: '- (Optional) Output destination configuration of the application. See Outputs below for more details.' + parallelism: |- + - (Optional) The number of Parallel in-application streams to create. + See Parallelism below for more details. + processing_configuration: |- + - (Optional) The Processing Configuration to transform records as they are received from the stream. + See Processing Configuration below for more details. + record_column_delimiter: '- (Required) The Column Delimiter.' + record_columns: |- + - (Required) The Record Column mapping for the streaming source data element. + See Record Columns below for more details. + record_encoding: '- (Optional) The Encoding of the record in the streaming source.' + record_format: |- + - (Required) The Record Format and mapping information to schematize a record. + See Record Format below for more details. + record_format_type: '- (Required) The type of Record Format. Can be CSV or JSON.' + record_row_delimiter: '- (Required) The Row Delimiter.' + record_row_path: '- (Required) Path to the top-level parent that contains the records.' + reference_data_sources: |- + - (Optional) An S3 Reference Data Source for the application. + See Reference Data Sources below for more details. + resource_arn: '- (Required) The ARN of the Lambda function.' + role_arn: '- (Required) The IAM Role ARN to read the data.' + s3: '- (Optional) The S3 configuration for the reference data source. See S3 Reference below for more details.' + schema: '- (Required) The Schema format of the data in the streaming source. See Source Schema below for more details.' + sql_type: '- (Required) The SQL Type of the column.' + start_application: |- + - (Optional) Whether to start or stop the Kinesis Analytics Application. To start an application, an input with a defined starting_position must be configured. + To modify an application's starting position, first stop the application by setting start_application = false, then update starting_position and set start_application = true. + starting_position: '- (Required) The starting position on the stream. Valid values: LAST_STOPPED_POINT, NOW, TRIM_HORIZON.' + starting_position_configuration: |- + (Optional) The point at which the application starts processing records from the streaming source. + See Starting Position Configuration below for more details. + status: '- The Status of the application.' + table_name: '- (Required) The in-application Table Name.' + tags: '- Key-value map of tags for the Kinesis Analytics Application. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version: '- The Version of the application.' + aws_kinesis_firehose_delivery_stream: + subCategory: Kinesis Firehose + description: Provides a AWS Kinesis Firehose Delivery Stream + name: aws_kinesis_firehose_delivery_stream + titleName: aws_kinesis_firehose_delivery_stream + examples: + - manifest: |- + { + "destination": "extended_s3", + "extended_s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "processing_configuration": [ + { + "enabled": "true", + "processors": [ + { + "parameters": [ + { + "parameter_name": "LambdaArn", + "parameter_value": "${aws_lambda_function.lambda_processor.arn}:$LATEST" + } + ], + "type": "Lambda" + } + ] + } + ], + "role_arn": "${aws_iam_role.firehose_role.arn}" + } + ], + "name": "terraform-kinesis-firehose-extended-s3-test-stream" + } + - manifest: |- + { + "destination": "s3", + "name": "terraform-kinesis-firehose-test-stream", + "s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "role_arn": "${aws_iam_role.firehose_role.arn}" + } + ] + } + - manifest: |- + { + "destination": "redshift", + "name": "terraform-kinesis-firehose-test-stream", + "redshift_configuration": [ + { + "cluster_jdbcurl": "jdbc:redshift://${aws_redshift_cluster.test_cluster.endpoint}/${aws_redshift_cluster.test_cluster.database_name}", + "copy_options": "delimiter '|'", + "data_table_columns": "test-col", + "data_table_name": "test-table", + "password": "T3stPass", + "role_arn": "${aws_iam_role.firehose_role.arn}", + "s3_backup_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "buffer_interval": 300, + "buffer_size": 15, + "compression_format": "GZIP", + "role_arn": "${aws_iam_role.firehose_role.arn}" + } + ], + "s3_backup_mode": "Enabled", + "username": "testuser" + } + ], + "s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "buffer_interval": 400, + "buffer_size": 10, + "compression_format": "GZIP", + "role_arn": "${aws_iam_role.firehose_role.arn}" + } + ] + } + - manifest: |- + { + "destination": "elasticsearch", + "elasticsearch_configuration": [ + { + "domain_arn": "${aws_elasticsearch_domain.test_cluster.arn}", + "index_name": "test", + "processing_configuration": [ + { + "enabled": "true", + "processors": [ + { + "parameters": [ + { + "parameter_name": "LambdaArn", + "parameter_value": "${aws_lambda_function.lambda_processor.arn}:$LATEST" + } + ], + "type": "Lambda" + } + ] + } + ], + "role_arn": "${aws_iam_role.firehose_role.arn}", + "type_name": "test" + } + ], + "name": "terraform-kinesis-firehose-test-stream", + "s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "buffer_interval": 400, + "buffer_size": 10, + "compression_format": "GZIP", + "role_arn": "${aws_iam_role.firehose_role.arn}" + } + ] + } + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy.firehose-elasticsearch}" + ], + "destination": "elasticsearch", + "elasticsearch_configuration": [ + { + "domain_arn": "${aws_elasticsearch_domain.test_cluster.arn}", + "index_name": "test", + "role_arn": "${aws_iam_role.firehose.arn}", + "type_name": "test", + "vpc_config": [ + { + "role_arn": "${aws_iam_role.firehose.arn}", + "security_group_ids": [ + "${aws_security_group.first.id}" + ], + "subnet_ids": [ + "${aws_subnet.first.id}", + "${aws_subnet.second.id}" + ] + } + ] + } + ], + "name": "terraform-kinesis-firehose-es", + "s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "role_arn": "${aws_iam_role.firehose.arn}" + } + ] + } + - manifest: |- + { + "destination": "splunk", + "name": "terraform-kinesis-firehose-test-stream", + "s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "buffer_interval": 400, + "buffer_size": 10, + "compression_format": "GZIP", + "role_arn": "${aws_iam_role.firehose.arn}" + } + ], + "splunk_configuration": [ + { + "hec_acknowledgment_timeout": 600, + "hec_endpoint": "https://http-inputs-mydomain.splunkcloud.com:443", + "hec_endpoint_type": "Event", + "hec_token": "51D4DA16-C61B-4F5F-8EC7-ED4301342A4A", + "s3_backup_mode": "FailedEventsOnly" + } + ] + } + - manifest: |- + { + "destination": "http_endpoint", + "http_endpoint_configuration": [ + { + "access_key": "my-key", + "buffering_interval": 600, + "buffering_size": 15, + "name": "New Relic", + "request_configuration": [ + { + "common_attributes": [ + { + "name": "testname", + "value": "testvalue" + }, + { + "name": "testname2", + "value": "testvalue2" + } + ], + "content_encoding": "GZIP" + } + ], + "role_arn": "${aws_iam_role.firehose.arn}", + "s3_backup_mode": "FailedDataOnly", + "url": "https://aws-api.newrelic.com/firehose/v1" + } + ], + "name": "terraform-kinesis-firehose-test-stream", + "s3_configuration": [ + { + "bucket_arn": "${aws_s3_bucket.bucket.arn}", + "buffer_interval": 400, + "buffer_size": 10, + "compression_format": "GZIP", + "role_arn": "${aws_iam_role.firehose.arn}" + } + ] + } + - manifest: |- + { + "extended_s3_configuration": [ + { + "buffer_size": 128, + "data_format_conversion_configuration": [ + { + "input_format_configuration": [ + { + "deserializer": [ + { + "hive_json_ser_de": [ + {} + ] + } + ] + } + ], + "output_format_configuration": [ + { + "serializer": [ + { + "orc_ser_de": [ + {} + ] + } + ] + } + ], + "schema_configuration": [ + { + "database_name": "${aws_glue_catalog_table.example.database_name}", + "role_arn": "${aws_iam_role.example.arn}", + "table_name": "${aws_glue_catalog_table.example.name}" + } + ] + } + ] + } + ] + } + argumentDocs: + access_key: '- (Optional) The access key required for Kinesis Firehose to authenticate with the HTTP endpoint selected as the destination.' + arn: '- The Amazon Resource Name (ARN) specifying the Stream' + block_size_bytes: '- (Optional) The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations.' + bloom_filter_columns: '- (Optional) A list of column names for which you want Kinesis Data Firehose to create bloom filters.' + bloom_filter_false_positive_probability: '- (Optional) The Bloom filter false positive probability (FPP). The lower the FPP, the bigger the Bloom filter. The default value is 0.05, the minimum is 0, and the maximum is 1.' + bucket_arn: '- (Required) The ARN of the S3 bucket' + buffer_interval: '- (Optional) Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300.' + buffer_size: |- + - (Optional) Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. + We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. + buffering_interval: '- (Optional) Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes).' + buffering_size: '- (Optional) Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.' + case_insensitive: '- (Optional) When set to true, which is the default, Kinesis Data Firehose converts JSON keys to lowercase before deserializing them.' + catalog_id: '- (Optional) The ID of the AWS Glue Data Catalog. If you don''t supply this, the AWS account ID is used by default.' + cloudwatch_logging_options: '- (Optional) The CloudWatch Logging Options for the delivery stream. More details are given below.' + cluster_endpoint: '- (Optional) The endpoint to use when communicating with the cluster. Conflicts with domain_arn.' + cluster_jdbcurl: '- (Required) The jdbcurl of the redshift cluster.' + column_to_json_key_mappings: '- (Optional) A map of column names to JSON keys that aren''t identical to the column names. This is useful when the JSON contains keys that are Hive keywords. For example, timestamp is a Hive keyword. If you have a JSON key named timestamp, set this parameter to { ts = "timestamp" } to map this key to a column named ts.' + common_attributes: '- (Optional) Describes the metadata sent to the HTTP endpoint destination. More details are given below' + compression: '- (Optional) The compression code to use over data blocks. The possible values are UNCOMPRESSED, SNAPPY, and GZIP, with the default being SNAPPY. Use SNAPPY for higher decompression speed. Use GZIP if the compression ratio is more important than speed.' + compression_format: '- (Optional) The compression format. If no value is specified, the default is UNCOMPRESSED. Other supported values are GZIP, ZIP, Snappy, & HADOOP_SNAPPY.' + content_encoding: '- (Optional) Kinesis Data Firehose uses the content encoding to compress the body of a request before sending the request to the destination. Valid values are NONE and GZIP. Default value is NONE.' + convert_dots_in_json_keys_to_underscores: '- (Optional) When set to true, specifies that the names of the keys include dots and that you want Kinesis Data Firehose to replace them with underscores. This is useful because Apache Hive does not allow dots in column names. For example, if the JSON contains a key whose name is "a.b", you can define the column name to be "a_b" when using this option. Defaults to false.' + copy_options: '- (Optional) Copy options for copying the data from the s3 intermediate bucket into redshift, for example to change the default delimiter. For valid values, see the AWS documentation' + data_format_conversion_configuration: '- (Optional) Nested argument for the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. More details given below.' + data_table_columns: '- (Optional) The data table columns that will be targeted by the copy command.' + data_table_name: '- (Required) The name of the table in the redshift cluster that the s3 bucket will copy to.' + database_name: '- (Required) Specifies the name of the AWS Glue database that contains the schema for the output data.' + deserializer: '- (Required) Nested argument that specifies which deserializer to use. You can choose either the Apache Hive JSON SerDe or the OpenX JSON SerDe. More details below.' + destination: – (Required) This is the destination to where the data is delivered. The only options are s3 (Deprecated, use extended_s3 instead), extended_s3, redshift, elasticsearch, splunk, and http_endpoint. + dictionary_key_threshold: '- (Optional) A float that represents the fraction of the total number of non-null rows. To turn off dictionary encoding, set this fraction to a number that is less than the number of distinct keys in a dictionary. To always use dictionary encoding, set this threshold to 1.' + domain_arn: '- (Optional) The ARN of the Amazon ES domain. The IAM role must have permission for DescribeElasticsearchDomain, DescribeElasticsearchDomains, and DescribeElasticsearchDomainConfig after assuming RoleARN. The pattern needs to be arn:.*. Conflicts with cluster_endpoint.' + elasticsearch_configuration: '- (Optional) Configuration options if elasticsearch is the destination. More details are given below.' + enable_dictionary_compression: '- (Optional) Indicates whether to enable dictionary compression.' + enable_padding: '- (Optional) Set this to true to indicate that you want stripes to be padded to the HDFS block boundaries. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is false.' + enabled: '- (Optional) Defaults to true. Set it to false if you want to disable format conversion while preserving the configuration details.' + error_output_prefix: '- (Optional) Prefix added to failed records before writing them to S3. This prefix appears immediately following the bucket name.' + extended_s3_configuration: '- (Optional, only Required when destination is extended_s3) Enhanced configuration options for the s3 destination. More details are given below.' + format_version: '- (Optional) The version of the file to write. The possible values are V0_11 and V0_12. The default is V0_12.' + hec_acknowledgment_timeout: '- (Optional) The amount of time, in seconds between 180 and 600, that Kinesis Firehose waits to receive an acknowledgment from Splunk after it sends it data.' + hec_endpoint: '- (Required) The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your data.' + hec_endpoint_type: '- (Optional) The HEC endpoint type. Valid values are Raw or Event. The default value is Raw.' + hec_token: '- (Required) The GUID that you obtain from your Splunk cluster when you create a new HEC endpoint.' + hive_json_ser_de: '- (Optional) Nested argument that specifies the native Hive / HCatalog JsonSerDe. More details below.' + http_endpoint_configuration: '- (Optional) Configuration options if http_endpoint is the destination. requires the user to also specify a s3_configuration block. More details are given below.' + index_name: '- (Required) The Elasticsearch index name.' + index_rotation_period: '- (Optional) The Elasticsearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate expiration of old data. Valid values are NoRotation, OneHour, OneDay, OneWeek, and OneMonth. The default value is OneDay.' + input_format_configuration: '- (Required) Nested argument that specifies the deserializer that you want Kinesis Data Firehose to use to convert the format of your data from JSON. More details below.' + key_arn: '- (Optional) Amazon Resource Name (ARN) of the encryption key. Required when key_type is CUSTOMER_MANAGED_CMK.' + key_type: '- (Optional) Type of encryption key. Default is AWS_OWNED_CMK. Valid values are AWS_OWNED_CMK and CUSTOMER_MANAGED_CMK' + kinesis_source_configuration: '- (Optional) Allows the ability to specify the kinesis stream that is used as the source of the firehose delivery stream.' + kinesis_stream_arn: (Required) The kinesis stream used as the source of the firehose delivery stream. + kms_key_arn: |- + - (Optional) Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will + be used. + log_group_name: '- (Optional) The CloudWatch group name for logging. This value is required if enabled is true.' + log_stream_name: '- (Optional) The CloudWatch log stream name for logging. This value is required if enabled is true.' + max_padding_bytes: '- (Optional) The maximum amount of padding to apply. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 0.' + name: '- (Required) The name of the HTTP endpoint common attribute.' + open_x_json_ser_de: '- (Optional) Nested argument that specifies the OpenX SerDe. More details below.' + orc_ser_de: '- (Optional) Nested argument that specifies converting data to the ORC format before storing it in Amazon S3. For more information, see Apache ORC. More details below.' + output_format_configuration: '- (Required) Nested argument that specifies the serializer that you want Kinesis Data Firehose to use to convert the format of your data to the Parquet or ORC format. More details below.' + padding_tolerance: '- (Optional) A float between 0 and 1 that defines the tolerance for block padding as a decimal fraction of stripe size. The default value is 0.05, which means 5 percent of stripe size. For the default values of 64 MiB ORC stripes and 256 MiB HDFS blocks, the default block padding tolerance of 5 percent reserves a maximum of 3.2 MiB for padding within the 256 MiB block. In such a case, if the available size within the block is more than 3.2 MiB, a new, smaller stripe is inserted to fit within that space. This ensures that no stripe crosses block boundaries and causes remote reads within a node-local task. Kinesis Data Firehose ignores this parameter when enable_padding is false.' + page_size_bytes: '- (Optional) The Parquet page size. Column chunks are divided into pages. A page is conceptually an indivisible unit (in terms of compression and encoding). The minimum value is 64 KiB and the default is 1 MiB.' + parameter_name: '- (Required) Parameter name. Valid Values: LambdaArn, NumberOfRetries, RoleArn, BufferSizeInMBs, BufferIntervalInSeconds' + parameter_value: '- (Required) Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well.' + parameters: '- (Optional) Array of processor parameters. More details are given below' + parquet_ser_de: '- (Optional) Nested argument that specifies converting data to the Parquet format before storing it in Amazon S3. For more information, see Apache Parquet. More details below.' + password: '- (Required) The password for the username above.' + prefix: '- (Optional) The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket' + processing_configuration: '- (Optional) The data processing configuration. More details are given below.' + processors: '- (Optional) Array of data processors. More details are given below' + redshift_configuration: |- + - (Optional) Configuration options if redshift is the destination. + Using redshift_configuration requires the user to also specify a + s3_configuration block. More details are given below. + region: '- (Optional) If you don''t specify an AWS Region, the default is the current region.' + request_configuration: '- (Optional) The request configuration. More details are given below.' + retry_duration: '- (Optional) Total amount of seconds Firehose spends on retries. This duration starts after the initial attempt fails, It does not include the time periods during which Firehose waits for acknowledgment from the specified destination after each attempt. Valid values between 0 and 7200. Default is 300.' + role_arn: '- (Required) The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren''t allowed.' + row_index_stride: '- (Optional) The number of rows between index entries. The default is 10000 and the minimum is 1000.' + s3_backup_configuration: '- (Optional) The configuration for backup in Amazon S3. Required if s3_backup_mode is Enabled. Supports the same fields as s3_configuration object.' + s3_backup_mode: '- (Optional) Defines how documents should be delivered to Amazon S3. Valid values are FailedDataOnly and AllData. Default value is FailedDataOnly.' + s3_configuration: |- + - (Optional) Required for non-S3 destinations. For S3 destination, use extended_s3_configuration instead. Configuration options for the s3 destination (or the intermediate bucket if the destination + is redshift). More details are given below. + schema_configuration: '- (Required) Nested argument that specifies the AWS Glue Data Catalog table that contains the column information. More details below.' + security_group_ids: '- (Required) A list of security group IDs to associate with Kinesis Firehose.' + serializer: '- (Required) Nested argument that specifies which serializer to use. You can choose either the ORC SerDe or the Parquet SerDe. More details below.' + server_side_encryption: |- + - (Optional) Encrypt at rest options. + Server-side encryption should not be enabled when a kinesis stream is configured as the source of the firehose delivery stream. + splunk_configuration: '- (Optional) Configuration options if splunk is the destination. More details are given below.' + stripe_size_bytes: '- (Optional) The number of bytes in each stripe. The default is 64 MiB and the minimum is 8 MiB.' + subnet_ids: '- (Required) A list of subnet IDs to associate with Kinesis Firehose.' + table_name: '- (Required) Specifies the AWS Glue table that contains the column information that constitutes your data schema.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timestamp_formats: '- (Optional) A list of how you want Kinesis Data Firehose to parse the date and time stamps that may be present in your input data JSON. To specify these format strings, follow the pattern syntax of JodaTime''s DateTimeFormat format strings. For more information, see Class DateTimeFormat. You can also use the special value millis to parse time stamps in epoch milliseconds. If you don''t specify a format, Kinesis Data Firehose uses java.sql.Timestamp::valueOf by default.' + type: '- (Required) The type of processor. Valid Values: Lambda' + type_name: '- (Optional) The Elasticsearch type name with maximum length of 100 characters.' + url: '- (Required) The HTTP endpoint URL to which Kinesis Firehose sends your data.' + username: '- (Required) The username that the firehose delivery stream will assume. It is strongly recommended that the username and password provided is used exclusively for Amazon Kinesis Firehose purposes, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.' + value: '- (Optional) The value of the HTTP endpoint common attribute.' + version_id: '- (Optional) Specifies the table version for the output data schema. Defaults to LATEST.' + vpc_config: '- (Optional) The VPC configuration for the delivery stream to connect to Elastic Search associated with the VPC. More details are given below' + writer_version: '- (Optional) Indicates the version of row format to output. The possible values are V1 and V2. The default is V1.' + aws_kinesis_stream: + subCategory: Kinesis + description: Provides a AWS Kinesis Stream + name: aws_kinesis_stream + titleName: aws_kinesis_stream + examples: + - manifest: |- + { + "name": "terraform-kinesis-test", + "retention_period": 48, + "shard_count": 1, + "shard_level_metrics": [ + "IncomingBytes", + "OutgoingBytes" + ], + "tags": { + "Environment": "test" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the Stream (same as id)' + create: '- (Default 5 minutes) Used for Creating a Kinesis Stream' + delete: '- (Default 120 minutes) Used for Destroying a Kinesis Stream' + encryption_type: '- (Optional) The encryption type to use. The only acceptable values are NONE or KMS. The default value is NONE.' + enforce_consumer_deletion: '- (Optional) A boolean that indicates all registered consumers should be deregistered from the stream so that the stream can be destroyed without error. The default value is false.' + id: '- The unique Stream id' + kms_key_id: '- (Optional) The GUID for the customer-managed KMS key to use for encryption. You can also use a Kinesis-owned master key by specifying the alias alias/aws/kinesis.' + name: '- The unique Stream name' + retention_period: '- (Optional) Length of time data records are accessible after they are added to the stream. The maximum value of a stream''s retention period is 8760 hours. Minimum value is 24. Default is 24.' + shard_count: '- The count of Shards for this Stream' + shard_level_metrics: '- (Optional) A list of shard-level CloudWatch metrics which can be enabled for the stream. See Monitoring with CloudWatch for more. Note that the value ALL should not be used; instead you should provide an explicit list of metrics you wish to enable.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 120 minutes) Used for Updating a Kinesis Stream' + aws_kinesis_stream_consumer: + subCategory: Kinesis + description: Manages a Kinesis Stream Consumer. + name: aws_kinesis_stream_consumer + titleName: aws_kinesis_stream_consumer + examples: + - manifest: |- + { + "name": "example-consumer", + "stream_arn": "${aws_kinesis_stream.example.arn}" + } + references: + stream_arn: aws_kinesis_stream.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the stream consumer.' + creation_timestamp: '- Approximate timestamp in RFC3339 format of when the stream consumer was created.' + id: '- Amazon Resource Name (ARN) of the stream consumer.' + name: '- (Required, Forces new resource) Name of the stream consumer.' + stream_arn: – (Required, Forces new resource) Amazon Resource Name (ARN) of the data stream the consumer is registered with. + aws_kinesis_video_stream: + subCategory: Kinesis Video + description: Provides a AWS Kinesis Video Stream + name: aws_kinesis_video_stream + titleName: aws_kinesis_video_stream + examples: + - manifest: |- + { + "data_retention_in_hours": 1, + "device_name": "kinesis-video-device-name", + "media_type": "video/h264", + "name": "terraform-kinesis-video-stream", + "tags": { + "Name": "terraform-kinesis-video-stream" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) specifying the Stream (same as id)' + create: '- (Default 5 minutes) Used for Creating a Kinesis Stream' + creation_time: '- A time stamp that indicates when the stream was created.' + data_retention_in_hours: – (Optional) The number of hours that you want to retain the data in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream. The default value is 0, indicating that the stream does not persist data. + delete: '- (Default 120 minutes) Used for Destroying a Kinesis Stream' + device_name: '- (Optional) The name of the device that is writing to the stream. In the current implementation, Kinesis Video Streams does not use this name.' + id: '- The unique Stream id' + kms_key_id: '- (Optional) The ID of the AWS Key Management Service (AWS KMS) key that you want Kinesis Video Streams to use to encrypt stream data. If no key ID is specified, the default, Kinesis Video-managed key (aws/kinesisvideo) is used.' + media_type: '- (Optional) The media type of the stream. Consumers of the stream can use this information when processing the stream. For more information about media types, see Media Types. If you choose to specify the MediaType, see Naming Requirements for guidelines.' + name: |- + - (Required) A name to identify the stream. This is unique to the + AWS account and region the Stream is created in. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 120 minutes) Used for Updating a Kinesis Stream' + version: '- The version of the stream.' + aws_kinesisanalyticsv2_application: + subCategory: Kinesis Data Analytics v2 (SQL and Flink Applications) + description: Manages a Kinesis Analytics v2 Application. + name: aws_kinesisanalyticsv2_application + titleName: aws_kinesisanalyticsv2_application + examples: + - manifest: |- + { + "application_configuration": [ + { + "application_code_configuration": [ + { + "code_content": [ + { + "s3_content_location": [ + { + "bucket_arn": "${aws_s3_bucket.example.arn}", + "file_key": "${aws_s3_bucket_object.example.key}" + } + ] + } + ], + "code_content_type": "ZIPFILE" + } + ], + "environment_properties": [ + { + "property_group": [ + { + "property_group_id": "PROPERTY-GROUP-1", + "property_map": { + "Key1": "Value1" + } + }, + { + "property_group_id": "PROPERTY-GROUP-2", + "property_map": { + "KeyA": "ValueA", + "KeyB": "ValueB" + } + } + ] + } + ], + "flink_application_configuration": [ + { + "checkpoint_configuration": [ + { + "configuration_type": "DEFAULT" + } + ], + "monitoring_configuration": [ + { + "configuration_type": "CUSTOM", + "log_level": "DEBUG", + "metrics_level": "TASK" + } + ], + "parallelism_configuration": [ + { + "auto_scaling_enabled": true, + "configuration_type": "CUSTOM", + "parallelism": 10, + "parallelism_per_kpu": 4 + } + ] + } + ] + } + ], + "name": "example-flink-application", + "runtime_environment": "FLINK-1_8", + "service_execution_role": "${aws_iam_role.example.arn}", + "tags": { + "Environment": "test" + } + } + references: + service_execution_role: aws_iam_role.arn + - manifest: |- + { + "application_configuration": [ + { + "application_code_configuration": [ + { + "code_content": [ + { + "text_content": "SELECT 1;\n" + } + ], + "code_content_type": "PLAINTEXT" + } + ], + "sql_application_configuration": [ + { + "input": [ + { + "input_parallelism": [ + { + "count": 3 + } + ], + "input_schema": [ + { + "record_column": [ + { + "mapping": "MAPPING-1", + "name": "COLUMN_1", + "sql_type": "VARCHAR(8)" + }, + { + "name": "COLUMN_2", + "sql_type": "DOUBLE" + } + ], + "record_encoding": "UTF-8", + "record_format": [ + { + "mapping_parameters": [ + { + "csv_mapping_parameters": [ + { + "record_column_delimiter": ",", + "record_row_delimiter": "\n" + } + ] + } + ], + "record_format_type": "CSV" + } + ] + } + ], + "kinesis_streams_input": [ + { + "resource_arn": "${aws_kinesis_stream.example.arn}" + } + ], + "name_prefix": "PREFIX_1" + } + ], + "output": [ + { + "destination_schema": [ + { + "record_format_type": "JSON" + } + ], + "lambda_output": [ + { + "resource_arn": "${aws_lambda_function.example.arn}" + } + ], + "name": "OUTPUT_1" + }, + { + "destination_schema": [ + { + "record_format_type": "CSV" + } + ], + "kinesis_firehose_output": [ + { + "resource_arn": "${aws_kinesis_firehose_delivery_stream.example.arn}" + } + ], + "name": "OUTPUT_2" + } + ], + "reference_data_source": [ + { + "reference_schema": [ + { + "record_column": [ + { + "name": "COLUMN_1", + "sql_type": "INTEGER" + } + ], + "record_format": [ + { + "mapping_parameters": [ + { + "json_mapping_parameters": [ + { + "record_row_path": "$" + } + ] + } + ], + "record_format_type": "JSON" + } + ] + } + ], + "s3_reference_data_source": [ + { + "bucket_arn": "${aws_s3_bucket.example.arn}", + "file_key": "KEY-1" + } + ], + "table_name": "TABLE-1" + } + ] + } + ] + } + ], + "cloudwatch_logging_options": [ + { + "log_stream_arn": "${aws_cloudwatch_log_stream.example.arn}" + } + ], + "name": "example-sql-application", + "runtime_environment": "SQL-1.0", + "service_execution_role": "${aws_iam_role.example.arn}" + } + references: + service_execution_role: aws_iam_role.arn + - manifest: |- + { + "application_configuration": [ + { + "application_code_configuration": [ + { + "code_content": [ + { + "s3_content_location": [ + { + "bucket_arn": "${aws_s3_bucket.example.arn}", + "file_key": "${aws_s3_bucket_object.example.key}" + } + ] + } + ], + "code_content_type": "ZIPFILE" + } + ], + "vpc_configuration": [ + { + "security_group_ids": [ + "${aws_security_group.example[0].id}", + "${aws_security_group.example[1].id}" + ], + "subnet_ids": [ + "${aws_subnet.example.id}" + ] + } + ] + } + ], + "name": "example-flink-application", + "runtime_environment": "FLINK-1_8", + "service_execution_role": "${aws_iam_role.example.arn}" + } + references: + service_execution_role: aws_iam_role.arn + argumentDocs: + allow_non_restored_state: '- (Optional) When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. Default is false.' + application_code_configuration: '- (Required) The code location and type parameters for the application.' + application_configuration: '- (Optional) The application''s configuration' + application_restore_configuration: '- (Optional) The restore behavior of a restarting application.' + application_restore_type: '- (Required) Specifies how the application should be restored. Valid values: RESTORE_FROM_CUSTOM_SNAPSHOT, RESTORE_FROM_LATEST_SNAPSHOT, SKIP_RESTORE_FROM_SNAPSHOT.' + application_snapshot_configuration: '- (Optional) Describes whether snapshots are enabled for a Flink-based application.' + arn: '- The ARN of the application.' + auto_scaling_enabled: '- (Optional) Describes whether the Kinesis Data Analytics service can increase the parallelism of the application in response to increased throughput.' + bucket_arn: '- (Required) The ARN of the S3 bucket.' + checkpoint_configuration: '- (Optional) Describes an application''s checkpointing configuration.' + checkpoint_interval: '- (Optional) Describes the interval in milliseconds between checkpoint operations.' + checkpointing_enabled: '- (Optional) Describes whether checkpointing is enabled for a Flink-based Kinesis Data Analytics application.' + cloudwatch_logging_options: '- (Optional) A CloudWatch log stream to monitor application configuration errors.' + code_content: '- (Optional) The location and type of the application code.' + code_content_type: '- (Required) Specifies whether the code content is in text or zip format. Valid values: PLAINTEXT, ZIPFILE.' + configuration_type: '- (Required) Describes whether the application uses the default parallelism for the Kinesis Data Analytics service. Valid values: CUSTOM, DEFAULT. Set this attribute to CUSTOM in order for any specified auto_scaling_enabled, parallelism, or parallelism_per_kpu attribute values to be effective.' + count: '- (Optional) The number of in-application streams to create.' + create_timestamp: '- The current timestamp when the application was created.' + csv_mapping_parameters: '- (Optional) Provides additional mapping information when the record format uses delimiters (for example, CSV).' + description: '- (Optional) A summary description of the application.' + destination_schema: '- (Required) Describes the data format when records are written to the destination.' + environment_properties: '- (Optional) Describes execution properties for a Flink-based application.' + file_key: '- (Required) The object key name containing the reference data.' + flink_application_configuration: '- (Optional) The configuration of a Flink-based application.' + flink_run_configuration: '- (Optional) The starting parameters for a Flink-based Kinesis Data Analytics application.' + force_stop: '- (Optional) Whether to force stop an unresponsive Flink-based application.' + id: '- The application identifier.' + input: '- (Optional) The input stream used by the application.' + input_lambda_processor: '- (Required) Describes the Lambda function that is used to preprocess the records in the stream before being processed by your application code.' + input_parallelism: '- (Optional) Describes the number of in-application streams to create.' + input_processing_configuration: |- + - (Optional) The input processing configuration for the input. + An input processor transforms records as they are received from the stream, before the application's SQL code executes. + input_schema: '- (Required) Describes the format of the data in the streaming source, and how each data element maps to corresponding columns in the in-application stream that is being created.' + input_starting_position: '- (Required) The starting position on the stream. Valid values: LAST_STOPPED_POINT, NOW, TRIM_HORIZON.' + input_starting_position_configuration: (Optional) The point at which the application starts processing records from the streaming source. + json_mapping_parameters: '- (Optional) Provides additional mapping information when JSON is the record format on the streaming source.' + kinesis_firehose_input: '- (Optional) If the streaming source is a Kinesis Data Firehose delivery stream, identifies the delivery stream''s ARN.' + kinesis_firehose_output: '- (Optional) Identifies a Kinesis Data Firehose delivery stream as the destination.' + kinesis_streams_input: '- (Optional) If the streaming source is a Kinesis data stream, identifies the stream''s Amazon Resource Name (ARN).' + kinesis_streams_output: '- (Optional) Identifies a Kinesis data stream as the destination.' + lambda_output: '- (Optional) Identifies a Lambda function as the destination.' + last_update_timestamp: '- The current timestamp when the application was last updated.' + log_level: '- (Optional) Describes the verbosity of the CloudWatch Logs for an application. Valid values: DEBUG, ERROR, INFO, WARN.' + log_stream_arn: '- (Required) The ARN of the CloudWatch log stream to receive application messages.' + mapping: '- (Optional) A reference to the data element in the streaming input or the reference data source.' + mapping_parameters: '- (Required) Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.' + metrics_level: '- (Optional) Describes the granularity of the CloudWatch Logs for an application. Valid values: APPLICATION, OPERATOR, PARALLELISM, TASK.' + min_pause_between_checkpoints: '- (Optional) Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start.' + monitoring_configuration: '- (Optional) Describes configuration parameters for CloudWatch logging for an application.' + name: '- (Required) The name of the in-application stream.' + name_prefix: '- (Required) The name prefix to use when creating an in-application stream.' + object_version: '- (Optional) The version of the object containing the application code.' + output: '- (Optional) The destination streams used by the application.' + parallelism: '- (Optional) Describes the initial number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform.' + parallelism_configuration: '- (Optional) Describes parameters for how an application executes multiple tasks simultaneously.' + parallelism_per_kpu: '- (Optional) Describes the number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform per Kinesis Processing Unit (KPU) used by the application.' + property_group: '- (Required) Describes the execution property groups.' + property_group_id: '- (Required) The key of the application execution property key-value map.' + property_map: '- (Required) Application execution property key-value map.' + record_column: '- (Required) Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.' + record_column_delimiter: '- (Required) The column delimiter. For example, in a CSV format, a comma (,) is the typical column delimiter.' + record_encoding: '- (Optional) Specifies the encoding of the records in the streaming source. For example, UTF-8.' + record_format: '- (Required) Specifies the format of the records on the streaming source.' + record_format_type: '- (Required) Specifies the format of the records on the output stream. Valid values: CSV, JSON.' + record_row_delimiter: '- (Required) The row delimiter. For example, in a CSV format, \n is the typical row delimiter.' + record_row_path: '- (Required) The path to the top-level parent that contains the records.' + reference_data_source: '- (Optional) The reference data source used by the application.' + reference_schema: '- (Required) Describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.' + resource_arn: '- (Required) The ARN of the destination Lambda function to write to.' + run_configuration: '- (Optional) Describes the starting properties for a Flink-based application.' + runtime_environment: '- (Required) The runtime environment for the application. Valid values: SQL-1_0, FLINK-1_6, FLINK-1_8, FLINK-1_11.' + s3_content_location: '- (Optional) Information about the Amazon S3 bucket containing the application code.' + s3_reference_data_source: '- (Required) Identifies the S3 bucket and object that contains the reference data.' + security_group_ids: '- (Required) The Security Group IDs used by the VPC configuration.' + service_execution_role: '- (Required) The ARN of the IAM role used by the application to access Kinesis data streams, Kinesis Data Firehose delivery streams, Amazon S3 objects, and other external resources.' + snapshot_name: '- (Optional) The identifier of an existing snapshot of application state to use to restart an application. The application uses this value if RESTORE_FROM_CUSTOM_SNAPSHOT is specified for application_restore_type.' + snapshots_enabled: '- (Required) Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application.' + sql_application_configuration: '- (Optional) The configuration of a SQL-based application.' + sql_type: '- (Required) The type of column created in the in-application input stream or reference table.' + start_application: '- (Optional) Whether to start or stop the application.' + status: '- The status of the application.' + subnet_ids: '- (Required) The Subnet IDs used by the VPC configuration.' + table_name: '- (Required) The name of the in-application table to create.' + tags: '- (Optional) A map of tags to assign to the application. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + text_content: '- (Optional) The text-format code for the application.' + version_id: '- The current application version. Kinesis Data Analytics updates the version_id each time the application is updated.' + vpc_configuration: '- (Optional) The VPC configuration of a Flink-based application.' + aws_kinesisanalyticsv2_application_snapshot: + subCategory: Kinesis Data Analytics v2 (SQL and Flink Applications) + description: Manages a Kinesis Analytics v2 Application Snapshot. + name: aws_kinesisanalyticsv2_application_snapshot + titleName: aws_kinesisanalyticsv2_application_snapshot + examples: + - manifest: |- + { + "application_name": "${aws_kinesisanalyticsv2_application.example.name}", + "snapshot_name": "example-snapshot" + } + references: + application_name: aws_kinesisanalyticsv2_application.name + argumentDocs: + application_name: '- (Required) The name of an existing Kinesis Analytics v2 Application. Note that the application must be running for a snapshot to be created.' + application_version_id: '- The current application version ID when the snapshot was created.' + id: '- The application snapshot identifier.' + snapshot_creation_timestamp: '- The timestamp of the application snapshot.' + snapshot_name: '- (Required) The name of the application snapshot.' + aws_kms_alias: + subCategory: KMS + description: Provides a display name for a customer master key. + name: aws_kms_alias + titleName: aws_kms_alias + examples: + - manifest: |- + { + "name": "alias/my-key-alias", + "target_key_id": "${aws_kms_key.a.key_id}" + } + references: + target_key_id: aws_kms_key.key_id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the key alias.' + name: '- (Optional) The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)' + name_prefix: |- + - (Optional) Creates an unique alias beginning with the specified prefix. + The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with name. + target_key_arn: '- The Amazon Resource Name (ARN) of the target key identifier.' + target_key_id: '- (Required) Identifier for the key for which the alias is for, can be either an ARN or key_id.' + aws_kms_ciphertext: + subCategory: KMS + description: Provides ciphertext encrypted using a KMS key + name: aws_kms_ciphertext + titleName: aws_kms_ciphertext + examples: + - manifest: |- + { + "key_id": "${aws_kms_key.oauth_config.key_id}", + "plaintext": "{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n" + } + references: + key_id: aws_kms_key.key_id + argumentDocs: + ciphertext_blob: '- Base64 encoded ciphertext' + context: '- (Optional) An optional mapping that makes up the encryption context.' + key_id: '- (Required) Globally unique key ID for the customer master key.' + plaintext: '- (Required) Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.' + aws_kms_external_key: + subCategory: KMS + description: Manages a KMS Customer Master Key that uses external key material + name: aws_kms_external_key + titleName: aws_kms_external_key + examples: + - manifest: |- + { + "description": "KMS EXTERNAL for AMI encryption" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the key.' + bypass_policy_lockout_safety_check: '- (Optional) Specifies whether to disable the policy lockout check performed when creating or updating the key''s policy. Setting this value to true increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. Defaults to false.' + deletion_window_in_days: '- (Optional) Duration in days after which the key is deleted after destruction of the resource. Must be between 7 and 30 days. Defaults to 30.' + description: '- (Optional) Description of the key.' + enabled: '- (Optional) Specifies whether the key is enabled. Keys pending import can only be false. Imported keys default to true unless expired.' + expiration_model: '- Whether the key material expires. Empty when pending key material import, otherwise KEY_MATERIAL_EXPIRES or KEY_MATERIAL_DOES_NOT_EXPIRE.' + id: '- The unique identifier for the key.' + key_material_base64: '- (Optional) Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.' + key_state: '- The state of the CMK.' + key_usage: '- The cryptographic operations for which you can use the CMK.' + policy: '- (Optional) A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.' + tags: '- (Optional) A key-value map of tags to assign to the key. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + valid_to: '- (Optional) Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: RFC3339 time string (YYYY-MM-DDTHH:MM:SSZ)' + aws_kms_grant: + subCategory: KMS + description: Provides a resource-based access control mechanism for KMS Customer Master Keys. + name: aws_kms_grant + titleName: aws_kms_grant + examples: + - manifest: |- + { + "constraints": [ + { + "encryption_context_equals": { + "Department": "Finance" + } + } + ], + "grantee_principal": "${aws_iam_role.a.arn}", + "key_id": "${aws_kms_key.a.key_id}", + "name": "my-grant", + "operations": [ + "Encrypt", + "Decrypt", + "GenerateDataKey" + ] + } + references: + grantee_principal: aws_iam_role.arn + key_id: aws_kms_key.key_id + argumentDocs: + constraints: '- (Optional, Forces new resources) A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see Encryption Context.' + encryption_context_equals: '- (Optional) A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with encryption_context_subset.' + encryption_context_subset: '- (Optional) A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with encryption_context_equals.' + grant_creation_tokens: '- (Optional, Forces new resources) A list of grant tokens to be used when creating the grant. See Grant Tokens for more information about grant tokens.' + grant_id: '- The unique identifier for the grant.' + grant_token: '- The grant token for the created grant. For more information, see Grant Tokens.' + grantee_principal: '- (Required, Forces new resources) The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform''s state may not always be refreshed to reflect what is true in AWS.' + key_id: '- (Required, Forces new resources) The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.' + name: '- (Optional, Forces new resources) A friendly name for identifying the grant.' + operations: '- (Required, Forces new resources) A list of operations that the grant permits. The permitted values are: Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, Sign, Verify, GetPublicKey, CreateGrant, RetireGrant, DescribeKey, GenerateDataKeyPair, or GenerateDataKeyPairWithoutPlaintext.' + retire_on_delete: |- + -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. + See RetireGrant for more information. + retiring_principal: '- (Optional, Forces new resources) The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, terraform''s state may not always be refreshed to reflect what is true in AWS.' + aws_kms_key: + subCategory: KMS + description: Provides a KMS customer master key. + name: aws_kms_key + titleName: aws_kms_key + examples: + - manifest: |- + { + "deletion_window_in_days": 10, + "description": "KMS key 1" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the key.' + bypass_policy_lockout_safety_check: '- (Optional) Specifies whether to disable the policy lockout check performed when creating or updating the key''s policy. Setting this value to true increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. Defaults to false.' + customer_master_key_spec: |- + - (Optional) Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. + Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. For help with choosing a key spec, see the AWS KMS Developer Guide. + deletion_window_in_days: '- (Optional) Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.' + description: '- (Optional) The description of the key as viewed in AWS console.' + enable_key_rotation: '- (Optional) Specifies whether key rotation is enabled. Defaults to false.' + is_enabled: '- (Optional) Specifies whether the key is enabled. Defaults to true.' + key_id: '- The globally unique identifier for the key.' + key_usage: |- + - (Optional) Specifies the intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY. + Defaults to ENCRYPT_DECRYPT. + policy: '- (Optional) A valid policy JSON document. Although this is a key policy, not an IAM policy, an aws_iam_policy_document, in the form that designates a principal, can be used. For more information about building policy documents with Terraform, see the AWS IAM Policy Document Guide.' + tags: '- (Optional) A map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_lakeformation_data_lake_settings: + subCategory: Lake Formation + description: Manages data lake administrators and default database and table permissions + name: aws_lakeformation_data_lake_settings + titleName: aws_lakeformation_data_lake_settings + examples: + - manifest: |- + { + "admins": [ + "${aws_iam_user.test.arn}", + "${aws_iam_role.test.arn}" + ] + } + - manifest: |- + { + "admins": [ + "${aws_iam_user.test.arn}", + "${aws_iam_role.test.arn}" + ], + "create_database_default_permissions": [ + { + "permissions": [ + "SELECT", + "ALTER", + "DROP" + ], + "principal": "${aws_iam_user.test.arn}" + } + ], + "create_table_default_permissions": [ + { + "permissions": [ + "ALL" + ], + "principal": "${aws_iam_role.test.arn}" + } + ] + } + argumentDocs: + admins: – (Optional) Set of ARNs of AWS Lake Formation principals (IAM users or roles). + catalog_id: – (Optional) Identifier for the Data Catalog. By default, the account ID. + create_database_default_permissions: '- (Optional) Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.' + create_table_default_permissions: '- (Optional) Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.' + permissions: '- (Optional) List of permissions that are granted to the principal. Valid values may include ALL, SELECT, ALTER, DROP, DELETE, INSERT, and DESCRIBE. For more details, see Lake Formation Permissions Reference.' + principal: '- (Optional) Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set principal to IAM_ALLOWED_PRINCIPALS and permissions to ["ALL"].' + trusted_resource_owners: – (Optional) List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). + aws_lakeformation_permissions: + subCategory: Lake Formation + description: Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. + name: aws_lakeformation_permissions + titleName: aws_lakeformation_permissions + examples: + - manifest: |- + { + "permissions": [ + "SELECT" + ], + "principal": "arn:aws:iam:us-east-1:123456789012:user/SanHolo", + "table_with_columns": [ + { + "column_names": [ + "event" + ], + "database_name": "${aws_glue_catalog_table.example.database_name}", + "name": "${aws_glue_catalog_table.example.name}" + } + ] + } + - manifest: |- + { + "data_location": [ + { + "arn": "${aws_lakeformation_resource.example.arn}" + } + ], + "permissions": [ + "ALL" + ], + "principal": "${aws_iam_role.workflow_role.arn}" + } + references: + principal: aws_iam_role.arn + - manifest: |- + { + "database": [ + { + "catalog_id": "110376042874", + "name": "${aws_glue_catalog_database.example.name}" + } + ], + "permissions": [ + "CREATE_TABLE", + "ALTER", + "DROP" + ], + "role": "${aws_iam_role.workflow_role.arn}" + } + references: + role: aws_iam_role.arn + argumentDocs: + Super: permission to IAMAllowedPrincipals on all existing AWS Glue Data Catalog resources. + arn: – (Required) Amazon Resource Name (ARN) that uniquely identifies the data location resource. + catalog_id: '- (Optional) Identifier for the Data Catalog. By default, it is the account ID of the caller.' + catalog_resource: '- (Optional) Whether the permissions are to be granted for the Data Catalog. Defaults to false.' + column_names: '- (Required, at least one of column_names or wildcard) Set of column names for the table.' + data_location: '- (Optional) Configuration block for a data location resource. Detailed below.' + database: '- (Optional) Configuration block for a database resource. Detailed below.' + database_name: – (Required) Name of the database for the table with columns resource. Unique to the Data Catalog. + excluded_column_names: '- (Optional) Set of column names for the table to exclude. If excluded_column_names is included, wildcard must be set to true to avoid Terraform reporting a difference.' + name: – (Required) Name of the table resource. + permissions: – (Required) List of permissions granted to the principal. Valid values may include ALL, ALTER, CREATE_DATABASE, CREATE_TABLE, DATA_LOCATION_ACCESS, DELETE, DESCRIBE, DROP, INSERT, and SELECT. For details on each permission, see Lake Formation Permissions Reference. + permissions_with_grant_option: '- (Optional) Subset of permissions which the principal can pass.' + principal: – (Required) Principal to be granted the permissions on the resource. Supported principals include IAM_ALLOWED_PRINCIPALS (see Default Behavior and above), IAM roles, users, groups, SAML groups and users, QuickSight groups, OUs, and organizations as well as AWS account IDs for cross-account permissions. For more information, see Lake Formation Permissions Reference. + table: '- (Optional) Configuration block for a table resource. Detailed below.' + table_with_columns: '- (Optional) Configuration block for a table with columns resource. Detailed below.' + wildcard: '- (Required, at least one of column_names or wildcard) Whether to use a column wildcard. If excluded_column_names is included, wildcard must be set to true to avoid Terraform reporting a difference.' + aws_lakeformation_resource: + subCategory: Lake Formation + description: Registers a Lake Formation resource as managed by the Data Catalog. + name: aws_lakeformation_resource + titleName: aws_lakeformation_resource + examples: + - manifest: |- + { + "arn": "${data.aws_s3_bucket.example.arn}" + } + references: + arn: data.arn + argumentDocs: + arn: – (Required) Amazon Resource Name (ARN) of the resource, an S3 path. + last_modified: '- (Optional) The date and time the resource was last modified in RFC 3339 format.' + role_arn: – (Optional) Role that has read/write access to the resource. If not provided, the Lake Formation service-linked role must exist and is used. + aws_lambda_alias: + subCategory: Lambda + description: Creates a Lambda function alias. + name: aws_lambda_alias + titleName: aws_lambda_alias + examples: + - manifest: |- + { + "description": "a sample description", + "function_name": "${aws_lambda_function.lambda_function_test.arn}", + "function_version": "1", + "name": "my_alias", + "routing_config": [ + { + "additional_version_weights": { + "2": 0.5 + } + } + ] + } + references: + function_name: aws_lambda_function.arn + argumentDocs: + additional_version_weights: '- (Optional) A map that defines the proportion of events that should be sent to different versions of a lambda function.' + arn: '- The Amazon Resource Name (ARN) identifying your Lambda function alias.' + description: '- (Optional) Description of the alias.' + function_name: '- (Required) Lambda Function name or ARN.' + function_version: '- (Required) Lambda function version for which you are creating the alias. Pattern: (\$LATEST|[0-9]+).' + invoke_arn: '- The ARN to be used for invoking Lambda Function from API Gateway - to be used in aws_api_gateway_integration''s uri' + name: '- (Required) Name for the alias you are creating. Pattern: (?!^[0-9]+$)([a-zA-Z0-9-_]+)' + routing_config: '- (Optional) The Lambda alias'' route configuration settings. Fields documented below' + aws_lambda_code_signing_config: + subCategory: Lambda + description: Provides a Lambda Code Signing Config resource. + name: aws_lambda_code_signing_config + titleName: aws_lambda_code_signing_config + examples: + - manifest: |- + { + "allowed_publishers": [ + { + "signing_profile_version_arns": [ + "${aws_signer_signing_profile.example1.arn}", + "${aws_signer_signing_profile.example2.arn}" + ] + } + ], + "description": "My awesome code signing config.", + "policies": [ + { + "untrusted_artifact_on_deployment": "Warn" + } + ] + } + argumentDocs: + allowed_publishers: (Required) A configuration block of allowed publishers as signing profiles for this code signing configuration. Detailed below. + arn: '- The Amazon Resource Name (ARN) of the code signing configuration.' + config_id: '- Unique identifier for the code signing configuration.' + description: '- (Optional) Descriptive name for this code signing configuration.' + last_modified: '- The date and time that the code signing configuration was last modified.' + policies: (Optional) A configuration block of code signing policies that define the actions to take if the validation checks fail. Detailed below. + signing_profile_version_arns: '- (Required) The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.' + untrusted_artifact_on_deployment: '- (Required) Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log. Valid values: Warn, Enforce. Default value: Warn.' + aws_lambda_event_source_mapping: + subCategory: Lambda + description: Provides a Lambda event source mapping. This allows Lambda functions to get events from Kinesis, DynamoDB, SQS, Amazon MQ and Managed Streaming for Apache Kafka (MSK). + name: aws_lambda_event_source_mapping + titleName: aws_lambda_event_source_mapping + examples: + - manifest: |- + { + "event_source_arn": "${aws_dynamodb_table.example.stream_arn}", + "function_name": "${aws_lambda_function.example.arn}", + "starting_position": "LATEST" + } + references: + event_source_arn: aws_dynamodb_table.stream_arn + function_name: aws_lambda_function.arn + - manifest: |- + { + "event_source_arn": "${aws_kinesis_stream.example.arn}", + "function_name": "${aws_lambda_function.example.arn}", + "starting_position": "LATEST" + } + references: + event_source_arn: aws_kinesis_stream.arn + function_name: aws_lambda_function.arn + - manifest: |- + { + "event_source_arn": "${aws_msk_cluster.example.arn}", + "function_name": "${aws_lambda_function.example.arn}", + "starting_position": "TRIM_HORIZON", + "topics": [ + "Example" + ] + } + references: + event_source_arn: aws_msk_cluster.arn + function_name: aws_lambda_function.arn + - manifest: |- + { + "function_name": "${aws_lambda_function.example.arn}", + "self_managed_event_source": [ + { + "endpoints": { + "KAFKA_BOOTSTRAP_SERVERS": "kafka1.example.com:9092,kafka2.example.com:9092" + } + } + ], + "source_access_configuration": [ + { + "type": "VPC_SUBNET", + "uri": "subnet:subnet-example1" + }, + { + "type": "VPC_SUBNET", + "uri": "subnet:subnet-example2" + }, + { + "type": "VPC_SECURITY_GROUP", + "uri": "security_group:sg-example" + } + ], + "starting_position": "TRIM_HORIZON", + "topics": [ + "Example" + ] + } + references: + function_name: aws_lambda_function.arn + - manifest: |- + { + "event_source_arn": "${aws_sqs_queue.sqs_queue_test.arn}", + "function_name": "${aws_lambda_function.example.arn}" + } + references: + event_source_arn: aws_sqs_queue.arn + function_name: aws_lambda_function.arn + - manifest: |- + { + "batch_size": 10, + "enabled": true, + "event_source_arn": "${aws_mq_broker.example.arn}", + "function_name": "${aws_lambda_function.example.arn}", + "queues": [ + "example" + ], + "source_access_configuration": [ + { + "type": "BASIC_AUTH", + "uri": "${aws_secretsmanager_secret_version.example.arn}" + } + ] + } + references: + event_source_arn: aws_mq_broker.arn + function_name: aws_lambda_function.arn + - manifest: |- + { + "batch_size": 1, + "enabled": true, + "event_source_arn": "${aws_mq_broker.example.arn}", + "function_name": "${aws_lambda_function.example.arn}", + "queues": [ + "example" + ], + "source_access_configuration": [ + { + "type": "VIRTUAL_HOST", + "uri": "/example" + }, + { + "type": "BASIC_AUTH", + "uri": "${aws_secretsmanager_secret_version.example.arn}" + } + ] + } + references: + event_source_arn: aws_mq_broker.arn + function_name: aws_lambda_function.arn + argumentDocs: + batch_size: '- (Optional) The largest number of records that Lambda will retrieve from your event source at the time of invocation. Defaults to 100 for DynamoDB, Kinesis, MQ and MSK, 10 for SQS.' + bisect_batch_on_function_error: ': - (Optional) If the function returns an error, split the batch in two and retry. Only available for stream sources (DynamoDB and Kinesis). Defaults to false.' + destination_arn: '- (Required) The Amazon Resource Name (ARN) of the destination resource.' + destination_config: ': - (Optional) An Amazon SQS queue or Amazon SNS topic destination for failed records. Only available for stream sources (DynamoDB and Kinesis). Detailed below.' + enabled: '- (Optional) Determines if the mapping will be enabled on creation. Defaults to true.' + endpoints: '- (Required) A map of endpoints for the self managed source. For Kafka self-managed sources, the key should be KAFKA_BOOTSTRAP_SERVERS and the value should be a string with a comma separated list of broker endpoints.' + event_source_arn: '- (Optional) The event source ARN - this is required for Kinesis stream, DynamoDB stream, SQS queue, MQ broker or MSK cluster. It is incompatible with a Self Managed Kafka source.' + function_arn: '- The the ARN of the Lambda function the event source mapping is sending events to. (Note: this is a computed value that differs from function_name above.)' + function_name: '- (Required) The name or the ARN of the Lambda function that will be subscribing to events.' + function_response_types: '- (Optional) A list of current response type enums applied to the event source mapping for AWS Lambda checkpointing. Only available for stream sources (DynamoDB and Kinesis). Valid values: ReportBatchItemFailures.' + last_modified: '- The date this resource was last modified.' + last_processing_result: '- The result of the last AWS Lambda invocation of your Lambda function.' + maximum_batching_window_in_seconds: '- (Optional) The maximum amount of time to gather records before invoking the function, in seconds (between 0 and 300). Records will continue to buffer (or accumulate in the case of an SQS queue event source) until either maximum_batching_window_in_seconds expires or batch_size has been met. For streaming event sources, defaults to as soon as records are available in the stream. If the batch it reads from the stream/queue only has one record in it, Lambda only sends one record to the function. Only available for stream sources (DynamoDB and Kinesis) and SQS standard queues.' + maximum_record_age_in_seconds: ': - (Optional) The maximum age of a record that Lambda sends to a function for processing. Only available for stream sources (DynamoDB and Kinesis). Must be either -1 (forever, and the default value) or between 60 and 604800 (inclusive).' + maximum_retry_attempts: ': - (Optional) The maximum number of times to retry when the function returns an error. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of -1 (forever), maximum of 10000.' + on_failure: '- (Optional) The destination configuration for failed invocations. Detailed below.' + parallelization_factor: ': - (Optional) The number of batches to process from each shard concurrently. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of 1, maximum of 10.' + queues: '- (Optional) The name of the Amazon MQ broker destination queue to consume. Only available for MQ sources. A single queue name must be specified.' + self_managed_event_source: ': - (Optional) For Self Managed Kafka sources, the location of the self managed cluster. If set, configuration must also include source_access_configuration. Detailed below.' + source_access_configuration: ': (Optional) For Self Managed Kafka sources, the access configuration for the source. If set, configuration must also include self_managed_event_source. Detailed below.' + starting_position: '- (Optional) The position in the stream where AWS Lambda should start reading. Must be one of AT_TIMESTAMP (Kinesis only), LATEST or TRIM_HORIZON if getting events from Kinesis, DynamoDB or MSK. Must not be provided if getting events from SQS. More information about these positions can be found in the AWS DynamoDB Streams API Reference and AWS Kinesis API Reference.' + starting_position_timestamp: '- (Optional) A timestamp in RFC3339 format of the data record which to start reading when using starting_position set to AT_TIMESTAMP. If a record with this exact timestamp does not exist, the next later record is chosen. If the timestamp is older than the current trim horizon, the oldest available record is chosen.' + state: '- The state of the event source mapping.' + state_transition_reason: '- The reason the event source mapping is in its current state.' + topics: '- (Optional) The name of the Kafka topics. Only available for MSK sources. A single topic name must be specified.' + tumbling_window_in_seconds: '- (Optional) The duration in seconds of a processing window for AWS Lambda streaming analytics. The range is between 1 second up to 900 seconds. Only available for stream sources (DynamoDB and Kinesis).' + type: '- (Required) The type of this configuration. For Self Managed Kafka you will need to supply blocks for type VPC_SUBNET and VPC_SECURITY_GROUP.' + uri: '- (Required) The URI for this configuration. For type VPC_SUBNET the value should be subnet:subnet_id where subnet_id is the value you would find in an aws_subnet resource''s id attribute. For type VPC_SECURITY_GROUP the value should be security_group:security_group_id where security_group_id is the value you would find in an aws_security_group resource''s id attribute.' + uuid: '- The UUID of the created event source mapping.' + aws_lambda_function: + subCategory: Lambda + description: Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration. + name: aws_lambda_function + titleName: aws_lambda_function + examples: + - manifest: |- + { + "environment": [ + { + "variables": { + "foo": "bar" + } + } + ], + "filename": "lambda_function_payload.zip", + "function_name": "lambda_function_name", + "handler": "index.test", + "role": "${aws_iam_role.iam_for_lambda.arn}", + "runtime": "nodejs12.x", + "source_code_hash": "${filebase64sha256(\"lambda_function_payload.zip\")}" + } + references: + role: aws_iam_role.arn + - manifest: |- + { + "layers": [ + "${aws_lambda_layer_version.example.arn}" + ] + } + - manifest: |- + { + "depends_on": [ + "${aws_efs_mount_target.alpha}" + ], + "file_system_config": [ + { + "arn": "${aws_efs_access_point.access_point_for_lambda.arn}", + "local_mount_path": "/mnt/efs" + } + ], + "vpc_config": [ + { + "security_group_ids": [ + "${aws_security_group.sg_for_lambda.id}" + ], + "subnet_ids": [ + "${aws_subnet.subnet_for_lambda.id}" + ] + } + ] + } + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy_attachment.lambda_logs}", + "${aws_cloudwatch_log_group.example}" + ], + "function_name": "${var.lambda_function_name}" + } + references: + function_name: var.lambda_function_name + argumentDocs: + arn: '- Amazon Resource Name (ARN) identifying your Lambda Function.' + code_signing_config_arn: '- (Optional) To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.' + command: '- (Optional) Parameters that you want to pass in with entry_point.' + create: '- (Default 10m) How long to wait for slow uploads or EC2 throttling errors.' + dead_letter_config: '- (Optional) Configuration block. Detailed below.' + description: '- (Optional) Description of what your Lambda Function does.' + entry_point: '- (Optional) Entry point to your application, which is typically the location of the runtime executable.' + environment: '- (Optional) Configuration block. Detailed below.' + file_system_config: '- (Optional) Configuration block. Detailed below.' + filename: '- (Optional) Path to the function''s deployment package within the local filesystem. Conflicts with image_uri, s3_bucket, s3_key, and s3_object_version.' + function_name: '- (Required) Unique name for your Lambda Function.' + handler: '- (Optional) Function entrypoint in your code.' + image_config: '- (Optional) Configuration block. Detailed below.' + image_uri: '- (Optional) ECR image URI containing the function''s deployment package. Conflicts with filename, s3_bucket, s3_key, and s3_object_version.' + invoke_arn: '- ARN to be used for invoking Lambda Function from API Gateway - to be used in aws_api_gateway_integration''s uri.' + kms_key_arn: '- (Optional) Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and Terraform will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.' + last_modified: '- Date this resource was last modified.' + layers: '- (Optional) List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See Lambda Layers' + local_mount_path: '- (Required) Path where the function can access the file system, starting with /mnt/.' + memory_size: '- (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits' + mode: '- (Required) Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.' + package_type: '- (Optional) Lambda deployment package type. Valid values are Zip and Image. Defaults to Zip.' + publish: '- (Optional) Whether to publish creation/change as new Lambda Function Version. Defaults to false.' + qualified_arn: '- ARN identifying your Lambda Function Version (if versioning is enabled via publish = true).' + reserved_concurrent_executions: '- (Optional) Amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. See Managing Concurrency' + role: '- (Required) Amazon Resource Name (ARN) of the function''s execution role. The role provides the function''s identity and access to AWS services and resources.' + runtime: '- (Optional) Identifier of the function''s runtime. See Runtimes for valid values.' + s3_bucket: '- (Optional) S3 bucket location containing the function''s deployment package. Conflicts with filename and image_uri. This bucket must reside in the same AWS region where you are creating the Lambda function.' + s3_key: '- (Optional) S3 key of an object containing the function''s deployment package. Conflicts with filename and image_uri.' + s3_object_version: '- (Optional) Object version containing the function''s deployment package. Conflicts with filename and image_uri.' + security_group_ids: '- (Required) List of security group IDs associated with the Lambda function.' + signing_job_arn: '- ARN of the signing job.' + signing_profile_version_arn: '- ARN of the signing profile version.' + source_code_hash: '- (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is filebase64sha256("file.zip") (Terraform 0.11.12 and later) or base64sha256(file("file.zip")) (Terraform 0.11.11 and earlier), where "file.zip" is the local filename of the lambda function source archive.' + source_code_size: '- Size in bytes of the function .zip file.' + subnet_ids: '- (Required) List of subnet IDs associated with the Lambda function.' + tags: '- (Optional) Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_arn: '- (Required) ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function''s IAM role must be granted suitable access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.' + timeout: '- (Optional) Amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits.' + tracing_config: '- (Optional) Configuration block. Detailed below.' + variables: '- (Optional) Map of environment variables that are accessible from the function code during execution.' + version: '- Latest published version of your Lambda Function.' + vpc_config: '- (Optional) Configuration block. Detailed below.' + vpc_config.vpc_id: '- ID of the VPC.' + working_directory: '- (Optional) Working directory.' + aws_lambda_function_event_invoke_config: + subCategory: Lambda + description: Manages an asynchronous invocation configuration for a Lambda Function or Alias. + name: aws_lambda_function_event_invoke_config + titleName: aws_lambda_function_event_invoke_config + examples: + - manifest: |- + { + "destination_config": [ + { + "on_failure": [ + { + "destination": "${aws_sqs_queue.example.arn}" + } + ], + "on_success": [ + { + "destination": "${aws_sns_topic.example.arn}" + } + ] + } + ], + "function_name": "${aws_lambda_alias.example.function_name}" + } + references: + function_name: aws_lambda_alias.function_name + - manifest: |- + { + "function_name": "${aws_lambda_alias.example.function_name}", + "maximum_event_age_in_seconds": 60, + "maximum_retry_attempts": 0 + } + references: + function_name: aws_lambda_alias.function_name + - manifest: |- + { + "function_name": "${aws_lambda_alias.example.function_name}", + "qualifier": "${aws_lambda_alias.example.name}" + } + references: + function_name: aws_lambda_alias.function_name + qualifier: aws_lambda_alias.name + - manifest: |- + { + "function_name": "${aws_lambda_function.example.function_name}", + "qualifier": "$LATEST" + } + references: + function_name: aws_lambda_function.function_name + - manifest: |- + { + "function_name": "${aws_lambda_function.example.function_name}", + "qualifier": "${aws_lambda_function.example.version}" + } + references: + function_name: aws_lambda_function.function_name + qualifier: aws_lambda_function.version + argumentDocs: + destination: '- (Required) Amazon Resource Name (ARN) of the destination resource. See the Lambda Developer Guide for acceptable resource types and associated IAM permissions.' + destination_config: '- (Optional) Configuration block with destination configuration. See below for details.' + function_name: '- (Required) Name or Amazon Resource Name (ARN) of the Lambda Function, omitting any version or alias qualifier.' + id: '- Fully qualified Lambda Function name or Amazon Resource Name (ARN)' + maximum_event_age_in_seconds: '- (Optional) Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600.' + maximum_retry_attempts: '- (Optional) Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2.' + on_failure: '- (Optional) Configuration block with destination configuration for failed asynchronous invocations. See below for details.' + on_success: '- (Optional) Configuration block with destination configuration for successful asynchronous invocations. See below for details.' + qualifier: '- (Optional) Lambda Function published version, $LATEST, or Lambda Alias name.' + aws_lambda_layer_version: + subCategory: Lambda + description: Provides a Lambda Layer Version resource. Lambda Layers allow you to reuse shared bits of code across multiple lambda functions. + name: aws_lambda_layer_version + titleName: aws_lambda_layer_version + examples: + - manifest: |- + { + "compatible_runtimes": [ + "nodejs12.x" + ], + "filename": "lambda_layer_payload.zip", + "layer_name": "lambda_layer_name" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the Lambda Layer with version.' + compatible_runtimes: '- (Optional) A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified.' + created_date: '- The date this resource was created.' + description: '- (Optional) Description of what your Lambda Layer does.' + filename: (Optional) The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used. + layer_arn: '- The Amazon Resource Name (ARN) of the Lambda Layer without version.' + layer_name: (Required) A unique name for your Lambda Layer + license_info: '- (Optional) License info for your Lambda Layer. See License Info.' + s3_bucket: '- (Optional) The S3 bucket location containing the function''s deployment package. Conflicts with filename. This bucket must reside in the same AWS region where you are creating the Lambda function.' + s3_key: '- (Optional) The S3 key of an object containing the function''s deployment package. Conflicts with filename.' + s3_object_version: '- (Optional) The object version containing the function''s deployment package. Conflicts with filename.' + signing_job_arn: '- The Amazon Resource Name (ARN) of a signing job.' + signing_profile_version_arn: '- The Amazon Resource Name (ARN) for a signing profile version.' + source_code_hash: '- (Optional) Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either filename or s3_key. The usual way to set this is ${filebase64sha256("file.zip")} (Terraform 0.11.12 or later) or ${base64sha256(file("file.zip"))} (Terraform 0.11.11 and earlier), where "file.zip" is the local filename of the lambda layer source archive.' + source_code_size: '- The size in bytes of the function .zip file.' + version: '- This Lamba Layer version.' + aws_lambda_permission: + subCategory: Lambda + description: Creates a Lambda function permission. + name: aws_lambda_permission + titleName: aws_lambda_permission + examples: + - manifest: |- + { + "action": "lambda:InvokeFunction", + "function_name": "${aws_lambda_function.test_lambda.function_name}", + "principal": "events.amazonaws.com", + "qualifier": "${aws_lambda_alias.test_alias.name}", + "source_arn": "arn:aws:events:eu-west-1:111122223333:rule/RunDaily", + "statement_id": "AllowExecutionFromCloudWatch" + } + references: + function_name: aws_lambda_function.function_name + qualifier: aws_lambda_alias.name + - manifest: |- + { + "action": "lambda:InvokeFunction", + "function_name": "${aws_lambda_function.func.function_name}", + "principal": "sns.amazonaws.com", + "source_arn": "${aws_sns_topic.default.arn}", + "statement_id": "AllowExecutionFromSNS" + } + references: + function_name: aws_lambda_function.function_name + source_arn: aws_sns_topic.arn + - manifest: |- + { + "action": "lambda:InvokeFunction", + "function_name": "MyDemoFunction", + "principal": "apigateway.amazonaws.com", + "source_arn": "${aws_api_gateway_rest_api.MyDemoAPI.execution_arn}/*/*/*", + "statement_id": "AllowMyDemoAPIInvoke" + } + - manifest: |- + { + "action": "lambda:InvokeFunction", + "function_name": "${aws_lambda_function.logging.function_name}", + "principal": "logs.eu-west-1.amazonaws.com", + "source_arn": "${aws_cloudwatch_log_group.default.arn}:*" + } + references: + function_name: aws_lambda_function.function_name + argumentDocs: + action: '- (Required) The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction)' + event_source_token: '- (Optional) The Event Source Token to validate. Used with Alexa Skills.' + function_name: '- (Required) Name of the Lambda function whose resource policy you are updating' + principal: '- (Required) The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com.' + qualifier: '- (Optional) Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2' + source_account: '- (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner.' + source_arn: |- + - (Optional) When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to. + Without this, any resource from principal will be granted permission – even if that resource is from another account. + For S3, this should be the ARN of the S3 Bucket. + For CloudWatch Events, this should be the ARN of the CloudWatch Events Rule. + For API Gateway, this should be the ARN of the API, as described here. + statement_id: '- (Optional) A unique statement identifier. By default generated by Terraform.' + statement_id_prefix: '- (Optional) A statement identifier prefix. Terraform will generate a unique suffix. Conflicts with statement_id.' + aws_lambda_provisioned_concurrency_config: + subCategory: Lambda + description: Manages a Lambda Provisioned Concurrency Configuration + name: aws_lambda_provisioned_concurrency_config + titleName: aws_lambda_provisioned_concurrency_config + examples: + - manifest: |- + { + "function_name": "${aws_lambda_alias.example.function_name}", + "provisioned_concurrent_executions": 1, + "qualifier": "${aws_lambda_alias.example.name}" + } + references: + function_name: aws_lambda_alias.function_name + qualifier: aws_lambda_alias.name + - manifest: |- + { + "function_name": "${aws_lambda_function.example.function_name}", + "provisioned_concurrent_executions": 1, + "qualifier": "${aws_lambda_function.example.version}" + } + references: + function_name: aws_lambda_function.function_name + qualifier: aws_lambda_function.version + argumentDocs: + create: '- (Default 15 minutes) How long to wait for the Lambda Provisioned Concurrency Config to be ready on creation.' + function_name: '- (Required) Name or Amazon Resource Name (ARN) of the Lambda Function.' + id: '- Lambda Function name and qualifier separated by a colon (:).' + provisioned_concurrent_executions: '- (Required) Amount of capacity to allocate. Must be greater than or equal to 1.' + qualifier: '- (Required) Lambda Function version or Lambda Alias name.' + update: '- (Default 15 minutes) How long to wait for the Lambda Provisioned Concurrency Config to be ready on update.' + aws_launch_configuration: + subCategory: Autoscaling + description: Provides a resource to create a new launch configuration, used for autoscaling groups. + name: aws_launch_configuration + titleName: aws_launch_configuration + examples: + - manifest: |- + { + "image_id": "${data.aws_ami.ubuntu.id}", + "instance_type": "t2.micro", + "name": "web_config" + } + references: + image_id: data.id + - manifest: |- + { + "image_id": "${data.aws_ami.ubuntu.id}", + "instance_type": "t2.micro", + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "name_prefix": "terraform-lc-example-" + } + references: + image_id: data.id + - manifest: |- + { + "image_id": "${data.aws_ami.ubuntu.id}", + "instance_type": "m4.large", + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "spot_price": "0.001" + } + references: + image_id: data.id + argumentDocs: + arn: '- The Amazon Resource Name of the launch configuration.' + associate_public_ip_address: '- (Optional) Associate a public ip address with an instance in a VPC.' + delete_on_termination: |- + - (Optional) Whether the volume should be destroyed + on instance termination (Default: true). + device_name: '- The name of the block device to mount on the instance.' + ebs_block_device: |- + - (Optional) Additional EBS block devices to attach to the + instance. See Block Devices below for details. + ebs_optimized: '- (Optional) If true, the launched EC2 instance will be EBS-optimized.' + enable_monitoring: '- (Optional) Enables/disables detailed monitoring. This is enabled by default.' + encrypted: '- (Optional) Whether the volume should be encrypted or not. Do not use this option if you are using snapshot_id as the encrypted flag will be determined by the snapshot. (Default: false).' + ephemeral_block_device: |- + - (Optional) Customize Ephemeral (also known as + "Instance Store") volumes on the instance. See Block Devices below for details. + http_endpoint: '- The state of the metadata service: enabled, disabled.' + http_put_response_hop_limit: '- The desired HTTP PUT response hop limit for instance metadata requests.' + http_tokens: '- If session tokens are required: optional, required.' + iam_instance_profile: |- + - (Optional) The name attribute of the IAM instance profile to associate + with launched instances. + id: '- The ID of the launch configuration.' + image_id: '- (Required) The EC2 image ID to launch.' + instance_type: '- (Required) The size of instance to launch.' + iops: |- + - (Optional) The amount of provisioned + IOPS. + This must be set with a volume_type of "io1". + key_name: '- (Optional) The key name that should be used for the instance.' + metadata_options: '- The metadata options for the instance.' + name: '- The name of the launch configuration.' + name_prefix: |- + - (Optional) Creates a unique name beginning with the specified + prefix. Conflicts with name. + no_device: '- (Optional) Whether the device in the block device mapping of the AMI is suppressed.' + placement_tenancy: |- + - (Optional) The tenancy of the instance. Valid values are + "default" or "dedicated", see AWS's Create Launch Configuration + for more details + root_block_device: |- + - (Optional) Customize details about the root block + device of the instance. See Block Devices below for details. + security_groups: '- (Optional) A list of associated security group IDS.' + snapshot_id: '- (Optional) The Snapshot ID to mount.' + spot_price: '- (Optional; Default: On-demand price) The maximum price to use for reserving spot instances.' + throughput: '- (Optional) The throughput (MiBps) to provision for a gp3 volume.' + user_data: '- (Optional) The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead.' + user_data_base64: '- (Optional) Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.' + virtual_name: |- + - The Instance Store Device + Name + (e.g. "ephemeral0") + volume_size: '- (Optional) The size of the volume in gigabytes.' + volume_type: |- + - (Optional) The type of volume. Can be "standard", "gp2", "gp3", "st1", "sc1" + or "io1". (Default: "standard"). + vpc_classic_link_id: '- (Optional) The ID of a ClassicLink-enabled VPC. Only applies to EC2-Classic instances. (eg. vpc-2730681a)' + vpc_classic_link_security_groups: '- (Optional) The IDs of one or more security groups for the specified ClassicLink-enabled VPC (eg. sg-46ae3d11).' + aws_launch_template: + subCategory: EC2 + description: Provides an EC2 launch template resource. Can be used to create instances or auto scaling groups. + name: aws_launch_template + titleName: aws_launch_template + examples: + - manifest: |- + { + "block_device_mappings": [ + { + "device_name": "/dev/sda1", + "ebs": [ + { + "volume_size": 20 + } + ] + } + ], + "capacity_reservation_specification": [ + { + "capacity_reservation_preference": "open" + } + ], + "cpu_options": [ + { + "core_count": 4, + "threads_per_core": 2 + } + ], + "credit_specification": [ + { + "cpu_credits": "standard" + } + ], + "disable_api_termination": true, + "ebs_optimized": true, + "elastic_gpu_specifications": [ + { + "type": "test" + } + ], + "elastic_inference_accelerator": [ + { + "type": "eia1.medium" + } + ], + "iam_instance_profile": [ + { + "name": "test" + } + ], + "image_id": "ami-test", + "instance_initiated_shutdown_behavior": "terminate", + "instance_market_options": [ + { + "market_type": "spot" + } + ], + "instance_type": "t2.micro", + "kernel_id": "test", + "key_name": "test", + "license_specification": [ + { + "license_configuration_arn": "arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef" + } + ], + "metadata_options": [ + { + "http_endpoint": "enabled", + "http_put_response_hop_limit": 1, + "http_tokens": "required" + } + ], + "monitoring": [ + { + "enabled": true + } + ], + "name": "foo", + "network_interfaces": [ + { + "associate_public_ip_address": true + } + ], + "placement": [ + { + "availability_zone": "us-west-2a" + } + ], + "ram_disk_id": "test", + "tag_specifications": [ + { + "resource_type": "instance", + "tags": { + "Name": "test" + } + } + ], + "user_data": "${filebase64(\"${path.module}/example.sh\")}", + "vpc_security_group_ids": [ + "sg-12345678" + ] + } + argumentDocs: + affinity: '- The affinity setting for an instance on a Dedicated Host.' + arn: '- Amazon Resource Name (ARN) of the launch template.' + associate_carrier_ip_address: '- Associate a Carrier IP address with eth0 for a new network interface. Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. Boolean value.' + associate_public_ip_address: '- Associate a public ip address with the network interface. Boolean value.' + availability_zone: '- The Availability Zone for the instance.' + block_device_mappings: |- + - Specify volumes to attach to the instance besides the volumes specified by the AMI. + See Block Devices below for details. + block_duration_minutes: '- The required duration in minutes. This value must be a multiple of 60.' + capacity_reservation_id: '- The ID of the Capacity Reservation to target.' + capacity_reservation_preference: '- Indicates the instance''s Capacity Reservation preferences. Can be open or none. (Default none).' + capacity_reservation_specification: '- Targeting for EC2 capacity reservations. See Capacity Reservation Specification below for more details.' + capacity_reservation_target: '- Used to target a specific Capacity Reservation:' + configured: '- If set to true, the launched EC2 instance will hibernation enabled.' + core_count: '- The number of CPU cores for the instance.' + cpu_credits: '- The credit option for CPU usage. Can be "standard" or "unlimited". T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.' + cpu_options: '- The CPU options for the instance. See CPU Options below for more details.' + credit_specification: |- + - Customize the credit specification of the instance. See Credit + Specification below for more details. + default_version: '- Default Version of the launch template.' + delete_on_termination: '- Whether the network interface should be destroyed on instance termination. Defaults to false if not set.' + description: '- Description of the network interface.' + device_index: '- The integer index of the network interface attachment.' + device_name: '- The name of the device to mount.' + disable_api_termination: |- + - If true, enables EC2 Instance + Termination Protection + ebs: '- Configure EBS volume properties.' + ebs_optimized: '- If true, the launched EC2 instance will be EBS-optimized.' + elastic_gpu_specifications: |- + - The elastic GPU to attach to the instance. See Elastic GPU + below for more details. + elastic_inference_accelerator: '- (Optional) Configuration block containing an Elastic Inference Accelerator to attach to the instance. See Elastic Inference Accelerator below for more details.' + enabled: '- If set to true, Nitro Enclaves will be enabled on the instance.' + enclave_options: '- (Optional) Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.' + encrypted: |- + - Enables EBS encryption + on the volume (Default: false). Cannot be used with snapshot_id. + group_name: '- The name of the placement group for the instance.' + hibernation_options: '- The hibernation options for the instance. See Hibernation Options below for more details.' + host_id: '- The ID of the Dedicated Host for the instance.' + host_resource_group_arn: '- The ARN of the Host Resource Group in which to launch instances.' + http_endpoint: '- (Optional) Whether the metadata service is available. Can be "enabled" or "disabled". (Default: "enabled").' + http_put_response_hop_limit: '- (Optional) The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from 1 to 64. (Default: 1).' + http_tokens: '- (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Can be "optional" or "required". (Default: "optional").' + iam_instance_profile: |- + - The IAM Instance Profile to launch the instance with. See Instance Profile + below for more details. + id: '- The ID of the launch template.' + image_id: '- The AMI from which to launch the instance.' + instance_initiated_shutdown_behavior: |- + - Shutdown behavior for the instance. Can be stop or terminate. + (Default: stop). + instance_interruption_behavior: |- + - The behavior when a Spot Instance is interrupted. Can be hibernate, + stop, or terminate. (Default: terminate). + instance_market_options: |- + - The market (purchasing) option for the instance. See Market Options + below for details. + instance_type: '- The type of the instance.' + interface_type: '- The type of network interface. To create an Elastic Fabric Adapter (EFA), specify efa.' + iops: |- + - The amount of provisioned + IOPS. + This must be set with a volume_type of "io1/io2". + ipv4_address_count: '- The number of secondary private IPv4 addresses to assign to a network interface. Conflicts with ipv4_addresses' + ipv4_addresses: '- One or more private IPv4 addresses to associate. Conflicts with ipv4_address_count' + ipv6_address_count: '- The number of IPv6 addresses to assign to a network interface. Conflicts with ipv6_addresses' + ipv6_addresses: '- One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. Conflicts with ipv6_address_count' + kernel_id: '- The kernel ID.' + key_name: '- The key name to use for the instance.' + kms_key_id: |- + - The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. + encrypted must be set to true when this is set. + latest_version: '- The latest version of the launch template.' + license_configuration_arn: '- (Required) ARN of the license configuration.' + license_specification: '- A list of license specifications to associate with. See License Specification below for more details.' + market_type: '- The market type. Can be spot.' + max_price: '- The maximum hourly price you''re willing to pay for the Spot Instances.' + metadata_options: '- (Optional) Customize the metadata options for the instance. See Metadata Options below for more details.' + monitoring: '- The monitoring option for the instance. See Monitoring below for more details.' + name: '- The name of the instance profile.' + name_prefix: '- Creates a unique name beginning with the specified prefix. Conflicts with name.' + network_interface_id: '- The ID of the network interface to attach.' + network_interfaces: |- + - Customize network interfaces to be attached at instance boot time. See Network + Interfaces below for more details. + no_device: '- Suppresses the specified device included in the AMI''s block device mapping.' + partition_number: '- The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition.' + placement: '- The placement of the instance. See Placement below for more details.' + private_ip_address: '- The primary private IPv4 address.' + ram_disk_id: '- The ID of the RAM disk.' + resource_type: '- The type of resource to tag.' + security_group_names: |- + - A list of security group names to associate with. If you are creating Instances in a VPC, use + vpc_security_group_ids instead. + security_groups: '- A list of security group IDs to associate.' + snapshot_id: '- The Snapshot ID to mount.' + spot_instance_type: '- The Spot Instance request type. Can be one-time, or persistent.' + spot_options: '- The options for Spot Instance' + spread_domain: '- Reserved for future use.' + subnet_id: '- The VPC Subnet ID to associate.' + tag_specifications: '- The tags to apply to the resources during launch. See Tag Specifications below for more details.' + tags: '- A map of tags to assign to the resource.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tenancy: '- The tenancy of the instance (if the instance is running in a VPC). Can be default, dedicated, or host.' + threads_per_core: |- + - The number of threads per CPU core. To disable Intel Hyper-Threading Technology for the instance, specify a value of 1. + Otherwise, specify the default value of 2. + throughput: '- The throughput to provision for a gp3 volume in MiB/s (specified as an integer, e.g. 500), with a maximum of 1,000 MiB/s.' + type: '- (Required) Accelerator type.' + update_default_version: '- Whether to update Default Version each update. Conflicts with default_version.' + user_data: '- The Base64-encoded user data to provide when launching the instance.' + valid_until: '- The end date of the request.' + virtual_name: |- + - The Instance Store Device + Name + (e.g. "ephemeral0"). + volume_size: '- The size of the volume in gigabytes.' + volume_type: '- The volume type. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp2).' + vpc_security_group_ids: '- A list of security group IDs to associate with.' + aws_lb: + subCategory: Elastic Load Balancing v2 (ALB/NLB) + description: Provides a Load Balancer resource. + name: aws_lb + titleName: aws_lb + examples: + - manifest: |- + { + "access_logs": [ + { + "bucket": "${aws_s3_bucket.lb_logs.bucket}", + "enabled": true, + "prefix": "test-lb" + } + ], + "enable_deletion_protection": true, + "internal": false, + "load_balancer_type": "application", + "name": "test-lb-tf", + "security_groups": [ + "${aws_security_group.lb_sg.id}" + ], + "subnets": "${aws_subnet.public.*.id}", + "tags": { + "Environment": "production" + } + } + - manifest: |- + { + "enable_deletion_protection": true, + "internal": false, + "load_balancer_type": "network", + "name": "test-lb-tf", + "subnets": "${aws_subnet.public.*.id}", + "tags": { + "Environment": "production" + } + } + - manifest: |- + { + "load_balancer_type": "network", + "name": "example", + "subnet_mapping": [ + { + "allocation_id": "${aws_eip.example1.id}", + "subnet_id": "${aws_subnet.example1.id}" + }, + { + "allocation_id": "${aws_eip.example2.id}", + "subnet_id": "${aws_subnet.example2.id}" + } + ] + } + - manifest: |- + { + "load_balancer_type": "network", + "name": "example", + "subnet_mapping": [ + { + "private_ipv4_address": "10.0.1.15", + "subnet_id": "${aws_subnet.example1.id}" + }, + { + "private_ipv4_address": "10.0.2.15", + "subnet_id": "${aws_subnet.example2.id}" + } + ] + } + argumentDocs: + access_logs: '- (Optional) An Access Logs block. Access Logs documented below.' + allocation_id: '- (Optional) The allocation ID of the Elastic IP address.' + arn: '- The ARN of the load balancer (matches id).' + arn_suffix: '- The ARN suffix for use with CloudWatch Metrics.' + bucket: '- (Required) The S3 bucket name to store the logs in.' + create: '- (Default 10 minutes) Used for Creating LB' + customer_owned_ipv4_pool: '- (Optional) The ID of the customer owned ipv4 pool to use for this load balancer.' + delete: '- (Default 10 minutes) Used for destroying LB' + dns_name: '- The DNS name of the load balancer.' + drop_invalid_header_fields: '- (Optional) Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.' + enable_cross_zone_load_balancing: |- + - (Optional) If true, cross-zone load balancing of the load balancer will be enabled. + This is a network load balancer feature. Defaults to false. + enable_deletion_protection: |- + - (Optional) If true, deletion of the load balancer will be disabled via + the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to false. + enable_http2: '- (Optional) Indicates whether HTTP/2 is enabled in application load balancers. Defaults to true.' + enabled: '- (Optional) Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.' + id: '- The ARN of the load balancer (matches arn).' + idle_timeout: '- (Optional) The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.' + internal: '- (Optional) If true, the LB will be internal.' + ip_address_type: '- (Optional) The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack' + ipv6_address: '- (Optional) An ipv6 address within the subnet to assign to the internet-facing load balancer.' + load_balancer_type: '- (Optional) The type of load balancer to create. Possible values are application, gateway, or network. The default value is application.' + name: |- + - (Optional) The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, + must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, + Terraform will autogenerate a name beginning with tf-lb. + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.' + prefix: '- (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.' + private_ipv4_address: '- (Optional) A private ipv4 address within the subnet to assign to the internal-facing load balancer.' + security_groups: '- (Optional) A list of security group IDs to assign to the LB. Only valid for Load Balancers of type application.' + subnet_id: '- (Required) The id of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.' + subnet_mapping: '- (Optional) A subnet mapping block as documented below.' + subnet_mapping.*.outpost_id: '- ID of the Outpost containing the load balancer.' + subnets: |- + - (Optional) A list of subnet IDs to attach to the LB. Subnets + cannot be updated for Load Balancers of type network. Changing this value + for load balancers of type network will force a recreation of the resource. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10 minutes) Used for LB modifications' + zone_id: '- The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).' + aws_lb_cookie_stickiness_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides a load balancer cookie stickiness policy, which allows an ELB to control the sticky session lifetime of the browser. + name: aws_lb_cookie_stickiness_policy + titleName: aws_lb_cookie_stickiness_policy + examples: + - manifest: |- + { + "cookie_expiration_period": 600, + "lb_port": 80, + "load_balancer": "${aws_elb.lb.id}", + "name": "foo-policy" + } + references: + load_balancer: aws_elb.id + argumentDocs: + cookie_expiration_period: '- The time period after which the session cookie is considered stale, expressed in seconds.' + id: '- The ID of the policy.' + lb_port: '- The load balancer port to which the policy is applied.' + load_balancer: '- The load balancer to which the policy is attached.' + name: '- The name of the stickiness policy.' + aws_lb_listener: + subCategory: Elastic Load Balancing v2 (ALB/NLB) + description: Provides a Load Balancer Listener resource. + name: aws_lb_listener + titleName: aws_lb_listener + examples: + - manifest: |- + { + "certificate_arn": "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4", + "default_action": [ + { + "target_group_arn": "${aws_lb_target_group.front_end.arn}", + "type": "forward" + } + ], + "load_balancer_arn": "${aws_lb.front_end.arn}", + "port": "443", + "protocol": "HTTPS", + "ssl_policy": "ELBSecurityPolicy-2016-08" + } + references: + load_balancer_arn: aws_lb.arn + - manifest: |- + { + "alpn_policy": "HTTP2Preferred", + "certificate_arn": "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4", + "default_action": [ + { + "target_group_arn": "${aws_lb_target_group.front_end.arn}", + "type": "forward" + } + ], + "load_balancer_arn": "${aws_lb.front_end.arn}", + "port": "443", + "protocol": "TLS" + } + references: + load_balancer_arn: aws_lb.arn + - manifest: |- + { + "default_action": [ + { + "redirect": [ + { + "port": "443", + "protocol": "HTTPS", + "status_code": "HTTP_301" + } + ], + "type": "redirect" + } + ], + "load_balancer_arn": "${aws_lb.front_end.arn}", + "port": "80", + "protocol": "HTTP" + } + references: + load_balancer_arn: aws_lb.arn + - manifest: |- + { + "default_action": [ + { + "fixed_response": [ + { + "content_type": "text/plain", + "message_body": "Fixed response content", + "status_code": "200" + } + ], + "type": "fixed-response" + } + ], + "load_balancer_arn": "${aws_lb.front_end.arn}", + "port": "80", + "protocol": "HTTP" + } + references: + load_balancer_arn: aws_lb.arn + - manifest: |- + { + "default_action": [ + { + "authenticate_cognito": [ + { + "user_pool_arn": "${aws_cognito_user_pool.pool.arn}", + "user_pool_client_id": "${aws_cognito_user_pool_client.client.id}", + "user_pool_domain": "${aws_cognito_user_pool_domain.domain.domain}" + } + ], + "type": "authenticate-cognito" + }, + { + "target_group_arn": "${aws_lb_target_group.front_end.arn}", + "type": "forward" + } + ], + "load_balancer_arn": "${aws_lb.front_end.arn}", + "port": "80", + "protocol": "HTTP" + } + references: + load_balancer_arn: aws_lb.arn + - manifest: |- + { + "default_action": [ + { + "authenticate_oidc": [ + { + "authorization_endpoint": "https://example.com/authorization_endpoint", + "client_id": "client_id", + "client_secret": "client_secret", + "issuer": "https://example.com", + "token_endpoint": "https://example.com/token_endpoint", + "user_info_endpoint": "https://example.com/user_info_endpoint" + } + ], + "type": "authenticate-oidc" + }, + { + "target_group_arn": "${aws_lb_target_group.front_end.arn}", + "type": "forward" + } + ], + "load_balancer_arn": "${aws_lb.front_end.arn}", + "port": "80", + "protocol": "HTTP" + } + references: + load_balancer_arn: aws_lb.arn + - manifest: |- + { + "default_action": [ + { + "target_group_arn": "${aws_lb_target_group.example.id}", + "type": "forward" + } + ], + "load_balancer_arn": "${aws_lb.example.id}" + } + references: + load_balancer_arn: aws_lb.id + argumentDocs: + alpn_policy: '- (Optional) Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.' + arn: '- ARN of the listener (matches id).' + authenticate_cognito: '- (Optional) Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.' + authenticate_oidc: '- (Optional) Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.' + authentication_request_extra_params: '- (Optional) Query parameters to include in the redirect request to the authorization endpoint. Max: 10.' + authorization_endpoint: '- (Required) Authorization endpoint of the IdP.' + certificate_arn: '- (Optional) ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws_lb_listener_certificate resource.' + client_id: '- (Required) OAuth 2.0 client identifier.' + client_secret: '- (Required) OAuth 2.0 client secret.' + content_type: '- (Required) Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.' + default_action: '- (Required) Configuration block for default actions. Detailed below.' + duration: '- (Required) Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).' + enabled: '- (Optional) Whether target group stickiness is enabled. Default is false.' + fixed_response: '- (Optional) Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.' + forward: '- (Optional) Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.' + host: '- (Optional) Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.' + id: '- ARN of the listener (matches arn).' + issuer: '- (Required) OIDC issuer identifier of the IdP.' + key: '- (Required) Key of query parameter.' + load_balancer_arn: '- (Required, Forces New Resource) ARN of the load balancer.' + message_body: '- (Optional) Message body.' + on_unauthenticated_request: '- (Optional) Behavior if the user is not authenticated. Valid values: deny, allow and authenticate' + order: '- (Optional) Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.' + path: '- (Optional) Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.' + port: '- (Optional) Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.' + protocol: '- (Optional) Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.' + query: '- (Optional) Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.' + redirect: '- (Optional) Configuration block for creating a redirect action. Required if type is redirect. Detailed below.' + scope: '- (Optional) Set of user claims to be requested from the IdP.' + session_cookie_name: '- (Optional) Name of the cookie used to maintain session information.' + session_timeout: '- (Optional) Maximum duration of the authentication session, in seconds.' + ssl_policy: '- (Optional) Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.' + status_code: '- (Required) HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).' + stickiness: '- (Optional) Configuration block for target group stickiness for the rule. Detailed below.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_group: '- (Required) Set of 1-5 target group blocks. Detailed below.' + target_group_arn: '- (Optional) ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.' + token_endpoint: '- (Required) Token endpoint of the IdP.' + type: '- (Required) Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.' + user_info_endpoint: '- (Required) User info endpoint of the IdP.' + user_pool_arn: '- (Required) ARN of the Cognito user pool.' + user_pool_client_id: '- (Required) ID of the Cognito user pool client.' + user_pool_domain: '- (Required) Domain prefix or fully-qualified domain name of the Cognito user pool.' + value: '- (Required) Value of query parameter.' + weight: '- (Optional) Weight. The range is 0 to 999.' + aws_lb_listener_certificate: + subCategory: Elastic Load Balancing v2 (ALB/NLB) + description: Provides a Load Balancer Listener Certificate resource. + name: aws_lb_listener_certificate + titleName: aws_lb_listener_certificate + examples: + - manifest: |- + { + "certificate_arn": "${aws_acm_certificate.example.arn}", + "listener_arn": "${aws_lb_listener.front_end.arn}" + } + references: + certificate_arn: aws_acm_certificate.arn + listener_arn: aws_lb_listener.arn + argumentDocs: + certificate_arn: '- (Required, Forces New Resource) The ARN of the certificate to attach to the listener.' + id: '- The listener_arn and certificate_arn separated by a _.' + listener_arn: '- (Required, Forces New Resource) The ARN of the listener to which to attach the certificate.' + aws_lb_listener_rule: + subCategory: Elastic Load Balancing v2 (ALB/NLB) + description: Provides a Load Balancer Listener Rule resource. + name: aws_lb_listener_rule + titleName: aws_lb_listener_rule + examples: + - manifest: |- + { + "action": [ + { + "target_group_arn": "${aws_lb_target_group.static.arn}", + "type": "forward" + } + ], + "condition": [ + { + "path_pattern": [ + { + "values": [ + "/static/*" + ] + } + ] + }, + { + "host_header": [ + { + "values": [ + "example.com" + ] + } + ] + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}", + "priority": 100 + } + references: + listener_arn: aws_lb_listener.arn + - manifest: |- + { + "action": [ + { + "target_group_arn": "${aws_lb_target_group.static.arn}", + "type": "forward" + } + ], + "condition": [ + { + "host_header": [ + { + "values": [ + "my-service.*.terraform.io" + ] + } + ] + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}", + "priority": 99 + } + references: + listener_arn: aws_lb_listener.arn + - manifest: |- + { + "action": [ + { + "forward": [ + { + "stickiness": [ + { + "duration": 600, + "enabled": true + } + ], + "target_group": [ + { + "arn": "${aws_lb_target_group.main.arn}", + "weight": 80 + }, + { + "arn": "${aws_lb_target_group.canary.arn}", + "weight": 20 + } + ] + } + ], + "type": "forward" + } + ], + "condition": [ + { + "host_header": [ + { + "values": [ + "my-service.*.terraform.io" + ] + } + ] + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}", + "priority": 99 + } + references: + listener_arn: aws_lb_listener.arn + - manifest: |- + { + "action": [ + { + "redirect": [ + { + "port": "443", + "protocol": "HTTPS", + "status_code": "HTTP_301" + } + ], + "type": "redirect" + } + ], + "condition": [ + { + "http_header": [ + { + "http_header_name": "X-Forwarded-For", + "values": [ + "192.168.1.*" + ] + } + ] + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}" + } + references: + listener_arn: aws_lb_listener.arn + - manifest: |- + { + "action": [ + { + "fixed_response": [ + { + "content_type": "text/plain", + "message_body": "HEALTHY", + "status_code": "200" + } + ], + "type": "fixed-response" + } + ], + "condition": [ + { + "query_string": [ + { + "key": "health", + "value": "check" + }, + { + "value": "bar" + } + ] + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}" + } + references: + listener_arn: aws_lb_listener.arn + - manifest: |- + { + "action": [ + { + "authenticate_cognito": [ + { + "user_pool_arn": "${aws_cognito_user_pool.pool.arn}", + "user_pool_client_id": "${aws_cognito_user_pool_client.client.id}", + "user_pool_domain": "${aws_cognito_user_pool_domain.domain.domain}" + } + ], + "type": "authenticate-cognito" + }, + { + "target_group_arn": "${aws_lb_target_group.static.arn}", + "type": "forward" + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}" + } + references: + listener_arn: aws_lb_listener.arn + - manifest: |- + { + "action": [ + { + "authenticate_oidc": [ + { + "authorization_endpoint": "https://example.com/authorization_endpoint", + "client_id": "client_id", + "client_secret": "client_secret", + "issuer": "https://example.com", + "token_endpoint": "https://example.com/token_endpoint", + "user_info_endpoint": "https://example.com/user_info_endpoint" + } + ], + "type": "authenticate-oidc" + }, + { + "target_group_arn": "${aws_lb_target_group.static.arn}", + "type": "forward" + } + ], + "listener_arn": "${aws_lb_listener.front_end.arn}" + } + references: + listener_arn: aws_lb_listener.arn + argumentDocs: + action: '- (Required) An Action block. Action blocks are documented below.' + arn: '- The ARN of the rule (matches id)' + authenticate_cognito: '- (Optional) Information for creating an authenticate action using Cognito. Required if type is authenticate-cognito.' + authenticate_oidc: '- (Optional) Information for creating an authenticate action using OIDC. Required if type is authenticate-oidc.' + authentication_request_extra_params: '- (Optional) The query parameters to include in the redirect request to the authorization endpoint. Max: 10.' + authorization_endpoint: '- (Required) The authorization endpoint of the IdP.' + client_id: '- (Required) The OAuth 2.0 client identifier.' + client_secret: '- (Required) The OAuth 2.0 client secret.' + condition: '- (Required) A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.' + content_type: '- (Required) The content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.' + duration: '- (Optional) The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).' + enabled: '- (Required) Indicates whether target group stickiness is enabled.' + fixed_response: '- (Optional) Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.' + forward: '- (Optional) Information for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn.' + host: '- (Optional) The hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.' + host_header: '- (Optional) Contains a single values item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.' + http_header: '- (Optional) HTTP headers to match. HTTP Header block fields documented below.' + http_header_name: '- (Required) Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a host-header condition instead.' + http_request_method: '- (Optional) Contains a single values item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.' + id: '- The ARN of the rule (matches arn)' + issuer: '- (Required) The OIDC issuer identifier of the IdP.' + key: '- (Optional) Query string key pattern to match.' + listener_arn: '- (Required, Forces New Resource) The ARN of the listener to which to attach the rule.' + message_body: '- (Optional) The message body.' + on_unauthenticated_request: '- (Optional) The behavior if the user is not authenticated. Valid values: deny, allow and authenticate' + path: '- (Optional) The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.' + path_pattern: '- (Optional) Contains a single values item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a query_string condition.' + port: '- (Optional) The port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.' + priority: '- (Optional) The priority for the rule between 1 and 50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can''t have multiple rules with the same priority.' + protocol: '- (Optional) The protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.' + query: '- (Optional) The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.' + query_string: '- (Optional) Query strings to match. Query String block fields documented below.' + redirect: '- (Optional) Information for creating a redirect action. Required if type is redirect.' + scope: '- (Optional) The set of user claims to be requested from the IdP.' + session_cookie_name: '- (Optional) The name of the cookie used to maintain session information.' + session_timeout: '- (Optional) The maximum duration of the authentication session, in seconds.' + source_ip: '- (Optional) Contains a single values item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the X-Forwarded-For header, use http_header condition instead.' + status_code: '- (Optional) The HTTP response code. Valid values are 2XX, 4XX, or 5XX.' + stickiness: '- (Optional) The target group stickiness for the rule.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_group: '- (Required) One or more target groups block.' + target_group_arn: '- (Optional) The ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.' + token_endpoint: '- (Required) The token endpoint of the IdP.' + type: '- (Required) The type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.' + user_info_endpoint: '- (Required) The user info endpoint of the IdP.' + user_pool_arn: '- (Required) The ARN of the Cognito user pool.' + user_pool_client_id: '- (Required) The ID of the Cognito user pool client.' + user_pool_domain: '- (Required) The domain prefix or fully-qualified domain name of the Cognito user pool.' + value: '- (Required) Query string value pattern to match.' + values: '- (Required) Query string pairs or values to match. Query String Value blocks documented below. Multiple values blocks can be specified, see example above. Maximum size of each string is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal ''*'' or ''?'' character in a query string, escape the character with a backslash (\). Only one pair needs to match for the condition to be satisfied.' + weight: '- (Optional) The weight. The range is 0 to 999.' + aws_lb_ssl_negotiation_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides a load balancer SSL negotiation policy, which allows an ELB to control which ciphers and protocols are supported during SSL negotiations between a client and a load balancer. + name: aws_lb_ssl_negotiation_policy + titleName: aws_lb_ssl_negotiation_policy + examples: + - manifest: |- + { + "attribute": [ + { + "name": "Protocol-TLSv1", + "value": "false" + }, + { + "name": "Protocol-TLSv1.1", + "value": "false" + }, + { + "name": "Protocol-TLSv1.2", + "value": "true" + }, + { + "name": "Server-Defined-Cipher-Order", + "value": "true" + }, + { + "name": "ECDHE-RSA-AES128-GCM-SHA256", + "value": "true" + }, + { + "name": "AES128-GCM-SHA256", + "value": "true" + }, + { + "name": "EDH-RSA-DES-CBC3-SHA", + "value": "false" + } + ], + "lb_port": 443, + "load_balancer": "${aws_elb.lb.id}", + "name": "foo-policy" + } + references: + load_balancer: aws_elb.id + argumentDocs: + attribute: '- The SSL Negotiation policy attributes.' + id: '- The ID of the policy.' + lb_port: '- The load balancer port to which the policy is applied.' + load_balancer: '- The load balancer to which the policy is attached.' + name: '- The name of the stickiness policy.' + value: '- The value of the attribute' + aws_lb_target_group: + subCategory: Elastic Load Balancing v2 (ALB/NLB) + description: Provides a Target Group resource for use with Load Balancers. + name: aws_lb_target_group + titleName: aws_lb_target_group + examples: + - manifest: |- + { + "name": "tf-example-lb-tg", + "port": 80, + "protocol": "HTTP", + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "name": "tf-example-lb-tg", + "port": 80, + "protocol": "HTTP", + "target_type": "ip", + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "name": "tf-example-lb-tg", + "target_type": "lambda" + } + argumentDocs: + arn: '- ARN of the Target Group (matches id).' + arn_suffix: '- ARN suffix for use with CloudWatch Metrics.' + cookie_duration: '- (Optional) Only used when the type is lb_cookie. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).' + cookie_name: '- (Optional) Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is app_cookie.' + deregistration_delay: '- (Optional) Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.' + enabled: '- (Optional) Boolean to enable / disable stickiness. Default is true.' + health_check: '- (Optional, Maximum of 1) Health Check configuration block. Detailed below.' + healthy_threshold: '- (Optional) Number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3.' + id: '- ARN of the Target Group (matches arn).' + interval: '- (Optional) Approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. For lambda target groups, it needs to be greater as the timeout of the underlying lambda. Default 30 seconds.' + lambda_multi_value_headers_enabled: '- (Optional) Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when target_type is lambda. Default is false.' + load_balancing_algorithm_type: '- (Optional) Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is round_robin or least_outstanding_requests. The default is round_robin.' + matcher: (May be required) Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, "200,202" for HTTP(s) or "0,12" for GRPC) or a range of values (for example, "200-299" or "0-99"). Required for HTTP/HTTPS/GRPC ALB. Only applies to Application Load Balancers (i.e., HTTP/HTTPS/GRPC) not Network Load Balancers (i.e., TCP). + name: '- Name of the Target Group.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name. Cannot be longer than 6 characters.' + path: '- (May be required) Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS.' + port: '- (Optional) Port to use to connect with the target. Valid values are either ports 1-65535, or traffic-port. Defaults to traffic-port.' + preserve_client_ip: '- (Optional) Whether client IP preservation is enabled. See doc for more information.' + protocol: '- (Optional) Protocol to use to connect with the target. Defaults to HTTP. Not applicable when target_type is lambda.' + protocol_version: '- (Optional, Forces new resource) Only applicable when protocol is HTTP or HTTPS. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1' + proxy_protocol_v2: '- (Optional) Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is false.' + slow_start: '- (Optional) Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.' + stickiness: '- (Optional, Maximum of 1) Stickiness configuration block. Detailed below.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_type: '- (May be required, Forces new resource) Type of target that you must specify when registering targets with this target group. The possible values are instance (targets are specified by instance ID) or ip (targets are specified by IP address) or lambda (targets are specified by lambda arn). The default is instance. Note that you can''t specify targets for a target group using both instance IDs and IP addresses. If the target type is ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can''t specify publicly routable IP addresses.' + timeout: '- (Optional) Amount of time, in seconds, during which no response means a failed health check. For Application Load Balancers, the range is 2 to 120 seconds, and the default is 5 seconds for the instance target type and 30 seconds for the lambda target type. For Network Load Balancers, you cannot set a custom value, and the default is 10 seconds for TCP and HTTPS health checks and 6 seconds for HTTP health checks.' + type: '- (Required) The type of sticky sessions. The only current possible values are lb_cookie, app_cookie for ALBs, and source_ip for NLBs.' + unhealthy_threshold: '- (Optional) Number of consecutive health check failures required before considering the target unhealthy. For Network Load Balancers, this value must be the same as the healthy_threshold. Defaults to 3.' + vpc_id: '- (Optional, Forces new resource) Identifier of the VPC in which to create the target group. Required when target_type is instance or ip. Does not apply when target_type is lambda.' + aws_lb_target_group_attachment: + subCategory: Elastic Load Balancing v2 (ALB/NLB) + description: Provides the ability to register instances and containers with a LB target group + name: aws_lb_target_group_attachment + titleName: aws_lb_target_group_attachment + examples: + - manifest: |- + { + "port": 80, + "target_group_arn": "${aws_lb_target_group.test.arn}", + "target_id": "${aws_instance.test.id}" + } + references: + target_group_arn: aws_lb_target_group.arn + target_id: aws_instance.id + - manifest: |- + { + "depends_on": [ + "${aws_lambda_permission.with_lb}" + ], + "target_group_arn": "${aws_lb_target_group.test.arn}", + "target_id": "${aws_lambda_function.test.arn}" + } + references: + target_group_arn: aws_lb_target_group.arn + target_id: aws_lambda_function.arn + argumentDocs: + availability_zone: '- (Optional) The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to ''all''.' + id: '- A unique identifier for the attachment' + port: '- (Optional) The port on which targets receive traffic.' + target_group_arn: '- (Required) The ARN of the target group with which to register targets' + target_id: (Required) The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda. + aws_lex_bot: + subCategory: Lex + description: Provides an Amazon Lex bot resource. + name: aws_lex_bot + titleName: aws_lex_bot + examples: + - manifest: |- + { + "abort_statement": [ + { + "message": [ + { + "content": "Sorry, I am not able to assist at this time", + "content_type": "PlainText" + } + ] + } + ], + "child_directed": false, + "clarification_prompt": [ + { + "max_attempts": 2, + "message": [ + { + "content": "I didn't understand you, what would you like to do?", + "content_type": "PlainText" + } + ] + } + ], + "create_version": false, + "description": "Bot to order flowers on the behalf of a user", + "idle_session_ttl_in_seconds": 600, + "intent": [ + { + "intent_name": "OrderFlowers", + "intent_version": "1" + } + ], + "locale": "en-US", + "name": "OrderFlowers", + "process_behavior": "BUILD", + "voice_id": "Salli" + } + argumentDocs: + abort_statement: '- (Required) The message that Amazon Lex uses to abort a conversation. Attributes are documented under statement.' + checksum: |- + - Checksum identifying the version of the bot that was created. The checksum is not + included as an argument because the resource will add it automatically when updating the bot. + child_directed: '- (Required) By specifying true, you confirm that your use of Amazon Lex is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to COPPA. For more information see the Amazon Lex FAQ and the Amazon Lex PutBot API Docs.' + clarification_prompt: '- (Required) The message that Amazon Lex uses when it doesn''t understand the user''s request. Attributes are documented under prompt.' + content: '- (Required) The text of the message.' + content_type: '- (Required) The content type of the message string.' + create: '- (Defaults to 1 mins) Used when creating the bot' + create_version: '- (Optional) Determines if a new bot version is created when the initial resource is created and on each update. Defaults to false.' + created_date: '- The date when the bot version was created.' + delete: '- (Defaults to 5 mins) Used when deleting the bot' + description: '- (Optional) A description of the bot. Must be less than or equal to 200 characters in length.' + detect_sentiment: '- (Optional) When set to true user utterances are sent to Amazon Comprehend for sentiment analysis. If you don''t specify detectSentiment, the default is false.' + enable_model_improvements: '- (Optional) Set to true to enable access to natural language understanding improvements. When you set the enable_model_improvements parameter to true you can use the nlu_intent_confidence_threshold parameter to configure confidence scores. For more information, see Confidence Scores. You can only set the enable_model_improvements parameter in certain Regions. If you set the parameter to true, your bot has access to accuracy improvements. For more information see the Amazon Lex Bot PutBot API Docs.' + failure_reason: '- If status is FAILED, Amazon Lex provides the reason that it failed to build the bot.' + group_number: |- + - (Optional) Identifies the message group that the message belongs to. When a group + is assigned to a message, Amazon Lex returns one message from each group in the response. + idle_session_ttl_in_seconds: '- (Optional) The maximum time in seconds that Amazon Lex retains the data gathered in a conversation. Default is 300. Must be a number between 60 and 86400 (inclusive).' + intent: '- (Required) A set of Intent objects. Each intent represents a command that a user can express. Attributes are documented under intent. Can have up to 100 Intent objects.' + intent_name: '- (Required) The name of the intent. Must be less than or equal to 100 characters in length.' + intent_version: '- (Required) The version of the intent. Must be less than or equal to 64 characters in length.' + last_updated_date: '- The date when the $LATEST version of this bot was updated.' + locale: '- (Optional) Specifies the target locale for the bot. Any intent used in the bot must be compatible with the locale of the bot. For available locales, see Amazon Lex Bot PutBot API Docs. Default is en-US.' + max_attempts: '- (Required) The number of times to prompt the user for information.' + message: |- + - (Required) A set of messages, each of which provides a message string and its type. You + can specify the message string in plain text or in Speech Synthesis Markup Language (SSML). Attributes + are documented under message. + name: '- (Required) The name of the bot that you want to create, case sensitive. Must be between 2 and 50 characters in length.' + nlu_intent_confidence_threshold: '- (Optional) Determines the threshold where Amazon Lex will insert the AMAZON.FallbackIntent, AMAZON.KendraSearchIntent, or both when returning alternative intents in a PostContent or PostText response. AMAZON.FallbackIntent and AMAZON.KendraSearchIntent are only inserted if they are configured for the bot. For more information see Amazon Lex Bot PutBot API Docs This value requires enable_model_improvements to be set to true and the default is 0. Must be a float between 0 and 1.' + process_behavior: '- (Optional) If you set the process_behavior element to BUILD, Amazon Lex builds the bot so that it can be run. If you set the element to SAVE Amazon Lex saves the bot, but doesn''t build it. Default is SAVE.' + response_card: |- + - (Optional) The response card. Amazon Lex will substitute session attributes and + slot values into the response card. For more information, see + Example: Using a Response Card. + status: |- + - When you send a request to create or update a bot, Amazon Lex sets the status response + element to BUILDING. After Amazon Lex builds the bot, it sets status to READY. If Amazon Lex can't + build the bot, it sets status to FAILED. Amazon Lex returns the reason for the failure in the + failure_reason response element. + update: '- (Defaults to 1 mins) Used when updating the bot' + version: '- The version of the bot.' + voice_id: '- (Optional) The Amazon Polly voice ID that you want Amazon Lex to use for voice interactions with the user. The locale configured for the voice must match the locale of the bot. For more information, see Available Voices in the Amazon Polly Developer Guide.' + aws_lex_bot_alias: + subCategory: Lex + description: Provides an Amazon Lex Bot Alias resource. + name: aws_lex_bot_alias + titleName: aws_lex_bot_alias + examples: + - manifest: |- + { + "bot_name": "OrderFlowers", + "bot_version": "1", + "description": "Production Version of the OrderFlowers Bot.", + "name": "OrderFlowersProd" + } + argumentDocs: + arn: '- The ARN of the bot alias.' + bot_name: '- (Required) The name of the bot.' + bot_version: '- (Required) The name of the bot.' + checksum: '- Checksum of the bot alias.' + conversation_logs: '- (Optional) The settings that determine how Amazon Lex uses conversation logs for the alias. Attributes are documented under conversation_logs.' + create: '- (Defaults to 1 mins) Used when creating the bot alias' + created_date: '- The date that the bot alias was created.' + delete: '- (Defaults to 5 mins) Used when deleting the bot alias' + description: '- (Optional) A description of the alias. Must be less than or equal to 200 characters in length.' + destination: '- (Required) The destination where logs are delivered. Options are CLOUDWATCH_LOGS or S3.' + iam_role_arn: '- (Required) The Amazon Resource Name (ARN) of the IAM role used to write your logs to CloudWatch Logs or an S3 bucket. Must be between 20 and 2048 characters in length.' + kms_key_arn: '- (Optional) The Amazon Resource Name (ARN) of the key used to encrypt audio logs in an S3 bucket. This can only be specified when destination is set to S3. Must be between 20 and 2048 characters in length.' + last_updated_date: '- The date that the bot alias was updated. When you create a resource, the creation date and the last updated date are the same.' + log_settings: '- (Optional) The settings for your conversation logs. You can log text, audio, or both. Attributes are documented under log_settings.' + log_type: '- (Required) The type of logging that is enabled. Options are AUDIO or TEXT.' + name: '- (Required) The name of the alias. The name is not case sensitive. Must be less than or equal to 100 characters in length.' + resource_arn: '- (Required) The Amazon Resource Name (ARN) of the CloudWatch Logs log group or S3 bucket where the logs are delivered. Must be less than or equal to 2048 characters in length.' + resource_prefix: '- (Computed) The prefix of the S3 object key for AUDIO logs or the log stream name for TEXT logs.' + update: '- (Defaults to 1 mins) Used when updating the bot alias' + aws_lex_intent: + subCategory: Lex + description: Provides an Amazon Lex intent resource. + name: aws_lex_intent + titleName: aws_lex_intent + examples: + - manifest: |- + { + "confirmation_prompt": [ + { + "max_attempts": 2, + "message": [ + { + "content": "Okay, your {FlowerType} will be ready for pickup by {PickupTime} on {PickupDate}. Does this sound okay?", + "content_type": "PlainText" + } + ] + } + ], + "create_version": false, + "description": "Intent to order a bouquet of flowers for pick up", + "fulfillment_activity": [ + { + "type": "ReturnIntent" + } + ], + "name": "OrderFlowers", + "rejection_statement": [ + { + "message": [ + { + "content": "Okay, I will not place your order.", + "content_type": "PlainText" + } + ] + } + ], + "sample_utterances": [ + "I would like to order some flowers", + "I would like to pick up flowers" + ], + "slot": [ + { + "description": "The type of flowers to pick up", + "name": "FlowerType", + "priority": 1, + "sample_utterances": [ + "I would like to order {FlowerType}" + ], + "slot_constraint": "Required", + "slot_type": "FlowerTypes", + "slot_type_version": "$$LATEST", + "value_elicitation_prompt": [ + { + "max_attempts": 2, + "message": [ + { + "content": "What type of flowers would you like to order?", + "content_type": "PlainText" + } + ] + } + ] + }, + { + "description": "The date to pick up the flowers", + "name": "PickupDate", + "priority": 2, + "sample_utterances": [ + "I would like to order {FlowerType}" + ], + "slot_constraint": "Required", + "slot_type": "AMAZON.DATE", + "slot_type_version": "$$LATEST", + "value_elicitation_prompt": [ + { + "max_attempts": 2, + "message": [ + { + "content": "What day do you want the {FlowerType} to be picked up?", + "content_type": "PlainText" + } + ] + } + ] + }, + { + "description": "The time to pick up the flowers", + "name": "PickupTime", + "priority": 3, + "sample_utterances": [ + "I would like to order {FlowerType}" + ], + "slot_constraint": "Required", + "slot_type": "AMAZON.TIME", + "slot_type_version": "$$LATEST", + "value_elicitation_prompt": [ + { + "max_attempts": 2, + "message": [ + { + "content": "Pick up the {FlowerType} at what time on {PickupDate}?", + "content_type": "PlainText" + } + ] + } + ] + } + ] + } + argumentDocs: + arn: '- The ARN of the Lex intent.' + checksum: |- + - Checksum identifying the version of the intent that was created. The checksum is not + included as an argument because the resource will add it automatically when updating the intent. + code_hook: |- + - (Optional) A description of the Lambda function that is run to fulfill the intent. + Required if type is CodeHook. Attributes are documented under code_hook. + conclusion_statement: |- + - (Optional) The statement that you want Amazon Lex to convey to the user + after the intent is successfully fulfilled by the Lambda function. This element is relevant only if + you provide a Lambda function in the fulfillment_activity. If you return the intent to the client + application, you can't specify this element. The follow_up_prompt and conclusion_statement are + mutually exclusive. You can specify only one. Attributes are documented under statement. + confirmation_prompt: |- + - (Optional) Prompts the user to confirm the intent. This question should + have a yes or no answer. You you must provide both the rejection_statement and confirmation_prompt, + or neither. Attributes are documented under prompt. + content: '- (Required) The text of the message. Must be less than or equal to 1000 characters in length.' + content_type: '- (Required) The content type of the message string.' + create: '- (Defaults to 1 min) Used when creating the intent' + create_version: |- + - (Optional) Determines if a new slot type version is created when the initial + resource is created and on each update. Defaults to false. + created_date: '- The date when the intent version was created.' + delete: '- (Defaults to 5 mins) Used when deleting the intent' + description: '- (Optional) A description of the bot. Must be less than or equal to 200 characters in length.' + dialog_code_hook: |- + - (Optional) Specifies a Lambda function to invoke for each user input. You can + invoke this Lambda function to personalize user interaction. Attributes are documented under code_hook. + follow_up_prompt: |- + - (Optional) Amazon Lex uses this prompt to solicit additional activity after + fulfilling an intent. For example, after the OrderPizza intent is fulfilled, you might prompt the + user to order a drink. The follow_up_prompt field and the conclusion_statement field are mutually + exclusive. You can specify only one. Attributes are documented under follow_up_prompt. + fulfillment_activity: |- + - (Required) Describes how the intent is fulfilled. For example, after a + user provides all of the information for a pizza order, fulfillment_activity defines how the bot + places an order with a local pizza store. Attributes are documented under fulfillment_activity. + group_number: |- + - (Optional) Identifies the message group that the message belongs to. When a group + is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). + last_updated_date: '- The date when the $LATEST version of this intent was updated.' + max_attempts: '- (Required) The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive).' + message: |- + - (Required) A set of messages, each of which provides a message string and its type. + You can specify the message string in plain text or in Speech Synthesis Markup Language (SSML). + Attributes are documented under message. Must contain between 1 and 15 messages. + message_version: |- + - (Required) The version of the request-response that you want Amazon Lex to use + to invoke your Lambda function. For more information, see + Using Lambda Functions. Must be less than or equal to 5 characters in length. + name: '- (Required) The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length.' + parent_intent_signature: |- + - (Optional) A unique identifier for the built-in intent to base this + intent on. To find the signature for an intent, see + Standard Built-in Intents + in the Alexa Skills Kit. + priority: |- + - (Optional) Directs Lex the order in which to elicit this slot value from the user. + For example, if the intent has two slots with priorities 1 and 2, AWS Lex first elicits a value for + the slot with priority 1. If multiple slots share the same priority, the order in which Lex elicits + values is arbitrary. Must be between 1 and 100. + prompt: '- (Required) Prompts for information from the user. Attributes are documented under prompt.' + rejection_statement: |- + - (Optional) If the user answers "no" to the question defined in the prompt field, + Amazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are + documented below under statement. + response_card: |- + - (Optional) The response card. Amazon Lex will substitute session attributes and + slot values into the response card. For more information, see + Example: Using a Response Card. Must be less than or equal to 50000 characters in length. + sample_utterances: |- + - (Optional) If you know a specific pattern with which users might respond to + an Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This + is optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length. + slot: |- + - (Optional) An list of intent slots. At runtime, Amazon Lex elicits required slot values + from the user using prompts defined in the slots. Attributes are documented under slot. + slot_constraint: '- (Required) Specifies whether the slot is required or optional.' + slot_type: |- + - (Optional) The type of the slot, either a custom slot type that you defined or one of + the built-in slot types. Must be less than or equal to 100 characters in length. + slot_type_version: '- (Optional) The version of the slot type. Must be less than or equal to 64 characters in length.' + type: |- + - (Required) How the intent should be fulfilled, either by running a Lambda function or by + returning the slot data to the client application. + update: '- (Defaults to 1 min) Used when updating the intent' + uri: '- (Required) The Amazon Resource Name (ARN) of the Lambda function.' + value_elicitation_prompt: |- + - (Optional) The prompt that Amazon Lex uses to elicit the slot value + from the user. Attributes are documented under prompt. + version: '- The version of the bot.' + aws_lex_slot_type: + subCategory: Lex + description: Provides details about a specific Amazon Lex Slot Type + name: aws_lex_slot_type + titleName: aws_lex_slot_type + examples: + - manifest: |- + { + "create_version": true, + "description": "Types of flowers to order", + "enumeration_value": [ + { + "synonyms": [ + "Lirium", + "Martagon" + ], + "value": "lilies" + }, + { + "synonyms": [ + "Eduardoregelia", + "Podonix" + ], + "value": "tulips" + } + ], + "name": "FlowerTypes", + "value_selection_strategy": "ORIGINAL_VALUE" + } + argumentDocs: + checksum: |- + - Checksum identifying the version of the slot type that was created. The checksum is + not included as an argument because the resource will add it automatically when updating the slot type. + create: '- (Defaults to 1 min) Used when creating the slot type' + create_version: |- + - (Optional) + Determines if a new slot type version is created when the initial resource is created and on each + update. Defaults to false. + created_date: '- The date when the slot type version was created.' + delete: '- (Defaults to 5 mins) Used when deleting the slot type' + description: '- (Optional) A description of the slot type. Must be less than or equal to 200 characters in length.' + enumeration_value: |- + - (Required) A list of EnumerationValue objects that defines the values that + the slot type can take. Each value can have a list of synonyms, which are additional values that help + train the machine learning model about the values that it resolves for a slot. Attributes are + documented under enumeration_value. + last_updated_date: '- The date when the $LATEST version of this slot type was updated.' + name: '- (Required) The name of the slot type. The name is not case sensitive. Must be less than or equal to 100 characters in length.' + synonyms: '- (Optional) Additional values related to the slot type value. Each item must be less than or equal to 140 characters in length.' + update: '- (Defaults to 1 min) Used when updating the slot type' + value: '- (Required) The value of the slot type. Must be less than or equal to 140 characters in length.' + value_selection_strategy: |- + - (Optional) Determines the slot resolution strategy that Amazon Lex + uses to return slot type values. ORIGINAL_VALUE returns the value entered by the user if the user + value is similar to the slot value. TOP_RESOLUTION returns the first value in the resolution list + if there is a resolution list for the slot, otherwise null is returned. Defaults to ORIGINAL_VALUE. + version: '- The version of the slot type.' + aws_licensemanager_association: + subCategory: License Manager + description: Provides a License Manager association resource. + name: aws_licensemanager_association + titleName: aws_licensemanager_association + examples: + - manifest: |- + { + "license_configuration_arn": "${aws_licensemanager_license_configuration.example.arn}", + "resource_arn": "${aws_instance.example.arn}" + } + references: + license_configuration_arn: aws_licensemanager_license_configuration.arn + resource_arn: aws_instance.arn + argumentDocs: + id: '- The license configuration ARN.' + license_configuration_arn: '- (Required) ARN of the license configuration.' + resource_arn: '- (Required) ARN of the resource associated with the license configuration.' + aws_licensemanager_license_configuration: + subCategory: License Manager + description: Provides a License Manager license configuration resource. + name: aws_licensemanager_license_configuration + titleName: aws_licensemanager_license_configuration + examples: + - manifest: |- + { + "description": "Example", + "license_count": 10, + "license_count_hard_limit": true, + "license_counting_type": "Socket", + "license_rules": [ + "#minimumSockets=2" + ], + "name": "Example", + "tags": { + "foo": "barr" + } + } + argumentDocs: + allowedTenancy: '- Defines where the license can be used. If set, restricts license usage to selected tenancies. Specify a comma delimited list of EC2-Default, EC2-DedicatedHost, EC2-DedicatedInstance' + arn: '- The license configuration ARN.' + description: '- (Optional) Description of the license configuration.' + id: '- The license configuration ARN.' + license_count: '- (Optional) Number of licenses managed by the license configuration.' + license_count_hard_limit: '- (Optional) Sets the number of available licenses as a hard limit.' + license_counting_type: '- (Required) Dimension to use to track license inventory. Specify either vCPU, Instance, Core or Socket.' + license_rules: '- (Optional) Array of configured License Manager rules.' + maximumCores: '- Resource must have maximum core count in order to use the license. Default: unbounded, limit: 10000' + maximumSockets: '- Resource must have maximum socket count in order to use the license. Default: unbounded, limit: 10000' + maximumVcpus: '- Resource must have maximum vCPU count in order to use the license. Default: unbounded, limit: 10000' + minimumCores: '- Resource must have minimum core count in order to use the license. Default: 1' + minimumSockets: '- Resource must have minimum socket count in order to use the license. Default: 1' + minimumVcpus: '- Resource must have minimum vCPU count in order to use the license. Default: 1' + name: '- (Required) Name of the license configuration.' + owner_account_id: '- Account ID of the owner of the license configuration.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_lightsail_domain: + subCategory: Lightsail + description: Provides an Lightsail Domain + name: aws_lightsail_domain + titleName: aws_lightsail_domain + examples: + - manifest: |- + { + "domain_name": "mydomain.com" + } + argumentDocs: + arn: '- The ARN of the Lightsail domain' + domain_name: '- (Required) The name of the Lightsail domain to manage' + id: '- The name used for this domain' + aws_lightsail_instance: + subCategory: Lightsail + description: Provides an Lightsail Instance + name: aws_lightsail_instance + titleName: aws_lightsail_instance + examples: + - manifest: |- + { + "availability_zone": "us-east-1b", + "blueprint_id": "string", + "bundle_id": "string", + "key_pair_name": "some_key_name", + "name": "custom_gitlab", + "tags": { + "foo": "bar" + } + } + argumentDocs: + arn: '- The ARN of the Lightsail instance (matches id).' + availability_zone: |- + - (Required) The Availability Zone in which to create your + instance (see list below) + blueprint_id: '- (Required) The ID for a virtual private server image. A list of available blueprint IDs can be obtained using the AWS CLI command: aws lightsail get-blueprints' + bundle_id: '- (Required) The bundle of specification information (see list below)' + created_at: '- The timestamp when the instance was created.' + id: '- The ARN of the Lightsail instance (matches arn).' + ipv6_address: '- (Deprecated) The first IPv6 address of the Lightsail instance. Use ipv6_addresses attribute instead.' + ipv6_addresses: '- List of IPv6 addresses for the Lightsail instance.' + key_pair_name: |- + - (Optional) The name of your key pair. Created in the + Lightsail console (cannot use aws_key_pair at this time) + name: '- (Required) The name of the Lightsail Instance. Names be unique within each AWS Region in your Lightsail account.' + tags: '- (Optional) A map of tags to assign to the resource. To create a key-only tag, use an empty string as the value. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + user_data: '- (Optional) launch script to configure server with additional user data' + aws_lightsail_instance_public_ports: + subCategory: Lightsail + description: Provides an Lightsail Instance + name: aws_lightsail_instance_public_ports + titleName: aws_lightsail_instance_public_ports + examples: + - manifest: |- + { + "instance_name": "${aws_lightsail_instance.test.name}", + "port_info": [ + { + "from_port": 80, + "protocol": "tcp", + "to_port": 80 + } + ] + } + references: + instance_name: aws_lightsail_instance.name + argumentDocs: + cidrs: '- (Optional) Set of CIDR blocks.' + from_port: '- (Required) First port in a range of open ports on an instance.' + id: '- ID of the resource.' + instance_name: '- (Required) Name of the Lightsail Instance.' + port_info: '- (Required) Configuration block with port information. AWS closes all currently open ports that are not included in the port_info. Detailed below.' + protocol: '- (Required) IP protocol name. Valid values are tcp, all, udp, and icmp.' + to_port: '- (Required) Last port in a range of open ports on an instance.' + aws_lightsail_key_pair: + subCategory: Lightsail + description: Provides an Lightsail Key Pair + name: aws_lightsail_key_pair + titleName: aws_lightsail_key_pair + examples: + - manifest: |- + { + "name": "lg_key_pair" + } + - manifest: |- + { + "name": "lg_key_pair", + "pgp_key": "keybase:keybaseusername" + } + - manifest: |- + { + "name": "importing", + "public_key": "${file(\"~/.ssh/id_rsa.pub\")}" + } + argumentDocs: + arn: '- The ARN of the Lightsail key pair' + encrypted_fingerprint: |- + - The MD5 public key fingerprint for the encrypted + private key + encrypted_private_key: |- + – the private key material, base 64 encoded and + encrypted with the given pgp_key. This is only populated when creating a new + key and pgp_key is supplied + fingerprint: '- The MD5 public key fingerprint as specified in section 4 of RFC 4716.' + id: '- The name used for this key pair' + name: |- + - (Optional) The name of the Lightsail Key Pair. If omitted, a unique + name will be generated by Terraform + pgp_key: |- + – (Optional) An optional PGP key to encrypt the resulting private + key material. Only used when creating a new key pair + private_key: |- + - the private key, base64 encoded. This is only populated + when creating a new key, and when no pgp_key is provided + public_key: '- the public key, base64 encoded' + aws_lightsail_static_ip: + subCategory: Lightsail + description: Provides an Lightsail Static IP + name: aws_lightsail_static_ip + titleName: aws_lightsail_static_ip + examples: + - manifest: |- + { + "name": "example" + } + argumentDocs: + arn: '- The ARN of the Lightsail static IP' + ip_address: '- The allocated static IP address' + name: '- (Required) The name for the allocated static IP' + support_code: '- The support code.' + aws_lightsail_static_ip_attachment: + subCategory: Lightsail + description: Provides an Lightsail Static IP Attachment + name: aws_lightsail_static_ip_attachment + titleName: aws_lightsail_static_ip_attachment + examples: + - manifest: |- + { + "instance_name": "${aws_lightsail_instance.test.id}", + "static_ip_name": "${aws_lightsail_static_ip.test.id}" + } + references: + instance_name: aws_lightsail_instance.id + static_ip_name: aws_lightsail_static_ip.id + argumentDocs: + instance_name: '- (Required) The name of the Lightsail instance to attach the IP to' + ip_address: '- The allocated static IP address' + static_ip_name: '- (Required) The name of the allocated static IP' + aws_load_balancer_backend_server_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Attaches a load balancer policy to an ELB backend server. + name: aws_load_balancer_backend_server_policy + titleName: aws_load_balancer_backend_server_policy + examples: + - manifest: |- + { + "instance_port": 443, + "load_balancer_name": "${aws_elb.wu-tang.name}", + "policy_names": [ + "${aws_load_balancer_policy.wu-tang-root-ca-backend-auth-policy.policy_name}" + ] + } + references: + load_balancer_name: aws_elb.name + argumentDocs: + id: '- The ID of the policy.' + instance_port: '- The backend port the policies are applied to' + load_balancer_name: '- The load balancer on which the policy is defined.' + policy_names: '- (Required) List of Policy Names to apply to the backend server.' + aws_load_balancer_listener_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Attaches a load balancer policy to an ELB Listener. + name: aws_load_balancer_listener_policy + titleName: aws_load_balancer_listener_policy + examples: + - manifest: |- + { + "load_balancer_name": "${aws_elb.wu-tang.name}", + "load_balancer_port": 443, + "policy_names": [ + "${aws_load_balancer_policy.wu-tang-ssl.policy_name}" + ] + } + references: + load_balancer_name: aws_elb.name + - manifest: |- + { + "load_balancer_name": "${aws_elb.wu-tang.name}", + "load_balancer_port": 443, + "policy_names": [ + "${aws_load_balancer_policy.wu-tang-ssl-tls-1-1.policy_name}" + ] + } + references: + load_balancer_name: aws_elb.name + argumentDocs: + id: '- The ID of the policy.' + load_balancer_name: '- The load balancer on which the policy is defined.' + load_balancer_port: '- The load balancer listener port the policies are applied to' + policy_names: '- (Required) List of Policy Names to apply to the backend server.' + aws_load_balancer_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides a load balancer policy, which can be attached to an ELB listener or backend server. + name: aws_load_balancer_policy + titleName: aws_load_balancer_policy + examples: + - manifest: |- + { + "load_balancer_name": "${aws_elb.wu-tang.name}", + "policy_attribute": [ + { + "name": "PublicKey", + "value": "${file(\"wu-tang-pubkey\")}" + } + ], + "policy_name": "wu-tang-ca-pubkey-policy", + "policy_type_name": "PublicKeyPolicyType" + } + references: + load_balancer_name: aws_elb.name + - manifest: |- + { + "load_balancer_name": "${aws_elb.wu-tang.name}", + "policy_attribute": [ + { + "name": "PublicKeyPolicyName", + "value": "${aws_load_balancer_policy.wu-tang-root-ca-pubkey-policy.policy_name}" + } + ], + "policy_name": "wu-tang-root-ca-backend-auth-policy", + "policy_type_name": "BackendServerAuthenticationPolicyType" + } + references: + load_balancer_name: aws_elb.name + - manifest: |- + { + "load_balancer_name": "${aws_elb.wu-tang.name}", + "policy_attribute": [ + { + "name": "ECDHE-ECDSA-AES128-GCM-SHA256", + "value": "true" + }, + { + "name": "Protocol-TLSv1.2", + "value": "true" + } + ], + "policy_name": "wu-tang-ssl", + "policy_type_name": "SSLNegotiationPolicyType" + } + references: + load_balancer_name: aws_elb.name + - manifest: |- + { + "load_balancer_name": "${aws_elb.wu-tang.name}", + "policy_attribute": [ + { + "name": "Reference-Security-Policy", + "value": "ELBSecurityPolicy-TLS-1-1-2017-01" + } + ], + "policy_name": "wu-tang-ssl", + "policy_type_name": "SSLNegotiationPolicyType" + } + references: + load_balancer_name: aws_elb.name + argumentDocs: + id: '- The ID of the policy.' + load_balancer_name: '- The load balancer on which the policy is defined.' + policy_attribute: '- (Optional) Policy attribute to apply to the policy.' + policy_name: '- The name of the stickiness policy.' + policy_type_name: '- The policy type of the policy.' + aws_macie_member_account_association: + subCategory: Macie Classic + description: Associates an AWS account with Amazon Macie as a member account. + name: aws_macie_member_account_association + titleName: aws_macie_member_account_association + examples: + - manifest: |- + { + "member_account_id": "123456789012" + } + argumentDocs: + id: '- The ID of the association.' + member_account_id: '- (Required) The ID of the AWS account that you want to associate with Amazon Macie as a member account.' + aws_macie_s3_bucket_association: + subCategory: Macie Classic + description: Associates an S3 resource with Amazon Macie for monitoring and data classification. + name: aws_macie_s3_bucket_association + titleName: aws_macie_s3_bucket_association + examples: + - manifest: |- + { + "bucket_name": "tf-macie-example", + "classification_type": [ + { + "one_time": "FULL" + } + ], + "prefix": "data" + } + argumentDocs: + bucket_name: '- (Required) The name of the S3 bucket that you want to associate with Amazon Macie.' + classification_type: '- (Optional) The configuration of how Amazon Macie classifies the S3 objects.' + continuous: |- + - (Optional) A string value indicating that Macie perform a one-time classification of all of the existing objects in the bucket. + The only valid value is the default value, FULL. + id: '- The ID of the association.' + member_account_id: '- (Optional) The ID of the Amazon Macie member account whose S3 resources you want to associate with Macie. If member_account_id isn''t specified, the action associates specified S3 resources with Macie for the current master account.' + one_time: |- + - (Optional) A string value indicating whether or not Macie performs a one-time classification of all of the existing objects in the bucket. + Valid values are NONE and FULL. Defaults to NONE indicating that Macie only classifies objects that are added after the association was created. + prefix: '- (Optional) Object key prefix identifying one or more S3 objects to which the association applies.' + aws_macie2_account: + subCategory: Macie + description: Provides a resource to manage Amazon Macie on an AWS Account. + name: aws_macie2_account + titleName: aws_macie2_account + examples: + - manifest: |- + { + "finding_publishing_frequency": "FIFTEEN_MINUTES", + "status": "ENABLED" + } + argumentDocs: + created_at: '- The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.' + finding_publishing_frequency: '- (Optional) Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are FIFTEEN_MINUTES, ONE_HOUR or SIX_HOURS.' + id: '- The unique identifier (ID) of the macie account.' + service_role: '- The Amazon Resource Name (ARN) of the service-linked role that allows Macie to monitor and analyze data in AWS resources for the account.' + status: '- (Optional) Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to ENABLED. Valid values are ENABLED or PAUSED.' + updated_at: '- The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the Macie account.' + aws_macie2_classification_job: + subCategory: Macie + description: Provides a resource to manage an AWS Macie Classification Job. + name: aws_macie2_classification_job + titleName: aws_macie2_classification_job + examples: + - manifest: |- + { + "depends_on": [ + "${aws_macie2_account.test}" + ], + "job_type": "ONE_TIME", + "name": "NAME OF THE CLASSIFICATION JOB", + "s3_job_definition": [ + { + "bucket_definitions": [ + { + "account_id": "ACCOUNT ID", + "buckets": [ + "S3 BUCKET NAME" + ] + } + ] + } + ] + } + argumentDocs: + account_id: '- (Required) The unique identifier for the AWS account that owns the buckets.' + and: '- (Optional) An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below)' + bucket_definitions: '- (Optional) An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for the account. (documented below)' + buckets: '- (Required) An array that lists the names of the buckets.' + comparator: '- (Optional) The operator to use in the condition.' + created_at: '- The date and time, in UTC and extended RFC 3339 format, when the job was created.' + custom_data_identifier_ids: '- (Optional) The custom data identifiers to use for data analysis and classification.' + daily_schedule: '- (Optional) Specifies a daily recurrence pattern for running the job.' + description: '- (Optional) A custom description of the job. The description can contain as many as 200 characters.' + excludes: '- (Optional) The property- or tag-based conditions that determine which objects to exclude from the analysis. (documented below)' + id: '- The unique identifier (ID) of the macie classification job.' + includes: '- (Optional) The property- or tag-based conditions that determine which objects to include in the analysis. (documented below)' + initial_run: '- (Optional) Specifies whether to analyze all existing, eligible objects immediately after the job is created.' + job_status: '- (Optional) The status for the job. Valid values are: CANCELLED, RUNNING and USER_PAUSED' + job_type: '- (Required) The schedule for running the job. Valid values are: ONE_TIME - Run the job only once. If you specify this value, don''t specify a value for the schedule_frequency property. SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the schedule_frequency property to define the recurrence pattern for the job.' + key: '- (Optional) The tag key to use in the condition.' + monthly_schedule: '- (Optional) Specifies a monthly recurrence pattern for running the job.' + name: '- (Optional) A custom name for the job. The name can contain as many as 500 characters. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.' + s3_job_definition: '- (Optional) The S3 buckets that contain the objects to analyze, and the scope of that analysis. (documented below)' + sampling_percentage: '- (Optional) The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.' + schedule_frequency: '- (Optional) The recurrence pattern for running the job. To run the job only once, don''t specify a value for this property and set the value for the job_type property to ONE_TIME. (documented below)' + scoping: '- (Optional) The property- and tag-based conditions that determine which objects to include or exclude from the analysis. (documented below)' + simple_scope_term: '- (Optional) A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below)' + tag_scope_term: '- (Optional) A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below)' + tag_values: '- (Optional) The tag keys or tag key and value pairs to use in the condition.' + tags: '- (Optional) A map of key-value pairs that specifies the tags to associate with the job. A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.' + target: '- (Optional) The type of object to apply the condition to.' + user_paused_details: '- If the current status of the job is USER_PAUSED, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn''t resumed. This value is present only if the value for job-status is USER_PAUSED.' + values: '- (Optional) An array that lists the values to use in the condition.' + weekly_schedule: '- (Optional) Specifies a weekly recurrence pattern for running the job.' + aws_macie2_custom_data_identifier: + subCategory: Macie + description: Provides a resource to manage an AWS Macie Custom Data Identifier. + name: aws_macie2_custom_data_identifier + titleName: aws_macie2_custom_data_identifier + examples: + - manifest: |- + { + "depends_on": [ + "${aws_macie2_account.test}" + ], + "description": "DESCRIPTION", + "ignore_words": [ + "ignore" + ], + "keywords": [ + "keyword" + ], + "maximum_match_distance": 10, + "name": "NAME OF CUSTOM DATA IDENTIFIER", + "regex": "[0-9]{3}-[0-9]{2}-[0-9]{4}" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the custom data identifier.' + created_at: '- The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.' + deleted: '- Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn''t delete it permanently. Instead, it soft deletes the identifier.' + description: '- (Optional) A custom description of the custom data identifier. The description can contain as many as 512 characters.' + id: '- The unique identifier (ID) of the macie custom data identifier.' + ignore_words: '- (Optional) An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.' + keywords: '- (Optional) An array that lists specific character sequences (keywords), one of which must be within proximity (maximum_match_distance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren''t case sensitive.' + maximum_match_distance: '- (Optional) The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.' + name: '- (Optional) A custom name for the custom data identifier. The name can contain as many as 128 characters. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.' + regex: '- (Optional) The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.' + tags: '- (Optional) A map of key-value pairs that specifies the tags to associate with the custom data identifier.' + aws_macie2_findings_filter: + subCategory: Macie + description: Provides a resource to manage an Amazon Macie Findings Filter. + name: aws_macie2_findings_filter + titleName: aws_macie2_findings_filter + examples: + - manifest: |- + { + "action": "ARCHIVE", + "depends_on": [ + "${aws_macie2_account.test}" + ], + "description": "DESCRIPTION", + "finding_criteria": [ + { + "criterion": [ + { + "eq": [ + "${data.aws_region.current.name}" + ], + "field": "region" + } + ] + } + ], + "name": "NAME OF THE FINDINGS FILTER", + "position": 1 + } + argumentDocs: + action: '- (Required) The action to perform on findings that meet the filter criteria (finding_criteria). Valid values are: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don''t perform any action on the findings.' + arn: '- The Amazon Resource Name (ARN) of the Findings Filter.' + criterion: '- (Optional) A condition that specifies the property, operator, and one or more values to use to filter the results. (documented below)' + description: '- (Optional) A custom description of the filter. The description can contain as many as 512 characters.' + eq: '- (Optional) The value for the property matches (equals) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.' + eq_exact_match: '- (Optional) The value for the property exclusively matches (equals an exact match for) all the specified values. If you specify multiple values, Amazon Macie uses AND logic to join the values.' + field: '- (Required) The name of the field to be evaluated.' + finding_criteria: '- (Required) The criteria to use to filter findings.' + gt: '- (Optional) The value for the property is greater than the specified value.' + gte: '- (Optional) The value for the property is greater than or equal to the specified value.' + id: '- The unique identifier (ID) of the macie Findings Filter.' + lt: '- (Optional) The value for the property is less than the specified value.' + lte: '- (Optional) The value for the property is less than or equal to the specified value.' + name: '- (Optional) A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix.' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.' + neq: '- (Optional) The value for the property doesn''t match (doesn''t equal) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.' + position: '- (Optional) The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.' + tags: '- (Optional) A map of key-value pairs that specifies the tags to associate with the filter.' + aws_macie2_invitation_accepter: + subCategory: Macie + description: Provides a resource to manage an Amazon Macie Invitation Accepter. + name: aws_macie2_invitation_accepter + titleName: aws_macie2_invitation_accepter + examples: + - manifest: |- + { + "administrator_account_id": "ADMINISTRATOR ACCOUNT ID", + "depends_on": [ + "${aws_macie2_member.primary}" + ] + } + argumentDocs: + administrator_account_id: '- (Required) The AWS account ID for the account that sent the invitation.' + id: '- The unique identifier (ID) of the macie invitation accepter.' + invitation_id: '- The unique identifier for the invitation.' + aws_macie2_member: + subCategory: Macie + description: Provides a resource to manage an Amazon Macie Member. + name: aws_macie2_member + titleName: aws_macie2_member + examples: + - manifest: |- + { + "account_id": "AWS ACCOUNT ID", + "depends_on": [ + "${aws_macie2_account.example}" + ], + "email": "EMAIL", + "invitation_disable_email_notification": true, + "invitation_message": "Message of the invitation", + "invite": true + } + argumentDocs: + account_id: '- (Required) The AWS account ID for the account.' + administrator_account_id: '- The AWS account ID for the administrator account.' + arn: '- The Amazon Resource Name (ARN) of the account.' + email: '- (Required) The email address for the account.' + id: '- The unique identifier (ID) of the macie Member.' + invitation_disable_email_notification: '- (Optional) Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to true.' + invitation_message: '- (Optional) A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.' + invite: '- (Optional) Send an invitation to a member' + invited_at: '- The date and time, in UTC and extended RFC 3339 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn''t been sent to the account.' + relationship_status: '- The current status of the relationship between the account and the administrator account.' + status: '- (Optional) Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to ENABLED. Valid values are ENABLED or PAUSED.' + tags: '- (Optional) A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.' + updated_at: '- The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the relationship between the account and the administrator account.' + aws_macie2_organization_admin_account: + subCategory: Macie + description: Provides a resource to manage an Amazon Macie Organization Admin Account. + name: aws_macie2_organization_admin_account + titleName: aws_macie2_organization_admin_account + examples: + - manifest: |- + { + "admin_account_id": "ID OF THE ADMIN ACCOUNT", + "depends_on": [ + "${aws_macie2_account.test}" + ] + } + argumentDocs: + admin_account_id: '- (Required) The AWS account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.' + id: '- The unique identifier (ID) of the macie organization admin account.' + aws_main_route_table_association: + subCategory: VPC + description: Provides a resource for managing the main routing table of a VPC. + name: aws_main_route_table_association + titleName: aws_main_route_table_association + examples: + - manifest: |- + { + "route_table_id": "${aws_route_table.bar.id}", + "vpc_id": "${aws_vpc.foo.id}" + } + references: + route_table_id: aws_route_table.id + vpc_id: aws_vpc.id + argumentDocs: + id: '- The ID of the Route Table Association' + original_route_table_id: '- Used internally, see Notes below' + route_table_id: |- + - (Required) The ID of the Route Table to set as the new + main route table for the target VPC + vpc_id: '- (Required) The ID of the VPC whose main route table should be set' + aws_media_convert_queue: + subCategory: MediaConvert + description: Provides an AWS Elemental MediaConvert Queue. + name: aws_media_convert_queue + titleName: aws_media_convert_queue + examples: + - manifest: |- + { + "name": "tf-test-queue" + } + argumentDocs: + arn: '- The Arn of the queue' + commitment: '- (Required) The length of the term of your reserved queue pricing plan commitment. Valid value is ONE_YEAR.' + description: '- (Optional) A description of the queue' + id: '- The same as name' + name: '- (Required) A unique identifier describing the queue' + pricing_plan: '- (Optional) Specifies whether the pricing plan for the queue is on-demand or reserved. Valid values are ON_DEMAND or RESERVED. Default to ON_DEMAND.' + renewal_type: '- (Required) Specifies whether the term of your reserved queue pricing plan. Valid values are AUTO_RENEW or EXPIRE.' + reservation_plan_settings: '- (Optional) A detail pricing plan of the reserved queue. See below.' + reserved_slots: '- (Required) Specifies the number of reserved transcode slots (RTS) for queue.' + status: '- (Optional) A status of the queue. Valid values are ACTIVE or RESERVED. Default to PAUSED.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_media_package_channel: + subCategory: MediaPackage + description: Provides an AWS Elemental MediaPackage Channel. + name: aws_media_package_channel + titleName: aws_media_package_channel + examples: + - manifest: |- + { + "channel_id": "kitten-channel", + "description": "A channel dedicated to amusing videos of kittens." + } + argumentDocs: + arn: '- The ARN of the channel' + channel_id: '- (Required) A unique identifier describing the channel' + description: '- (Optional) A description of the channel' + hls_ingest: '- A single item list of HLS ingest information' + id: '- The same as channel_id' + ingest_endpoints: '- A list of the ingest endpoints' + password: '- The password' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + url: '- The URL' + username: '- The username' + aws_media_store_container: + subCategory: MediaStore + description: Provides a MediaStore Container. + name: aws_media_store_container + titleName: aws_media_store_container + examples: + - manifest: |- + { + "name": "example" + } + argumentDocs: + arn: '- The ARN of the container.' + endpoint: '- The DNS endpoint of the container.' + name: '- (Required) The name of the container. Must contain alphanumeric characters or underscores.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_media_store_container_policy: + subCategory: MediaStore + description: Provides a MediaStore Container Policy. + name: aws_media_store_container_policy + titleName: aws_media_store_container_policy + examples: + - manifest: |- + { + "container_name": "${aws_media_store_container.example.name}", + "policy": "{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [{\n\t\t\"Sid\": \"MediaStoreFullAccess\",\n\t\t\"Action\": [ \"mediastore:*\" ],\n\t\t\"Principal\": {\"AWS\" : \"arn:aws:iam::${data.aws_caller_identity.current.account_id}:root\"},\n\t\t\"Effect\": \"Allow\",\n\t\t\"Resource\": \"arn:aws:mediastore:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:container/${aws_media_store_container.example.name}/*\",\n\t\t\"Condition\": {\n\t\t\t\"Bool\": { \"aws:SecureTransport\": \"true\" }\n\t\t}\n\t}]\n}\n" + } + references: + container_name: aws_media_store_container.name + argumentDocs: + container_name: '- (Required) The name of the container.' + policy: '- (Required) The contents of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + aws_mq_broker: + subCategory: MQ + description: Provides an MQ Broker Resource + name: aws_mq_broker + titleName: aws_mq_broker + examples: + - manifest: |- + { + "broker_name": "example", + "configuration": [ + { + "id": "${aws_mq_configuration.test.id}", + "revision": "${aws_mq_configuration.test.latest_revision}" + } + ], + "engine_type": "ActiveMQ", + "engine_version": "5.15.9", + "host_instance_type": "mq.t2.micro", + "security_groups": [ + "${aws_security_group.test.id}" + ], + "user": [ + { + "password": "MindTheGap", + "username": "ExampleUser" + } + ] + } + - manifest: |- + { + "broker_name": "example", + "configuration": [ + { + "id": "${aws_mq_configuration.test.id}", + "revision": "${aws_mq_configuration.test.latest_revision}" + } + ], + "engine_type": "ActiveMQ", + "engine_version": "5.15.9", + "host_instance_type": "mq.m5.large", + "security_groups": [ + "${aws_security_group.test.id}" + ], + "storage_type": "ebs", + "user": [ + { + "password": "MindTheGap", + "username": "ExampleUser" + } + ] + } + argumentDocs: + ActiveMQ: ':' + RabbitMQ: ':' + apply_immediately: '- (Optional) Specifies whether any broker modifications are applied immediately, or during the next maintenance window. Default is false.' + arn: '- ARN of the broker.' + audit: '- (Optional) Enables audit logging. Auditing is only possible for engine_type of ActiveMQ. User management action made using JMX or the ActiveMQ Web Console is logged. Defaults to false.' + authentication_strategy: '- (Optional) Authentication strategy used to secure the broker. Valid values are simple and ldap. ldap is not supported for engine_type RabbitMQ.' + auto_minor_version_upgrade: '- (Optional) Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available.' + broker_name: '- (Required) Name of the broker.' + configuration: '- (Optional) Configuration block for broker configuration. Applies to engine_type of ActiveMQ only. Detailed below.' + console_access: '- (Optional) Whether to enable access to the ActiveMQ Web Console for the user. Applies to engine_type of ActiveMQ only.' + day_of_week: '- (Required) Day of the week, e.g. MONDAY, TUESDAY, or WEDNESDAY.' + deployment_mode: '- (Optional) Deployment mode of the broker. Valid values are SINGLE_INSTANCE, ACTIVE_STANDBY_MULTI_AZ, and CLUSTER_MULTI_AZ. Default is SINGLE_INSTANCE.' + encryption_options: '- (Optional) Configuration block containing encryption options. Detailed below.' + engine_type: '- (Required) Type of broker engine. Valid values are ActiveMQ and RabbitMQ.' + engine_version: '- (Required) Version of the broker engine. See the AmazonMQ Broker Engine docs for supported versions. For example, 5.15.0.' + general: '- (Optional) Enables general logging via CloudWatch. Defaults to false.' + groups: '- (Optional) List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to engine_type of ActiveMQ only.' + host_instance_type: '- (Required) Broker''s instance type. For example, mq.t3.micro, mq.m5.large.' + hosts: '- (Optional) List of a fully qualified domain name of the LDAP server and an optional failover server.' + id: '- Unique ID that Amazon MQ generates for the broker.' + instances: '- List of information about allocated brokers (both active & standby).' + instances.0.console_url: '- The URL of the broker''s ActiveMQ Web Console.' + instances.0.endpoints: '- Broker''s wire-level protocol endpoints in the following order & format referenceable e.g. as instances.0.endpoints.0 (SSL):' + instances.0.ip_address: '- IP Address of the broker.' + kms_key_id: '- (Optional) Amazon Resource Name (ARN) of Key Management Service (KMS) Customer Master Key (CMK) to use for encryption at rest. Requires setting use_aws_owned_key to false. To perform drift detection when AWS-managed CMKs or customer-managed CMKs are in use, this value must be configured.' + ldap_server_metadata: '- (Optional) Configuration block for the LDAP server used to authenticate and authorize connections to the broker. Not supported for engine_type RabbitMQ. Detailed below. (Currently, AWS may not process changes to LDAP server metadata.)' + logs: '- (Optional) Configuration block for the logging configuration of the broker. Detailed below.' + maintenance_window_start_time: '- (Optional) Configuration block for the maintenance window start time. Detailed below.' + password: '- (Required) Password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas.' + publicly_accessible: '- (Optional) Whether to enable connections from applications outside of the VPC that hosts the broker''s subnets.' + revision: '- (Optional) Revision of the Configuration.' + role_base: '- (Optional) Fully qualified name of the directory to search for a user’s groups.' + role_name: '- (Optional) Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.' + role_search_matching: '- (Optional) Search criteria for groups.' + role_search_subtree: '- (Optional) Whether the directory search scope is the entire sub-tree.' + security_groups: '- (Optional) List of security group IDs assigned to the broker.' + service_account_password: '- (Optional) Service account password.' + service_account_username: '- (Optional) Service account username.' + storage_type: '- (Optional) Storage type of the broker. For engine_type ActiveMQ, the valid values are efs and ebs, and the AWS-default is efs. For engine_type RabbitMQ, only ebs is supported. When using ebs, only the mq.m5 broker instance type family is supported.' + subnet_ids: '- (Optional) List of subnet IDs in which to launch the broker. A SINGLE_INSTANCE deployment requires one subnet. An ACTIVE_STANDBY_MULTI_AZ deployment requires multiple subnets.' + tags: '- (Optional) Map of tags to assign to the broker. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + time_of_day: '- (Required) Time, in 24-hour format, e.g. 02:00.' + time_zone: '- (Required) Time zone in either the Country/City format or the UTC offset format, e.g. CET.' + use_aws_owned_key: '- (Optional) Whether to enable an AWS-owned KMS CMK that is not in your account. Defaults to true. Setting to false without configuring kms_key_id will create an AWS-managed CMK aliased to aws/mq in your account.' + user: '- (Required) Configuration block for broker users. For engine_type of RabbitMQ, Amazon MQ does not return broker users preventing this resource from making user updates and drift detection. Detailed below.' + user_base: '- (Optional) Fully qualified name of the directory where you want to search for users.' + user_role_name: '- (Optional) Specifies the name of the LDAP attribute for the user group membership.' + user_search_matching: '- (Optional) Search criteria for users.' + user_search_subtree: '- (Optional) Whether the directory search scope is the entire sub-tree.' + username: '- (Required) Username of the user.' + aws_mq_configuration: + subCategory: MQ + description: Provides an MQ configuration Resource + name: aws_mq_configuration + titleName: aws_mq_configuration + examples: + - manifest: |- + { + "data": "\u003c?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?\u003e\n\u003cbroker xmlns=\"http://activemq.apache.org/schema/core\"\u003e\n \u003cplugins\u003e\n \u003cforcePersistencyModeBrokerPlugin persistenceFlag=\"true\"/\u003e\n \u003cstatisticsBrokerPlugin/\u003e\n \u003ctimeStampingBrokerPlugin ttlCeiling=\"86400000\" zeroExpirationOverride=\"86400000\"/\u003e\n \u003c/plugins\u003e\n\u003c/broker\u003e\n", + "description": "Example Configuration", + "engine_type": "ActiveMQ", + "engine_version": "5.15.0", + "name": "example" + } + argumentDocs: + arn: '- ARN of the configuration.' + authentication_strategy: '- (Optional) Authentication strategy associated with the configuration. Valid values are simple and ldap. ldap is not supported for engine_type RabbitMQ.' + data: '- (Required) Broker configuration in XML format. See official docs for supported parameters and format of the XML.' + description: '- (Optional) Description of the configuration.' + engine_type: '- (Required) Type of broker engine. Valid values are ActiveMQ and RabbitMQ.' + engine_version: '- (Required) Version of the broker engine.' + id: '- Unique ID that Amazon MQ generates for the configuration.' + latest_revision: '- Latest revision of the configuration.' + name: '- (Required) Name of the configuration.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_msk_cluster: + subCategory: Managed Streaming for Kafka (MSK) + description: Terraform resource for managing an AWS Managed Streaming for Kafka cluster + name: aws_msk_cluster + titleName: aws_msk_cluster + examples: + - manifest: |- + { + "broker_node_group_info": [ + { + "client_subnets": [ + "${aws_subnet.subnet_az1.id}", + "${aws_subnet.subnet_az2.id}", + "${aws_subnet.subnet_az3.id}" + ], + "ebs_volume_size": 1000, + "instance_type": "kafka.m5.large", + "security_groups": [ + "${aws_security_group.sg.id}" + ] + } + ], + "cluster_name": "example", + "encryption_info": [ + { + "encryption_at_rest_kms_key_arn": "${aws_kms_key.kms.arn}" + } + ], + "kafka_version": "2.4.1", + "logging_info": [ + { + "broker_logs": [ + { + "cloudwatch_logs": [ + { + "enabled": true, + "log_group": "${aws_cloudwatch_log_group.test.name}" + } + ], + "firehose": [ + { + "delivery_stream": "${aws_kinesis_firehose_delivery_stream.test_stream.name}", + "enabled": true + } + ], + "s3": [ + { + "bucket": "${aws_s3_bucket.bucket.id}", + "enabled": true, + "prefix": "logs/msk-" + } + ] + } + ] + } + ], + "number_of_broker_nodes": 3, + "open_monitoring": [ + { + "prometheus": [ + { + "jmx_exporter": [ + { + "enabled_in_broker": true + } + ], + "node_exporter": [ + { + "enabled_in_broker": true + } + ] + } + ] + } + ], + "tags": { + "foo": "bar" + } + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the MSK cluster.' + az_distribution: '- (Optional) The distribution of broker nodes across availability zones (documentation). Currently the only valid value is DEFAULT.' + bootstrap_brokers: '- Comma separated list of one or more hostname:port pairs of kafka brokers suitable to bootstrap connectivity to the kafka cluster. Contains a value if encryption_info.0.encryption_in_transit.0.client_broker is set to PLAINTEXT or TLS_PLAINTEXT. The resource sorts values alphabetically. AWS may not always return all endpoints so this value is not guaranteed to be stable across applies.' + bootstrap_brokers_sasl_iam: '- One or more DNS names (or IP addresses) and SASL IAM port pairs. For example, b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098. This attribute will have a value if encryption_info.0.encryption_in_transit.0.client_broker is set to TLS_PLAINTEXT or TLS and client_authentication.0.sasl.0.iam is set to true. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.' + bootstrap_brokers_sasl_scram: '- One or more DNS names (or IP addresses) and SASL SCRAM port pairs. For example, b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096. This attribute will have a value if encryption_info.0.encryption_in_transit.0.client_broker is set to TLS_PLAINTEXT or TLS and client_authentication.0.sasl.0.scram is set to true. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.' + bootstrap_brokers_tls: '- One or more DNS names (or IP addresses) and TLS port pairs. For example, b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094. This attribute will have a value if encryption_info.0.encryption_in_transit.0.client_broker is set to TLS_PLAINTEXT or TLS. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.' + broker_logs: '- (Required) Configuration block for Broker Logs settings for logging info. See below.' + broker_node_group_info: '- (Required) Configuration block for the broker nodes of the Kafka cluster.' + bucket: '- (Optional) Name of the S3 bucket to deliver logs to.' + certificate_authority_arns: '- (Optional) List of ACM Certificate Authority Amazon Resource Names (ARNs).' + client_authentication: '- (Optional) Configuration block for specifying a client authentication. See below.' + client_broker: '- (Optional) Encryption setting for data in transit between clients and brokers. Valid values: TLS, TLS_PLAINTEXT, and PLAINTEXT. Default value is TLS.' + client_subnets: '- (Required) A list of subnets to connect to in client VPC (documentation).' + cluster_name: '- (Required) Name of the MSK cluster.' + configuration_info: '- (Optional) Configuration block for specifying a MSK Configuration to attach to Kafka brokers. See below.' + current_version: '- Current version of the MSK Cluster used for updates, e.g. K13V1IB3VIYZZH' + delivery_stream: '- (Optional) Name of the Kinesis Data Firehose delivery stream to deliver logs to.' + ebs_volume_size: '- (Required) The size in GiB of the EBS volume for the data drive on each broker node.' + enabled: '- (Optional) Indicates whether you want to enable or disable streaming broker logs to S3.' + enabled_in_broker: '- (Required) Indicates whether you want to enable or disable the Node Exporter.' + encryption_at_rest_kms_key_arn: '- (Optional) You may specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS (''aws/msk'' managed service) key will be used for encrypting the data at rest.' + encryption_in_transit: '- (Optional) Configuration block to specify encryption in transit. See below.' + encryption_info: '- (Optional) Configuration block for specifying encryption. See below.' + encryption_info.0.encryption_at_rest_kms_key_arn: '- The ARN of the KMS key used for encryption at rest of the broker data volumes.' + enhanced_monitoring: '- (Optional) Specify the desired enhanced MSK CloudWatch monitoring level. See Monitoring Amazon MSK with Amazon CloudWatch' + iam: '- (Optional) Enables IAM client authentication. Defaults to false.' + in_cluster: '- (Optional) Whether data communication among broker nodes is encrypted. Default value: true.' + instance_type: '- (Required) Specify the instance type to use for the kafka brokers. e.g. kafka.m5.large. (Pricing info)' + jmx_exporter: '- (Optional) Configuration block for JMX Exporter. See below.' + kafka_version: '- (Required) Specify the desired Kafka software version.' + log_group: '- (Optional) Name of the Cloudwatch Log Group to deliver logs to.' + logging_info: '- (Optional) Configuration block for streaming broker logs to Cloudwatch/S3/Kinesis Firehose. See below.' + node_exporter: '- (Optional) Configuration block for Node Exporter. See below.' + number_of_broker_nodes: '- (Required) The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets.' + open_monitoring: '- (Optional) Configuration block for JMX and Node monitoring for the MSK cluster. See below.' + prefix: '- (Optional) Prefix to append to the folder name.' + prometheus: '- (Required) Configuration block for Prometheus settings for open monitoring. See below.' + revision: '- (Required) Revision of the MSK Configuration to use in the cluster.' + sasl: '- (Optional) Configuration block for specifying SASL client authentication. See below.' + scram: '- (Optional) Enables SCRAM client authentication via AWS Secrets Manager. Defaults to false.' + security_groups: '- (Required) A list of the security groups to associate with the elastic network interfaces to control who can communicate with the cluster.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tls: '- (Optional) Configuration block for specifying TLS client authentication. See below.' + zookeeper_connect_string: '- A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster. The returned values are sorted alphbetically. The AWS API may not return all endpoints, so this value is not guaranteed to be stable across applies.' + aws_msk_configuration: + subCategory: Managed Streaming for Kafka (MSK) + description: Terraform resource for managing an Amazon Managed Streaming for Kafka configuration + name: aws_msk_configuration + titleName: aws_msk_configuration + examples: + - manifest: |- + { + "kafka_versions": [ + "2.1.0" + ], + "name": "example", + "server_properties": "auto.create.topics.enable = true\ndelete.topic.enable = true\n" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the configuration.' + description: '- (Optional) Description of the configuration.' + kafka_versions: '- (Required) List of Apache Kafka versions which can use this configuration.' + latest_revision: '- Latest revision of the configuration.' + name: '- (Required) Name of the configuration.' + server_properties: '- (Required) Contents of the server.properties file. Supported properties are documented in the MSK Developer Guide.' + aws_msk_scram_secret_association: + subCategory: Managed Streaming for Kafka (MSK) + description: Associates SCRAM secrets with a Managed Streaming for Kafka (MSK) cluster. + name: aws_msk_scram_secret_association + titleName: aws_msk_scram_secret_association + examples: + - manifest: |- + { + "cluster_arn": "${aws_msk_cluster.example.arn}", + "depends_on": [ + "${aws_secretsmanager_secret_version.example}" + ], + "secret_arn_list": [ + "${aws_secretsmanager_secret.example.arn}" + ] + } + references: + cluster_arn: aws_msk_cluster.arn + argumentDocs: + cluster_arn: '- (Required, Forces new resource) Amazon Resource Name (ARN) of the MSK cluster.' + id: '- Amazon Resource Name (ARN) of the MSK cluster.' + secret_arn_list: '- (Required) List of AWS Secrets Manager secret ARNs.' + aws_mwaa_environment: + subCategory: Managed Workflows for Apache Airflow (MWAA) + description: Creates a MWAA Environment + name: aws_mwaa_environment + titleName: aws_mwaa_environment + examples: + - manifest: |- + { + "dag_s3_path": "dags/", + "execution_role_arn": "${aws_iam_role.example.arn}", + "name": "example", + "network_configuration": [ + { + "security_group_ids": [ + "${aws_security_group.example.id}" + ], + "subnet_ids": "${aws_subnet.private[*].id}" + } + ], + "source_bucket_arn": "${aws_s3_bucket.example.arn}" + } + references: + execution_role_arn: aws_iam_role.arn + source_bucket_arn: aws_s3_bucket.arn + - manifest: |- + { + "airflow_configuration_options": { + "core.default_task_retries": 16, + "core.parallelism": 1 + }, + "dag_s3_path": "dags/", + "execution_role_arn": "${aws_iam_role.example.arn}", + "name": "example", + "network_configuration": [ + { + "security_group_ids": [ + "${aws_security_group.example.id}" + ], + "subnet_ids": "${aws_subnet.private[*].id}" + } + ], + "source_bucket_arn": "${aws_s3_bucket.example.arn}" + } + references: + execution_role_arn: aws_iam_role.arn + source_bucket_arn: aws_s3_bucket.arn + - manifest: |- + { + "dag_s3_path": "dags/", + "execution_role_arn": "${aws_iam_role.example.arn}", + "logging_configuration": [ + { + "dag_processing_logs": [ + { + "enabled": true, + "log_level": "DEBUG" + } + ], + "scheduler_logs": [ + { + "enabled": true, + "log_level": "INFO" + } + ], + "task_logs": [ + { + "enabled": true, + "log_level": "WARNING" + } + ], + "webserver_logs": [ + { + "enabled": true, + "log_level": "ERROR" + } + ], + "worker_logs": [ + { + "enabled": true, + "log_level": "CRITICAL" + } + ] + } + ], + "name": "example", + "network_configuration": [ + { + "security_group_ids": [ + "${aws_security_group.example.id}" + ], + "subnet_ids": "${aws_subnet.private[*].id}" + } + ], + "source_bucket_arn": "${aws_s3_bucket.example.arn}" + } + references: + execution_role_arn: aws_iam_role.arn + source_bucket_arn: aws_s3_bucket.arn + - manifest: |- + { + "dag_s3_path": "dags/", + "execution_role_arn": "${aws_iam_role.example.arn}", + "name": "example", + "network_configuration": [ + { + "security_group_ids": [ + "${aws_security_group.example.id}" + ], + "subnet_ids": "${aws_subnet.private[*].id}" + } + ], + "source_bucket_arn": "${aws_s3_bucket.example.arn}", + "tags": { + "Environment": "production", + "Name": "example" + } + } + references: + execution_role_arn: aws_iam_role.arn + source_bucket_arn: aws_s3_bucket.arn + argumentDocs: + airflow_configuration_options: '- (Optional) The airflow_configuration_options parameter specifies airflow override options. Check the Official documentation for all possible configuration options.' + airflow_version: '- (Optional) Airflow version of your environment, will be set by default to the latest version that MWAA supports.' + arn: '- The ARN of the MWAA Environment' + created_at: '- The Created At date of the MWAA Environment' + dag_processing_logs: '- (Optional) (Optional) Log configuration options for processing DAGs. See Module logging configuration for more information. Disabled by default.' + dag_s3_path: '- (Required) The relative path to the DAG folder on your Amazon S3 storage bucket. For example, dags. For more information, see Importing DAGs on Amazon MWAA.' + enabled: '- (Required) Enabling or disabling the collection of logs' + environment_class: '- (Optional) Environment class for the cluster. Possible options are mw1.small, mw1.medium, mw1.large. Will be set by default to mw1.small. Please check the AWS Pricing for more information about the environment classes.' + execution_role_arn: '- (Required) The Amazon Resource Name (ARN) of the task execution role that the Amazon MWAA and its environment can assume. Check the official AWS documentation for the detailed role specification.' + kms_key: '- (Optional) The Amazon Resource Name (ARN) of your KMS key that you want to use for encryption. Will be set to the ARN of the managed KMS key aws/airflow by default. Please check the Official Documentation for more information.' + log_level: '- (Optional) Logging level. Valid values: CRITICAL, ERROR, WARNING, INFO, DEBUG. Will be INFO by default.' + logging_configuration: '- (Optional) The Apache Airflow logs you want to send to Amazon CloudWatch Logs.' + logging_configuration[0].[0].cloud_watch_log_group_arn: '- Provides the ARN for the CloudWatch group where the logs will be published' + max_workers: '- (Optional) The maximum number of workers that can be automatically scaled up. Value need to be between 1 and 25. Will be 10 by default.' + min_workers: '- (Optional) The minimum number of workers that you want to run in your environment. Will be 1 by default.' + name: '- (Required) The name of the Apache Airflow Environment' + network_configuration: '- (Required) Specifies the network configuration for your Apache Airflow Environment. This includes two private subnets as well as security groups for the Airflow environment. Each subnet requires internet connection, otherwise the deployment will fail. See Network configuration below for details.' + plugins_s3_object_version: '- (Optional) The plugins.zip file version you want to use.' + plugins_s3_path: '- (Optional) The relative path to the plugins.zip file on your Amazon S3 storage bucket. For example, plugins.zip. If a relative path is provided in the request, then plugins_s3_object_version is required. For more information, see Importing DAGs on Amazon MWAA.' + requirements_s3_object_version: '- (Optional) The requirements.txt file version you want to use.' + requirements_s3_path: '- (Optional) The relative path to the requirements.txt file on your Amazon S3 storage bucket. For example, requirements.txt. If a relative path is provided in the request, then requirements_s3_object_version is required. For more information, see Importing DAGs on Amazon MWAA.' + scheduler_logs: '- (Optional) Log configuration options for the schedulers. See Module logging configuration for more information. Disabled by default.' + security_group_ids: '- (Required) Security groups IDs for the environment. At least one of the security group needs to allow MWAA resources to talk to each other, otherwise MWAA cannot be provisioned.' + service_role_arn: '- The Service Role ARN of the Amazon MWAA Environment' + source_bucket_arn: '- (Required) The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname.' + status: '- The status of the Amazon MWAA Environment' + subnet_ids: '- (Required) The private subnet IDs in which the environment should be created. MWAA requires two subnets.' + tags: '- (Optional) A map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + task_logs: '- (Optional) Log configuration options for DAG tasks. See Module logging configuration for more information. Enabled by default with INFO log level.' + webserver_access_mode: '- (Optional) Specifies whether the webserver should be accessible over the internet or via your specified VPC. Possible options: PRIVATE_ONLY (default) and PUBLIC_ONLY.' + webserver_logs: '- (Optional) Log configuration options for the webservers. See Module logging configuration for more information. Disabled by default.' + webserver_url: '- The webserver URL of the MWAA Environment' + weekly_maintenance_window_start: '- (Optional) Specifies the start date for the weekly maintenance window.' + worker_logs: '- (Optional) Log configuration options for the workers. See Module logging configuration for more information. Disabled by default.' + aws_nat_gateway: + subCategory: VPC + description: Provides a resource to create a VPC NAT Gateway. + name: aws_nat_gateway + titleName: aws_nat_gateway + examples: + - manifest: |- + { + "allocation_id": "${aws_eip.example.id}", + "depends_on": [ + "${aws_internet_gateway.example}" + ], + "subnet_id": "${aws_subnet.example.id}", + "tags": { + "Name": "gw NAT" + } + } + references: + allocation_id: aws_eip.id + subnet_id: aws_subnet.id + - manifest: |- + { + "connectivity_type": "private", + "subnet_id": "${aws_subnet.example.id}" + } + references: + subnet_id: aws_subnet.id + argumentDocs: + allocation_id: '- The Allocation ID of the Elastic IP address for the gateway.' + connectivity_type: '- (Optional) Connectivity type for the gateway. Valid values are private and public. Defaults to public.' + id: '- The ID of the NAT Gateway.' + network_interface_id: '- The ENI ID of the network interface created by the NAT gateway.' + private_ip: '- The private IP address of the NAT Gateway.' + public_ip: '- The public IP address of the NAT Gateway.' + subnet_id: '- The Subnet ID of the subnet in which the NAT gateway is placed.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_neptune_cluster: + subCategory: Neptune + description: Provides an Neptune Cluster Resource + name: aws_neptune_cluster + titleName: aws_neptune_cluster + examples: + - manifest: |- + { + "apply_immediately": true, + "backup_retention_period": 5, + "cluster_identifier": "neptune-cluster-demo", + "engine": "neptune", + "iam_database_authentication_enabled": true, + "preferred_backup_window": "07:00-09:00", + "skip_final_snapshot": true + } + argumentDocs: + apply_immediately: '- (Optional) Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false.' + arn: '- The Neptune Cluster Amazon Resource Name (ARN)' + availability_zones: '- (Optional) A list of EC2 Availability Zones that instances in the Neptune cluster can be created in.' + backup_retention_period: '- (Optional) The days to retain backups for. Default 1' + cluster_identifier: '- (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier.' + cluster_identifier_prefix: '- (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier.' + cluster_members: – List of Neptune Instances that are a part of this cluster + cluster_resource_id: '- The Neptune Cluster Resource ID' + copy_tags_to_snapshot: '- (Optional) If set to true, tags are copied to any snapshot of the DB cluster that is created.' + create: '- (Default 120 minutes) Used for Cluster creation' + delete: '- (Default 120 minutes) Used for destroying cluster. This includes any cleanup task during the destroying process.' + deletion_protection: '- (Optional) A value that indicates whether the DB cluster has deletion protection enabled.The database can''t be deleted when deletion protection is enabled. By default, deletion protection is disabled.' + enable_cloudwatch_logs_exports: '- (Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports audit.' + endpoint: '- The DNS address of the Neptune instance' + engine: '- (Optional) The name of the database engine to be used for this Neptune cluster. Defaults to neptune.' + engine_version: '- (Optional) The database engine version.' + final_snapshot_identifier: '- (Optional) The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made.' + hosted_zone_id: '- The Route53 Hosted Zone ID of the endpoint' + iam_database_authentication_enabled: '- (Optional) Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.' + iam_roles: '- (Optional) A List of ARNs for the IAM roles to associate to the Neptune Cluster.' + id: '- The Neptune Cluster Identifier' + kms_key_arn: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_arn, storage_encrypted needs to be set to true.' + neptune_cluster_parameter_group_name: '- (Optional) A cluster parameter group to associate with the cluster.' + neptune_subnet_group_name: '- (Optional) A Neptune subnet group to associate with this Neptune instance.' + port: '- (Optional) The port on which the Neptune accepts connections. Default is 8182.' + preferred_backup_window: '- (Optional) The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00' + preferred_maintenance_window: '- (Optional) The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30' + reader_endpoint: '- A read-only endpoint for the Neptune cluster, automatically load-balanced across replicas' + replication_source_identifier: '- (Optional) ARN of a source Neptune cluster or Neptune instance if this Neptune cluster is to be created as a Read Replica.' + skip_final_snapshot: '- (Optional) Determines whether a final Neptune snapshot is created before the Neptune cluster is deleted. If true is specified, no Neptune snapshot is created. If false is specified, a Neptune snapshot is created before the Neptune cluster is deleted, using the value from final_snapshot_identifier. Default is false.' + snapshot_identifier: '- (Optional) Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a Neptune cluster snapshot, or the ARN when specifying a Neptune snapshot.' + status: '- The Neptune instance status' + storage_encrypted: '- (Optional) Specifies whether the Neptune cluster is encrypted. The default is false if not specified.' + tags: '- (Optional) A map of tags to assign to the Neptune cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 120 minutes) Used for Cluster modifications' + vpc_security_group_ids: '- (Optional) List of VPC security groups to associate with the Cluster' + aws_neptune_cluster_endpoint: + subCategory: Neptune + description: Provides an Neptune Cluster Endpoint Resource + name: aws_neptune_cluster_endpoint + titleName: aws_neptune_cluster_endpoint + examples: + - manifest: |- + { + "cluster_endpoint_identifier": "example", + "cluster_identifier": "${aws_neptune_cluster.test.cluster_identifier}", + "endpoint_type": "READER" + } + references: + cluster_identifier: aws_neptune_cluster.cluster_identifier + argumentDocs: + arn: '- The Neptune Cluster Endpoint Amazon Resource Name (ARN).' + cluster_identifier: '- (Required, Forces new resources) The DB cluster identifier of the DB cluster associated with the endpoint.' + cluster_identifier_endpoint: '- (Required, Forces new resources) The identifier of the endpoint.' + endpoint: '- The DNS address of the endpoint.' + endpoint_type: '- (Required) The type of the endpoint. One of: READER, WRITER, ANY.' + excluded_members: '- (Optional) List of DB instance identifiers that aren''t part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty.' + id: '- The Neptune Cluster Endpoint Identifier.' + static_members: '- (Optional) List of DB instance identifiers that are part of the custom endpoint group.' + tags: '- (Optional) A map of tags to assign to the Neptune cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_neptune_cluster_instance: + subCategory: Neptune + description: Provides an Neptune Cluster Resource Instance + name: aws_neptune_cluster_instance + titleName: aws_neptune_cluster_instance + examples: + - manifest: |- + { + "apply_immediately": true, + "cluster_identifier": "${aws_neptune_cluster.default.id}", + "count": 2, + "engine": "neptune", + "instance_class": "db.r4.large" + } + references: + cluster_identifier: aws_neptune_cluster.id + argumentDocs: + address: '- The hostname of the instance. See also endpoint and port.' + apply_immediately: |- + - (Optional) Specifies whether any instance modifications + are applied immediately, or during the next maintenance window. Default isfalse. + arn: '- Amazon Resource Name (ARN) of neptune instance' + auto_minor_version_upgrade: '- (Optional) Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. Default is true.' + availability_zone: '- (Optional) The EC2 Availability Zone that the neptune instance is created in.' + cluster_identifier: '- (Required) The identifier of the aws_neptune_cluster in which to launch this instance.' + create: '- (Default 90 minutes) How long to wait for creating instances to become available.' + dbi_resource_id: '- The region-unique, immutable identifier for the neptune instance.' + delete: '- (Default 90 minutes) How long to wait for deleting instances to become fully deleted.' + endpoint: '- The connection endpoint in address:port format.' + engine: '- (Optional) The name of the database engine to be used for the neptune instance. Defaults to neptune. Valid Values: neptune.' + engine_version: '- (Optional) The neptune engine version.' + id: '- The Instance identifier' + identifier: '- (Optional, Forces new resource) The identifier for the neptune instance, if omitted, Terraform will assign a random, unique identifier.' + identifier_prefix: '- (Optional, Forces new resource) Creates a unique identifier beginning with the specified prefix. Conflicts with identifier.' + instance_class: '- (Required) The instance class to use.' + kms_key_arn: '- The ARN for the KMS encryption key if one is set to the neptune cluster.' + neptune_parameter_group_name: '- (Optional) The name of the neptune parameter group to associate with this instance.' + neptune_subnet_group_name: '- (Required if publicly_accessible = false, Optional otherwise) A subnet group to associate with this neptune instance. NOTE: This must match the neptune_subnet_group_name of the attached aws_neptune_cluster.' + port: '- (Optional) The port on which the DB accepts connections. Defaults to 8182.' + preferred_backup_window: '- (Optional) The daily time range during which automated backups are created if automated backups are enabled. Eg: "04:00-09:00"' + preferred_maintenance_window: |- + - (Optional) The window to perform maintenance in. + Syntax: "ddd:hh24:mi-ddd:hh24:mi". Eg: "Mon:00:00-Mon:03:00". + promotion_tier: '- (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.' + publicly_accessible: '- (Optional) Bool to control if instance is publicly accessible. Default is false.' + storage_encrypted: '- Specifies whether the neptune cluster is encrypted.' + tags: '- (Optional) A map of tags to assign to the instance. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 90 minutes) How long to wait for updating instances to complete updates.' + writer: – Boolean indicating if this instance is writable. False indicates this instance is a read replica. + aws_neptune_cluster_parameter_group: + subCategory: Neptune + description: Manages a Neptune Cluster Parameter Group + name: aws_neptune_cluster_parameter_group + titleName: aws_neptune_cluster_parameter_group + examples: + - manifest: |- + { + "description": "neptune cluster parameter group", + "family": "neptune1", + "name": "example", + "parameter": [ + { + "name": "neptune_enable_audit_log", + "value": 1 + } + ] + } + argumentDocs: + apply_method: '- (Optional) Valid values are immediate and pending-reboot. Defaults to pending-reboot.' + arn: '- The ARN of the neptune cluster parameter group.' + description: '- (Optional) The description of the neptune cluster parameter group. Defaults to "Managed by Terraform".' + family: '- (Required) The family of the neptune cluster parameter group.' + id: '- The neptune cluster parameter group name.' + name: '- (Required) The name of the neptune parameter.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + parameter: '- (Optional) A list of neptune parameters to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the neptune parameter.' + aws_neptune_cluster_snapshot: + subCategory: Neptune + description: Manages a Neptune database cluster snapshot. + name: aws_neptune_cluster_snapshot + titleName: aws_neptune_cluster_snapshot + examples: + - manifest: |- + { + "db_cluster_identifier": "${aws_neptune_cluster.example.id}", + "db_cluster_snapshot_identifier": "resourcetestsnapshot1234" + } + references: + db_cluster_identifier: aws_neptune_cluster.id + argumentDocs: + allocated_storage: '- Specifies the allocated storage size in gigabytes (GB).' + availability_zones: '- List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.' + create: '- (Default 20m) How long to wait for the snapshot to be available.' + db_cluster_identifier: '- (Required) The DB Cluster Identifier from which to take the snapshot.' + db_cluster_snapshot_arn: '- The Amazon Resource Name (ARN) for the DB Cluster Snapshot.' + db_cluster_snapshot_identifier: '- (Required) The Identifier for the snapshot.' + engine: '- Specifies the name of the database engine.' + engine_version: '- Version of the database engine for this DB cluster snapshot.' + kms_key_id: '- If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.' + license_model: '- License model information for the restored DB cluster.' + port: '- Port that the DB cluster was listening on at the time of the snapshot.' + source_db_cluster_snapshot_identifier: '- The DB Cluster Snapshot Arn that the DB Cluster Snapshot was copied from. It only has value in case of cross customer or cross region copy.' + status: '- The status of this DB Cluster Snapshot.' + storage_encrypted: '- Specifies whether the DB cluster snapshot is encrypted.' + vpc_id: '- The VPC ID associated with the DB cluster snapshot.' + aws_neptune_event_subscription: + subCategory: Neptune + description: Provides a Neptune event subscription resource. + name: aws_neptune_event_subscription + titleName: aws_neptune_event_subscription + examples: + - manifest: |- + { + "event_categories": [ + "maintenance", + "availability", + "creation", + "backup", + "restoration", + "recovery", + "deletion", + "failover", + "failure", + "notification", + "configuration change", + "read replica" + ], + "name": "neptune-event-sub", + "sns_topic_arn": "${aws_sns_topic.default.arn}", + "source_ids": [ + "${aws_neptune_cluster_instance.example.id}" + ], + "source_type": "db-instance", + "tags": { + "env": "test" + } + } + references: + sns_topic_arn: aws_sns_topic.arn + argumentDocs: + arn: '- The Amazon Resource Name of the Neptune event notification subscription.' + create: '- (Default 40m) How long to wait for creating event subscription to become available.' + customer_aws_id: '- The AWS customer account associated with the Neptune event notification subscription.' + delete: '- (Default 40m) How long to wait for deleting event subscription to become fully deleted.' + enabled: '- (Optional) A boolean flag to enable/disable the subscription. Defaults to true.' + event_categories: '- (Optional) A list of event categories for a source_type that you want to subscribe to. Run aws neptune describe-event-categories to find all the event categories.' + id: '- The name of the Neptune event notification subscription.' + name: '- (Optional) The name of the Neptune event subscription. By default generated by Terraform.' + name_prefix: '- (Optional) The name of the Neptune event subscription. Conflicts with name.' + sns_topic_arn: '- (Required) The ARN of the SNS topic to send events to.' + source_ids: '- (Optional) A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.' + source_type: '- (Optional) The type of source that will be generating the events. Valid options are db-instance, db-security-group, db-parameter-group, db-snapshot, db-cluster or db-cluster-snapshot. If not set, all sources will be subscribed to.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 40m) How long to wait for updating event subscription to complete updates.' + aws_neptune_parameter_group: + subCategory: Neptune + description: Manages a Neptune Parameter Group + name: aws_neptune_parameter_group + titleName: aws_neptune_parameter_group + examples: + - manifest: |- + { + "family": "neptune1", + "name": "example", + "parameter": [ + { + "name": "neptune_query_timeout", + "value": "25" + } + ] + } + argumentDocs: + apply_method: '- (Optional) The apply method of the Neptune parameter. Valid values are immediate and pending-reboot. Defaults to pending-reboot.' + arn: '- The Neptune parameter group Amazon Resource Name (ARN).' + description: '- (Optional) The description of the Neptune parameter group. Defaults to "Managed by Terraform".' + family: '- (Required) The family of the Neptune parameter group.' + id: '- The Neptune parameter group name.' + name: '- (Required) The name of the Neptune parameter.' + parameter: '- (Optional) A list of Neptune parameters to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the Neptune parameter.' + aws_neptune_subnet_group: + subCategory: Neptune + description: Provides an Neptune subnet group resource. + name: aws_neptune_subnet_group + titleName: aws_neptune_subnet_group + examples: + - manifest: |- + { + "name": "main", + "subnet_ids": [ + "${aws_subnet.frontend.id}", + "${aws_subnet.backend.id}" + ], + "tags": { + "Name": "My neptune subnet group" + } + } + argumentDocs: + arn: '- The ARN of the neptune subnet group.' + description: '- (Optional) The description of the neptune subnet group. Defaults to "Managed by Terraform".' + id: '- The neptune subnet group name.' + name: '- (Optional, Forces new resource) The name of the neptune subnet group. If omitted, Terraform will assign a random, unique name.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + subnet_ids: '- (Required) A list of VPC subnet IDs.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_network_acl: + subCategory: VPC + description: Provides an network ACL resource. + name: aws_network_acl + titleName: aws_network_acl + examples: + - manifest: |- + { + "egress": [ + { + "action": "allow", + "cidr_block": "10.3.0.0/18", + "from_port": 443, + "protocol": "tcp", + "rule_no": 200, + "to_port": 443 + } + ], + "ingress": [ + { + "action": "allow", + "cidr_block": "10.3.0.0/18", + "from_port": 80, + "protocol": "tcp", + "rule_no": 100, + "to_port": 80 + } + ], + "tags": { + "Name": "main" + }, + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + action: '- (Required) The action to take.' + arn: '- The ARN of the network ACL' + cidr_block: |- + - (Optional) The CIDR block to match. This must be a + valid network mask. + egress: |- + - (Optional) Specifies an egress rule. Parameters defined below. + This argument is processed in attribute-as-blocks mode. + from_port: '- (Required) The from port to match.' + icmp_code: '- (Optional) The ICMP type code to be used. Default 0.' + icmp_type: '- (Optional) The ICMP type to be used. Default 0.' + id: '- The ID of the network ACL' + ingress: |- + - (Optional) Specifies an ingress rule. Parameters defined below. + This argument is processed in attribute-as-blocks mode. + ipv6_cidr_block: '- (Optional) The IPv6 CIDR block.' + owner_id: '- The ID of the AWS account that owns the network ACL.' + protocol: |- + - (Required) The protocol to match. If using the -1 'all' + protocol, you must specify a from and to port of 0. + rule_no: '- (Required) The rule number. Used for ordering.' + subnet_ids: '- (Optional) A list of Subnet IDs to apply the ACL to' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + to_port: '- (Required) The to port to match.' + vpc_id: '- (Required) The ID of the associated VPC.' + aws_network_acl_rule: + subCategory: VPC + description: Provides an network ACL Rule resource. + name: aws_network_acl_rule + titleName: aws_network_acl_rule + examples: + - manifest: |- + { + "cidr_block": "${aws_vpc.foo.cidr_block}", + "egress": false, + "from_port": 22, + "network_acl_id": "${aws_network_acl.bar.id}", + "protocol": "tcp", + "rule_action": "allow", + "rule_number": 200, + "to_port": 22 + } + references: + cidr_block: aws_vpc.cidr_block + network_acl_id: aws_network_acl.id + argumentDocs: + cidr_block: '- (Optional) The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).' + egress: '- (Optional, bool) Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.' + from_port: '- (Optional) The from port to match.' + icmp_code: '- (Optional) ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1' + icmp_type: '- (Optional) ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1' + id: '- The ID of the network ACL Rule' + ipv6_cidr_block: '- (Optional) The IPv6 CIDR block to allow or deny.' + network_acl_id: '- (Required) The ID of the network ACL.' + protocol: '- (Required) The protocol. A value of -1 means all protocols.' + rule_action: '- (Required) Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny' + rule_number: '- (Required) The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.' + to_port: '- (Optional) The to port to match.' + aws_network_interface: + subCategory: VPC + description: Provides an Elastic network interface (ENI) resource. + name: aws_network_interface + titleName: aws_network_interface + examples: + - manifest: |- + { + "attachment": [ + { + "device_index": 1, + "instance": "${aws_instance.test.id}" + } + ], + "private_ips": [ + "10.0.0.50" + ], + "security_groups": [ + "${aws_security_group.web.id}" + ], + "subnet_id": "${aws_subnet.public_a.id}" + } + references: + subnet_id: aws_subnet.id + argumentDocs: + attachment: '- (Optional) Block to define the attachment of the ENI. Documented below.' + description: '- (Optional) A description for the network interface.' + device_index: '- (Required) Integer to define the devices index.' + id: '- The ID of the network interface.' + instance: '- (Required) ID of the instance to attach to.' + interface_type: '- (Optional) Type of network interface to create. Set to efa for Elastic Fabric Adapter.' + ipv6_address_count: '- (Optional) The number of IPv6 addresses to assign to a network interface. You can''t use this option if specifying specific ipv6_addresses. If your subnet has the AssignIpv6AddressOnCreation attribute set to true, you can specify 0 to override this setting.' + ipv6_addresses: '- (Optional) One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can''t use this option if you''re specifying ipv6_address_count.' + mac_address: '- The MAC address of the network interface.' + private_dns_name: '- The private DNS name of the network interface (IPv4).' + private_ips: '- (Optional) List of private IPs to assign to the ENI.' + private_ips_count: '- (Optional) Number of secondary private IPs to assign to the ENI. The total number of private IPs will be 1 + private_ips_count, as a primary private IP will be assiged to an ENI by default.' + security_groups: '- (Optional) List of security group IDs to assign to the ENI.' + source_dest_check: '- (Optional) Whether to enable source destination checking for the ENI. Default true.' + subnet_id: '- (Required) Subnet ID to create the ENI in.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_network_interface_attachment: + subCategory: VPC + description: Attach an Elastic network interface (ENI) resource with EC2 instance. + name: aws_network_interface_attachment + titleName: aws_network_interface_attachment + examples: + - manifest: |- + { + "device_index": 0, + "instance_id": "${aws_instance.test.id}", + "network_interface_id": "${aws_network_interface.test.id}" + } + references: + instance_id: aws_instance.id + network_interface_id: aws_network_interface.id + argumentDocs: + attachment_id: '- The ENI Attachment ID.' + device_index: '- (Required) Network interface index (int).' + instance_id: '- Instance ID.' + network_interface_id: '- Network interface ID.' + status: '- The status of the Network Interface Attachment.' + aws_network_interface_sg_attachment: + subCategory: VPC + description: Associates a security group with a network interface. + name: aws_network_interface_sg_attachment + titleName: aws_network_interface_sg_attachment + examples: + - manifest: |- + { + "network_interface_id": "${aws_instance.instance.primary_network_interface_id}", + "security_group_id": "${aws_security_group.sg.id}" + } + references: + network_interface_id: aws_instance.primary_network_interface_id + security_group_id: aws_security_group.id + - manifest: |- + { + "network_interface_id": "${data.aws_instance.instance.network_interface_id}", + "security_group_id": "${aws_security_group.sg.id}" + } + references: + network_interface_id: data.network_interface_id + security_group_id: aws_security_group.id + argumentDocs: + network_interface_id: '- (Required) The ID of the network interface to attach to.' + security_group_id: '- (Required) The ID of the security group.' + aws_networkfirewall_firewall: + subCategory: Network Firewall + description: Provides an AWS Network Firewall Firewall resource. + name: aws_networkfirewall_firewall + titleName: aws_networkfirewall_firewall + examples: + - manifest: |- + { + "firewall_policy_arn": "${aws_networkfirewall_firewall_policy.example.arn}", + "name": "example", + "subnet_mapping": [ + { + "subnet_id": "${aws_subnet.example.id}" + } + ], + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "vpc_id": "${aws_vpc.example.id}" + } + references: + firewall_policy_arn: aws_networkfirewall_firewall_policy.arn + vpc_id: aws_vpc.id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) that identifies the firewall.' + attachment: '- Nested list describing the attachment status of the firewall''s association with a single VPC subnet.' + availability_zone: '- The Availability Zone where the subnet is configured.' + delete_protection: '- (Optional) A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.' + description: '- (Optional) A friendly description of the firewall.' + endpoint_id: '- The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.' + firewall_policy_arn: '- (Required) The Amazon Resource Name (ARN) of the VPC Firewall policy.' + firewall_policy_change_protection: '- (Option) A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.' + firewall_status: '- Nested list of information about the current status of the firewall.' + id: '- The Amazon Resource Name (ARN) that identifies the firewall.' + name: '- (Required, Forces new resource) A friendly name of the firewall.' + subnet_change_protection: '- (Optional) A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.' + subnet_id: '- The unique identifier of the subnet that you''ve specified to be used for a firewall endpoint.' + subnet_mapping: '- (Required) Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.' + sync_states: '- Set of subnets configured for use by the firewall.' + tags: '- (Optional) Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update_token: '- A string token used when updating a firewall.' + vpc_id: '- (Required, Forces new resource) The unique identifier of the VPC where AWS Network Firewall should create the firewall.' + aws_networkfirewall_firewall_policy: + subCategory: Network Firewall + description: Provides an AWS Network Firewall Policy resource. + name: aws_networkfirewall_firewall_policy + titleName: aws_networkfirewall_firewall_policy + examples: + - manifest: |- + { + "firewall_policy": [ + { + "stateless_default_actions": [ + "aws:pass" + ], + "stateless_fragment_default_actions": [ + "aws:drop" + ], + "stateless_rule_group_reference": [ + { + "priority": 1, + "resource_arn": "${aws_networkfirewall_rule_group.example.arn}" + } + ] + } + ], + "name": "example", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + } + } + - manifest: |- + { + "firewall_policy": [ + { + "stateless_custom_action": [ + { + "action_definition": [ + { + "publish_metric_action": [ + { + "dimension": [ + { + "value": "1" + } + ] + } + ] + } + ], + "action_name": "ExampleCustomAction" + } + ], + "stateless_default_actions": [ + "aws:pass", + "ExampleCustomAction" + ], + "stateless_fragment_default_actions": [ + "aws:drop" + ] + } + ], + "name": "example" + } + argumentDocs: + action_definition: '- (Required) A configuration block describing the custom action associated with the action_name. See Action Definition below for details.' + action_name: '- (Required, Forces new resource) A friendly name of the custom action.' + arn: '- The Amazon Resource Name (ARN) that identifies the firewall policy.' + description: '- (Optional) A friendly description of the firewall policy.' + dimension: '- (Required) Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.' + firewall_policy: '- (Required) A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.' + id: '- The Amazon Resource Name (ARN) that identifies the firewall policy.' + name: '- (Required, Forces new resource) A friendly name of the firewall policy.' + priority: '- (Required) An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.' + publish_metric_action: '- (Required) A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.' + resource_arn: '- (Required) The Amazon Resource Name (ARN) of the stateless rule group.' + stateful_rule_group_reference: '- (Optional) Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.' + stateless_custom_action: '- (Optional) Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy''s stateless_default_actions. See Stateless Custom Action below for details.' + stateless_default_actions: |- + - (Required) Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. + In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe. + stateless_fragment_default_actions: |- + - (Required) Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. + In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe. + stateless_rule_group_reference: '- (Optional) Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.' + tags: '- (Optional) Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update_token: '- A string token used when updating a firewall policy.' + value: '- (Required) The string value to use in the custom metric dimension.' + aws_networkfirewall_logging_configuration: + subCategory: Network Firewall + description: Provides an AWS Network Firewall Logging Configuration resource. + name: aws_networkfirewall_logging_configuration + titleName: aws_networkfirewall_logging_configuration + examples: + - manifest: |- + { + "firewall_arn": "${aws_networkfirewall_firewall.example.arn}", + "logging_configuration": [ + { + "log_destination_config": [ + { + "log_destination": { + "bucketName": "${aws_s3_bucket.example.bucket}", + "prefix": "/example" + }, + "log_destination_type": "S3", + "log_type": "FLOW" + } + ] + } + ] + } + references: + firewall_arn: aws_networkfirewall_firewall.arn + - manifest: |- + { + "firewall_arn": "${aws_networkfirewall_firewall.example.arn}", + "logging_configuration": [ + { + "log_destination_config": [ + { + "log_destination": { + "logGroup": "${aws_cloudwatch_log_group.example.name}" + }, + "log_destination_type": "CloudWatchLogs", + "log_type": "ALERT" + } + ] + } + ] + } + references: + firewall_arn: aws_networkfirewall_firewall.arn + - manifest: |- + { + "firewall_arn": "${aws_networkfirewall_firewall.example.arn}", + "logging_configuration": [ + { + "log_destination_config": [ + { + "log_destination": { + "deliveryStream": "${aws_kinesis_firehose_delivery_stream.example.name}" + }, + "log_destination_type": "KinesisDataFirehose", + "log_type": "ALERT" + } + ] + } + ] + } + references: + firewall_arn: aws_networkfirewall_firewall.arn + argumentDocs: + bucketName: with the name of the bucket and optionally specify the key prefix with a path. + deliveryStream: with the name of the delivery stream. + firewall_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the Network Firewall firewall.' + id: '- The Amazon Resource Name (ARN) of the associated firewall.' + log_destination: '- (Required) A map describing the logging destination for the chosen log_destination_type.' + log_destination_config: '- (Required) Set of configuration blocks describing the logging details for a firewall. See Log Destination Config below for details. At most, only two blocks can be specified; one for FLOW logs and one for ALERT logs.' + log_destination_type: '- (Required) The location to send logs to. Valid values: S3, CloudWatchLogs, KinesisDataFirehose.' + log_type: '- (Required) The type of log to send. Valid values: ALERT or FLOW. Alert logs report traffic that matches a StatefulRule with an action setting that sends a log message. Flow logs are standard network traffic flow logs.' + logGroup: with the name of the CloudWatch log group. + logging_configuration: '- (Required) A configuration block describing how AWS Network Firewall performs logging for a firewall. See Logging Configuration below for details.' + aws_networkfirewall_resource_policy: + subCategory: Network Firewall + description: Provides an AWS Network Firewall Resource Policy resource. + name: aws_networkfirewall_resource_policy + titleName: aws_networkfirewall_resource_policy + examples: + - manifest: |- + { + "policy": "${jsonencode({\n Statement = [{\n Action = [\n \"network-firewall:ListFirewallPolicies\",\n \"network-firewall:CreateFirewall\",\n \"network-firewall:UpdateFirewall\",\n \"network-firewall:AssociateFirewallPolicy\"\n ]\n Effect = \"Allow\"\n Resource = aws_networkfirewall_firewall_policy.example.arn\n Principal = {\n AWS = \"arn:aws:iam::123456789012:root\"\n }\n }]\n Version = \"2012-10-17\"\n })}", + "resource_arn": "${aws_networkfirewall_firewall_policy.example.arn}" + } + references: + resource_arn: aws_networkfirewall_firewall_policy.arn + - manifest: |- + { + "policy": "${jsonencode({\n Statement = [{\n Action = [\n \"network-firewall:ListRuleGroups\",\n \"network-firewall:CreateFirewallPolicy\",\n \"network-firewall:UpdateFirewallPolicy\"\n ]\n Effect = \"Allow\"\n Resource = aws_networkfirewall_rule_group.example.arn\n Principal = {\n AWS = \"arn:aws:iam::123456789012:root\"\n }\n }]\n Version = \"2012-10-17\"\n })}", + "resource_arn": "${aws_networkfirewall_rule_group.example.arn}" + } + references: + resource_arn: aws_networkfirewall_rule_group.arn + argumentDocs: + id: '- The Amazon Resource Name (ARN) of the rule group or firewall policy associated with the resource policy.' + policy: '- (Required) JSON formatted policy document that controls access to the Network Firewall resource. The policy must be provided without whitespaces. It is recommended to use jsonencode for formatting as seen in the examples above. For more details, including available policy statement Actions, see the Policy parameter in the AWS API documentation.' + resource_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the rule group or firewall policy.' + aws_networkfirewall_rule_group: + subCategory: Network Firewall + description: Provides an AWS Network Firewall Rule Group resource. + name: aws_networkfirewall_rule_group + titleName: aws_networkfirewall_rule_group + examples: + - manifest: |- + { + "capacity": 100, + "name": "example", + "rule_group": [ + { + "rules_source": [ + { + "rules_source_list": [ + { + "generated_rules_type": "DENYLIST", + "target_types": [ + "HTTP_HOST" + ], + "targets": [ + "test.example.com" + ] + } + ] + } + ] + } + ], + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "type": "STATEFUL" + } + - manifest: |- + { + "capacity": 50, + "description": "Permits http traffic from source", + "name": "example", + "rule_group": [ + { + "rules_source": [ + { + "dynamic": { + "stateful_rule": [ + { + "content": [ + { + "action": "PASS", + "header": [ + { + "destination": "ANY", + "destination_port": "ANY", + "direction": "ANY", + "protocol": "HTTP", + "source": "${stateful_rule.value}", + "source_port": "ANY" + } + ], + "rule_option": [ + { + "keyword": "sid:1" + } + ] + } + ], + "for_each": "${local.ips}" + } + ] + } + } + ] + } + ], + "tags": { + "Name": "permit HTTP from source" + }, + "type": "STATEFUL" + } + - manifest: |- + { + "capacity": 100, + "name": "example", + "rule_group": [ + { + "rules_source": [ + { + "stateful_rule": [ + { + "action": "DROP", + "header": [ + { + "destination": "124.1.1.24/32", + "destination_port": 53, + "direction": "ANY", + "protocol": "TCP", + "source": "1.2.3.4/32", + "source_port": 53 + } + ], + "rule_option": [ + { + "keyword": "sid:1" + } + ] + } + ] + } + ] + } + ], + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "type": "STATEFUL" + } + - manifest: |- + { + "capacity": 100, + "name": "example", + "rules": "${file(\"example.rules\")}", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "type": "STATEFUL" + } + - manifest: |- + { + "capacity": 100, + "description": "Stateless Rate Limiting Rule", + "name": "example", + "rule_group": [ + { + "rules_source": [ + { + "stateless_rules_and_custom_actions": [ + { + "custom_action": [ + { + "action_definition": [ + { + "publish_metric_action": [ + { + "dimension": [ + { + "value": "2" + } + ] + } + ] + } + ], + "action_name": "ExampleMetricsAction" + } + ], + "stateless_rule": [ + { + "priority": 1, + "rule_definition": [ + { + "actions": [ + "aws:pass", + "ExampleMetricsAction" + ], + "match_attributes": [ + { + "destination": [ + { + "address_definition": "124.1.1.5/32" + } + ], + "destination_port": [ + { + "from_port": 443, + "to_port": 443 + } + ], + "protocols": [ + 6 + ], + "source": [ + { + "address_definition": "1.2.3.4/32" + } + ], + "source_port": [ + { + "from_port": 443, + "to_port": 443 + } + ], + "tcp_flag": [ + { + "flags": [ + "SYN" + ], + "masks": [ + "SYN", + "ACK" + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ], + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "type": "STATELESS" + } + argumentDocs: + action: '- (Required) Action to take with packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, AWS Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow. Valid values: ALERT, DROP or PASS.' + action_definition: '- (Required) A configuration block describing the custom action associated with the action_name. See Action Definition below for details.' + action_name: '- (Required, Forces new resource) A friendly name of the custom action.' + actions: '- (Required) Set of actions to take on a packet that matches one of the stateless rule definition''s match_attributes. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: aws:pass, aws:drop, aws:forward_to_sfe.' + address_definition: '- (Required) An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.' + arn: '- The Amazon Resource Name (ARN) that identifies the rule group.' + capacity: '- (Required, Forces new resource) The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.' + custom_action: '- (Optional) Set of configuration blocks containing custom action definitions that are available for use by the set of stateless rule. See Custom Action below for details.' + definition: '- (Required) Set of port ranges.' + description: '- (Optional) A friendly description of the rule group.' + destination: '- (Optional) Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.' + destination_port: '- (Optional) Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details.' + dimension: '- (Required) Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details.' + direction: '- (Required) The direction of traffic flow to inspect. Valid values: ANY or FORWARD.' + flags: |- + - (Required) Set of flags to look for in a packet. This setting can only specify values that are also specified in masks. + Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. + from_port: '- (Required) The lower limit of the port range. This must be less than or equal to the to_port.' + generated_rules_type: '- (Required) String value to specify whether domains in the target list are allowed or denied access. Valid values: ALLOWLIST, DENYLIST.' + header: '- (Required) A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details.' + id: '- The Amazon Resource Name (ARN) that identifies the rule group.' + ip_set: '- (Required) A configuration block that defines a set of IP addresses. See IP Set below for details.' + ip_sets: '- (Optional) Set of configuration blocks that define IP address information. See IP Sets below for details.' + key: '- (Required) An unique alphanumeric string to identify the port_set.' + keyword: |- + - (Required) Keyword defined by open source detection systems like Snort or Suricata for stateful rule inspection. + See Snort General Rule Options or Suricata Rule Options for more details. + masks: |- + - (Optional) Set of flags to consider in the inspection. To inspect all flags, leave this empty. + Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. + match_attributes: '- (Required) A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details.' + name: '- (Required, Forces new resource) A friendly name of the rule group.' + port_set: '- (Required) A configuration block that defines a set of port ranges. See Port Set below for details.' + port_sets: '- (Optional) Set of configuration blocks that define port range information. See Port Sets below for details.' + priority: '- (Required) A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. AWS Network Firewall evaluates the rules in a rule group starting with the lowest priority setting.' + protocol: '- (Required) The protocol to inspect. Valid values: IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP.' + protocols: '- (Optional) Set of protocols to inspect for, specified using the protocol''s assigned internet protocol number (IANA). If not specified, this matches with any protocol.' + publish_metric_action: '- (Required) A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.' + rule_definition: '- (Required) A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details.' + rule_group: '- (Optional) A configuration block that defines the rule group rules. Required unless rules is specified. See Rule Group below for details.' + rule_option: '- (Required) Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details.' + rule_variables: '- (Optional) A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for stateful rule groups. See Rule Variables below for details.' + rules: '- (Optional) The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless rule_group is specified.' + rules_source: '- (Required) A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details.' + rules_source_list: '- (Optional) A configuration block containing stateful inspection criteria for a domain list rule group. See Rules Source List below for details.' + rules_string: '- (Optional) The fully qualified name of a file in an S3 bucket that contains Suricata compatible intrusion preventions system (IPS) rules or the Suricata rules as a string. These rules contain stateful inspection criteria and the action to take for traffic that matches the criteria.' + settings: '- (Optional) Set of strings for additional settings to use in stateful rule inspection.' + source: '- (Optional) Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.' + source_port: '- (Optional) Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details.' + stateful_rule: '- (Optional) Set of configuration blocks containing stateful inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details.' + stateless_rule: '- (Required) Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details.' + stateless_rules_and_custom_actions: '- (Optional) A configuration block containing stateless inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details.' + tags: '- (Optional) A map of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_types: '- (Required) Set of types of domain specifications that are provided in the targets argument. Valid values: HTTP_HOST, TLS_SNI.' + targets: '- (Required) Set of domains that you want to inspect for in your traffic flows.' + tcp_flag: '- (Optional) Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings.' + to_port: '- (Optional) The upper limit of the port range. This must be greater than or equal to the from_port.' + type: '- (Required) Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: STATEFUL or STATELESS.' + update_token: '- A string token used when updating the rule group.' + value: '- (Required) The value to use in the custom metric dimension.' + aws_opsworks_application: + subCategory: OpsWorks + description: Provides an OpsWorks application resource. + name: aws_opsworks_application + titleName: aws_opsworks_application + examples: + - manifest: |- + { + "app_source": [ + { + "revision": "master", + "type": "git", + "url": "https://github.com/example.git" + } + ], + "auto_bundle_on_deploy": true, + "description": "This is a Rails application", + "document_root": "public", + "domains": [ + "example.com", + "sub.example.com" + ], + "enable_ssl": true, + "environment": [ + { + "key": "key", + "secure": false, + "value": "value" + } + ], + "name": "foobar application", + "rails_env": "staging", + "short_name": "foobar", + "ssl_configuration": [ + { + "certificate": "${file(\"./foobar.crt\")}", + "private_key": "${file(\"./foobar.key\")}" + } + ], + "stack_id": "${aws_opsworks_stack.main.id}", + "type": "rails" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + app_source: '- (Optional) SCM configuration of the app as described below.' + auto_bundle_on_deploy: '- (Optional) Run bundle install when deploying for application of type rails.' + aws_flow_ruby_settings: '- (Optional) Specify activity and workflow workers for your app using the aws-flow gem.' + certificate: '- (Required) The contents of the certificate''s domain.crt file.' + chain: '- (Optional) Can be used to specify an intermediate certificate authority key or client authentication.' + data_source_arn: '- (Optional) The data source''s ARN.' + data_source_database_name: '- (Optional) The database name.' + data_source_type: '- (Optional) The data source''s type one of AutoSelectOpsworksMysqlInstance, OpsworksMysqlInstance, or RdsDbInstance.' + description: '- (Optional) A description of the app.' + document_root: '- (Optional) Subfolder for the document root for application of type rails.' + domains: '- (Optional) A list of virtual host alias.' + enable_ssl: '- (Optional) Whether to enable SSL for the app. This must be set in order to let ssl_configuration.private_key, ssl_configuration.certificate and ssl_configuration.chain take effect.' + environment: '- (Optional) Object to define environment variables. Object is described below.' + id: '- The id of the application.' + key: '- (Required) Variable name.' + name: '- (Required) A human-readable name for the application.' + password: '- (Optional) Password to use when authenticating to the source. Terraform cannot perform drift detection of this configuration.' + private_key: '- (Required) The private key; the contents of the certificate''s domain.key file.' + rails_env: '- (Required if type = rails) The name of the Rails environment for application of type rails.' + revision: '- (Optional) For sources that are version-aware, the revision to use.' + secure: '- (Optional) Set visibility of the variable value to true or false.' + short_name: '- (Required) A short, machine-readable name for the application. This can only be defined on resource creation and ignored on resource update.' + ssh_key: '- (Optional) SSH key to use when authenticating to the source. Terraform cannot perform drift detection of this configuration.' + ssl_configuration: '- (Optional) The SSL configuration of the app. Object is described below.' + stack_id: '- (Required) The id of the stack the application will belong to.' + type: '- (Required) The type of source to use. For example, "archive".' + url: '- (Required) The URL where the app resource can be found.' + username: '- (Optional) Username to use when authenticating to the source.' + value: '- (Required) Variable value.' + aws_opsworks_custom_layer: + subCategory: OpsWorks + description: Provides an OpsWorks custom layer resource. + name: aws_opsworks_custom_layer + titleName: aws_opsworks_custom_layer + examples: + - manifest: |- + { + "name": "My Awesome Custom Layer", + "short_name": "awesome", + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + encrypted: '- (Optional) Encrypt the volume.' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Required) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + short_name: '- (Required) A short, machine-readable name for the layer, which will be used to identify it in the Chef node JSON.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_ganglia_layer: + subCategory: OpsWorks + description: Provides an OpsWorks Ganglia layer resource. + name: aws_opsworks_ganglia_layer + titleName: aws_opsworks_ganglia_layer + examples: + - manifest: |- + { + "password": "foobarbaz", + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + password: '- (Required) The password to use for Ganglia.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + url: '- (Optional) The URL path to use for Ganglia. Defaults to "/ganglia".' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + username: '- (Optiona) The username to use for Ganglia. Defaults to "opsworks".' + aws_opsworks_haproxy_layer: + subCategory: OpsWorks + description: Provides an OpsWorks HAProxy layer resource. + name: aws_opsworks_haproxy_layer + titleName: aws_opsworks_haproxy_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}", + "stats_password": "foobarbaz" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + healthcheck_method: '- (Optional) HTTP method to use for instance healthchecks. Defaults to "OPTIONS".' + healthcheck_url: '- (Optional) URL path to use for instance healthchecks. Defaults to "/".' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + stats_enabled: '- (Optional) Whether to enable HAProxy stats.' + stats_password: '- (Required) The password to use for HAProxy stats.' + stats_url: '- (Optional) The HAProxy stats URL. Defaults to "/haproxy?stats".' + stats_user: '- (Optional) The username for HAProxy stats. Defaults to "opsworks".' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_instance: + subCategory: OpsWorks + description: Provides an OpsWorks instance resource. + name: aws_opsworks_instance + titleName: aws_opsworks_instance + examples: + - manifest: |- + { + "instance_type": "t2.micro", + "layer_ids": [ + "${aws_opsworks_custom_layer.my-layer.id}" + ], + "os": "Amazon Linux 2015.09", + "stack_id": "${aws_opsworks_stack.main.id}", + "state": "stopped" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + agent_version: '- The AWS OpsWorks agent version.' + ami_id: '- (Optional) The AMI to use for the instance. If an AMI is specified, os must be "Custom".' + architecture: '- (Optional) Machine architecture for created instances. Can be either "x86_64" (the default) or "i386"' + auto_scaling_type: '- (Optional) Creates load-based or time-based instances. If set, can be either: "load" or "timer".' + availability_zone: '- The availability zone of the instance.' + create: '- (Default 10 minutes) Used when the instance is created. It should cover the time needed for the instance to start successfully.' + delete: '- (Default 10 minutes) Used when the instance is deleted. It should cover the time needed for the instance to stop successfully.' + delete_on_termination: |- + - (Optional) Whether the volume should be destroyed + on instance termination (Default: true). + device_name: '- The name of the block device to mount on the instance.' + ebs_block_device: |- + - (Optional) Additional EBS block devices to attach to the + instance. See Block Devices below for details. + ebs_optimized: '- (Optional) If true, the launched EC2 instance will be EBS-optimized.' + ec2_instance_id: '- EC2 instance ID' + ephemeral_block_device: |- + - (Optional) Customize Ephemeral (also known as + "Instance Store") volumes on the instance. See Block Devices below for details. + hostname: '- (Optional) The instance''s host name.' + id: '- The id of the OpsWorks instance.' + install_updates_on_boot: '- (Optional) Controls where to install OS and package updates when the instance boots. Defaults to true.' + instance_type: '- (Required) The type of instance to start' + iops: |- + - (Optional) The amount of provisioned + IOPS. + This must be set with a volume_type of "io1". + layer_ids: '- (Required) The ids of the layers the instance will belong to.' + os: '- (Optional) Name of operating system that will be installed.' + private_dns: |- + - The private DNS name assigned to the instance. Can only be + used inside the Amazon EC2, and only available if you've enabled DNS hostnames + for your VPC + private_ip: '- The private IP address assigned to the instance' + public_dns: |- + - The public DNS name assigned to the instance. For EC2-VPC, this + is only available if you've enabled DNS hostnames for your VPC + public_ip: '- The public IP address assigned to the instance, if applicable.' + root_block_device: |- + - (Optional) Customize details about the root block + device of the instance. See Block Devices below for details. + root_device_type: '- (Optional) Name of the type of root device instances will have by default. Can be either "ebs" or "instance-store"' + security_group_ids: '- The associated security groups.' + snapshot_id: '- (Optional) The Snapshot ID to mount.' + ssh_key_name: '- The key name of the instance' + stack_id: '- (Required) The id of the stack the instance will belong to.' + state: '- (Optional) The desired state of the instance. Can be either "running" or "stopped".' + subnet_id: '- The VPC subnet ID.' + tenancy: '- The Instance tenancy' + update: '- (Default 10 minutes) Used when the instance is changed. It should cover the time needed to either start or stop the instance.' + virtual_name: |- + - The Instance Store Device + Name + (e.g. "ephemeral0") + virtualization_type: |- + - (Optional) Keyword to choose what virtualization mode created instances + will use. Can be either "paravirtual" or "hvm". + volume_size: '- (Optional) The size of the volume in gigabytes.' + volume_type: |- + - (Optional) The type of volume. Can be "standard", "gp2", + or "io1". (Default: "standard"). + aws_opsworks_java_app_layer: + subCategory: OpsWorks + description: Provides an OpsWorks Java application layer resource. + name: aws_opsworks_java_app_layer + titleName: aws_opsworks_java_app_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + app_server: '- (Optional) Keyword for the application container to use. Defaults to "tomcat".' + app_server_version: '- (Optional) Version of the selected application container to use. Defaults to "7".' + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + jvm_options: '- (Optional) Options to set for the JVM.' + jvm_type: '- (Optional) Keyword for the type of JVM to use. Defaults to openjdk.' + jvm_version: '- (Optional) Version of JVM to use. Defaults to "7".' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_memcached_layer: + subCategory: OpsWorks + description: Provides an OpsWorks memcached layer resource. + name: aws_opsworks_memcached_layer + titleName: aws_opsworks_memcached_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + allocated_memory: '- (Optional) Amount of memory to allocate for the cache on each instance, in megabytes. Defaults to 512MB.' + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_mysql_layer: + subCategory: OpsWorks + description: Provides an OpsWorks MySQL layer resource. + name: aws_opsworks_mysql_layer + titleName: aws_opsworks_mysql_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + root_password: '- (Optional) Root password to use for MySQL.' + root_password_on_all_instances: '- (Optional) Whether to set the root user password to all instances in the stack so they can access the instances in this layer.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_nodejs_app_layer: + subCategory: OpsWorks + description: Provides an OpsWorks NodeJS application layer resource. + name: aws_opsworks_nodejs_app_layer + titleName: aws_opsworks_nodejs_app_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + nodejs_version: '- (Optional) The version of NodeJS to use. Defaults to "0.10.38".' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_permission: + subCategory: OpsWorks + description: Provides an OpsWorks permission resource. + name: aws_opsworks_permission + titleName: aws_opsworks_permission + examples: + - manifest: |- + { + "allow_ssh": true, + "allow_sudo": true, + "level": "iam_only", + "stack_id": "${aws_opsworks_stack.stack.id}", + "user_arn": "${aws_iam_user.user.arn}" + } + references: + stack_id: aws_opsworks_stack.id + user_arn: aws_iam_user.arn + argumentDocs: + allow_ssh: '- (Optional) Whether the user is allowed to use SSH to communicate with the instance' + allow_sudo: '- (Optional) Whether the user is allowed to use sudo to elevate privileges' + id: '- The computed id of the permission. Please note that this is only used internally to identify the permission. This value is not used in aws.' + level: '- (Optional) The users permission level. Mus be one of deny, show, deploy, manage, iam_only' + stack_id: '- (Required) The stack to set the permissions for' + user_arn: '- (Required) The user''s IAM ARN to set permissions for' + aws_opsworks_php_app_layer: + subCategory: OpsWorks + description: Provides an OpsWorks PHP application layer resource. + name: aws_opsworks_php_app_layer + titleName: aws_opsworks_php_app_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_rails_app_layer: + subCategory: OpsWorks + description: Provides an OpsWorks Ruby on Rails application layer resource. + name: aws_opsworks_rails_app_layer + titleName: aws_opsworks_rails_app_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + app_server: '- (Optional) Keyword for the app server to use. Defaults to "apache_passenger".' + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + bundler_version: '- (Optional) When OpsWorks is managing Bundler, which version to use. Defaults to "1.5.3".' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_json: '- (Optional) Custom JSON attributes to apply to the layer.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + manage_bundler: '- (Optional) Whether OpsWorks should manage bundler. On by default.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + passenger_version: '- (Optional) The version of Passenger to use. Defaults to "4.0.46".' + raid_level: '- (Required) The RAID level to use for the volume.' + ruby_version: '- (Optional) The version of Ruby to use. Defaults to "2.0.0".' + rubygems_version: '- (Optional) The version of RubyGems to use. Defaults to "2.2.2".' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_rds_db_instance: + subCategory: OpsWorks + description: Provides an OpsWorks RDS DB Instance resource. + name: aws_opsworks_rds_db_instance + titleName: aws_opsworks_rds_db_instance + examples: + - manifest: |- + { + "db_password": "somePass", + "db_user": "someUser", + "rds_db_instance_arn": "${aws_db_instance.my_instance.arn}", + "stack_id": "${aws_opsworks_stack.my_stack.id}" + } + references: + rds_db_instance_arn: aws_db_instance.arn + stack_id: aws_opsworks_stack.id + argumentDocs: + db_password: '- (Required) A db password' + db_user: '- (Required) A db username' + id: '- The computed id. Please note that this is only used internally to identify the stack <-> instance relation. This value is not used in aws.' + rds_db_instance_arn: '- (Required) The db instance to register for this stack. Changing this will force a new resource.' + stack_id: '- (Required) The stack to register a db instance for. Changing this will force a new resource.' + aws_opsworks_stack: + subCategory: OpsWorks + description: Provides an OpsWorks stack resource. + name: aws_opsworks_stack + titleName: aws_opsworks_stack + examples: + - manifest: |- + { + "custom_json": "{\n \"foobar\": {\n \"version\": \"1.0.0\"\n }\n}\n", + "default_instance_profile_arn": "${aws_iam_instance_profile.opsworks.arn}", + "name": "awesome-stack", + "region": "us-west-1", + "service_role_arn": "${aws_iam_role.opsworks.arn}", + "tags": { + "Name": "foobar-terraform-stack" + } + } + references: + default_instance_profile_arn: aws_iam_instance_profile.arn + service_role_arn: aws_iam_role.arn + argumentDocs: + agent_version: '- (Optional) If set to "LATEST", OpsWorks will automatically install the latest version.' + berkshelf_version: '- (Optional) If manage_berkshelf is enabled, the version of Berkshelf to use.' + color: '- (Optional) Color to paint next to the stack''s resources in the OpsWorks console.' + configuration_manager_name: '- (Optional) Name of the configuration manager to use. Defaults to "Chef".' + configuration_manager_version: '- (Optional) Version of the configuration manager to use. Defaults to "11.4".' + custom_cookbooks_source: |- + - (Optional) When use_custom_cookbooks is set, provide this sub-object as + described below. + custom_json: '- (Optional) Custom JSON attributes to apply to the entire stack.' + default_availability_zone: |- + - (Optional) Name of the availability zone where instances will be created + by default. This is required unless you set vpc_id. + default_instance_profile_arn: |- + - (Required) The ARN of an IAM Instance Profile that created instances + will have by default. + default_os: '- (Optional) Name of OS that will be installed on instances by default.' + default_root_device_type: '- (Optional) Name of the type of root device instances will have by default.' + default_ssh_key_name: '- (Optional) Name of the SSH keypair that instances will have by default.' + default_subnet_id: |- + - (Optional) Id of the subnet in which instances will be created by default. Mandatory + if vpc_id is set, and forbidden if it isn't. + hostname_theme: |- + - (Optional) Keyword representing the naming scheme that will be used for instance hostnames + within this stack. + id: '- The id of the stack.' + manage_berkshelf: '- (Optional) Boolean value controlling whether Opsworks will run Berkshelf for this stack.' + name: '- (Required) The name of the stack.' + password: '- (Optional) Password to use when authenticating to the source. Terraform cannot perform drift detection of this configuration.' + region: '- (Required) The name of the region where the stack will exist.' + revision: '- (Optional) For sources that are version-aware, the revision to use.' + service_role_arn: '- (Required) The ARN of an IAM role that the OpsWorks service will act as.' + ssh_key: '- (Optional) SSH key to use when authenticating to the source. Terraform cannot perform drift detection of this configuration.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of source to use. For example, "archive".' + url: '- (Required) The URL where the cookbooks resource can be found.' + use_custom_cookbooks: |- + - (Optional) Boolean value controlling whether the custom cookbook settings are + enabled. + use_opsworks_security_groups: |- + - (Optional) Boolean value controlling whether the standard OpsWorks + security groups apply to created instances. + username: '- (Optional) Username to use when authenticating to the source.' + vpc_id: '- (Optional) The id of the VPC that this stack belongs to.' + aws_opsworks_static_web_layer: + subCategory: OpsWorks + description: Provides an OpsWorks static web server layer resource. + name: aws_opsworks_static_web_layer + titleName: aws_opsworks_static_web_layer + examples: + - manifest: |- + { + "stack_id": "${aws_opsworks_stack.main.id}" + } + references: + stack_id: aws_opsworks_stack.id + argumentDocs: + arn: '- The Amazon Resource Name(ARN) of the layer.' + auto_assign_elastic_ips: '- (Optional) Whether to automatically assign an elastic IP address to the layer''s instances.' + auto_assign_public_ips: '- (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer''s instances.' + auto_healing: '- (Optional) Whether to enable auto-healing for the layer.' + custom_instance_profile_arn: '- (Optional) The ARN of an IAM profile that will be used for the layer''s instances.' + custom_security_group_ids: '- (Optional) Ids for a set of security groups to apply to the layer''s instances.' + drain_elb_on_shutdown: '- (Optional) Whether to enable Elastic Load Balancing connection draining.' + ebs_volume: '- (Optional) ebs_volume blocks, as described below, will each create an EBS volume and connect it to the layer''s instances.' + elastic_load_balancer: '- (Optional) Name of an Elastic Load Balancer to attach to this layer' + id: '- The id of the layer.' + install_updates_on_boot: '- (Optional) Whether to install OS and package updates on each instance when it boots.' + instance_shutdown_timeout: '- (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.' + iops: '- (Optional) For PIOPS volumes, the IOPS per disk.' + mount_point: '- (Required) The path to mount the EBS volume on the layer''s instances.' + name: '- (Optional) A human-readable name for the layer.' + number_of_disks: '- (Required) The number of disks to use for the EBS volume.' + raid_level: '- (Required) The RAID level to use for the volume.' + size: '- (Required) The size of the volume in gigabytes.' + stack_id: '- (Required) The id of the stack the layer will belong to.' + system_packages: '- (Optional) Names of a set of system packages to install on the layer''s instances.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of volume to create. This may be standard (the default), io1 or gp2.' + use_ebs_optimized_instances: '- (Optional) Whether to use EBS-optimized instances.' + aws_opsworks_user_profile: + subCategory: OpsWorks + description: Provides an OpsWorks User Profile resource. + name: aws_opsworks_user_profile + titleName: aws_opsworks_user_profile + examples: + - manifest: |- + { + "ssh_username": "my_user", + "user_arn": "${aws_iam_user.user.arn}" + } + references: + user_arn: aws_iam_user.arn + argumentDocs: + allow_self_management: '- (Optional) Whether users can specify their own SSH public key through the My Settings page' + id: '- Same value as user_arn' + ssh_public_key: '- (Optional) The users public key' + ssh_username: '- (Required) The ssh username, with witch this user wants to log in' + user_arn: '- (Required) The user''s IAM ARN' + aws_organizations_account: + subCategory: Organizations + description: Provides a resource to create a member account in the current AWS Organization. + name: aws_organizations_account + titleName: aws_organizations_account + examples: + - manifest: |- + { + "email": "john@doe.org", + "name": "my_new_account" + } + - manifest: |- + { + "email": "john@doe.org", + "lifecycle": [ + { + "ignore_changes": [ + "${role_name}" + ] + } + ], + "name": "my_new_account", + "role_name": "myOrganizationRole" + } + argumentDocs: + arn: '- The ARN for this account.' + email: '- (Required) The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.' + iam_user_access_to_billing: '- (Optional) If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, then only the root user of the new account can access account billing information.' + id: '- The AWS account id' + name: '- (Required) A friendly name for the member account.' + parent_id: '- (Optional) Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.' + role_name: '- (Optional) The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so Terraform cannot perform drift detection on its value and will always show a difference for a configured value after import unless ignore_changes is used.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_organizations_delegated_administrator: + subCategory: Organizations + description: Provides a resource to manage an AWS Organizations Delegated Administrator. + name: aws_organizations_delegated_administrator + titleName: aws_organizations_delegated_administrator + examples: + - manifest: |- + { + "account_id": "AWS ACCOUNT ID", + "service_principal": "Service principal" + } + argumentDocs: + account_id: '- (Required) The account ID number of the member account in the organization to register as a delegated administrator.' + arn: '- The Amazon Resource Name (ARN) of the delegated administrator''s account.' + delegation_enabled_date: '- The date when the account was made a delegated administrator.' + email: '- The email address that is associated with the delegated administrator''s AWS account.' + id: '- The unique identifier (ID) of the delegated administrator.' + joined_method: '- The method by which the delegated administrator''s account joined the organization.' + joined_timestamp: '- The date when the delegated administrator''s account became a part of the organization.' + name: '- The friendly name of the delegated administrator''s account.' + service_principal: '- (Required) The service principal of the AWS service for which you want to make the member account a delegated administrator.' + status: '- The status of the delegated administrator''s account in the organization.' + aws_organizations_organization: + subCategory: Organizations + description: Provides a resource to create an organization. + name: aws_organizations_organization + titleName: aws_organizations_organization + examples: + - manifest: |- + { + "aws_service_access_principals": [ + "cloudtrail.amazonaws.com", + "config.amazonaws.com" + ], + "feature_set": "ALL" + } + argumentDocs: + accounts: '- List of organization accounts including the master account. For a list excluding the master account, see the non_master_accounts attribute. All elements have these attributes:' + arn: '- ARN of the root' + aws_service_access_principals: '- (Optional) List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have feature_set set to ALL. For additional information, see the AWS Organizations User Guide.' + email: '- Email of the account' + enabled_policy_types: '- (Optional) List of Organizations policy types to enable in the Organization Root. Organization must have feature_set set to ALL. For additional information about valid policy types (e.g. AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, and TAG_POLICY), see the AWS Organizations API Reference.' + feature_set: '- (Optional) Specify "ALL" (default) or "CONSOLIDATED_BILLING".' + id: '- Identifier of the root' + master_account_arn: '- ARN of the master account' + master_account_email: '- Email address of the master account' + master_account_id: '- Identifier of the master account' + name: '- The name of the policy type' + non_master_accounts: '- List of organization accounts excluding the master account. For a list including the master account, see the accounts attribute. All elements have these attributes:' + policy_types: '- List of policy types enabled for this root. All elements have these attributes:' + roots: '- List of organization roots. All elements have these attributes:' + status: '- The status of the policy type as it relates to the associated root' + aws_organizations_organizational_unit: + subCategory: Organizations + description: Provides a resource to create an organizational unit. + name: aws_organizations_organizational_unit + titleName: aws_organizations_organizational_unit + examples: + - manifest: |- + { + "name": "example", + "parent_id": "${aws_organizations_organization.example.roots[0].id}" + } + references: + parent_id: aws_organizations_organization.id + argumentDocs: + accounts: '- List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:' + arn: '- ARN of the organizational unit' + email: '- Email of the account' + id: '- Identifier of the organization unit' + name: '- Name of the account' + parent_id: '- ID of the parent organizational unit, which may be the root' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_organizations_policy: + subCategory: Organizations + description: Provides a resource to manage an AWS Organizations policy. + name: aws_organizations_policy + titleName: aws_organizations_policy + examples: + - manifest: |- + { + "content": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n }\n}\n", + "name": "example" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the policy.' + content: '- (Required) The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the Service Control Policy Syntax documentation and for more information on the Tag Policy syntax, see the Tag Policy Syntax documentation.' + description: '- (Optional) A description to assign to the policy.' + id: '- The unique identifier (ID) of the policy.' + name: '- (Required) The friendly name to assign to the policy.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The type of policy to create. Valid values are AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY (SCP), and TAG_POLICY. Defaults to SERVICE_CONTROL_POLICY.' + aws_organizations_policy_attachment: + subCategory: Organizations + description: Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit. + name: aws_organizations_policy_attachment + titleName: aws_organizations_policy_attachment + examples: + - manifest: |- + { + "policy_id": "${aws_organizations_policy.example.id}", + "target_id": "123456789012" + } + references: + policy_id: aws_organizations_policy.id + - manifest: |- + { + "policy_id": "${aws_organizations_policy.example.id}", + "target_id": "${aws_organizations_organization.example.roots[0].id}" + } + references: + policy_id: aws_organizations_policy.id + target_id: aws_organizations_organization.id + - manifest: |- + { + "policy_id": "${aws_organizations_policy.example.id}", + "target_id": "${aws_organizations_organizational_unit.example.id}" + } + references: + policy_id: aws_organizations_policy.id + target_id: aws_organizations_organizational_unit.id + argumentDocs: + policy_id: '- (Required) The unique identifier (ID) of the policy that you want to attach to the target.' + target_id: '- (Required) The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.' + aws_pinpoint_adm_channel: + subCategory: Pinpoint + description: Provides a Pinpoint ADM Channel resource. + name: aws_pinpoint_adm_channel + titleName: aws_pinpoint_adm_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "client_id": "", + "client_secret": "", + "enabled": true + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + application_id: '- (Required) The application ID.' + client_id: '- (Required) Client ID (part of OAuth Credentials) obtained via Amazon Developer Account.' + client_secret: '- (Required) Client Secret (part of OAuth Credentials) obtained via Amazon Developer Account.' + enabled: '- (Optional) Specifies whether to enable the channel. Defaults to true.' + aws_pinpoint_apns_channel: + subCategory: Pinpoint + description: Provides a Pinpoint APNs Channel resource. + name: aws_pinpoint_apns_channel + titleName: aws_pinpoint_apns_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "certificate": "${file(\"./certificate.pem\")}", + "private_key": "${file(\"./private_key.key\")}" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + application_id: '- (Required) The application ID.' + bundle_id: '- (Required) The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.' + certificate: '- (Required) The pem encoded TLS Certificate from Apple.' + default_authentication_method: |- + - (Optional) The default authentication method used for APNs. + NOTE: Amazon Pinpoint uses this default for every APNs push notification that you send using the console. + You can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK. + If your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type. + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + private_key: '- (Required) The Certificate Private Key file (ie. .key file).' + team_id: '- (Required) The ID assigned to your Apple developer account team. This value is provided on the Membership page.' + token_key: '- (Required) The .p8 file that you download from your Apple developer account when you create an authentication key.' + token_key_id: '- (Required) The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.' + aws_pinpoint_apns_sandbox_channel: + subCategory: Pinpoint + description: Provides a Pinpoint APNs Sandbox Channel resource. + name: aws_pinpoint_apns_sandbox_channel + titleName: aws_pinpoint_apns_sandbox_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "certificate": "${file(\"./certificate.pem\")}", + "private_key": "${file(\"./private_key.key\")}" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + application_id: '- (Required) The application ID.' + bundle_id: '- (Required) The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.' + certificate: '- (Required) The pem encoded TLS Certificate from Apple.' + default_authentication_method: |- + - (Optional) The default authentication method used for APNs Sandbox. + NOTE: Amazon Pinpoint uses this default for every APNs push notification that you send using the console. + You can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK. + If your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type. + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + private_key: '- (Required) The Certificate Private Key file (ie. .key file).' + team_id: '- (Required) The ID assigned to your Apple developer account team. This value is provided on the Membership page.' + token_key: '- (Required) The .p8 file that you download from your Apple developer account when you create an authentication key.' + token_key_id: '- (Required) The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.' + aws_pinpoint_apns_voip_channel: + subCategory: Pinpoint + description: Provides a Pinpoint APNs VoIP Channel resource. + name: aws_pinpoint_apns_voip_channel + titleName: aws_pinpoint_apns_voip_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "certificate": "${file(\"./certificate.pem\")}", + "private_key": "${file(\"./private_key.key\")}" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + application_id: '- (Required) The application ID.' + bundle_id: '- (Required) The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.' + certificate: '- (Required) The pem encoded TLS Certificate from Apple.' + default_authentication_method: |- + - (Optional) The default authentication method used for APNs. + NOTE: Amazon Pinpoint uses this default for every APNs push notification that you send using the console. + You can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK. + If your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type. + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + private_key: '- (Required) The Certificate Private Key file (ie. .key file).' + team_id: '- (Required) The ID assigned to your Apple developer account team. This value is provided on the Membership page.' + token_key: '- (Required) The .p8 file that you download from your Apple developer account when you create an authentication key.' + token_key_id: '- (Required) The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.' + aws_pinpoint_apns_voip_sandbox_channel: + subCategory: Pinpoint + description: Provides a Pinpoint APNs VoIP Sandbox Channel resource. + name: aws_pinpoint_apns_voip_sandbox_channel + titleName: aws_pinpoint_apns_voip_sandbox_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "certificate": "${file(\"./certificate.pem\")}", + "private_key": "${file(\"./private_key.key\")}" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + application_id: '- (Required) The application ID.' + bundle_id: '- (Required) The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.' + certificate: '- (Required) The pem encoded TLS Certificate from Apple.' + default_authentication_method: |- + - (Optional) The default authentication method used for APNs. + NOTE: Amazon Pinpoint uses this default for every APNs push notification that you send using the console. + You can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK. + If your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type. + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + private_key: '- (Required) The Certificate Private Key file (ie. .key file).' + team_id: '- (Required) The ID assigned to your Apple developer account team. This value is provided on the Membership page.' + token_key: '- (Required) The .p8 file that you download from your Apple developer account when you create an authentication key.' + token_key_id: '- (Required) The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.' + aws_pinpoint_app: + subCategory: Pinpoint + description: Provides a Pinpoint App resource. + name: aws_pinpoint_app + titleName: aws_pinpoint_app + examples: + - manifest: |- + { + "limits": [ + { + "maximum_duration": 600 + } + ], + "name": "test-app", + "quiet_time": [ + { + "end": "06:00", + "start": "00:00" + } + ] + } + argumentDocs: + application_id: '- The Application ID of the Pinpoint App.' + arn: '- Amazon Resource Name (ARN) of the PinPoint Application' + campaign_hook: '- (Optional) Specifies settings for invoking an AWS Lambda function that customizes a segment for a campaign' + daily: '- (Optional) The maximum number of messages that the campaign can send daily.' + end: '- (Optional) The default end time for quiet time in ISO 8601 format. Required if start is set' + lambda_function_name: '- (Optional) Lambda function name or ARN to be called for delivery. Conflicts with web_url' + limits: '- (Optional) The default campaign limits for the app. These limits apply to each campaign for the app, unless the campaign overrides the default with limits of its own' + maximum_duration: '- (Optional) The length of time (in seconds) that the campaign can run before it ends and message deliveries stop. This duration begins at the scheduled start time for the campaign. The minimum value is 60.' + messages_per_second: '- (Optional) The number of messages that the campaign can send per second. The minimum value is 50, and the maximum is 20000.' + mode: '- (Required if lambda_function_name or web_url are provided) What mode Lambda should be invoked in. Valid values for this parameter are DELIVERY, FILTER.' + name: '- (Optional) The application name. By default generated by Terraform' + name_prefix: '- (Optional) The name of the Pinpoint application. Conflicts with name' + quiet_time: '- (Optional) The default quiet time for the app. Each campaign for this app sends no messages during this time unless the campaign overrides the default with a quiet time of its own' + start: '- (Optional) The default start time for quiet time in ISO 8601 format. Required if end is set' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + total: '- (Optional) The maximum total number of messages that the campaign can send.' + web_url: '- (Optional) Web URL to call for hook. If the URL has authentication specified it will be added as authentication to the request. Conflicts with lambda_function_name' + aws_pinpoint_baidu_channel: + subCategory: Pinpoint + description: Provides a Pinpoint Baidu Channel resource. + name: aws_pinpoint_baidu_channel + titleName: aws_pinpoint_baidu_channel + examples: + - manifest: |- + { + "api_key": "", + "application_id": "${aws_pinpoint_app.app.application_id}", + "secret_key": "" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + api_key: '- (Required) Platform credential API key from Baidu.' + application_id: '- (Required) The application ID.' + enabled: '- (Optional) Specifies whether to enable the channel. Defaults to true.' + secret_key: '- (Required) Platform credential Secret key from Baidu.' + aws_pinpoint_email_channel: + subCategory: Pinpoint + description: Provides a Pinpoint Email Channel resource. + name: aws_pinpoint_email_channel + titleName: aws_pinpoint_email_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "from_address": "user@example.com", + "role_arn": "${aws_iam_role.role.arn}" + } + references: + application_id: aws_pinpoint_app.application_id + role_arn: aws_iam_role.arn + argumentDocs: + application_id: '- (Required) The application ID.' + configuration_set: '- (Optional) The ARN of the Amazon SES configuration set that you want to apply to messages that you send through the channel.' + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + from_address: '- (Required) The email address used to send emails from. You can use email only (user@example.com) or friendly address (User ). This field comply with RFC 5322.' + identity: '- (Required) The ARN of an identity verified with SES.' + messages_per_second: '- Messages per second that can be sent.' + role_arn: '- (Optional) The ARN of an IAM Role used to submit events to Mobile Analytics'' event ingestion service.' + aws_pinpoint_event_stream: + subCategory: Pinpoint + description: Provides a Pinpoint Event Stream resource. + name: aws_pinpoint_event_stream + titleName: aws_pinpoint_event_stream + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}", + "destination_stream_arn": "${aws_kinesis_stream.test_stream.arn}", + "role_arn": "${aws_iam_role.test_role.arn}" + } + references: + application_id: aws_pinpoint_app.application_id + destination_stream_arn: aws_kinesis_stream.arn + role_arn: aws_iam_role.arn + argumentDocs: + application_id: '- (Required) The application ID.' + destination_stream_arn: '- (Required) The Amazon Resource Name (ARN) of the Amazon Kinesis stream or Firehose delivery stream to which you want to publish events.' + role_arn: '- (Required) The IAM role that authorizes Amazon Pinpoint to publish events to the stream in your account.' + aws_pinpoint_gcm_channel: + subCategory: Pinpoint + description: Provides a Pinpoint GCM Channel resource. + name: aws_pinpoint_gcm_channel + titleName: aws_pinpoint_gcm_channel + examples: + - manifest: |- + { + "api_key": "api_key", + "application_id": "${aws_pinpoint_app.app.application_id}" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + api_key: '- (Required) Platform credential API key from Google.' + application_id: '- (Required) The application ID.' + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + aws_pinpoint_sms_channel: + subCategory: Pinpoint + description: Provides a Pinpoint SMS Channel resource. + name: aws_pinpoint_sms_channel + titleName: aws_pinpoint_sms_channel + examples: + - manifest: |- + { + "application_id": "${aws_pinpoint_app.app.application_id}" + } + references: + application_id: aws_pinpoint_app.application_id + argumentDocs: + application_id: '- (Required) The application ID.' + enabled: '- (Optional) Whether the channel is enabled or disabled. Defaults to true.' + promotional_messages_per_second: '- Promotional messages per second that can be sent.' + sender_id: '- (Optional) Sender identifier of your messages.' + short_code: '- (Optional) The Short Code registered with the phone provider.' + transactional_messages_per_second: '- Transactional messages per second that can be sent.' + aws_placement_group: + subCategory: EC2 + description: Provides an EC2 placement group. + name: aws_placement_group + titleName: aws_placement_group + examples: + - manifest: |- + { + "name": "hunky-dory-pg", + "strategy": "cluster" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the placement group.' + id: '- The name of the placement group.' + name: '- (Required) The name of the placement group.' + placement_group_id: '- The ID of the placement group.' + strategy: '- (Required) The placement strategy. Can be "cluster", "partition" or "spread".' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_prometheus_workspace: + subCategory: Amazon Managed Service for Prometheus (AMP) + description: Manages an Amazon Managed Service for Prometheus (AMP) Workspace + name: aws_prometheus_workspace + titleName: aws_prometheus_workspace + examples: + - manifest: |- + { + "alias": "prometheus-test" + } + argumentDocs: + alias: '- (Optional) The alias of the prometheus workspace. See more in AWS Docs.' + arn: '- Amazon Resource Name (ARN) of the workspace.' + id: '- Identifier of the workspace' + prometheus_endpoint: '- Prometheus endpoint available for this workspace.' + aws_proxy_protocol_policy: + subCategory: Elastic Load Balancing (ELB Classic) + description: Provides a proxy protocol policy, which allows an ELB to carry a client connection information to a backend. + name: aws_proxy_protocol_policy + titleName: aws_proxy_protocol_policy + examples: + - manifest: |- + { + "instance_ports": [ + "25", + "587" + ], + "load_balancer": "${aws_elb.lb.name}" + } + references: + load_balancer: aws_elb.name + argumentDocs: + id: '- The ID of the policy.' + instance_ports: |- + - (Required) List of instance ports to which the policy + should be applied. This can be specified if the protocol is SSL or TCP. + load_balancer: '- The load balancer to which the policy is attached.' + aws_qldb_ledger: + subCategory: Quantum Ledger Database (QLDB) + description: Provides an QLDB Resource resource. + name: aws_qldb_ledger + titleName: aws_qldb_ledger + examples: + - manifest: |- + { + "name": "sample-ledger", + "permissions_mode": "STANDARD" + } + argumentDocs: + arn: '- The ARN of the QLDB Ledger' + deletion_protection: '- (Optional) The deletion protection for the QLDB Ledger instance. By default it is true. To delete this resource via Terraform, this value must be configured to false and applied first before attempting deletion.' + id: '- The Name of the QLDB Ledger' + name: '- (Optional) The friendly name for the QLDB Ledger instance. By default generated by Terraform.' + permissions_mode: '- (Required) The permissions mode for the QLDB ledger instance. Specify either ALLOW_ALL or STANDARD.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_quicksight_group: + subCategory: QuickSight + description: Manages a Resource QuickSight Group. + name: aws_quicksight_group + titleName: aws_quicksight_group + examples: + - manifest: |- + { + "group_name": "tf-example" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of group' + aws_account_id: '- (Optional) The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.' + description: '- (Optional) A description for the group.' + group_name: '- (Required) A name for the group.' + namespace: '- (Optional) The namespace. Currently, you should set this to default.' + aws_quicksight_user: + subCategory: QuickSight + description: Manages a Resource QuickSight User. + name: aws_quicksight_user + titleName: aws_quicksight_user + examples: + - manifest: |- + { + "email": "author@example.com", + "identity_type": "IAM", + "user_name": "an-author", + "user_role": "AUTHOR" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the user' + aws_account_id: '- (Optional) The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.' + email: '- (Required) The email address of the user that you want to register.' + iam_arn: '- (Optional) The ARN of the IAM user or role that you are registering with Amazon QuickSight.' + identity_type: '- (Required) Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts either IAM or QUICKSIGHT.' + namespace: '- (Optional) The namespace. Currently, you should set this to default.' + session_name: '- (Optional) The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.' + user_name: '- (Optional) The Amazon QuickSight user name that you want to create for the user you are registering.' + user_role: '- (Required) The Amazon QuickSight role of the user. The user role can be one of the following: READER, AUTHOR, or ADMIN' + aws_ram_principal_association: + subCategory: RAM + description: Provides a Resource Access Manager (RAM) principal association. + name: aws_ram_principal_association + titleName: aws_ram_principal_association + examples: + - manifest: |- + { + "principal": "111111111111", + "resource_share_arn": "${aws_ram_resource_share.example.arn}" + } + references: + resource_share_arn: aws_ram_resource_share.arn + - manifest: |- + { + "principal": "${aws_organizations_organization.example.arn}", + "resource_share_arn": "${aws_ram_resource_share.example.arn}" + } + references: + principal: aws_organizations_organization.arn + resource_share_arn: aws_ram_resource_share.arn + argumentDocs: + aws_ram_resource_share_accepter: resource + id: '- The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma.' + principal: '- (Required) The principal to associate with the resource share. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN.' + resource_share_arn: '- (Required) The Amazon Resource Name (ARN) of the resource share.' + aws_ram_resource_association: + subCategory: RAM + description: Manages a Resource Access Manager (RAM) Resource Association. + name: aws_ram_resource_association + titleName: aws_ram_resource_association + examples: + - manifest: |- + { + "resource_arn": "${aws_subnet.example.arn}", + "resource_share_arn": "${aws_ram_resource_share.example.arn}" + } + references: + resource_arn: aws_subnet.arn + resource_share_arn: aws_ram_resource_share.arn + argumentDocs: + id: '- The Amazon Resource Name (ARN) of the resource share.' + resource_arn: '- (Required) Amazon Resource Name (ARN) of the resource to associate with the RAM Resource Share.' + resource_share_arn: '- (Required) Amazon Resource Name (ARN) of the RAM Resource Share.' + aws_ram_resource_share: + subCategory: RAM + description: Manages a Resource Access Manager (RAM) Resource Share. + name: aws_ram_resource_share + titleName: aws_ram_resource_share + examples: + - manifest: |- + { + "allow_external_principals": true, + "name": "example", + "tags": { + "Environment": "Production" + } + } + argumentDocs: + allow_external_principals: '- (Optional) Indicates whether principals outside your organization can be associated with a resource share.' + arn: '- The Amazon Resource Name (ARN) of the resource share.' + id: '- The Amazon Resource Name (ARN) of the resource share.' + name: '- (Required) The name of the resource share.' + tags: '- (Optional) A map of tags to assign to the resource share. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ram_resource_share_accepter: + subCategory: RAM + description: Manages accepting a Resource Access Manager (RAM) Resource Share invitation. + name: aws_ram_resource_share_accepter + titleName: aws_ram_resource_share_accepter + examples: + - manifest: |- + { + "share_arn": "${aws_ram_principal_association.sender_invite.resource_share_arn}" + } + references: + share_arn: aws_ram_principal_association.resource_share_arn + argumentDocs: + invitation_arn: '- The ARN of the resource share invitation.' + receiver_account_id: '- The account ID of the receiver account which accepts the invitation.' + resources: '- A list of the resource ARNs shared via the resource share.' + sender_account_id: '- The account ID of the sender account which submits the invitation.' + share_arn: '- (Required) The ARN of the resource share.' + share_id: '- The ID of the resource share as displayed in the console.' + share_name: '- The name of the resource share.' + status: '- The status of the resource share (ACTIVE, PENDING, FAILED, DELETING, DELETED).' + aws_rds_cluster: + subCategory: RDS + description: Manages an RDS Aurora Cluster + name: aws_rds_cluster + titleName: aws_rds_cluster + examples: + - manifest: |- + { + "availability_zones": [ + "us-west-2a", + "us-west-2b", + "us-west-2c" + ], + "backup_retention_period": 5, + "cluster_identifier": "aurora-cluster-demo", + "database_name": "mydb", + "engine": "aurora-mysql", + "engine_version": "5.7.mysql_aurora.2.03.2", + "master_password": "bar", + "master_username": "foo", + "preferred_backup_window": "07:00-09:00" + } + - manifest: |- + { + "availability_zones": [ + "us-west-2a", + "us-west-2b", + "us-west-2c" + ], + "backup_retention_period": 5, + "cluster_identifier": "aurora-cluster-demo", + "database_name": "mydb", + "master_password": "bar", + "master_username": "foo", + "preferred_backup_window": "07:00-09:00" + } + - manifest: |- + { + "availability_zones": [ + "us-west-2a", + "us-west-2b", + "us-west-2c" + ], + "backup_retention_period": 5, + "cluster_identifier": "aurora-cluster-demo", + "database_name": "mydb", + "engine": "aurora-postgresql", + "master_password": "bar", + "master_username": "foo", + "preferred_backup_window": "07:00-09:00" + } + - manifest: |- + { + "cluster_identifier": "example", + "db_subnet_group_name": "${aws_db_subnet_group.example.name}", + "engine_mode": "multimaster", + "master_password": "barbarbarbar", + "master_username": "foo", + "skip_final_snapshot": true + } + references: + db_subnet_group_name: aws_db_subnet_group.name + - manifest: |- + { + "engine": "aurora", + "s3_import": [ + { + "bucket_name": "mybucket", + "bucket_prefix": "backups", + "ingestion_role": "arn:aws:iam::1234567890:role/role-xtrabackup-rds-restore", + "source_engine": "mysql", + "source_engine_version": "5.6" + } + ] + } + - manifest: |- + { + "restore_to_point_in_time": [ + { + "restore_type": "copy-on-write", + "source_cluster_identifier": "example", + "use_latest_restorable_time": true + } + ] + } + - manifest: |- + { + "engine_mode": "serverless", + "scaling_configuration": [ + { + "auto_pause": true, + "max_capacity": 256, + "min_capacity": 2, + "seconds_until_auto_pause": 300, + "timeout_action": "ForceApplyCapacityChange" + } + ] + } + argumentDocs: + allow_major_version_upgrade: '- (Optional) Enable to allow major engine version upgrades when changing engine versions. Defaults to false.' + apply_immediately: '- (Optional) Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is false. See Amazon RDS Documentation for more information.' + arn: '- Amazon Resource Name (ARN) of cluster' + auto_pause: '- (Optional) Whether to enable automatic pause. A DB cluster can be paused only when it''s idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. Defaults to true.' + availability_zones: '- The availability zone of the instance' + backtrack_window: '- (Optional) The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0. Defaults to 0. Must be between 0 and 259200 (72 hours)' + backup_retention_period: '- The backup retention period' + bucket_name: '- (Required) The bucket name where your backup is stored' + bucket_prefix: '- (Optional) Can be blank, but is the path to your backup' + cluster_identifier: '- The RDS Cluster Identifier' + cluster_identifier_prefix: '- (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with cluster_identifier.' + cluster_members: – List of RDS Instances that are a part of this cluster + cluster_resource_id: '- The RDS Cluster Resource ID' + copy_tags_to_snapshot: – (Optional, boolean) Copy all Cluster tags to snapshots. Default is false. + create: '- (Default 120 minutes) Used for Cluster creation' + database_name: '- The database name' + db_cluster_parameter_group_name: '- (Optional) A cluster parameter group to associate with the cluster.' + db_subnet_group_name: '- (Optional) A DB subnet group to associate with this DB instance. NOTE: This must match the db_subnet_group_name specified on every aws_rds_cluster_instance in the cluster.' + delete: |- + - (Default 120 minutes) Used for destroying cluster. This includes + any cleanup task during the destroying process. + deletion_protection: '- (Optional) If the DB instance should have deletion protection enabled. The database can''t be deleted when this value is set to true. The default is false.' + enable_http_endpoint: '- (Optional) Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless.' + enabled_cloudwatch_logs_exports: '- (Optional) Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: audit, error, general, slowquery, postgresql (PostgreSQL).' + endpoint: '- The DNS address of the RDS instance' + engine: '- The database engine' + engine_mode: '- (Optional) The database engine mode. Valid values: global (only valid for Aurora MySQL 1.21 and earlier), multimaster, parallelquery, provisioned, serverless. Defaults to: provisioned. See the RDS User Guide for limitations when using serverless.' + engine_version: '- (Optional) The database engine version. Updating this argument results in an outage. See the Aurora MySQL and Aurora Postgres documentation for your configured engine to determine this value. For example with Aurora MySQL 2, a potential value for this argument is 5.7.mysql_aurora.2.03.2. The value can contain a partial version where supported by the API. The actual engine version used is returned in the attribute engine_version_actual, defined below.' + engine_version_actual: '- The running version of the database.' + final_snapshot_identifier: '- (Optional) The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.' + global_cluster_identifier: '- (Optional) The global cluster identifier specified on aws_rds_global_cluster.' + hosted_zone_id: '- The Route53 Hosted Zone ID of the endpoint' + iam_database_authentication_enabled: '- (Optional) Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Please see AWS Documentation for availability and limitations.' + iam_roles: '- (Optional) A List of ARNs for the IAM roles to associate to the RDS Cluster.' + id: '- The RDS Cluster Identifier' + ingestion_role: '- (Required) Role applied to load the data.' + kms_key_id: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, storage_encrypted needs to be set to true.' + lifecycle: configuration block ignore_changes argument + master_password: '- (Required unless a snapshot_identifier or replication_source_identifier is provided or unless a global_cluster_identifier is provided when the cluster is the "secondary" cluster of a global database) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the RDS Naming Constraints' + master_username: '- The master username for the database' + max_capacity: '- (Optional) The maximum capacity for an Aurora DB cluster in serverless DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid Aurora MySQL capacity values are 1, 2, 4, 8, 16, 32, 64, 128, 256. Valid Aurora PostgreSQL capacity values are (2, 4, 8, 16, 32, 64, 192, and 384). Defaults to 16.' + min_capacity: '- (Optional) The minimum capacity for an Aurora DB cluster in serverless DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid Aurora MySQL capacity values are 1, 2, 4, 8, 16, 32, 64, 128, 256. Valid Aurora PostgreSQL capacity values are (2, 4, 8, 16, 32, 64, 192, and 384). Defaults to 1.' + port: '- The database port' + preferred_backup_window: '- The daily time range during which the backups happen' + preferred_maintenance_window: '- The maintenance window' + reader_endpoint: |- + - A read-only endpoint for the Aurora cluster, automatically + load-balanced across replicas + replication_source_identifier: '- ARN of the source DB cluster or DB instance if this DB cluster is created as a Read Replica.' + restore_to_point_in_time: '- (Optional) Nested attribute for point in time restore. More details below.' + restore_to_time: '- (Optional) Date and time in UTC format to restore the database cluster to. Conflicts with use_latest_restorable_time.' + restore_type: |- + - (Optional) Type of restore to be performed. + Valid options are full-copy (default) and copy-on-write. + scaling_configuration: '- (Optional) Nested attribute with scaling properties. Only valid when engine_mode is set to serverless. More details below.' + seconds_until_auto_pause: '- (Optional) The time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are 300 through 86400. Defaults to 300.' + skip_final_snapshot: '- (Optional) Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from final_snapshot_identifier. Default is false.' + snapshot_identifier: '- (Optional) Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.' + source_cluster_identifier: '- (Required) The identifier of the source database cluster from which to restore.' + source_engine: '- (Required) Source engine for the backup' + source_engine_version: '- (Required) Version of the source engine used to make the backup' + source_region: '- (Optional) The source region for an encrypted replica DB cluster.' + storage_encrypted: '- Specifies whether the DB cluster is encrypted' + tags: '- (Optional) A map of tags to assign to the DB cluster. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeout_action: '- (Optional) The action to take when the timeout is reached. Valid values: ForceApplyCapacityChange, RollbackCapacityChange. Defaults to RollbackCapacityChange. See documentation.' + update: '- (Default 120 minutes) Used for Cluster modifications' + use_latest_restorable_time: '- (Optional) Set to true to restore the database cluster to the latest restorable backup time. Defaults to false. Conflicts with restore_to_time.' + vpc_security_group_ids: '- (Optional) List of VPC security groups to associate with the Cluster' + aws_rds_cluster_endpoint: + subCategory: RDS + description: Manages an RDS Aurora Cluster Endpoint + name: aws_rds_cluster_endpoint + titleName: aws_rds_cluster_endpoint + examples: + - manifest: |- + { + "cluster_endpoint_identifier": "reader", + "cluster_identifier": "${aws_rds_cluster.default.id}", + "custom_endpoint_type": "READER", + "excluded_members": [ + "${aws_rds_cluster_instance.test1.id}", + "${aws_rds_cluster_instance.test2.id}" + ] + } + references: + cluster_identifier: aws_rds_cluster.id + - manifest: |- + { + "cluster_endpoint_identifier": "static", + "cluster_identifier": "${aws_rds_cluster.default.id}", + "custom_endpoint_type": "READER", + "static_members": [ + "${aws_rds_cluster_instance.test1.id}", + "${aws_rds_cluster_instance.test3.id}" + ] + } + references: + cluster_identifier: aws_rds_cluster.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of cluster' + cluster_endpoint_identifier: '- (Required, Forces new resources) The identifier to use for the new endpoint. This parameter is stored as a lowercase string.' + cluster_identifier: '- (Required, Forces new resources) The cluster identifier.' + custom_endpoint_type: '- (Required) The type of the endpoint. One of: READER , ANY .' + endpoint: '- A custom endpoint for the Aurora cluster' + excluded_members: '- (Optional) List of DB instance identifiers that aren''t part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty. Conflicts with static_members.' + id: '- The RDS Cluster Endpoint Identifier' + static_members: '- (Optional) List of DB instance identifiers that are part of the custom endpoint group. Conflicts with excluded_members.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_rds_cluster_instance: + subCategory: RDS + description: Provides an RDS Cluster Resource Instance + name: aws_rds_cluster_instance + titleName: aws_rds_cluster_instance + examples: + - manifest: |- + { + "cluster_identifier": "${aws_rds_cluster.default.id}", + "count": 2, + "engine": "${aws_rds_cluster.default.engine}", + "engine_version": "${aws_rds_cluster.default.engine_version}", + "identifier": "aurora-cluster-demo-${count.index}", + "instance_class": "db.r4.large" + } + references: + cluster_identifier: aws_rds_cluster.id + engine: aws_rds_cluster.engine + engine_version: aws_rds_cluster.engine_version + argumentDocs: + apply_immediately: |- + - (Optional) Specifies whether any database modifications + are applied immediately, or during the next maintenance window. Default isfalse. + arn: '- Amazon Resource Name (ARN) of cluster instance' + auto_minor_version_upgrade: '- (Optional) Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default true.' + availability_zone: '- The availability zone of the instance' + ca_cert_identifier: '- (Optional) The identifier of the CA certificate for the DB instance.' + cluster_identifier: '- The RDS Cluster Identifier' + copy_tags_to_snapshot: – (Optional, boolean) Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. Default false. + create: |- + - (Default 90 minutes) Used for Creating Instances, Replicas, and + restoring from Snapshots + db_parameter_group_name: '- (Optional) The name of the DB parameter group to associate with this instance.' + db_subnet_group_name: '- (Required if publicly_accessible = false, Optional otherwise, Forces new resource) A DB subnet group to associate with this DB instance. NOTE: This must match the db_subnet_group_name of the attached aws_rds_cluster.' + dbi_resource_id: '- The region-unique, immutable identifier for the DB instance.' + delete: |- + - (Default 90 minutes) Used for destroying databases. This includes + the time required to take snapshots + endpoint: '- The DNS address for this instance. May not be writable' + engine: '- The database engine' + engine_version: '- (Optional, Forces new resource) The database engine version. When managing the engine version in the cluster, it is recommended to add the lifecycle for this argument to prevent Terraform from proposing changes to the instance engine version directly.' + engine_version_actual: '- The database engine version' + id: '- The Instance identifier' + identifier: '- The Instance identifier' + identifier_prefix: '- (Optional, Forces new resource) Creates a unique identifier beginning with the specified prefix. Conflicts with identifier.' + ignore_changes: configuration + instance_class: |- + - (Required) The instance class to use. For details on CPU + and memory, see Scaling Aurora DB Instances. Aurora uses db.* instance classes/types. Please see AWS Documentation for currently available instance classes and complete details. + kms_key_id: '- The ARN for the KMS encryption key if one is set to the cluster.' + monitoring_interval: '- (Optional) The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.' + monitoring_role_arn: |- + - (Optional) The ARN for the IAM role that permits RDS to send + enhanced monitoring metrics to CloudWatch Logs. You can find more information on the AWS Documentation + what IAM permissions are needed to allow Enhanced Monitoring for RDS Instances. + performance_insights_enabled: '- Specifies whether Performance Insights is enabled or not.' + performance_insights_kms_key_id: '- The ARN for the KMS encryption key used by Performance Insights.' + port: '- The database port' + preferred_backup_window: |- + - (Optional) The daily time range during which automated backups are created if automated backups are enabled. + Eg: "04:00-09:00" + preferred_maintenance_window: |- + - (Optional) The window to perform maintenance in. + Syntax: "ddd:hh24:mi-ddd:hh24:mi". Eg: "Mon:00:00-Mon:03:00". + promotion_tier: '- (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoted to writer.' + publicly_accessible: |- + - (Optional) Bool to control if instance is publicly accessible. + Default false. See the documentation on Creating DB Instances for more + details on controlling this property. + storage_encrypted: '- Specifies whether the DB cluster is encrypted.' + tags: '- (Optional) A map of tags to assign to the instance. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 90 minutes) Used for Database modifications' + writer: – Boolean indicating if this instance is writable. False indicates this instance is a read replica. + aws_rds_cluster_parameter_group: + subCategory: RDS + description: Provides an RDS DB cluster parameter group resource. + name: aws_rds_cluster_parameter_group + titleName: aws_rds_cluster_parameter_group + examples: + - manifest: |- + { + "description": "RDS default cluster parameter group", + "family": "aurora5.6", + "name": "rds-cluster-pg", + "parameter": [ + { + "name": "character_set_server", + "value": "utf8" + }, + { + "name": "character_set_client", + "value": "utf8" + } + ] + } + argumentDocs: + apply_method: |- + - (Optional) "immediate" (default), or "pending-reboot". Some + engines can't apply some parameters without a reboot, and you will need to + specify "pending-reboot" here. + arn: '- The ARN of the db cluster parameter group.' + description: '- (Optional) The description of the DB cluster parameter group. Defaults to "Managed by Terraform".' + family: '- (Required) The family of the DB cluster parameter group.' + id: '- The db cluster parameter group name.' + name: '- (Required) The name of the DB parameter.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + parameter: '- (Optional) A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via aws rds describe-db-cluster-parameters after initial creation of the group.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the DB parameter.' + aws_rds_cluster_role_association: + subCategory: RDS + description: Manages a RDS DB Cluster association with an IAM Role. + name: aws_rds_cluster_role_association + titleName: aws_rds_cluster_role_association + examples: + - manifest: |- + { + "db_cluster_identifier": "${aws_rds_cluster.example.id}", + "feature_name": "S3_INTEGRATION", + "role_arn": "${aws_iam_role.example.id}" + } + references: + db_cluster_identifier: aws_rds_cluster.id + role_arn: aws_iam_role.id + argumentDocs: + db_cluster_identifier: '- (Required) DB Cluster Identifier to associate with the IAM Role.' + feature_name: '- (Required) Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the SupportedFeatureNames list returned by AWS CLI rds describe-db-engine-versions.' + id: '- DB Cluster Identifier and IAM Role ARN separated by a comma (,)' + role_arn: '- (Required) Amazon Resource Name (ARN) of the IAM Role to associate with the DB Cluster.' + aws_rds_global_cluster: + subCategory: RDS + description: Manages an RDS Global Cluster + name: aws_rds_global_cluster + titleName: aws_rds_global_cluster + examples: + - manifest: |- + { + "database_name": "example_db", + "engine": "aurora", + "engine_version": "5.6.mysql_aurora.1.22.2", + "global_cluster_identifier": "global-test" + } + - manifest: |- + { + "database_name": "example_db", + "engine": "aurora-postgresql", + "engine_version": "11.9", + "global_cluster_identifier": "global-test" + } + - manifest: |- + { + "force_destroy": true, + "global_cluster_identifier": "example", + "source_db_cluster_identifier": "${aws_rds_cluster.example.arn}" + } + references: + source_db_cluster_identifier: aws_rds_cluster.arn + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${source_db_cluster_identifier}" + ] + } + ] + } + argumentDocs: + arn: '- RDS Global Cluster Amazon Resource Name (ARN)' + aurora-mysql: ', an engine version compatible with global database is required. The earliest available version is 5.7.mysql_aurora.2.06.0.' + database_name: '- (Optional, Forces new resources) Name for an automatically created database on cluster creation.' + db_cluster_arn: '- Amazon Resource Name (ARN) of member DB Cluster' + deletion_protection: '- (Optional) If the Global Cluster should have deletion protection enabled. The database can''t be deleted when this value is set to true. The default is false.' + engine: '- (Optional, Forces new resources) Name of the database engine to be used for this DB cluster. Terraform will only perform drift detection if a configuration value is provided. Valid values: aurora, aurora-mysql, aurora-postgresql. Defaults to aurora. Conflicts with source_db_cluster_identifier.' + engine_version: '- (Optional) Engine version of the Aurora global database. Upgrading the engine version will result in all cluster members being immediately updated.' + force_destroy: '- (Optional) Enable to remove DB Cluster members from Global Cluster on destroy. Required with source_db_cluster_identifier.' + global_cluster_identifier: '- (Required, Forces new resources) The global cluster identifier.' + global_cluster_members: '- Set of objects containing Global Cluster members.' + global_cluster_resource_id: '- AWS Region-unique, immutable identifier for the global database cluster. This identifier is found in AWS CloudTrail log entries whenever the AWS KMS key for the DB cluster is accessed' + id: '- RDS Global Cluster identifier' + is_writer: '- Whether the member is the primary DB Cluster' + source_db_cluster_identifier: '- (Optional) Amazon Resource Name (ARN) to use as the primary DB Cluster of the Global Cluster on creation. Terraform cannot perform drift detection of this value.' + storage_encrypted: '- (Optional, Forces new resources) Specifies whether the DB cluster is encrypted. The default is false unless source_db_cluster_identifier is specified and encrypted. Terraform will only perform drift detection if a configuration value is provided.' + aws_redshift_cluster: + subCategory: Redshift + description: Provides a Redshift Cluster resource. + name: aws_redshift_cluster + titleName: aws_redshift_cluster + examples: + - manifest: |- + { + "cluster_identifier": "tf-redshift-cluster", + "cluster_type": "single-node", + "database_name": "mydb", + "master_password": "Mustbe8characters", + "master_username": "foo", + "node_type": "dc1.large" + } + argumentDocs: + allow_version_upgrade: '- (Optional) If true , major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default is true' + arn: '- Amazon Resource Name (ARN) of cluster' + automated_snapshot_retention_period: '- The backup retention period' + availability_zone: '- The availability zone of the Cluster' + bucket_name: |- + - (Optional, required when enable is true) The name of an existing S3 bucket where the log files are to be stored. Must be in the same region as the cluster and the cluster must have read bucket and put object permissions. + For more information on the permissions required for the bucket, please read the AWS documentation + cluster_identifier: '- The Cluster Identifier' + cluster_parameter_group_name: '- The name of the parameter group to be associated with this cluster' + cluster_public_key: '- The public key for the cluster' + cluster_revision_number: '- The specific revision number of the database in the cluster' + cluster_security_groups: '- The security groups associated with the cluster' + cluster_subnet_group_name: '- The name of a cluster subnet group to be associated with this cluster' + cluster_type: '- The cluster type' + cluster_version: '- The version of Redshift engine software' + create: '- (Default 75 minutes) Used for creating Clusters.' + database_name: '- The name of the default database in the Cluster' + delete: '- (Default 40 minutes) Used for destroying Clusters.' + destination_region: '- (Required) The destination region that you want to copy snapshots to.' + dns_name: '- The DNS name of the cluster' + elastic_ip: '- (Optional) The Elastic IP (EIP) address for the cluster.' + enable: '- (Required) Enables logging information such as queries and connection attempts, for the specified Amazon Redshift cluster.' + encrypted: '- Whether the data in the cluster is encrypted' + endpoint: '- The connection endpoint' + enhanced_vpc_routing: '- (Optional) If true , enhanced VPC routing is enabled.' + final_snapshot_identifier: '- (Optional) The identifier of the final snapshot that is to be created immediately before deleting the cluster. If this parameter is provided, skip_final_snapshot must be false.' + grant_name: '- (Optional) The name of the snapshot copy grant to use when snapshots of an AWS KMS-encrypted cluster are copied to the destination region.' + iam_roles: '- (Optional) A list of IAM Role ARNs to associate with the cluster. A Maximum of 10 can be associated to the cluster at any time.' + id: '- The Redshift Cluster ID.' + kms_key_id: '- (Optional) The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true.' + logging: '- (Optional) Logging, documented below.' + master_password: |- + - (Required unless a snapshot_identifier is provided) Password for the master DB user. + Note that this may show up in logs, and it will be stored in the state file. Password must contain at least 8 chars and + contain at least one uppercase letter, one lowercase letter, and one number. + master_username: '- (Required unless a snapshot_identifier is provided) Username for the master DB user.' + node_type: '- The type of nodes in the cluster' + number_of_nodes: '- (Optional) The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node. Default is 1.' + owner_account: '- (Optional) The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.' + port: '- The Port the cluster responds on' + preferred_maintenance_window: '- The backup window' + publicly_accessible: '- (Optional) If true, the cluster can be accessed from a public network. Default is true.' + retention_period: '- (Optional) The number of days to retain automated snapshots in the destination region after they are copied from the source region. Defaults to 7.' + s3_key_prefix: '- (Optional) The prefix applied to the log file names.' + skip_final_snapshot: '- (Optional) Determines whether a final snapshot of the cluster is created before Amazon Redshift deletes the cluster. If true , a final cluster snapshot is not created. If false , a final cluster snapshot is created before the cluster is deleted. Default is false.' + snapshot_cluster_identifier: '- (Optional) The name of the cluster the source snapshot was created from.' + snapshot_copy: '- (Optional) Configuration of automatic copy of snapshots from one region to another. Documented below.' + snapshot_identifier: '- (Optional) The name of the snapshot from which to create the new cluster.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 75 minutes) Used for updating Clusters.' + vpc_security_group_ids: '- The VPC security group Ids associated with the cluster' + aws_redshift_event_subscription: + subCategory: Redshift + description: Provides a Redshift event subscription resource. + name: aws_redshift_event_subscription + titleName: aws_redshift_event_subscription + examples: + - manifest: |- + { + "event_categories": [ + "configuration", + "management", + "monitoring", + "security" + ], + "name": "redshift-event-sub", + "severity": "INFO", + "sns_topic_arn": "${aws_sns_topic.default.arn}", + "source_ids": [ + "${aws_redshift_cluster.default.id}" + ], + "source_type": "cluster", + "tags": { + "Name": "default" + } + } + references: + sns_topic_arn: aws_sns_topic.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the Redshift event notification subscription' + customer_aws_id: '- The AWS customer account associated with the Redshift event notification subscription' + enabled: '- (Optional) A boolean flag to enable/disable the subscription. Defaults to true.' + event_categories: '- (Optional) A list of event categories for a SourceType that you want to subscribe to. See https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-event-notifications.html or run aws redshift describe-event-categories.' + id: '- The name of the Redshift event notification subscription' + name: '- (Required) The name of the Redshift event subscription.' + severity: '- (Optional) The event severity to be published by the notification subscription. Valid options are INFO or ERROR.' + sns_topic_arn: '- (Required) The ARN of the SNS topic to send events to.' + source_ids: '- (Optional) A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.' + source_type: '- (Optional) The type of source that will be generating the events. Valid options are cluster, cluster-parameter-group, cluster-security-group, or cluster-snapshot. If not set, all sources will be subscribed to.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_redshift_parameter_group: + subCategory: Redshift + description: Provides a Redshift Cluster parameter group resource. + name: aws_redshift_parameter_group + titleName: aws_redshift_parameter_group + examples: + - manifest: |- + { + "family": "redshift-1.0", + "name": "parameter-group-test-terraform", + "parameter": [ + { + "name": "require_ssl", + "value": "true" + }, + { + "name": "query_group", + "value": "example" + }, + { + "name": "enable_user_activity_logging", + "value": "true" + } + ] + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of parameter group' + description: '- (Optional) The description of the Redshift parameter group. Defaults to "Managed by Terraform".' + family: '- (Required) The family of the Redshift parameter group.' + id: '- The Redshift parameter group name.' + name: '- (Required) The name of the Redshift parameter.' + parameter: '- (Optional) A list of Redshift parameters to apply.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + value: '- (Required) The value of the Redshift parameter.' + aws_redshift_security_group: + subCategory: Redshift + description: Provides a Redshift security group resource. + name: aws_redshift_security_group + titleName: aws_redshift_security_group + examples: + - manifest: |- + { + "ingress": [ + { + "cidr": "10.0.0.0/24" + } + ], + "name": "redshift-sg" + } + argumentDocs: + cidr: '- The CIDR block to accept' + description: '- (Optional) The description of the Redshift security group. Defaults to "Managed by Terraform".' + id: '- The Redshift security group ID.' + ingress: '- (Optional) A list of ingress rules.' + name: '- (Required) The name of the Redshift security group.' + security_group_name: '- The name of the security group to authorize' + security_group_owner_id: |- + - The owner Id of the security group provided + by security_group_name. + aws_redshift_snapshot_copy_grant: + subCategory: Redshift + description: Creates a snapshot copy grant that allows AWS Redshift to encrypt copied snapshots with a customer master key from AWS KMS in a destination region. + name: aws_redshift_snapshot_copy_grant + titleName: aws_redshift_snapshot_copy_grant + examples: + - manifest: |- + { + "snapshot_copy_grant_name": "my-grant" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of snapshot copy grant' + kms_key_id: '- (Optional, Forces new resource) The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. If not specified, the default key is used.' + snapshot_copy_grant_name: '- (Required, Forces new resource) A friendly name for identifying the grant.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_redshift_snapshot_schedule: + subCategory: Redshift + description: Provides an Redshift Snapshot Schedule resource. + name: aws_redshift_snapshot_schedule + titleName: aws_redshift_snapshot_schedule + examples: + - manifest: |- + { + "definitions": [ + "rate(12 hours)" + ], + "identifier": "tf-redshift-snapshot-schedule" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the Redshift Snapshot Schedule.' + definitions: '- (Optional) The definition of the snapshot schedule. The definition is made up of schedule expressions, for example cron(30 12 *) or rate(12 hours).' + description: '- (Optional) The description of the snapshot schedule.' + force_destroy: '- (Optional) Whether to destroy all associated clusters with this snapshot schedule on deletion. Must be enabled and applied before attempting deletion.' + identifier: '- (Optional, Forces new resource) The snapshot schedule identifier. If omitted, Terraform will assign a random, unique identifier.' + identifier_prefix: |- + - (Optional, Forces new resource) Creates a unique + identifier beginning with the specified prefix. Conflicts with identifier. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_redshift_snapshot_schedule_association: + subCategory: Redshift + description: Provides an Association Redshift Cluster and Snapshot Schedule resource. + name: aws_redshift_snapshot_schedule_association + titleName: aws_redshift_snapshot_schedule_association + examples: + - manifest: |- + { + "cluster_identifier": "${aws_redshift_cluster.default.id}", + "schedule_identifier": "${aws_redshift_snapshot_schedule.default.id}" + } + references: + cluster_identifier: aws_redshift_cluster.id + schedule_identifier: aws_redshift_snapshot_schedule.id + argumentDocs: + cluster_identifier: '- (Required, Forces new resource) The cluster identifier.' + schedule_identifier: '- (Required, Forces new resource) The snapshot schedule identifier.' + aws_redshift_subnet_group: + subCategory: Redshift + description: Provides a Redshift Subnet Group resource. + name: aws_redshift_subnet_group + titleName: aws_redshift_subnet_group + examples: + - manifest: |- + { + "name": "foo", + "subnet_ids": [ + "${aws_subnet.foo.id}", + "${aws_subnet.bar.id}" + ], + "tags": { + "environment": "Production" + } + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the Redshift Subnet group name' + description: '- (Optional) The description of the Redshift Subnet group. Defaults to "Managed by Terraform".' + id: '- The Redshift Subnet group ID.' + name: '- (Required) The name of the Redshift Subnet group.' + subnet_ids: '- (Required) An array of VPC subnet IDs.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_resourcegroups_group: + subCategory: Resource Groups + description: Provides a Resource Group. + name: aws_resourcegroups_group + titleName: aws_resourcegroups_group + examples: + - manifest: |- + { + "name": "test-group", + "resource_query": [ + { + "query": "{\n \"ResourceTypeFilters\": [\n \"AWS::EC2::Instance\"\n ],\n \"TagFilters\": [\n {\n \"Key\": \"Stage\",\n \"Values\": [\"Test\"]\n }\n ]\n}\n" + } + ] + } + argumentDocs: + arn: '- The ARN assigned by AWS for this resource group.' + description: '- (Optional) A description of the resource group.' + name: '- (Required) The resource group''s name. A resource group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws.' + query: '- (Required) The resource query as a JSON string.' + resource_query: '- (Required) A resource_query block. Resource queries are documented below.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of the resource query. Defaults to TAG_FILTERS_1_0.' + aws_route: + subCategory: VPC + description: Provides a resource to create a routing entry in a VPC routing table. + name: aws_route + titleName: aws_route + examples: + - manifest: |- + { + "depends_on": [ + "${aws_route_table.testing}" + ], + "destination_cidr_block": "10.0.1.0/22", + "route_table_id": "rtb-4fbb3ac4", + "vpc_peering_connection_id": "pcx-45ff3dc1" + } + - manifest: |- + { + "destination_ipv6_cidr_block": "::/0", + "egress_only_gateway_id": "${aws_egress_only_internet_gateway.egress.id}", + "route_table_id": "rtb-4fbb3ac4" + } + references: + egress_only_gateway_id: aws_egress_only_internet_gateway.id + argumentDocs: + carrier_gateway_id: '- (Optional) Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.' + create: '- (Default 2 minutes) Used for route creation' + delete: '- (Default 5 minutes) Used for route deletion' + destination_cidr_block: '- (Optional) The destination CIDR block.' + destination_ipv6_cidr_block: '- (Optional) The destination IPv6 CIDR block.' + destination_prefix_list_id: '- (Optional) The ID of a managed prefix list destination.' + egress_only_gateway_id: '- (Optional) Identifier of a VPC Egress Only Internet Gateway.' + gateway_id: '- (Optional) Identifier of a VPC internet gateway or a virtual private gateway.' + id: '- Route identifier computed from the routing table identifier and route destination.' + instance_id: '- (Optional) Identifier of an EC2 instance.' + instance_owner_id: '- The AWS account ID of the owner of the EC2 instance.' + local_gateway_id: '- (Optional) Identifier of a Outpost local gateway.' + nat_gateway_id: '- (Optional) Identifier of a VPC NAT gateway.' + network_interface_id: '- (Optional) Identifier of an EC2 network interface.' + origin: '- How the route was created - CreateRouteTable, CreateRoute or EnableVgwRoutePropagation.' + route_table_id: '- (Required) The ID of the routing table.' + state: '- The state of the route - active or blackhole.' + transit_gateway_id: '- (Optional) Identifier of an EC2 Transit Gateway.' + vpc_endpoint_id: '- (Optional) Identifier of a VPC Endpoint.' + vpc_peering_connection_id: '- (Optional) Identifier of a VPC peering connection.' + aws_route_table: + subCategory: VPC + description: Provides a resource to create a VPC routing table. + name: aws_route_table + titleName: aws_route_table + examples: + - manifest: |- + { + "route": [ + { + "cidr_block": "10.0.1.0/24", + "gateway_id": "${aws_internet_gateway.example.id}" + }, + { + "egress_only_gateway_id": "${aws_egress_only_internet_gateway.example.id}", + "ipv6_cidr_block": "::/0" + } + ], + "tags": { + "Name": "example" + }, + "vpc_id": "${aws_vpc.example.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "route": [], + "tags": { + "Name": "example" + }, + "vpc_id": "${aws_vpc.example.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + arn: '- The ARN of the route table.' + carrier_gateway_id: '- (Optional) Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.' + cidr_block: '- (Required) The CIDR block of the route.' + destination_prefix_list_id: '- (Optional) The ID of a managed prefix list destination of the route.' + egress_only_gateway_id: '- (Optional) Identifier of a VPC Egress Only Internet Gateway.' + gateway_id: '- (Optional) Identifier of a VPC internet gateway or a virtual private gateway.' + id: '- The ID of the routing table.' + instance_id: '- (Optional) Identifier of an EC2 instance.' + ipv6_cidr_block: '- (Optional) The Ipv6 CIDR block of the route.' + local_gateway_id: '- (Optional) Identifier of a Outpost local gateway.' + nat_gateway_id: '- (Optional) Identifier of a VPC NAT gateway.' + network_interface_id: '- (Optional) Identifier of an EC2 network interface.' + owner_id: '- The ID of the AWS account that owns the route table.' + propagating_vgws: '- (Optional) A list of virtual gateways for propagation.' + route: |- + - (Optional) A list of route objects. Their keys are documented below. This argument is processed in attribute-as-blocks mode. + This means that omitting this argument is interpreted as ignoring any existing routes. To remove all managed routes an empty list should be specified. See the example above. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_id: '- (Optional) Identifier of an EC2 Transit Gateway.' + vpc_endpoint_id: '- (Optional) Identifier of a VPC Endpoint.' + vpc_id: '- (Required) The VPC ID.' + vpc_peering_connection_id: '- (Optional) Identifier of a VPC peering connection.' + aws_route_table_association: + subCategory: VPC + description: Provides a resource to create an association between a route table and a subnet or a route table and an internet gateway or virtual private gateway. + name: aws_route_table_association + titleName: aws_route_table_association + examples: + - manifest: |- + { + "route_table_id": "${aws_route_table.bar.id}", + "subnet_id": "${aws_subnet.foo.id}" + } + references: + route_table_id: aws_route_table.id + subnet_id: aws_subnet.id + - manifest: |- + { + "gateway_id": "${aws_internet_gateway.foo.id}", + "route_table_id": "${aws_route_table.bar.id}" + } + references: + gateway_id: aws_internet_gateway.id + route_table_id: aws_route_table.id + argumentDocs: + gateway_id: '- (Optional) The gateway ID to create an association. Conflicts with subnet_id.' + id: '- The ID of the association' + route_table_id: '- (Required) The ID of the routing table to associate with.' + subnet_id: '- (Optional) The subnet ID to create an association. Conflicts with gateway_id.' + aws_route53recoverycontrolconfig_cluster: + subCategory: Route53 Recovery Control Config + description: Provides an AWS Route 53 Recovery Control Config Cluster + name: aws_route53recoverycontrolconfig_cluster + titleName: aws_route53recoverycontrolconfig_cluster + examples: + - manifest: |- + { + "name": "georgefitzgerald" + } + argumentDocs: + arn: '- ARN of the cluster' + cluster_endpoints: '- List of 5 endpoints in 5 regions that can be used to talk to the cluster. See below.' + endpoint: '- Cluster endpoint.' + name: '- (Required) Unique name describing the cluster.' + region: '- Region of the endpoint.' + status: '- Status of cluster. PENDING when it is being created, PENDING_DELETION when it is being deleted and DEPLOYED otherwise.' + aws_route53recoverycontrolconfig_control_panel: + subCategory: Route53 Recovery Control Config + description: Provides an AWS Route 53 Recovery Control Config Control Panel + name: aws_route53recoverycontrolconfig_control_panel + titleName: aws_route53recoverycontrolconfig_control_panel + examples: + - manifest: |- + { + "cluster_arn": "arn:aws:route53-recovery-control::123456789012:cluster/8d47920e-d789-437d-803a-2dcc4b204393", + "name": "balmorhea" + } + argumentDocs: + arn: '- ARN of the control panel.' + cluster_arn: '- (Required) ARN of the cluster in which this control panel will reside.' + default_control_panel: '- Whether a control panel is default.' + name: '- (Required) Name describing the control panel.' + routing_control_count: '- Number routing controls in a control panel.' + status: '- Status of control panel: PENDING when it is being created/updated, PENDING_DELETION when it is being deleted, and DEPLOYED otherwise.' + aws_route53recoverycontrolconfig_routing_control: + subCategory: Route53 Recovery Control Config + description: Provides an AWS Route 53 Recovery Control Config Routing Control + name: aws_route53recoverycontrolconfig_routing_control + titleName: aws_route53recoverycontrolconfig_routing_control + examples: + - manifest: |- + { + "cluster_arn": "arn:aws:route53-recovery-control::881188118811:cluster/8d47920e-d789-437d-803a-2dcc4b204393", + "name": "tinlicker" + } + - manifest: |- + { + "cluster_arn": "arn:aws:route53-recovery-control::881188118811:cluster/8d47920e-d789-437d-803a-2dcc4b204393", + "control_panel_arn": "arn:aws:route53-recovery-control::428113431245:controlpanel/abd5fbfc052d4844a082dbf400f61da8", + "name": "thomasoliver" + } + argumentDocs: + arn: '- ARN of the routing control.' + cluster_arn: '- (Required) ARN of the cluster in which this routing control will reside.' + control_panel_arn: '- (Optional) ARN of the control panel in which this routing control will reside.' + name: '- (Required) The name describing the routing control.' + status: '- Status of routing control. PENDING when it is being created/updated, PENDING_DELETION when it is being deleted, and DEPLOYED otherwise.' + aws_route53recoverycontrolconfig_safety_rule: + subCategory: Route53 Recovery Control Config + description: Provides an AWS Route 53 Recovery Control Config Safety Rule + name: aws_route53recoverycontrolconfig_safety_rule + titleName: aws_route53recoverycontrolconfig_safety_rule + examples: + - manifest: |- + { + "asserted_controls": [ + "${aws_route53recoverycontrolconfig_routing_control.example.arn}" + ], + "control_panel_arn": "arn:aws:route53-recovery-control::313517334327:controlpanel/abd5fbfc052d4844a082dbf400f61da8", + "name": "daisyguttridge", + "rule_config": [ + { + "inverted": false, + "threshold": 1, + "type": "ATLEAST" + } + ], + "wait_period_ms": 5000 + } + - manifest: |- + { + "control_panel_arn": "arn:aws:route53-recovery-control::313517334327:controlpanel/abd5fbfc052d4844a082dbf400f61da8", + "gating_controls": [ + "${aws_route53recoverycontrolconfig_routing_control.example.arn}" + ], + "name": "i_o", + "rule_config": [ + { + "inverted": false, + "threshold": 1, + "type": "ATLEAST" + } + ], + "target_controls": [ + "${aws_route53recoverycontrolconfig_routing_control.example.arn}" + ], + "wait_period_ms": 5000 + } + argumentDocs: + arn: '- ARN of the safety rule.' + asserted_controls: '- (Optional) Routing controls that are part of transactions that are evaluated to determine if a request to change a routing control state is allowed.' + control_panel_arn: '- (Required) ARN of the control panel in which this safety rule will reside.' + gating_controls: '- (Optional) Gating controls for the new gating rule. That is, routing controls that are evaluated by the rule configuration that you specify.' + inverted: '- (Required) Logical negation of the rule.' + name: '- (Required) Name describing the safety rule.' + rule_config: '- (Required) Configuration block for safety rule criteria. See below.' + status: '- Status of the safety rule. PENDING when it is being created/updated, PENDING_DELETION when it is being deleted, and DEPLOYED otherwise.' + target_controls: '- (Optional) Routing controls that can only be set or unset if the specified rule_config evaluates to true for the specified gating_controls.' + threshold: '- (Required) Number of controls that must be set when you specify an ATLEAST type rule.' + type: '- (Required) Rule type. Valid values are ATLEAST, AND, and OR.' + wait_period_ms: '- (Required) Evaluation period, in milliseconds (ms), during which any request against the target routing controls will fail.' + aws_route53recoveryreadiness_cell: + subCategory: Route53 Recovery Readiness + description: Provides an AWS Route 53 Recovery Readiness Cell + name: aws_route53recoveryreadiness_cell + titleName: aws_route53recoveryreadiness_cell + examples: + - manifest: |- + { + "cell_name": "us-west-2-failover-cell" + } + argumentDocs: + arn: '- ARN of the cell' + cell_name: '- (Required) Unique name describing the cell.' + cells: '- (Optional) List of cell arns to add as nested fault domains within this cell.' + delete: '- (Default 5m) Used when deleting the Cell' + parent_readiness_scopes: '- List of readiness scopes (recovery groups or cells) that contain this cell.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_route53recoveryreadiness_readiness_check: + subCategory: Route53 Recovery Readiness + description: Provides an AWS Route 53 Recovery Readiness Readiness Check + name: aws_route53recoveryreadiness_readiness_check + titleName: aws_route53recoveryreadiness_readiness_check + examples: + - manifest: |- + { + "readiness_check_name": "${my-cw-alarm-check}", + "resource_set_name": "${my-cw-alarm-set}" + } + argumentDocs: + arn: '- ARN of the readiness_check' + delete: '- (Default 5m) Used when deleting the Readiness Check' + readiness_check_name: '- (Required) Unique name describing the readiness check.' + resource_set_name: '- (Required) Name describing the resource set that will be monitored for readiness.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_route53recoveryreadiness_recovery_group: + subCategory: Route53 Recovery Readiness + description: Provides an AWS Route 53 Recovery Readiness Recovery Group + name: aws_route53recoveryreadiness_recovery_group + titleName: aws_route53recoveryreadiness_recovery_group + examples: + - manifest: |- + { + "recovery_group_name": "my-high-availability-app" + } + argumentDocs: + arn: '- ARN of the recovery group' + cells: '- (Optional) List of cell arns to add as nested fault domains within this recovery group' + delete: '- (Default 5m) Used when deleting the Recovery Group' + recovery_group_name: '- (Required) A unique name describing the recovery group.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_route53recoveryreadiness_resource_set: + subCategory: Route53 Recovery Readiness + description: Provides an AWS Route 53 Recovery Readiness Resource Set + name: aws_route53recoveryreadiness_resource_set + titleName: aws_route53recoveryreadiness_resource_set + examples: + - manifest: |- + { + "resource_set_name": "${my-cw-alarm-set}", + "resource_set_type": "AWS::CloudWatch::Alarm", + "resources": [ + { + "resource_arn": "${aws_cloudwatch_metric_alarm.example.arn}" + } + ] + } + argumentDocs: + arn: '- ARN of the resource set' + delete: '- (Default 5m) Used when deleting the Resource Set' + dns_target_resource: '- (Required if resource_arn is not set) Component for DNS/Routing Control Readiness Checks.' + domain_name: '- (Optional) Domain name that is targeted.' + hosted_zone_arn: '- (Optional) Hosted Zone ARN that contains the DNS record with the provided name of target resource.' + nlb_resource: '- (Optional) NLB resource a DNS Target Resource points to. Required if r53_resource is not set.' + r53_resource: '- (Optional) Route53 resource a DNS Target Resource record points to.' + readiness_scopes: '- (Optional) Recovery group ARN or cell ARN that contains this resource set.' + record_set_id: '- (Optional) Resource record set ID that is targeted.' + record_type: '- (Optional) Type of DNS Record of target resource.' + resource_arn: '- (Required if dns_target_resource is not set) ARN of the resource.' + resource_set_name: '- (Required) Unique name describing the resource set.' + resource_set_type: '- (Required) Type of the resources in the resource set.' + resources: '- (Required) List of resources to add to this resource set. See below.' + resources.#.component_id: '- Unique identified for DNS Target Resources, use for readiness checks.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_resource: '- (Optional) Target resource the R53 record specified with the above params points to.' + aws_route53_delegation_set: + subCategory: Route53 + description: Provides a Route53 Delegation Set resource. + name: aws_route53_delegation_set + titleName: aws_route53_delegation_set + examples: + - manifest: |- + { + "reference_name": "DynDNS" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the Delegation Set.' + id: '- The delegation set ID' + name_servers: |- + - A list of authoritative name servers for the hosted zone + (effectively a list of NS records). + reference_name: |- + - (Optional) This is a reference name used in Caller Reference + (helpful for identifying single delegation set amongst others) + aws_route53_health_check: + subCategory: Route53 + description: Provides a Route53 health check. + name: aws_route53_health_check + titleName: aws_route53_health_check + examples: + - manifest: |- + { + "failure_threshold": "5", + "fqdn": "example.com", + "port": 80, + "request_interval": "30", + "resource_path": "/", + "tags": { + "Name": "tf-test-health-check" + }, + "type": "HTTP" + } + - manifest: |- + { + "failure_threshold": "5", + "fqdn": "example.com", + "port": 443, + "request_interval": "30", + "resource_path": "/", + "search_string": "example", + "type": "HTTPS_STR_MATCH" + } + - manifest: |- + { + "child_health_threshold": 1, + "child_healthchecks": [ + "${aws_route53_health_check.child.id}" + ], + "tags": { + "Name": "tf-test-calculated-health-check" + }, + "type": "CALCULATED" + } + - manifest: |- + { + "cloudwatch_alarm_name": "${aws_cloudwatch_metric_alarm.foobar.alarm_name}", + "cloudwatch_alarm_region": "us-west-2", + "insufficient_data_health_status": "Healthy", + "type": "CLOUDWATCH_METRIC" + } + references: + cloudwatch_alarm_name: aws_cloudwatch_metric_alarm.alarm_name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the Health Check.' + child_health_threshold: '- (Optional) The minimum number of child health checks that must be healthy for Route 53 to consider the parent health check to be healthy. Valid values are integers between 0 and 256, inclusive' + child_healthchecks: '- (Optional) For a specified parent health check, a list of HealthCheckId values for the associated child health checks.' + cloudwatch_alarm_name: '- (Optional) The name of the CloudWatch alarm.' + cloudwatch_alarm_region: '- (Optional) The CloudWatchRegion that the CloudWatch alarm was created in.' + disabled: '- (Optional) A boolean value that stops Route 53 from performing health checks. When set to true, Route 53 will do the following depending on the type of health check:' + enable_sni: '- (Optional) A boolean value that indicates whether Route53 should send the fqdn to the endpoint when performing the health check. This defaults to AWS'' defaults: when the type is "HTTPS" enable_sni defaults to true, when type is anything else enable_sni defaults to false.' + failure_threshold: '- (Required) The number of consecutive health checks that an endpoint must pass or fail.' + fqdn: '- (Optional) The fully qualified domain name of the endpoint to be checked.' + id: '- The id of the health check' + insufficient_data_health_status: '- (Optional) The status of the health check when CloudWatch has insufficient data about the state of associated alarm. Valid values are Healthy , Unhealthy and LastKnownStatus.' + invert_healthcheck: . + ip_address: '- (Optional) The IP address of the endpoint to be checked.' + measure_latency: '- (Optional) A Boolean value that indicates whether you want Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint and to display CloudWatch latency graphs in the Route 53 console.' + port: '- (Optional) The port of the endpoint to be checked.' + reference_name: |- + - (Optional) This is a reference name used in Caller Reference + (helpful for identifying single health_check set amongst others) + regions: '- (Optional) A list of AWS regions that you want Amazon Route 53 health checkers to check the specified endpoint from.' + request_interval: '- (Required) The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health-check request.' + resource_path: '- (Optional) The path that you want Amazon Route 53 to request when performing health checks.' + search_string: '- (Optional) String searched in the first 5120 bytes of the response body for check to be considered healthy. Only valid with HTTP_STR_MATCH and HTTPS_STR_MATCH.' + tags: '- (Optional) A map of tags to assign to the health check. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The protocol to use when performing health checks. Valid values are HTTP, HTTPS, HTTP_STR_MATCH, HTTPS_STR_MATCH, TCP, CALCULATED and CLOUDWATCH_METRIC.' + aws_route53_hosted_zone_dnssec: + subCategory: Route53 + description: Manages Route 53 Hosted Zone DNSSEC + name: aws_route53_hosted_zone_dnssec + titleName: aws_route53_hosted_zone_dnssec + examples: + - manifest: |- + { + "depends_on": [ + "${aws_route53_key_signing_key.example}" + ], + "hosted_zone_id": "${aws_route53_key_signing_key.example.hosted_zone_id}" + } + references: + hosted_zone_id: aws_route53_key_signing_key.hosted_zone_id + argumentDocs: + hosted_zone_id: '- (Required) Identifier of the Route 53 Hosted Zone.' + id: '- Route 53 Hosted Zone identifier.' + signing_status: '- (Optional) Hosted Zone signing status. Valid values: SIGNING, NOT_SIGNING. Defaults to SIGNING.' + aws_route53_key_signing_key: + subCategory: Route53 + description: Manages an Route 53 Key Signing Key + name: aws_route53_key_signing_key + titleName: aws_route53_key_signing_key + examples: + - manifest: |- + { + "hosted_zone_id": "${aws_route53_zone.test.id}", + "key_management_service_arn": "${aws_kms_key.test.arn}", + "name": "example" + } + references: + hosted_zone_id: aws_route53_zone.id + key_management_service_arn: aws_kms_key.arn + argumentDocs: + digest_algorithm_mnemonic: '- A string used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.3.' + digest_algorithm_type: '- An integer used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.3.' + digest_value: '- A cryptographic digest of a DNSKEY resource record (RR). DNSKEY records are used to publish the public key that resolvers can use to verify DNSSEC signatures that are used to secure certain kinds of information provided by the DNS system.' + dnskey_record: '- A string that represents a DNSKEY record.' + ds_record: '- A string that represents a delegation signer (DS) record.' + flag: '- An integer that specifies how the key is used. For key-signing key (KSK), this value is always 257.' + hosted_zone_id: '- (Required) Identifier of the Route 53 Hosted Zone.' + id: '- Route 53 Hosted Zone identifier and KMS Key identifier, separated by a comma (,).' + key_management_service_arn: '- (Required) Amazon Resource Name (ARN) of the Key Management Service (KMS) Key. This must be unique for each key-signing key (KSK) in a single hosted zone. This key must be in the us-east-1 Region and meet certain requirements, which are described in the Route 53 Developer Guide and Route 53 API Reference.' + key_tag: '- An integer used to identify the DNSSEC record for the domain name. The process used to calculate the value is described in RFC-4034 Appendix B.' + name: '- (Required) Name of the key-signing key (KSK). Must be unique for each key-singing key in the same hosted zone.' + public_key: '- The public key, represented as a Base64 encoding, as required by RFC-4034 Page 5.' + signing_algorithm_mnemonic: '- A string used to represent the signing algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.1.' + signing_algorithm_type: '- An integer used to represent the signing algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.1.' + status: '- (Optional) Status of the key-signing key (KSK). Valid values: ACTIVE, INACTIVE. Defaults to ACTIVE.' + aws_route53_query_log: + subCategory: Route53 + description: Provides a Route53 query logging configuration resource. + name: aws_route53_query_log + titleName: aws_route53_query_log + examples: + - manifest: |- + { + "cloudwatch_log_group_arn": "${aws_cloudwatch_log_group.aws_route53_example_com.arn}", + "depends_on": [ + "${aws_cloudwatch_log_resource_policy.route53-query-logging-policy}" + ], + "zone_id": "${aws_route53_zone.example_com.zone_id}" + } + references: + cloudwatch_log_group_arn: aws_cloudwatch_log_group.arn + zone_id: aws_route53_zone.zone_id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the Query Logging Config.' + cloudwatch_log_group_arn: '- (Required) CloudWatch log group ARN to send query logs.' + id: '- The query logging configuration ID' + zone_id: '- (Required) Route53 hosted zone ID to enable query logs.' + aws_route53_record: + subCategory: Route53 + description: Provides a Route53 record resource. + name: aws_route53_record + titleName: aws_route53_record + examples: + - manifest: |- + { + "name": "www.example.com", + "records": [ + "${aws_eip.lb.public_ip}" + ], + "ttl": "300", + "type": "A", + "zone_id": "${aws_route53_zone.primary.zone_id}" + } + references: + zone_id: aws_route53_zone.zone_id + - manifest: |- + { + "name": "www", + "records": [ + "dev.example.com" + ], + "set_identifier": "dev", + "ttl": "5", + "type": "CNAME", + "weighted_routing_policy": [ + { + "weight": 10 + } + ], + "zone_id": "${aws_route53_zone.primary.zone_id}" + } + references: + zone_id: aws_route53_zone.zone_id + - manifest: |- + { + "name": "www", + "records": [ + "live.example.com" + ], + "set_identifier": "live", + "ttl": "5", + "type": "CNAME", + "weighted_routing_policy": [ + { + "weight": 90 + } + ], + "zone_id": "${aws_route53_zone.primary.zone_id}" + } + references: + zone_id: aws_route53_zone.zone_id + - manifest: |- + { + "alias": [ + { + "evaluate_target_health": true, + "name": "${aws_elb.main.dns_name}", + "zone_id": "${aws_elb.main.zone_id}" + } + ], + "name": "example.com", + "type": "A", + "zone_id": "${aws_route53_zone.primary.zone_id}" + } + references: + zone_id: aws_route53_zone.zone_id + - manifest: |- + { + "allow_overwrite": true, + "name": "test.example.com", + "records": [ + "${aws_route53_zone.example.name_servers[0]}", + "${aws_route53_zone.example.name_servers[1]}", + "${aws_route53_zone.example.name_servers[2]}", + "${aws_route53_zone.example.name_servers[3]}" + ], + "ttl": 172800, + "type": "NS", + "zone_id": "${aws_route53_zone.example.zone_id}" + } + references: + zone_id: aws_route53_zone.zone_id + argumentDocs: + alias: |- + - (Optional) An alias block. Conflicts with ttl & records. + Alias record documented below. + allow_overwrite: '- (Optional) Allow creation of this record in Terraform to overwrite an existing record, if any. This does not affect the ability to update the record in Terraform and does not prevent other resources within Terraform or manual Route 53 changes outside Terraform from overwriting this record. false by default. This configuration is not recommended for most environments.' + continent: '- A two-letter continent code. See http://docs.aws.amazon.com/Route53/latest/APIReference/API_GetGeoLocation.html for code details. Either continent or country must be specified.' + country: '- A two-character country code or * to indicate a default resource record set.' + evaluate_target_health: '- (Required) Set to true if you want Route 53 to determine whether to respond to DNS queries using this resource record set by checking the health of the resource record set. Some resources have special requirements, see related part of documentation.' + failover_routing_policy: '- (Optional) A block indicating the routing behavior when associated health check fails. Conflicts with any other routing policy. Documented below.' + fqdn: '- FQDN built using the zone domain and name.' + geolocation_routing_policy: '- (Optional) A block indicating a routing policy based on the geolocation of the requestor. Conflicts with any other routing policy. Documented below.' + health_check_id: '- (Optional) The health check the record should be associated with.' + latency_routing_policy: '- (Optional) A block indicating a routing policy based on the latency between the requestor and an AWS region. Conflicts with any other routing policy. Documented below.' + multivalue_answer_routing_policy: '- (Optional) Set to true to indicate a multivalue answer routing policy. Conflicts with any other routing policy.' + name: '- The name of the record.' + records: '- (Required for non-alias records) A string list of records. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \"\" inside the Terraform configuration string (e.g. "first255characters\"\"morecharacters").' + region: '- (Required) An AWS region from which to measure latency. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency' + set_identifier: '- (Optional) Unique identifier to differentiate records with routing policies from one another. Required if using failover, geolocation, latency, or weighted routing policies documented below.' + subdivision: '- (Optional) A subdivision code for a country.' + ttl: '- (Required for non-alias records) The TTL of the record.' + type: '- (Required) PRIMARY or SECONDARY. A PRIMARY record will be served if its healthcheck is passing, otherwise the SECONDARY will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets' + weight: '- (Required) A numeric value indicating the relative weight of the record. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-weighted.' + weighted_routing_policy: '- (Optional) A block indicating a weighted routing policy. Conflicts with any other routing policy. Documented below.' + zone_id: '- (Required) Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See resource_elb.zone_id for example.' + aws_route53_resolver_dnssec_config: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver DNSSEC config resource. + name: aws_route53_resolver_dnssec_config + titleName: aws_route53_resolver_dnssec_config + examples: + - manifest: |- + { + "resource_id": "${aws_vpc.example.id}" + } + references: + resource_id: aws_vpc.id + argumentDocs: + arn: '- The ARN for a configuration for DNSSEC validation.' + id: '- The ID for a configuration for DNSSEC validation.' + owner_id: '- The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.' + resource_id: '- (Required) The ID of the virtual private cloud (VPC) that you''re updating the DNSSEC validation status for.' + validation_status: '- The validation status for a DNSSEC configuration. The status can be one of the following: ENABLING, ENABLED, DISABLING and DISABLED.' + aws_route53_resolver_endpoint: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver endpoint resource. + name: aws_route53_resolver_endpoint + titleName: aws_route53_resolver_endpoint + examples: + - manifest: |- + { + "direction": "INBOUND", + "ip_address": [ + { + "subnet_id": "${aws_subnet.sn1.id}" + }, + { + "ip": "10.0.64.4", + "subnet_id": "${aws_subnet.sn2.id}" + } + ], + "name": "foo", + "security_group_ids": [ + "${aws_security_group.sg1.id}", + "${aws_security_group.sg2.id}" + ], + "tags": { + "Environment": "Prod" + } + } + argumentDocs: + arn: '- The ARN of the Route 53 Resolver endpoint.' + create: '- (Default 10 minutes) Used for creating Route 53 Resolver endpoint' + delete: '- (Default 10 minutes) Used for destroying Route 53 Resolver endpoint' + direction: |- + - (Required) The direction of DNS queries to or from the Route 53 Resolver endpoint. + Valid values are INBOUND (resolver forwards DNS queries to the DNS service for a VPC from your network or another VPC) + or OUTBOUND (resolver forwards DNS queries from the DNS service for a VPC to your network or another VPC). + host_vpc_id: '- The ID of the VPC that you want to create the resolver endpoint in.' + id: '- The ID of the Route 53 Resolver endpoint.' + ip: '- (Optional) The IP address in the subnet that you want to use for DNS queries.' + ip_address: |- + - (Required) The subnets and IP addresses in your VPC that you want DNS queries to pass through on the way from your VPCs + to your network (for outbound endpoints) or on the way from your network to your VPCs (for inbound endpoints). Described below. + name: '- (Optional) The friendly name of the Route 53 Resolver endpoint.' + security_group_ids: '- (Required) The ID of one or more security groups that you want to use to control access to this VPC.' + subnet_id: '- (Required) The ID of the subnet that contains the IP address.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10 minutes) Used for updating Route 53 Resolver endpoint' + aws_route53_resolver_firewall_config: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver DNS Firewall config resource. + name: aws_route53_resolver_firewall_config + titleName: aws_route53_resolver_firewall_config + examples: + - manifest: |- + { + "firewall_fail_open": "ENABLED", + "resource_id": "${aws_vpc.example.id}" + } + references: + resource_id: aws_vpc.id + argumentDocs: + firewall_fail_open: '- (Required) Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values: ENABLED, DISABLED.' + id: '- The ID of the firewall configuration.' + owner_id: '- The AWS account ID of the owner of the VPC that this firewall configuration applies to.' + resource_id: '- (Required) The ID of the VPC that the configuration is for.' + aws_route53_resolver_firewall_domain_list: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver DNS Firewall domain list resource. + name: aws_route53_resolver_firewall_domain_list + titleName: aws_route53_resolver_firewall_domain_list + examples: + - manifest: |- + { + "name": "example" + } + argumentDocs: + arn: '- The ARN (Amazon Resource Name) of the domain list.' + domains: '- (Optional) A array of domains for the firewall domain list.' + id: '- The ID of the domain list.' + name: '- (Required) A name that lets you identify the domain list, to manage and use it.' + tags: '- (Optional) A map of tags to assign to the resource. f configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_route53_resolver_firewall_rule: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver DNS Firewall rule resource. + name: aws_route53_resolver_firewall_rule + titleName: aws_route53_resolver_firewall_rule + examples: + - manifest: |- + { + "action": "BLOCK", + "block_override_dns_type": "CNAME", + "block_override_domain": "example.com", + "block_override_ttl": 1, + "block_response": "OVERRIDE", + "firewall_domain_list_id": "${aws_route53_resolver_firewall_domain_list.example.id}", + "firewall_rule_group_id": "${aws_route53_resolver_firewall_rule_group.example.id}", + "name": "example", + "priority": 100 + } + references: + firewall_domain_list_id: aws_route53_resolver_firewall_domain_list.id + firewall_rule_group_id: aws_route53_resolver_firewall_rule_group.id + argumentDocs: + action: '- (Required) The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule''s domain list. Valid values: ALLOW, BLOCK, ALERT.' + block_override_dns_type: '- (Required if block_response is OVERRIDE) The DNS record''s type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: CNAME.' + block_override_domain: '- (Required if block_response is OVERRIDE) The custom DNS record to send back in response to the query.' + block_override_ttl: '- (Required if block_response is OVERRIDE) The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.' + block_response: '- (Required if action is BLOCK) The way that you want DNS Firewall to block the request. Valid values: NODATA, NXDOMAIN, OVERRIDE.' + firewall_domain_list_id: '- (Required) The ID of the domain list that you want to use in the rule.' + firewall_rule_group_id: '- (Required) The unique identifier of the firewall rule group where you want to create the rule.' + id: '- The ID of the rule.' + name: '- (Required) A name that lets you identify the rule, to manage and use it.' + priority: '- (Required) The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.' + aws_route53_resolver_firewall_rule_group: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver DNS Firewall rule group resource. + name: aws_route53_resolver_firewall_rule_group + titleName: aws_route53_resolver_firewall_rule_group + examples: + - manifest: |- + { + "name": "example" + } + argumentDocs: + arn: '- The ARN (Amazon Resource Name) of the rule group.' + id: '- The ID of the rule group.' + name: '- (Required) A name that lets you identify the rule group, to manage and use it.' + owner_id: '- The AWS account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.' + share_status: '- Whether the rule group is shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Valid values: NOT_SHARED, SHARED_BY_ME, SHARED_WITH_ME' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_route53_resolver_firewall_rule_group_association: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver DNS Firewall rule group association resource. + name: aws_route53_resolver_firewall_rule_group_association + titleName: aws_route53_resolver_firewall_rule_group_association + examples: + - manifest: |- + { + "firewall_rule_group_id": "${aws_route53_resolver_firewall_rule_group.example.id}", + "name": "example", + "priority": 100, + "vpc_id": "${aws_vpc.example.id}" + } + references: + firewall_rule_group_id: aws_route53_resolver_firewall_rule_group.id + vpc_id: aws_vpc.id + argumentDocs: + arn: '- The ARN (Amazon Resource Name) of the firewall rule group association.' + firewall_rule_group_id: '- (Required) The unique identifier of the firewall rule group.' + id: '- The identifier for the association.' + mutation_protection: '- (Optional) If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. Valid values: ENABLED, DISABLED.' + name: '- (Required) A name that lets you identify the rule group association, to manage and use it.' + priority: '- (Required) The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Required) The unique identifier of the VPC that you want to associate with the rule group.' + aws_route53_resolver_query_log_config: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver query logging configuration resource. + name: aws_route53_resolver_query_log_config + titleName: aws_route53_resolver_query_log_config + examples: + - manifest: |- + { + "destination_arn": "${aws_s3_bucket.example.arn}", + "name": "example", + "tags": { + "Environment": "Prod" + } + } + references: + destination_arn: aws_s3_bucket.arn + argumentDocs: + arn: '- The ARN (Amazon Resource Name) of the Route 53 Resolver query logging configuration.' + destination_arn: |- + - (Required) The ARN of the resource that you want Route 53 Resolver to send query logs. + You can send query logs to an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream. + id: '- The ID of the Route 53 Resolver query logging configuration.' + name: '- (Required) The name of the Route 53 Resolver query logging configuration.' + owner_id: '- The AWS account ID of the account that created the query logging configuration.' + share_status: |- + - An indication of whether the query logging configuration is shared with other AWS accounts, or was shared with the current account by another AWS account. + Sharing is configured through AWS Resource Access Manager (AWS RAM). + Values are NOT_SHARED, SHARED_BY_ME or SHARED_WITH_ME + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_route53_resolver_query_log_config_association: + subCategory: Route53 Resolver + description: Provides a Route 53 Resolver query logging configuration association resource. + name: aws_route53_resolver_query_log_config_association + titleName: aws_route53_resolver_query_log_config_association + examples: + - manifest: |- + { + "resolver_query_log_config_id": "${aws_route53_resolver_query_log_config.example.id}", + "resource_id": "${aws_vpc.example.id}" + } + references: + resolver_query_log_config_id: aws_route53_resolver_query_log_config.id + resource_id: aws_vpc.id + argumentDocs: + id: -The ID of the Route 53 Resolver query logging configuration association. + resolver_query_log_config_id: '- (Required) The ID of the Route 53 Resolver query logging configuration that you want to associate a VPC with.' + resource_id: '- (Required) The ID of a VPC that you want this query logging configuration to log queries for.' + aws_route53_resolver_rule: + subCategory: Route53 Resolver + description: Provides a Route53 Resolver rule. + name: aws_route53_resolver_rule + titleName: aws_route53_resolver_rule + examples: + - manifest: |- + { + "domain_name": "subdomain.example.com", + "rule_type": "SYSTEM" + } + - manifest: |- + { + "domain_name": "example.com", + "name": "example", + "resolver_endpoint_id": "${aws_route53_resolver_endpoint.foo.id}", + "rule_type": "FORWARD", + "tags": { + "Environment": "Prod" + }, + "target_ip": [ + { + "ip": "123.45.67.89" + } + ] + } + references: + resolver_endpoint_id: aws_route53_resolver_endpoint.id + argumentDocs: + arn: '- The ARN (Amazon Resource Name) for the resolver rule.' + domain_name: '- (Required) DNS queries for this domain name are forwarded to the IP addresses that are specified using target_ip.' + id: '- The ID of the resolver rule.' + ip: '- (Required) One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses.' + name: '- (Optional) A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.' + owner_id: '- When a rule is shared with another AWS account, the account ID of the account that the rule is shared with.' + port: '- (Optional) The port at ip that you want to forward DNS queries to. Default value is 53' + resolver_endpoint_id: |- + (Optional) The ID of the outbound resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify using target_ip. + This argument should only be specified for FORWARD type rules. + rule_type: '- (Required) The rule type. Valid values are FORWARD, SYSTEM and RECURSIVE.' + share_status: |- + - Whether the rules is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account. + Values are NOT_SHARED, SHARED_BY_ME or SHARED_WITH_ME + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_ip: |- + - (Optional) Configuration block(s) indicating the IPs that you want Resolver to forward DNS queries to (documented below). + This argument should only be specified for FORWARD type rules. + aws_route53_resolver_rule_association: + subCategory: Route53 Resolver + description: Provides a Route53 Resolver rule association. + name: aws_route53_resolver_rule_association + titleName: aws_route53_resolver_rule_association + examples: + - manifest: |- + { + "resolver_rule_id": "${aws_route53_resolver_rule.sys.id}", + "vpc_id": "${aws_vpc.foo.id}" + } + references: + resolver_rule_id: aws_route53_resolver_rule.id + vpc_id: aws_vpc.id + argumentDocs: + id: '- The ID of the resolver rule association.' + name: '- (Optional) A name for the association that you''re creating between a resolver rule and a VPC.' + resolver_rule_id: '- (Required) The ID of the resolver rule that you want to associate with the VPC.' + vpc_id: '- (Required) The ID of the VPC that you want to associate the resolver rule with.' + aws_route53_vpc_association_authorization: + subCategory: Route53 + description: Authorizes a VPC in a different account to be associated with a local Route53 Hosted Zone + name: aws_route53_vpc_association_authorization + titleName: aws_route53_vpc_association_authorization + examples: + - manifest: |- + { + "vpc_id": "${aws_vpc.alternate.id}", + "zone_id": "${aws_route53_zone.example.id}" + } + references: + vpc_id: aws_vpc.id + zone_id: aws_route53_zone.id + argumentDocs: + id: '- The calculated unique identifier for the association.' + vpc_id: '- (Required) The VPC to authorize for association with the private hosted zone.' + vpc_region: '- (Optional) The VPC''s region. Defaults to the region of the AWS provider.' + zone_id: '- (Required) The ID of the private hosted zone that you want to authorize associating a VPC with.' + aws_route53_zone: + subCategory: Route53 + description: Manages a Route53 Hosted Zone + name: aws_route53_zone + titleName: aws_route53_zone + examples: + - manifest: |- + { + "name": "example.com" + } + - manifest: |- + { + "name": "example.com" + } + - manifest: |- + { + "name": "dev.example.com", + "tags": { + "Environment": "dev" + } + } + - manifest: |- + { + "name": "example.com", + "vpc": [ + { + "vpc_id": "${aws_vpc.example.id}" + } + ] + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the Hosted Zone.' + comment: '- (Optional) A comment for the hosted zone. Defaults to ''Managed by Terraform''.' + delegation_set_id: '- (Optional) The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with vpc as delegation sets can only be used for public zones.' + force_destroy: '- (Optional) Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone.' + name: '- (Required) This is the name of the hosted zone.' + name_servers: |- + - A list of name servers in associated (or default) delegation set. + Find more about delegation sets in AWS docs. + tags: '- (Optional) A map of tags to assign to the zone. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc: '- (Optional) Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the delegation_set_id argument in this resource and any aws_route53_zone_association resource specifying the same zone ID. Detailed below.' + vpc_id: '- (Required) ID of the VPC to associate.' + vpc_region: '- (Optional) Region of the VPC to associate. Defaults to AWS provider region.' + zone_id: '- The Hosted Zone ID. This can be referenced by zone records.' + aws_route53_zone_association: + subCategory: Route53 + description: Manages a Route53 Hosted Zone VPC association + name: aws_route53_zone_association + titleName: aws_route53_zone_association + examples: + - manifest: |- + { + "vpc_id": "${aws_vpc.secondary.id}", + "zone_id": "${aws_route53_zone.example.zone_id}" + } + references: + vpc_id: aws_vpc.id + zone_id: aws_route53_zone.zone_id + argumentDocs: + id: '- The calculated unique identifier for the association.' + owning_account: '- The account ID of the account that created the hosted zone.' + vpc_id: '- (Required) The VPC to associate with the private hosted zone.' + vpc_region: '- (Optional) The VPC''s region. Defaults to the region of the AWS provider.' + zone_id: '- (Required) The private hosted zone to associate.' + aws_s3control_bucket: + subCategory: S3 Control + description: Manages an S3 Control Bucket. + name: aws_s3control_bucket + titleName: aws_s3control_bucket + examples: + - manifest: |- + { + "bucket": "example", + "outpost_id": "${data.aws_outposts_outpost.example.id}" + } + references: + outpost_id: data.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the bucket.' + bucket: '- (Required) Name of the bucket.' + creation_date: '- UTC creation date in RFC3339 format.' + id: '- Amazon Resource Name (ARN) of the bucket.' + outpost_id: '- (Required) Identifier of the Outpost to contain this bucket.' + public_access_block_enabled: '- Boolean whether Public Access Block is enabled.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_s3control_bucket_lifecycle_configuration: + subCategory: S3 Control + description: Manages an S3 Control Bucket Lifecycle Configuration. + name: aws_s3control_bucket_lifecycle_configuration + titleName: aws_s3control_bucket_lifecycle_configuration + examples: + - manifest: |- + { + "bucket": "${aws_s3control_bucket.example.arn}", + "rule": [ + { + "expiration": [ + { + "days": 365 + } + ], + "filter": [ + { + "prefix": "logs/" + } + ], + "id": "logs" + }, + { + "expiration": [ + { + "days": 7 + } + ], + "filter": [ + { + "prefix": "temp/" + } + ], + "id": "temp" + } + ] + } + references: + bucket: aws_s3control_bucket.arn + argumentDocs: + abort_incomplete_multipart_upload: '- (Optional) Configuration block containing settings for abort incomplete multipart upload.' + bucket: '- (Required) Amazon Resource Name (ARN) of the bucket.' + date: '- (Optional) Date the object is to be deleted. Should be in YYYY-MM-DD date format, e.g. 2020-09-30.' + days: '- (Optional) Number of days before the object is to be deleted.' + days_after_initiation: '- (Required) Number of days after which Amazon S3 aborts an incomplete multipart upload.' + expiration: '- (Optional) Configuration block containing settings for expiration of objects.' + expired_object_delete_marker: '- (Optional) Enable to remove a delete marker with no noncurrent versions. Cannot be specified with date or days.' + filter: '- (Optional) Configuration block containing settings for filtering.' + id: '- Amazon Resource Name (ARN) of the bucket.' + prefix: '- (Optional) Object prefix for rule filtering.' + rule: '- (Required) Configuration block(s) containing lifecycle rules for the bucket.' + status: '- (Optional) Status of the rule. Valid values: Enabled and Disabled. Defaults to Enabled.' + tags: '- (Optional) Key-value map of object tags for rule filtering.' + aws_s3control_bucket_policy: + subCategory: S3 Control + description: Manages an S3 Control Bucket Policy. + name: aws_s3control_bucket_policy + titleName: aws_s3control_bucket_policy + examples: + - manifest: |- + { + "bucket": "${aws_s3control_bucket.example.arn}", + "policy": "${jsonencode({\n Id = \"testBucketPolicy\"\n Statement = [\n {\n Action = \"s3-outposts:PutBucketLifecycleConfiguration\"\n Effect = \"Deny\"\n Principal = {\n AWS = \"*\"\n }\n Resource = aws_s3control_bucket.example.arn\n Sid = \"statement1\"\n }\n ]\n Version = \"2012-10-17\"\n })}" + } + references: + bucket: aws_s3control_bucket.arn + argumentDocs: + bucket: '- (Required) Amazon Resource Name (ARN) of the bucket.' + id: '- Amazon Resource Name (ARN) of the bucket.' + policy: '- (Required) JSON string of the resource policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + aws_s3outposts_endpoint: + subCategory: S3 Outposts + description: Manages an S3 Outposts Endpoint. + name: aws_s3outposts_endpoint + titleName: aws_s3outposts_endpoint + examples: + - manifest: |- + { + "outpost_id": "${data.aws_outposts_outpost.example.id}", + "security_group_id": "${aws_security_group.example.id}", + "subnet_id": "${aws_subnet.example.id}" + } + references: + outpost_id: data.id + security_group_id: aws_security_group.id + subnet_id: aws_subnet.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the endpoint.' + cidr_block: '- VPC CIDR block of the endpoint.' + creation_time: '- UTC creation time in RFC3339 format.' + id: '- Amazon Resource Name (ARN) of the endpoint.' + network_interface_id: '- Identifier of the Elastic Network Interface (ENI).' + network_interfaces: '- Set of nested attributes for associated Elastic Network Interfaces (ENIs).' + outpost_id: '- (Required) Identifier of the Outpost to contain this endpoint.' + security_group_id: '- (Required) Identifier of the EC2 Security Group.' + subnet_id: '- (Required) Identifier of the EC2 Subnet.' + aws_s3_access_point: + subCategory: S3 + description: Manages an S3 Access Point. + name: aws_s3_access_point + titleName: aws_s3_access_point + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.example.id}", + "name": "example" + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3control_bucket.example.arn}", + "name": "example", + "vpc_configuration": [ + { + "vpc_id": "${aws_vpc.example.id}" + } + ] + } + references: + bucket: aws_s3control_bucket.arn + argumentDocs: + account_id: '- (Optional) The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the Terraform AWS provider.' + arn: '- Amazon Resource Name (ARN) of the S3 Access Point.' + block_public_acls: '- (Optional) Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:' + block_public_policy: '- (Optional) Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:' + bucket: '- (Required) The name of an AWS Partition S3 Bucket or the Amazon Resource Name (ARN) of S3 on Outposts Bucket that you want to associate this access point with.' + domain_name: |- + - The DNS domain name of the S3 Access Point in the format name-account_id.s3-accesspoint.region.amazonaws.com. + Note: S3 access points only support secure access by HTTPS. HTTP isn't supported. + has_public_access_policy: '- Indicates whether this access point currently has a policy that allows public access.' + id: '- For Access Point of an AWS Partition S3 Bucket, the AWS account ID and access point name separated by a colon (:). For S3 on Outposts Bucket, the Amazon Resource Name (ARN) of the Access Point.' + ignore_public_acls: '- (Optional) Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to true. Enabling this setting does not affect the persistence of any existing ACLs and doesn''t prevent new public ACLs from being set. When set to true causes Amazon S3 to:' + name: '- (Required) The name you want to assign to this access point.' + network_origin: '- Indicates whether this access point allows access from the public Internet. Values are VPC (the access point doesn''t allow access from the public Internet) and Internet (the access point allows access from the public Internet, subject to the access point and bucket access policies).' + policy: '- (Optional) A valid JSON document that specifies the policy that you want to apply to this access point.' + public_access_block_configuration: '- (Optional) Configuration block to manage the PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.' + restrict_public_buckets: '- (Optional) Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to true. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:' + vpc_configuration: '- (Optional) Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.' + vpc_id: '- (Required) This access point will only allow connections from the specified VPC ID.' + aws_s3_account_public_access_block: + subCategory: S3 + description: Manages S3 account-level Public Access Block Configuration + name: aws_s3_account_public_access_block + titleName: aws_s3_account_public_access_block + examples: + - manifest: |- + { + "block_public_acls": true, + "block_public_policy": true + } + argumentDocs: + account_id: '- (Optional) AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.' + block_public_acls: '- (Optional) Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:' + block_public_policy: '- (Optional) Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect existing bucket policies. When set to true causes Amazon S3 to:' + id: '- AWS account ID' + ignore_public_acls: '- (Optional) Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn''t prevent new public ACLs from being set. When set to true causes Amazon S3 to:' + restrict_public_buckets: '- (Optional) Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:' + aws_s3_bucket: + subCategory: S3 + description: Provides a S3 bucket resource. + name: aws_s3_bucket + titleName: aws_s3_bucket + examples: + - manifest: |- + { + "acl": "private", + "bucket": "my-tf-test-bucket", + "tags": { + "Environment": "Dev", + "Name": "My bucket" + } + } + - manifest: |- + { + "acl": "public-read", + "bucket": "s3-website-test.hashicorp.com", + "policy": "${file(\"policy.json\")}", + "website": [ + { + "error_document": "error.html", + "index_document": "index.html", + "routing_rules": "[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n" + } + ] + } + - manifest: |- + { + "acl": "public-read", + "bucket": "s3-website-test.hashicorp.com", + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "PUT", + "POST" + ], + "allowed_origins": [ + "https://s3-website-test.hashicorp.com" + ], + "expose_headers": [ + "ETag" + ], + "max_age_seconds": 3000 + } + ] + } + - manifest: |- + { + "acl": "private", + "bucket": "my-tf-test-bucket", + "versioning": [ + { + "enabled": true + } + ] + } + - manifest: |- + { + "acl": "log-delivery-write", + "bucket": "my-tf-log-bucket" + } + - manifest: |- + { + "acl": "private", + "bucket": "my-tf-test-bucket", + "logging": [ + { + "target_bucket": "${aws_s3_bucket.log_bucket.id}", + "target_prefix": "log/" + } + ] + } + - manifest: |- + { + "acl": "private", + "bucket": "my-bucket", + "lifecycle_rule": [ + { + "enabled": true, + "expiration": [ + { + "days": 90 + } + ], + "id": "log", + "prefix": "log/", + "tags": { + "autoclean": "true", + "rule": "log" + }, + "transition": [ + { + "days": 30, + "storage_class": "STANDARD_IA" + }, + { + "days": 60, + "storage_class": "GLACIER" + } + ] + }, + { + "enabled": true, + "expiration": [ + { + "date": "2016-01-12" + } + ], + "id": "tmp", + "prefix": "tmp/" + } + ] + } + - manifest: |- + { + "acl": "private", + "bucket": "my-versioning-bucket", + "lifecycle_rule": [ + { + "enabled": true, + "noncurrent_version_expiration": [ + { + "days": 90 + } + ], + "noncurrent_version_transition": [ + { + "days": 30, + "storage_class": "STANDARD_IA" + }, + { + "days": 60, + "storage_class": "GLACIER" + } + ], + "prefix": "config/" + } + ], + "versioning": [ + { + "enabled": true + } + ] + } + - manifest: |- + { + "bucket": "tf-test-bucket-destination-12345", + "versioning": [ + { + "enabled": true + } + ] + } + - manifest: |- + { + "acl": "private", + "bucket": "tf-test-bucket-source-12345", + "provider": "${aws.central}", + "replication_configuration": [ + { + "role": "${aws_iam_role.replication.arn}", + "rules": [ + { + "destination": [ + { + "bucket": "${aws_s3_bucket.destination.arn}", + "storage_class": "STANDARD" + } + ], + "id": "foobar", + "prefix": "foo", + "status": "Enabled" + } + ] + } + ], + "versioning": [ + { + "enabled": true + } + ] + } + references: + provider: aws.central + - manifest: |- + { + "bucket": "mybucket", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "${aws_kms_key.mykey.arn}", + "sse_algorithm": "aws:kms" + } + ] + } + ] + } + ] + } + - manifest: |- + { + "bucket": "mybucket", + "grant": [ + { + "id": "${data.aws_canonical_user_id.current_user.id}", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser" + }, + { + "permissions": [ + "READ_ACP", + "WRITE" + ], + "type": "Group", + "uri": "http://acs.amazonaws.com/groups/s3/LogDelivery" + } + ] + } + argumentDocs: + abort_incomplete_multipart_upload_days: (Optional) Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. + acceleration_status: '- (Optional) Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.' + access_control_translation: '- (Optional) Specifies the overrides to use for object owners on replication. Must be used in conjunction with account_id owner override configuration.' + account_id: '- (Optional) The Account ID to use for overriding the object owner on replication. Must be used in conjunction with access_control_translation override configuration.' + acl: '- (Optional) The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.' + allowed_headers: (Optional) Specifies which headers are allowed. + allowed_methods: (Required) Specifies which methods are allowed. Can be GET, PUT, POST, DELETE or HEAD. + allowed_origins: (Required) Specifies which origins are allowed. + apply_server_side_encryption_by_default: '- (required) A single object for setting server-side encryption by default. (documented below)' + arn: '- The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.' + bucket: '- (Required) The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.' + bucket_domain_name: '- The bucket domain name. Will be of format bucketname.s3.amazonaws.com.' + bucket_key_enabled: '- (Optional) Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.' + bucket_prefix: '- (Optional, Forces new resource) Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be less than or equal to 37 characters in length.' + bucket_regional_domain_name: '- The bucket region-specific domain name. The bucket domain name including the region name, please refer here for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent redirect issues from CloudFront to S3 Origin URL.' + cors_rule: '- (Optional) A rule of Cross-Origin Resource Sharing (documented below).' + date: (Optional) Specifies the date after which you want the corresponding action to take effect. + days: '- (Optional) The number of days that you want to specify for the default retention period.' + default_retention: '- (Required) The default retention period that you want to apply to new objects placed in this bucket.' + delete_marker_replication_status: '- (Optional) Whether delete markers are replicated. The only valid value is Enabled. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when filter is used).' + destination: '- (Required) Specifies the destination for the rule (documented below).' + enabled: '- (Required) Boolean which indicates if this criteria is enabled.' + error_document: '- (Optional) An absolute path to the document to return in case of a 4XX error.' + expiration: '- (Optional) Specifies a period in the object''s expire (documented below).' + expired_object_delete_marker: (Optional) On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. + expose_headers: (Optional) Specifies expose header in the response. + filter: '- (Optional, Conflicts with prefix) Filter that identifies subset of objects to which the replication rule applies (documented below).' + force_destroy: '- (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.' + grant: '- (Optional) An ACL policy grant (documented below). Conflicts with acl.' + hosted_zone_id: '- The Route 53 Hosted Zone ID for this bucket''s region.' + id: '- The name of the bucket.' + index_document: '- (Required, unless using redirect_all_requests_to) Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.' + kms_master_key_id: '- (optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.' + lifecycle_rule: '- (Optional) A configuration of object lifecycle management (documented below).' + logging: '- (Optional) A settings of bucket logging (documented below).' + max_age_seconds: (Optional) Specifies time in seconds that browser can cache the response for a preflight request. + mfa_delete: '- (Optional) Enable MFA delete for either Change the versioning state of your bucket or Permanently delete an object version. Default is false. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS' + mode: '- (Required) The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are GOVERNANCE and COMPLIANCE.' + noncurrent_version_expiration: '- (Optional) Specifies when noncurrent object versions expire (documented below).' + noncurrent_version_transition: '- (Optional) Specifies when noncurrent object versions transitions (documented below).' + object_lock_configuration: '- (Optional) A configuration of S3 object locking (documented below)' + object_lock_enabled: '- (Required) Indicates whether this bucket has an Object Lock configuration enabled. Valid value is Enabled.' + owner: '- (Required) The override value for the owner on replicated objects. Currently only Destination is supported.' + permissions: '- (required) List of permissions to apply for grantee. Valid values are READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL.' + policy: '- (Optional) A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + prefix: '- (Optional) Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.' + priority: '- (Optional) The priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.' + redirect_all_requests_to: '- (Optional) A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (http:// or https://) to use when redirecting requests. The default is the protocol that is used in the original request.' + region: '- The AWS region this bucket resides in.' + replica_kms_key_id: |- + - (Optional) Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with + sse_kms_encrypted_objects source selection criteria. + replication_configuration: '- (Optional) A configuration of replication configuration (documented below).' + request_payer: |- + - (Optional) Specifies who should bear the cost of Amazon S3 data transfer. + Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur + the costs of any data transfer. See Requester Pays Buckets + developer guide for more information. + role: '- (Required) The ARN of the IAM role for Amazon S3 to assume when replicating the objects.' + routing_rules: |- + - (Optional) A json array containing routing rules + describing redirect behavior and when redirects are applied. + rule: '- (Optional) The Object Lock rule in place for this bucket.' + rules: '- (Required) Specifies the rules managing the replication (documented below).' + server_side_encryption_configuration: '- (Optional) A configuration of server-side encryption configuration (documented below)' + source_selection_criteria: '- (Optional) Specifies special object selection criteria (documented below).' + sse_algorithm: '- (required) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms' + sse_kms_encrypted_objects: |- + - (Optional) Match SSE-KMS encrypted objects (documented below). If specified, replica_kms_key_id + in destination must be specified as well. + status: '- (Required) The status of the rule. Either Enabled or Disabled. The rule is ignored if status is not Enabled.' + storage_class: '- (Optional) The class of storage used to store the object. Can be STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE.' + tags: |- + - (Optional) A map of tags that identifies subset of objects to which the rule applies. + The rule applies only to objects having all the tags in its tagset. + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_bucket: '- (Required) The name of the bucket that will receive the log objects.' + target_prefix: '- (Optional) To specify a key prefix for log objects.' + transition: '- (Optional) Specifies a period in the object''s transitions (documented below).' + type: '- (required) - Type of grantee to apply for. Valid values are CanonicalUser and Group. AmazonCustomerByEmail is not supported.' + uri: '- (optional) Uri address to grant for. Used only when type is Group.' + versioning: '- (Optional) A state of versioning (documented below)' + website: '- (Optional) A website object (documented below).' + website_domain: '- The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.' + website_endpoint: '- The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.' + years: '- (Optional) The number of years that you want to specify for the default retention period.' + aws_s3_bucket_analytics_configuration: + subCategory: S3 + description: Provides a S3 bucket analytics configuration resource. + name: aws_s3_bucket_analytics_configuration + titleName: aws_s3_bucket_analytics_configuration + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.example.bucket}", + "name": "EntireBucket", + "storage_class_analysis": [ + { + "data_export": [ + { + "destination": [ + { + "s3_bucket_destination": [ + { + "bucket_arn": "${aws_s3_bucket.analytics.arn}" + } + ] + } + ] + } + ] + } + ] + } + references: + bucket: aws_s3_bucket.bucket + - manifest: |- + { + "bucket": "${aws_s3_bucket.example.bucket}", + "filter": [ + { + "prefix": "documents/", + "tags": { + "class": "blue", + "priority": "high" + } + } + ], + "name": "ImportantBlueDocuments" + } + references: + bucket: aws_s3_bucket.bucket + argumentDocs: + bucket: '- (Required) The name of the bucket this analytics configuration is associated with.' + bucket_account_id: '- (Optional) The account ID that owns the destination bucket.' + bucket_arn: '- (Required) The ARN of the destination bucket.' + data_export: '- (Required) Data export configuration (documented below).' + destination: '- (Required) Specifies the destination for the exported analytics data (documented below).' + filter: '- (Optional) Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).' + format: '- (Optional) The output format of exported analytics data. Allowed values: CSV. Default value: CSV.' + name: '- (Required) Unique identifier of the analytics configuration for the bucket.' + output_schema_version: '- (Optional) The schema version of exported analytics data. Allowed values: V_1. Default value: V_1.' + prefix: '- (Optional) The prefix to append to exported analytics data.' + s3_bucket_destination: '- (Required) Analytics data export currently only supports an S3 bucket destination (documented below).' + storage_class_analysis: '- (Optional) Configuration for the analytics data export (documented below).' + tags: '- (Optional) Set of object tags for filtering.' + aws_s3_bucket_inventory: + subCategory: S3 + description: Provides a S3 bucket inventory configuration resource. + name: aws_s3_bucket_inventory + titleName: aws_s3_bucket_inventory + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.test.id}", + "destination": [ + { + "bucket": [ + { + "bucket_arn": "${aws_s3_bucket.inventory.arn}", + "format": "ORC" + } + ] + } + ], + "included_object_versions": "All", + "name": "EntireBucketDaily", + "schedule": [ + { + "frequency": "Daily" + } + ] + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.test.id}", + "destination": [ + { + "bucket": [ + { + "bucket_arn": "${aws_s3_bucket.inventory.arn}", + "format": "ORC", + "prefix": "inventory" + } + ] + } + ], + "filter": [ + { + "prefix": "documents/" + } + ], + "included_object_versions": "All", + "name": "DocumentsWeekly", + "schedule": [ + { + "frequency": "Daily" + } + ] + } + references: + bucket: aws_s3_bucket.id + argumentDocs: + account_id: '- (Optional) The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.' + bucket: '- (Required) The S3 bucket configuration where inventory results are published (documented below).' + bucket_arn: '- (Required) The Amazon S3 bucket ARN of the destination.' + destination: '- (Required) Contains information about where to publish the inventory results (documented below).' + enabled: '- (Optional, Default: true) Specifies whether the inventory is enabled or disabled.' + encryption: '- (Optional) Contains the type of server-side encryption to use to encrypt the inventory (documented below).' + filter: '- (Optional) Specifies an inventory filter. The inventory only includes objects that meet the filter''s criteria (documented below).' + format: '- (Required) Specifies the output format of the inventory results. Can be CSV, ORC or Parquet.' + frequency: '- (Required) Specifies how frequently inventory results are produced. Valid values: Daily, Weekly.' + included_object_versions: '- (Required) Object versions to include in the inventory list. Valid values: All, Current.' + key_id: '- (Required) The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.' + name: '- (Required) Unique identifier of the inventory configuration for the bucket.' + optional_fields: '- (Optional) List of optional fields that are included in the inventory results. Please refer to the S3 documentation for more details.' + prefix: '- (Optional) The prefix that is prepended to all inventory results.' + schedule: '- (Required) Specifies the schedule for generating inventory results (documented below).' + sse_kms: '- (Optional) Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).' + sse_s3: '- (Optional) Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.' + aws_s3_bucket_metric: + subCategory: S3 + description: Provides a S3 bucket metrics configuration resource. + name: aws_s3_bucket_metric + titleName: aws_s3_bucket_metric + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.example.bucket}", + "name": "EntireBucket" + } + references: + bucket: aws_s3_bucket.bucket + - manifest: |- + { + "bucket": "${aws_s3_bucket.example.bucket}", + "filter": [ + { + "prefix": "documents/", + "tags": { + "class": "blue", + "priority": "high" + } + } + ], + "name": "ImportantBlueDocuments" + } + references: + bucket: aws_s3_bucket.bucket + argumentDocs: + bucket: '- (Required) The name of the bucket to put metric configuration.' + filter: '- (Optional) Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).' + name: '- (Required) Unique identifier of the metrics configuration for the bucket.' + prefix: '- (Optional) Object prefix for filtering (singular).' + tags: '- (Optional) Object tags for filtering (up to 10).' + aws_s3_bucket_notification: + subCategory: S3 + description: Manages a S3 Bucket Notification Configuration + name: aws_s3_bucket_notification + titleName: aws_s3_bucket_notification + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.bucket.id}", + "topic": [ + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_suffix": ".log", + "topic_arn": "${aws_sns_topic.topic.arn}" + } + ] + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.bucket.id}", + "queue": [ + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_suffix": ".log", + "queue_arn": "${aws_sqs_queue.queue.arn}" + } + ] + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.bucket.id}", + "depends_on": [ + "${aws_lambda_permission.allow_bucket}" + ], + "lambda_function": [ + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_prefix": "AWSLogs/", + "filter_suffix": ".log", + "lambda_function_arn": "${aws_lambda_function.func.arn}" + } + ] + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.bucket.id}", + "depends_on": [ + "${aws_lambda_permission.allow_bucket1}", + "${aws_lambda_permission.allow_bucket2}" + ], + "lambda_function": [ + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_prefix": "AWSLogs/", + "filter_suffix": ".log", + "lambda_function_arn": "${aws_lambda_function.func1.arn}" + }, + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_prefix": "OtherLogs/", + "filter_suffix": ".log", + "lambda_function_arn": "${aws_lambda_function.func2.arn}" + } + ] + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.bucket.id}", + "queue": [ + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_prefix": "images/", + "id": "image-upload-event", + "queue_arn": "${aws_sqs_queue.queue.arn}" + }, + { + "events": [ + "s3:ObjectCreated:*" + ], + "filter_prefix": "videos/", + "id": "video-upload-event", + "queue_arn": "${aws_sqs_queue.queue.arn}" + } + ] + } + references: + bucket: aws_s3_bucket.id + argumentDocs: + bucket: '- (Required) The name of the bucket to put notification configuration.' + events: '- (Required) Specifies event for which to send notifications.' + filter_prefix: '- (Optional) Specifies object key name prefix.' + filter_suffix: '- (Optional) Specifies object key name suffix.' + id: '- (Optional) Specifies unique identifier for each of the notification configurations.' + lambda_function: '- (Optional, Multiple) Used to configure notifications to a Lambda Function (documented below).' + lambda_function_arn: '- (Required) Specifies Amazon Lambda function ARN.' + queue: '- (Optional) The notification configuration to SQS Queue (documented below).' + queue_arn: '- (Required) Specifies Amazon SQS queue ARN.' + topic: '- (Optional) The notification configuration to SNS Topic (documented below).' + topic_arn: '- (Required) Specifies Amazon SNS topic ARN.' + aws_s3_bucket_object: + subCategory: S3 + description: Provides a S3 bucket object resource. + name: aws_s3_bucket_object + titleName: aws_s3_bucket_object + examples: + - manifest: |- + { + "bucket": "your_bucket_name", + "etag": "${filemd5(\"path/to/file\")}", + "key": "new_object_key", + "source": "path/to/file" + } + - manifest: |- + { + "bucket": "${aws_s3_bucket.examplebucket.id}", + "key": "someobject", + "kms_key_id": "${aws_kms_key.examplekms.arn}", + "source": "index.html" + } + references: + bucket: aws_s3_bucket.id + kms_key_id: aws_kms_key.arn + - manifest: |- + { + "bucket": "${aws_s3_bucket.examplebucket.id}", + "key": "someobject", + "server_side_encryption": "aws:kms", + "source": "index.html" + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.examplebucket.id}", + "key": "someobject", + "server_side_encryption": "AES256", + "source": "index.html" + } + references: + bucket: aws_s3_bucket.id + - manifest: |- + { + "bucket": "${aws_s3_bucket.examplebucket.id}", + "force_destroy": true, + "key": "someobject", + "object_lock_legal_hold_status": "ON", + "object_lock_mode": "GOVERNANCE", + "object_lock_retain_until_date": "2021-12-31T23:59:60Z", + "source": "important.txt" + } + references: + bucket: aws_s3_bucket.id + argumentDocs: + acl: '- (Optional) Canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private.' + bucket: '- (Required) Name of the bucket to put the file in. Alternatively, an S3 access point ARN can be specified.' + bucket_key_enabled: '- (Optional) Whether or not to use Amazon S3 Bucket Keys for SSE-KMS.' + cache_control: '- (Optional) Caching behavior along the request/reply chain Read w3c cache_control for further details.' + content: '- (Optional, conflicts with source and content_base64) Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.' + content_base64: '- (Optional, conflicts with source and content) Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the gzipbase64 function with small text strings. For larger objects, use source to stream the content from a disk file.' + content_disposition: '- (Optional) Presentational information for the object. Read w3c content_disposition for further information.' + content_encoding: '- (Optional) Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.' + content_language: '- (Optional) Language the content is in e.g. en-US or en-GB.' + content_type: '- (Optional) Standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.' + etag: '- ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.' + force_destroy: '- (Optional) Whether to allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.' + id: '- key of the resource supplied above' + key: '- (Required) Name of the object once it is in the bucket.' + kms_key_id: '- (Optional) ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the aws_kms_key resource, use the arn attribute. If referencing the aws_kms_alias data source or resource, use the target_key_arn attribute. Terraform will only perform drift detection if a configuration value is provided.' + metadata: '- (Optional) Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).' + object_lock_legal_hold_status: '- (Optional) Legal hold status that you want to apply to the specified object. Valid values are ON and OFF.' + object_lock_mode: '- (Optional) Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.' + object_lock_retain_until_date: '- (Optional) Date and time, in RFC3339 format, when this object''s object lock will expire.' + server_side_encryption: '- (Optional) Server-side encryption of the object in S3. Valid values are "AES256" and "aws:kms".' + source: '- (Optional, conflicts with content and content_base64) Path to a file that will be read and uploaded as raw bytes for the object content.' + source_hash: '- (Optional) Triggers updates like etag but useful to address etag encryption limitations. Set using filemd5("path/to/source") (Terraform 0.11.12 or later). (The value is only stored in state and not saved by AWS.)' + storage_class: '- (Optional) Storage Class for the object. Can be either "STANDARD", "REDUCED_REDUNDANCY", "ONEZONE_IA", "INTELLIGENT_TIERING", "GLACIER", "DEEP_ARCHIVE", or "STANDARD_IA". Defaults to "STANDARD".' + tags: '- (Optional) Map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version_id: '- Unique version ID value for the object, if bucket versioning is enabled.' + website_redirect: '- (Optional) Target URL for website redirect.' + aws_s3_bucket_ownership_controls: + subCategory: S3 + description: Manages S3 Bucket Ownership Controls. + name: aws_s3_bucket_ownership_controls + titleName: aws_s3_bucket_ownership_controls + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.example.id}", + "rule": [ + { + "object_ownership": "BucketOwnerPreferred" + } + ] + } + references: + bucket: aws_s3_bucket.id + argumentDocs: + BucketOwnerPreferred: '- Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the bucket-owner-full-control canned ACL.' + ObjectWriter: '- The uploading account will own the object if the object is uploaded with the bucket-owner-full-control canned ACL.' + bucket: '- (Required) The name of the bucket that you want to associate this access point with.' + id: '- S3 Bucket name.' + object_ownership: '- (Optional) Object ownership. Valid values: BucketOwnerPreferred or ObjectWriter' + rule: '- (Required) Configuration block(s) with Ownership Controls rules. Detailed below.' + aws_s3_bucket_policy: + subCategory: S3 + description: Attaches a policy to an S3 bucket resource. + name: aws_s3_bucket_policy + titleName: aws_s3_bucket_policy + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.b.id}", + "policy": "${jsonencode({\n Version = \"2012-10-17\"\n Id = \"MYBUCKETPOLICY\"\n Statement = [\n {\n Sid = \"IPAllow\"\n Effect = \"Deny\"\n Principal = \"*\"\n Action = \"s3:*\"\n Resource = [\n aws_s3_bucket.b.arn,\n \"${aws_s3_bucket.b.arn}/*\",\n ]\n Condition = {\n IpAddress = {\n \"aws:SourceIp\" = \"8.8.8.8/32\"\n }\n }\n },\n ]\n })}" + } + references: + bucket: aws_s3_bucket.id + argumentDocs: + bucket: '- (Required) The name of the bucket to which to apply the policy.' + policy: '- (Required) The text of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.' + aws_s3_bucket_public_access_block: + subCategory: S3 + description: Manages S3 bucket-level Public Access Block Configuration + name: aws_s3_bucket_public_access_block + titleName: aws_s3_bucket_public_access_block + examples: + - manifest: |- + { + "block_public_acls": true, + "block_public_policy": true, + "bucket": "${aws_s3_bucket.example.id}" + } + references: + bucket: aws_s3_bucket.id + argumentDocs: + block_public_acls: '- (Optional) Whether Amazon S3 should block public ACLs for this bucket. Defaults to false. Enabling this setting does not affect existing policies or ACLs. When set to true causes the following behavior:' + block_public_policy: '- (Optional) Whether Amazon S3 should block public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the existing bucket policy. When set to true causes Amazon S3 to:' + bucket: '- (Required) S3 Bucket to which this Public Access Block configuration should be applied.' + id: '- Name of the S3 bucket the configuration is attached to' + ignore_public_acls: '- (Optional) Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to false. Enabling this setting does not affect the persistence of any existing ACLs and doesn''t prevent new public ACLs from being set. When set to true causes Amazon S3 to:' + restrict_public_buckets: '- (Optional) Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to false. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true:' + aws_s3_object_copy: + subCategory: S3 + description: Provides a resource for copying an S3 object. + name: aws_s3_object_copy + titleName: aws_s3_object_copy + examples: + - manifest: |- + { + "bucket": "destination_bucket", + "grant": [ + { + "permissions": [ + "READ" + ], + "type": "Group", + "uri": "http://acs.amazonaws.com/groups/global/AllUsers" + } + ], + "key": "destination_key", + "source": "source_bucket/source_key" + } + argumentDocs: + acl: '- (Optional) Canned ACL to apply. Defaults to private. Valid values are private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, and bucket-owner-full-control. Conflicts with grant.' + bucket: '- (Required) Name of the bucket to put the file in.' + cache_control: '- (Optional) Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.' + content_disposition: '- (Optional) Specifies presentational information for the object. Read w3c content_disposition for further information.' + content_encoding: '- (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.' + content_language: '- (Optional) Language the content is in e.g. en-US or en-GB.' + content_type: '- (Optional) Standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.' + copy_if_match: '- (Optional) Copies the object if its entity tag (ETag) matches the specified tag.' + copy_if_modified_since: '- (Optional) Copies the object if it has been modified since the specified time, in RFC3339 format.' + copy_if_none_match: '- (Optional) Copies the object if its entity tag (ETag) is different than the specified ETag.' + copy_if_unmodified_since: '- (Optional) Copies the object if it hasn''t been modified since the specified time, in RFC3339 format.' + customer_algorithm: '- (Optional) Specifies the algorithm to use to when encrypting the object (for example, AES256).' + customer_key: '- (Optional) Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.' + customer_key_md5: '- (Optional) Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.' + email: '- (Optional) Email address of the grantee. Used only when type is AmazonCustomerByEmail.' + etag: '- The ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.' + expected_bucket_owner: '- (Optional) Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.' + expected_source_bucket_owner: '- (Optional) Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.' + expiration: '- If the object expiration is configured, this attribute will be set.' + expires: '- (Optional) Date and time at which the object is no longer cacheable, in RFC3339 format.' + force_destroy: '- (Optional) Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.' + grant: '- (Optional) Configuration block for header grants. Documented below. Conflicts with acl.' + id: '- The key of the resource supplied above.' + key: '- (Required) Name of the object once it is in the bucket.' + kms_encryption_context: '- (Optional) Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.' + kms_key_id: '- (Optional) Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = aws_kms_key.foo.arn' + last_modified: '- Returns the date that the object was last modified, in RFC3339 format.' + metadata: '- (Optional) A map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).' + metadata_directive: '- (Optional) Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are COPY and REPLACE.' + object_lock_legal_hold_status: '- (Optional) The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.' + object_lock_mode: '- (Optional) The object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.' + object_lock_retain_until_date: '- (Optional) The date and time, in RFC3339 format, when this object''s object lock will expire.' + permissions: '- (Required) List of permissions to grant to grantee. Valid values are READ, READ_ACP, WRITE_ACP, FULL_CONTROL.' + request_charged: '- If present, indicates that the requester was successfully charged for the request.' + request_payer: '- (Optional) Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is requester.' + server_side_encryption: '- (Optional) Specifies server-side encryption of the object in S3. Valid values are AES256 and aws:kms.' + source: '- (Required) Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, testbucket/test1.json. For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format arn:aws:s3:::accesspoint//object/. For example, arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.' + source_customer_algorithm: '- (Optional) Specifies the algorithm to use when decrypting the source object (for example, AES256).' + source_customer_key: '- (Optional) Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.' + source_customer_key_md5: '- (Optional) Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.' + source_version_id: '- Version of the copied object in the source bucket.' + storage_class: |- + - (Optional) Specifies the desired Storage Class + for the object. Can be either STANDARD, REDUCED_REDUNDANCY, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, or STANDARD_IA. Defaults to STANDARD. + tagging_directive: '- (Optional) Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are COPY and REPLACE.' + tags: '- (Optional) A map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) - Type of grantee. Valid values are CanonicalUser, Group, and AmazonCustomerByEmail.' + uri: '- (Optional) URI of the grantee group. Used only when type is Group.' + version_id: '- Version ID of the newly created copy.' + website_redirect: '- (Optional) Specifies a target URL for website redirect.' + aws_sagemaker_app: + subCategory: Sagemaker + description: Provides a Sagemaker App resource. + name: aws_sagemaker_app + titleName: aws_sagemaker_app + examples: + - manifest: |- + { + "app_name": "example", + "app_type": "JupyterServer", + "domain_id": "${aws_sagemaker_domain.example.id}", + "user_profile_name": "${aws_sagemaker_user_profile.example.user_profile_name}" + } + references: + domain_id: aws_sagemaker_domain.id + user_profile_name: aws_sagemaker_user_profile.user_profile_name + argumentDocs: + app_name: '- (Required) The name of the app.' + app_type: '- (Required) The type of app. Valid values are JupyterServer, KernelGateway and TensorBoard.' + arn: '- The Amazon Resource Name (ARN) of the app.' + domain_id: '- (Required) The domain ID.' + id: '- The Amazon Resource Name (ARN) of the app.' + instance_type: '- (Optional) The instance type that the image version runs on. For valid values see Sagemaker Instance Types.' + resource_spec: '- (Optional) The instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.See Resource Spec below.' + sagemaker_image_arn: '- (Optional) The ARN of the SageMaker image that the image version belongs to.' + sagemaker_image_version_arn: '- (Optional) The ARN of the image version created on the instance.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + user_profile_name: '- (Required) The user profile name.' + aws_sagemaker_app_image_config: + subCategory: Sagemaker + description: Provides a Sagemaker App Image Config resource. + name: aws_sagemaker_app_image_config + titleName: aws_sagemaker_app_image_config + examples: + - manifest: |- + { + "app_image_config_name": "example", + "kernel_gateway_image_config": [ + { + "kernel_spec": [ + { + "name": "example" + } + ] + } + ] + } + - manifest: |- + { + "app_image_config_name": "example", + "kernel_gateway_image_config": [ + { + "file_system_config": [ + {} + ], + "kernel_spec": [ + { + "name": "example" + } + ] + } + ] + } + argumentDocs: + app_image_config_name: '- (Required) The name of the App Image Config.' + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this App Image Config.' + default_gid: '- (Optional) The default POSIX group ID (GID). If not specified, defaults to 100. Valid values are 0 and 100.' + default_uid: '- (Optional) The default POSIX user ID (UID). If not specified, defaults to 1000. Valid values are 0 and 1000.' + display_name: '- (Optional) The display name of the kernel.' + file_system_config: '- (Optional) The URL where the Git repository is located. See File System Config details below.' + id: '- The name of the App Image Config.' + kernel_gateway_image_config: '- (Optional) The configuration for the file system and kernels in a SageMaker image running as a KernelGateway app. See Kernel Gateway Image Config details below.' + kernel_spec: '- (Required) The default branch for the Git repository. See Kernel Spec details below.' + mount_path: '- (Optional) The path within the image to mount the user''s EFS home directory. The directory should be empty. If not specified, defaults to /home/sagemaker-user.' + name: '- (Required) The name of the kernel.' + aws_sagemaker_code_repository: + subCategory: Sagemaker + description: Provides a Sagemaker Code Repository resource. + name: aws_sagemaker_code_repository + titleName: aws_sagemaker_code_repository + examples: + - manifest: |- + { + "code_repository_name": "example", + "git_config": [ + { + "repository_url": "https://github.com/hashicorp/terraform-provider-aws.git" + } + ] + } + - manifest: |- + { + "code_repository_name": "example", + "depends_on": [ + "${aws_secretsmanager_secret_version.example}" + ], + "git_config": [ + { + "repository_url": "https://github.com/hashicorp/terraform-provider-aws.git", + "secret_arn": "${aws_secretsmanager_secret.example.arn}" + } + ] + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Code Repository.' + branch: '- (Optional) The default branch for the Git repository.' + code_repository_name: '- (Required) The name of the Code Repository (must be unique).' + git_config: '- (Required) Specifies details about the repository. see Git Config details below.' + id: '- The name of the Code Repository.' + repository_url: '- (Required) The URL where the Git repository is located.' + secret_arn: '- (Optional) The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that contains the credentials used to access the git repository. The secret must have a staging label of AWSCURRENT and must be in the following format: {"username": UserName, "password": Password}' + aws_sagemaker_device_fleet: + subCategory: Sagemaker + description: Provides a Sagemaker Device Fleet resource. + name: aws_sagemaker_device_fleet + titleName: aws_sagemaker_device_fleet + examples: + - manifest: |- + { + "device_fleet_name": "example", + "output_config": [ + { + "s3_output_location": "s3://${aws_s3_bucket.example.bucket}/prefix/" + } + ], + "role_arn": "${aws_iam_role.test.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Device Fleet.' + description: '- (Optional) A description of the fleet.' + device_fleet_name: '- (Required) The name of the Device Fleet (must be unique).' + enable_iot_role_alias: '- (Optional) Whether to create an AWS IoT Role Alias during device fleet creation. The name of the role alias generated will match this pattern: "SageMakerEdge-{DeviceFleetName}".' + id: '- The name of the Device Fleet.' + kms_key_id: '- (Optional) The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data on the storage volume after compilation job. If you don''t provide a KMS key ID, Amazon SageMaker uses the default KMS key for Amazon S3 for your role''s account.' + output_config: '- (Required) Specifies details about the repository. see Output Config details below.' + role_arn: '- (Required) The Amazon Resource Name (ARN) that has access to AWS Internet of Things (IoT).' + s3_output_location: '- (Required) The Amazon Simple Storage (S3) bucker URI.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sagemaker_domain: + subCategory: Sagemaker + description: Provides a Sagemaker Domain resource. + name: aws_sagemaker_domain + titleName: aws_sagemaker_domain + examples: + - manifest: |- + { + "auth_mode": "IAM", + "default_user_settings": [ + { + "execution_role": "${aws_iam_role.test.arn}" + } + ], + "domain_name": "example", + "subnet_ids": [ + "${aws_subnet.test.id}" + ], + "vpc_id": "${aws_vpc.test.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "auth_mode": "IAM", + "default_user_settings": [ + { + "execution_role": "${aws_iam_role.test.arn}", + "kernel_gateway_app_settings": [ + { + "custom_image": [ + { + "app_image_config_name": "${aws_sagemaker_app_image_config.test.app_image_config_name}", + "image_name": "${aws_sagemaker_image_version.test.image_name}" + } + ] + } + ] + } + ], + "domain_name": "example", + "subnet_ids": [ + "${aws_subnet.test.id}" + ], + "vpc_id": "${aws_vpc.test.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + app_image_config_name: '- (Required) The name of the App Image Config.' + app_network_access_type: '- (Optional) Specifies the VPC used for non-EFS traffic. The default value is PublicInternetOnly. Valid values are PublicInternetOnly and VpcOnly.' + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Domain.' + auth_mode: '- (Required) The mode of authentication that members use to access the domain. Valid values are IAM and SSO.' + custom_image: '- (Optional) A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below.' + default_resource_spec: '- (Optional) The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.' + default_user_settings: '- (Required) The default user settings. See Default User Settings below.' + domain_name: '- (Required) The domain name.' + execution_role: '- (Required) The execution role ARN for the user.' + home_efs_file_system: '- (Optional) The retention policy for data stored on an Amazon Elastic File System (EFS) volume. Default value is Retain.' + home_efs_file_system_id: '- The ID of the Amazon Elastic File System (EFS) managed by this Domain.' + id: '- The ID of the Domain.' + image_name: '- (Required) The name of the Custom Image.' + image_version_number: '- (Optional) The version number of the Custom Image.' + instance_type: '- (Optional) The instance type that the image version runs on.. For valid values see Sagemaker Instance Types.' + jupyter_server_app_settings: '- (Optional) The Jupyter server''s app settings. See Jupyter Server App Settings below.' + kernel_gateway_app_settings: '- (Optional) The kernel gateway app settings. See Kernel Gateway App Settings below.' + kms_key_id: '- (Optional) The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.' + notebook_output_option: '- (Optional) Whether to include the notebook cell output when sharing the notebook. The default is Disabled. Valid values are Allowed and Disabled.' + retention_policy: '- (Optional) The retention policy for this domain, which specifies whether resources will be retained after the Domain is deleted. By default, all resources are retained. See Retention Policy below.' + s3_kms_key_id: '- (Optional) When notebook_output_option is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.' + s3_output_path: '- (Optional) When notebook_output_option is Allowed, the Amazon S3 bucket used to save the notebook cell output.' + sagemaker_image_arn: '- (Optional) The ARN of the SageMaker image that the image version belongs to.' + security_groups: '- (Optional) The security groups.' + sharing_settings: '- (Optional) The sharing settings. See Sharing Settings below.' + single_sign_on_managed_application_instance_id: '- The SSO managed application instance ID.' + subnet_ids: '- (Required) The VPC subnets that Studio uses for communication.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tensor_board_app_settings: '- (Optional) The TensorBoard app settings. See TensorBoard App Settings below.' + url: '- The domain''s URL.' + vpc_id: '- (Required) The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.' + aws_sagemaker_endpoint: + subCategory: Sagemaker + description: Provides a SageMaker Endpoint resource. + name: aws_sagemaker_endpoint + titleName: aws_sagemaker_endpoint + examples: + - manifest: |- + { + "endpoint_config_name": "${aws_sagemaker_endpoint_configuration.ec.name}", + "name": "my-endpoint", + "tags": { + "Name": "foo" + } + } + references: + endpoint_config_name: aws_sagemaker_endpoint_configuration.name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this endpoint.' + endpoint_config_name: '- (Required) The name of the endpoint configuration to use.' + name: '- The name of the endpoint.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sagemaker_endpoint_configuration: + subCategory: Sagemaker + description: Provides a SageMaker Endpoint Configuration resource. + name: aws_sagemaker_endpoint_configuration + titleName: aws_sagemaker_endpoint_configuration + examples: + - manifest: |- + { + "name": "my-endpoint-config", + "production_variants": [ + { + "initial_instance_count": 1, + "instance_type": "ml.t2.medium", + "model_name": "${aws_sagemaker_model.m.name}", + "variant_name": "variant-1" + } + ], + "tags": { + "Name": "foo" + } + } + argumentDocs: + accelerator_type: (Optional) - The size of the Elastic Inference (EI) instance to use for the production variant. + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this endpoint configuration.' + capture_content_type_header: '- (Optional) The content type headers to capture. Fields are documented below.' + capture_mode: '- (Required) Specifies the data to be captured. Should be one of Input or Output.' + capture_options: '- (Required) Specifies what data to capture. Fields are documented below.' + csv_content_types: '- (Optional) The CSV content type headers to capture.' + data_capture_config: '- (Optional) Specifies the parameters to capture input/output of Sagemaker models endpoints. Fields are documented below.' + destination_s3_uri: '- (Required) The URL for S3 location where the captured data is stored.' + enable_capture: '- (Optional) Flag to enable data capture. Defaults to false.' + initial_instance_count: '- (Required) Initial number of instances used for auto-scaling.' + initial_sampling_percentage: '- (Required) Portion of data to capture. Should be between 0 and 100.' + initial_variant_weight: (Optional) - Determines initial traffic distribution among all of the models that you specify in the endpoint configuration. If unspecified, it defaults to 1.0. + instance_type: (Required) - The type of instance to start. + json_content_types: '- (Optional) The JSON content type headers to capture.' + kms_key_arn: '- (Optional) Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance that hosts the endpoint.' + kms_key_id: '- (Optional) Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt the captured data on Amazon S3.' + model_name: '- (Required) The name of the model to use.' + name: '- The name of the endpoint configuration.' + production_variants: '- (Required) Fields are documented below.' + tags: '- (Optional) A mapping of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + variant_name: '- (Optional) The name of the variant. If omitted, Terraform will assign a random, unique name.' + aws_sagemaker_feature_group: + subCategory: Sagemaker + description: Provides a SageMaker Feature Group resource. + name: aws_sagemaker_feature_group + titleName: aws_sagemaker_feature_group + examples: + - manifest: |- + { + "event_time_feature_name": "example", + "feature_definition": [ + { + "feature_name": "example", + "feature_type": "String" + } + ], + "feature_group_name": "example", + "online_store_config": [ + { + "enable_online_store": true + } + ], + "record_identifier_feature_name": "example", + "role_arn": "${aws_iam_role.test.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this feature_group.' + catalog: '- (Optional) The name of the Glue table catalog.' + data_catalog_config: '- (Optional) The meta data of the Glue table that is autogenerated when an OfflineStore is created. See Data Catalog Config Below.' + database: '- (Optional) The name of the Glue table database.' + description: (Optional) - A free-form description of a Feature Group. + disable_glue_table_creation: '- (Optional) Set to true to turn Online Store On.' + enable_online_store: '- (Optional) Set to true to disable the automatic creation of an AWS Glue table when configuring an OfflineStore.' + event_time_feature_name: '- (Required) The name of the feature that stores the EventTime of a Record in a Feature Group.' + feature_definition: (Optional) - A list of Feature names and types. See Feature Definition Below. + feature_group_name: '- (Required) The name of the Feature Group. The name must be unique within an AWS Region in an AWS account.' + feature_name: '- (Required) The name of a feature. feature_name cannot be any of the following: is_deleted, write_time, api_invocation_time.' + feature_type: '- (Required) The value type of a feature. Valid values are Integral, Fractional, or String.' + kms_key_id: '- (Optional) The ID of the AWS Key Management Service (AWS KMS) key that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.' + name: '- The name of the Feature Group.' + offline_store_config: (Optional) - The Offline Feature Store Configuration. See Offline Store Config Below. + online_store_config: (Optional) - The Online Feature Store Configuration. See Online Store Config Below. + record_identifier_feature_name: '- (Required) The name of the Feature whose value uniquely identifies a Record defined in the Feature Store. Only the latest record per identifier value will be stored in the Online Store.' + role_arn: (Required) - The Amazon Resource Name (ARN) of the IAM execution role used to persist data into the Offline Store if an offline_store_config is provided. + s3_storage_config: '- (Required) The Amazon Simple Storage (Amazon S3) location of OfflineStore. See S3 Storage Config Below.' + s3_uri: '- (Required) The S3 URI, or location in Amazon S3, of OfflineStore.' + security_config: '- (Required) Security config for at-rest encryption of your OnlineStore. See Security Config Below.' + table_name: '- (Optional) The name of the Glue table.' + tags: '- (Optional) Map of resource tags for the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sagemaker_human_task_ui: + subCategory: Sagemaker + description: Provides a Sagemaker Human Task UI resource. + name: aws_sagemaker_human_task_ui + titleName: aws_sagemaker_human_task_ui + examples: + - manifest: |- + { + "human_task_ui_name": "example", + "ui_template": [ + { + "content": "${file(\"sagemaker-human-task-ui-template.html\")}" + } + ] + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Human Task UI.' + content: '- (Required) The content of the Liquid template for the worker user interface.' + content_sha256: '- The SHA-256 digest of the contents of the template.' + human_task_ui_name: '- (Required) The name of the Human Task UI.' + id: '- The name of the Human Task UI.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + ui_template: '- (Required) The Liquid template for the worker user interface. See UI Template below.' + url: '- The URL for the user interface template.' + aws_sagemaker_image: + subCategory: Sagemaker + description: Provides a Sagemaker Image resource. + name: aws_sagemaker_image + titleName: aws_sagemaker_image + examples: + - manifest: |- + { + "image_name": "example", + "role_arn": "${aws_iam_role.test.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Image.' + description: '- (Optional) The description of the image.' + display_name: '- (Optional) The display name of the image. When the image is added to a domain (must be unique to the domain).' + id: '- The name of the Image.' + image_name: '- (Required) The name of the image. Must be unique to your account.' + role_arn: '- (Required) The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sagemaker_image_version: + subCategory: Sagemaker + description: Provides a Sagemaker Image Version resource. + name: aws_sagemaker_image_version + titleName: aws_sagemaker_image_version + examples: + - manifest: |- + { + "base_image": "012345678912.dkr.ecr.us-west-2.amazonaws.com/image:latest", + "image_name": "${aws_sagemaker_image.test.id}" + } + references: + image_name: aws_sagemaker_image.id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Image Version.' + base_image: '- (Required) The registry path of the container image on which this image version is based.' + container_image: '- The registry path of the container image that contains this image version.' + id: '- The name of the Image.' + image_arn: '- The Amazon Resource Name (ARN) of the image the version is based on.' + image_name: '- (Required) The name of the image. Must be unique to your account.' + aws_sagemaker_model: + subCategory: Sagemaker + description: Provides a SageMaker model resource. + name: aws_sagemaker_model + titleName: aws_sagemaker_model + examples: + - manifest: |- + { + "execution_role_arn": "${aws_iam_role.example.arn}", + "name": "my-model", + "primary_container": [ + { + "image": "${data.aws_sagemaker_prebuilt_ecr_image.test.registry_path}" + } + ] + } + references: + execution_role_arn: aws_iam_role.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this model.' + container: (Optional) - Specifies containers in the inference pipeline. If not specified, the primary_container argument is required. Fields are documented below. + container_hostname: '- (Optional) The DNS host name for the container.' + enable_network_isolation: (Optional) - Isolates the model container. No inbound or outbound network calls can be made to or from the model container. + environment: |- + - (Optional) Environment variables for the Docker container. + A list of key value pairs. + execution_role_arn: '- (Required) A role that SageMaker can assume to access model artifacts and docker images for deployment.' + image: '- (Required) The registry path where the inference code image is stored in Amazon ECR.' + image_config: '- (Optional) Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see Using a Private Docker Registry for Real-Time Inference Containers. see Image Config.' + inference_execution_config: '- (Optional) Specifies details of how containers in a multi-container endpoint are called. see Inference Execution Config.' + mode: '- (Required) How containers in a multi-container are run. The following values are valid Serial and Direct.' + model_data_url: '- (Optional) The URL for the S3 location where model artifacts are stored.' + name: '- The name of the model.' + primary_container: '- (Optional) The primary docker image containing inference code that is used when the model is deployed for predictions. If not specified, the container argument is required. Fields are documented below.' + repository_access_mode: '- (Required) Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: Platform and Vpc.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_config: (Optional) - Specifies the VPC that you want your model to connect to. VpcConfig is used in hosting services and in batch transform. + aws_sagemaker_model_package_group: + subCategory: Sagemaker + description: Provides a Sagemaker Model Package Group resource. + name: aws_sagemaker_model_package_group + titleName: aws_sagemaker_model_package_group + examples: + - manifest: |- + { + "model_package_group_name": "example" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Model Package Group.' + id: '- The name of the Model Package Group.' + model_package_group_description: '- (Optional) A description for the model group.' + model_package_group_name: '- (Required) The name of the model group.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sagemaker_notebook_instance: + subCategory: Sagemaker + description: Provides a Sagemaker Notebook Instance resource. + name: aws_sagemaker_notebook_instance + titleName: aws_sagemaker_notebook_instance + examples: + - manifest: |- + { + "instance_type": "ml.t2.medium", + "name": "my-notebook-instance", + "role_arn": "${aws_iam_role.role.arn}", + "tags": { + "Name": "foo" + } + } + references: + role_arn: aws_iam_role.arn + - manifest: |- + { + "default_code_repository": "${aws_sagemaker_code_repository.example.code_repository_name}", + "instance_type": "ml.t2.medium", + "name": "my-notebook-instance", + "role_arn": "${aws_iam_role.role.arn}", + "tags": { + "Name": "foo" + } + } + references: + default_code_repository: aws_sagemaker_code_repository.code_repository_name + role_arn: aws_iam_role.arn + argumentDocs: + additional_code_repositories: |- + - (Optional) An array of up to three Git repositories to associate with the notebook instance. + These can be either the names of Git repositories stored as resources in your account, or the URL of Git repositories in AWS CodeCommit or in any other Git repository. These repositories are cloned at the same level as the default repository of your notebook instance. + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this notebook instance.' + default_code_repository: '- (Optional) The Git repository associated with the notebook instance as its default code repository. This can be either the name of a Git repository stored as a resource in your account, or the URL of a Git repository in AWS CodeCommit or in any other Git repository.' + direct_internet_access: '- (Optional) Set to Disabled to disable internet access to notebook. Requires security_groups and subnet_id to be set. Supported values: Enabled (Default) or Disabled. If set to Disabled, the notebook instance will be able to access resources only in your VPC, and will not be able to connect to Amazon SageMaker training and endpoint services unless your configure a NAT Gateway in your VPC.' + id: '- The name of the notebook instance.' + instance_type: '- (Required) The name of ML compute instance type.' + kms_key_id: '- (Optional) The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption.' + lifecycle_config_name: '- (Optional) The name of a lifecycle configuration to associate with the notebook instance.' + name: '- (Required) The name of the notebook instance (must be unique).' + network_interface_id: '- The network interface ID that Amazon SageMaker created at the time of creating the instance. Only available when setting subnet_id.' + role_arn: '- (Required) The ARN of the IAM role to be used by the notebook instance which allows SageMaker to call other services on your behalf.' + root_access: '- (Optional) Whether root access is Enabled or Disabled for users of the notebook instance. The default value is Enabled.' + security_groups: '- (Optional) The associated security groups.' + subnet_id: '- (Optional) The VPC subnet ID.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + url: '- The URL that you use to connect to the Jupyter notebook that is running in your notebook instance.' + volume_size: '- (Optional) The size, in GB, of the ML storage volume to attach to the notebook instance. The default value is 5 GB.' + aws_sagemaker_notebook_instance_lifecycle_configuration: + subCategory: Sagemaker + description: Provides a lifecycle configuration for SageMaker Notebook Instances. + name: aws_sagemaker_notebook_instance_lifecycle_configuration + titleName: aws_sagemaker_notebook_instance_lifecycle_configuration + examples: + - manifest: |- + { + "name": "foo", + "on_create": "${base64encode(\"echo foo\")}", + "on_start": "${base64encode(\"echo bar\")}" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this lifecycle configuration.' + name: '- (Optional) The name of the lifecycle configuration (must be unique). If omitted, Terraform will assign a random, unique name.' + on_create: '- (Optional) A shell script (base64-encoded) that runs only once when the SageMaker Notebook Instance is created.' + on_start: '- (Optional) A shell script (base64-encoded) that runs every time the SageMaker Notebook Instance is started including the time it''s created.' + aws_sagemaker_user_profile: + subCategory: Sagemaker + description: Provides a Sagemaker User Profile resource. + name: aws_sagemaker_user_profile + titleName: aws_sagemaker_user_profile + examples: + - manifest: |- + { + "domain_id": "${aws_sagemaker_domain.test.id}", + "user_profile_name": "example" + } + references: + domain_id: aws_sagemaker_domain.id + argumentDocs: + app_image_config_name: '- (Required) The name of the App Image Config.' + arn: '- The user profile Amazon Resource Name (ARN).' + custom_image: '- (Optional) A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below.' + default_resource_spec: '- (Optional) The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.' + domain_id: '- (Required) The ID of the associated Domain.' + execution_role: '- (Required) The execution role ARN for the user.' + home_efs_file_system_uid: '- The ID of the user''s profile in the Amazon Elastic File System (EFS) volume.' + id: '- The user profile Amazon Resource Name (ARN).' + image_name: '- (Required) The name of the Custom Image.' + image_version_number: '- (Optional) The version number of the Custom Image.' + instance_type: '- (Optional) The instance type.' + jupyter_server_app_settings: '- (Optional) The Jupyter server''s app settings. See Jupyter Server App Settings below.' + kernel_gateway_app_settings: '- (Optional) The kernel gateway app settings. See Kernel Gateway App Settings below.' + notebook_output_option: '- (Optional) Whether to include the notebook cell output when sharing the notebook. The default is Disabled. Valid values are Allowed and Disabled.' + s3_kms_key_id: '- (Optional) When notebook_output_option is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.' + s3_output_path: '- (Optional) When notebook_output_option is Allowed, the Amazon S3 bucket used to save the notebook cell output.' + sagemaker_image_arn: '- (Optional) The Amazon Resource Name (ARN) of the SageMaker image created on the instance.' + security_groups: '- (Optional) The security groups.' + sharing_settings: '- (Optional) The sharing settings. See Sharing Settings below.' + single_sign_on_user_identifier: '- (Optional) A specifier for the type of value specified in single_sign_on_user_value. Currently, the only supported value is UserName. If the Domain''s AuthMode is SSO, this field is required. If the Domain''s AuthMode is not SSO, this field cannot be specified.' + single_sign_on_user_value: '- (Required) The username of the associated AWS Single Sign-On User for this User Profile. If the Domain''s AuthMode is SSO, this field is required, and must match a valid username of a user in your directory. If the Domain''s AuthMode is not SSO, this field cannot be specified.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tensor_board_app_settings: '- (Optional) The TensorBoard app settings. See TensorBoard App Settings below.' + user_profile_name: '- (Required) The name for the User Profile.' + user_settings: '- (Required) The user settings. See User Settings below.' + aws_sagemaker_workforce: + subCategory: Sagemaker + description: Provides a Sagemaker Workforce resource. + name: aws_sagemaker_workforce + titleName: aws_sagemaker_workforce + examples: + - manifest: |- + { + "cognito_config": [ + { + "client_id": "${aws_cognito_user_pool_client.example.id}", + "user_pool": "${aws_cognito_user_pool_domain.example.user_pool_id}" + } + ], + "workforce_name": "example" + } + - manifest: |- + { + "oidc_config": [ + { + "authorization_endpoint": "https://example.com", + "client_id": "example", + "client_secret": "example", + "issuer": "https://example.com", + "jwks_uri": "https://example.com", + "logout_endpoint": "https://example.com", + "token_endpoint": "https://example.com", + "user_info_endpoint": "https://example.com" + } + ], + "workforce_name": "example" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Workforce.' + authorization_endpoint: '- (Required) The OIDC IdP authorization endpoint used to configure your private workforce.' + cidrs: '- (Required) A list of up to 10 CIDR values.' + client_id: '- (Required) The OIDC IdP client ID used to configure your private workforce.' + client_secret: '- (Required) The OIDC IdP client secret used to configure your private workforce.' + cognito_config: '- (Required) Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with oidc_config. see Cognito Config details below.' + id: '- The name of the Workforce.' + issuer: '- (Required) The OIDC IdP issuer used to configure your private workforce.' + jwks_uri: '- (Required) The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.' + logout_endpoint: '- (Required) The OIDC IdP logout endpoint used to configure your private workforce.' + oidc_config: '- (Required) Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with cognito_config. see OIDC Config details below.' + source_ip_config: '- (Required) A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn''t restricted to specific IP addresses. see Source Ip Config details below.' + subdomain: '- The subdomain for your OIDC Identity Provider.' + token_endpoint: '- (Required) The OIDC IdP token endpoint used to configure your private workforce.' + user_info_endpoint: '- (Required) The OIDC IdP user information endpoint used to configure your private workforce.' + user_pool: '- (Required) The id for your Amazon Cognito user pool.' + workforce_name: '- (Required) The name of the Workforce (must be unique).' + aws_sagemaker_workteam: + subCategory: Sagemaker + description: Provides a Sagemaker Workteam resource. + name: aws_sagemaker_workteam + titleName: aws_sagemaker_workteam + examples: + - manifest: |- + { + "description": "example", + "member_definition": [ + { + "cognito_member_definition": [ + { + "client_id": "${aws_cognito_user_pool_client.example.id}", + "user_group": "${aws_cognito_user_group.example.id}", + "user_pool": "${aws_cognito_user_pool_domain.example.user_pool_id}" + } + ] + } + ], + "workforce_name": "${aws_sagemaker_workforce.example.id}", + "workteam_name": "example" + } + references: + workforce_name: aws_sagemaker_workforce.id + - manifest: |- + { + "description": "example", + "member_definition": [ + { + "oidc_member_definition": [ + { + "groups": [ + "example" + ] + } + ] + } + ], + "workforce_name": "${aws_sagemaker_workforce.example.id}", + "workteam_name": "example" + } + references: + workforce_name: aws_sagemaker_workforce.id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) assigned by AWS to this Workteam.' + client_id: '- (Required) An identifier for an application client. You must create the app client ID using Amazon Cognito.' + cognito_member_definition: '- (Optional) The Amazon Cognito user group that is part of the work team. See Cognito Member Definition details below.' + description: '- (Required) A description of the work team.' + groups: '- (Required) A list of comma separated strings that identifies user groups in your OIDC IdP. Each user group is made up of a group of private workers.' + id: '- The name of the Workteam.' + member_definition: '- (Required) A list of Member Definitions that contains objects that identify the workers that make up the work team. Workforces can be created using Amazon Cognito or your own OIDC Identity Provider (IdP). For private workforces created using Amazon Cognito use cognito_member_definition. For workforces created using your own OIDC identity provider (IdP) use oidc_member_definition. Do not provide input for both of these parameters in a single request. see Member Definition details below.' + notification_configuration: '- (Optional) Configures notification of workers regarding available or expiring work items. see Notification Configuration details below.' + notification_topic_arn: '- (Required) The ARN for the SNS topic to which notifications should be published.' + oidc_member_definition: '- (Optional) A list user groups that exist in your OIDC Identity Provider (IdP). One to ten groups can be used to create a single private work team. See Cognito Member Definition details below.' + subdomain: '- The subdomain for your OIDC Identity Provider.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + user_group: '- (Required) An identifier for a user group.' + user_pool: '- (Required) An identifier for a user pool. The user pool must be in the same region as the service that you are calling.' + workforce_name: '- (Required) The name of the Workteam (must be unique).' + workteam_name: '- (Required) The name of the workforce.' + aws_schemas_discoverer: + subCategory: EventBridge Schemas + description: Provides an EventBridge Schema Discoverer resource. + name: aws_schemas_discoverer + titleName: aws_schemas_discoverer + examples: + - manifest: |- + { + "description": "Auto discover event schemas", + "source_arn": "${aws_cloudwatch_event_bus.messenger.arn}" + } + references: + source_arn: aws_cloudwatch_event_bus.arn + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the discoverer.' + description: '- (Optional) The description of the discoverer. Maximum of 256 characters.' + id: '- The ID of the discoverer.' + source_arn: '- (Required) The ARN of the event bus to discover event schemas on.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_schemas_registry: + subCategory: EventBridge Schemas + description: Provides an EventBridge Custom Schema Registry resource. + name: aws_schemas_registry + titleName: aws_schemas_registry + examples: + - manifest: |- + { + "description": "A custom schema registry", + "name": "my_own_registry" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the discoverer.' + description: '- (Optional) The description of the discoverer. Maximum of 256 characters.' + name: '- (Required) The name of the custom event schema registry. Maximum of 64 characters consisting of lower case letters, upper case letters, 0-9, ., -, _.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_schemas_schema: + subCategory: EventBridge Schemas + description: Provides an EventBridge Schema resource. + name: aws_schemas_schema + titleName: aws_schemas_schema + examples: + - manifest: |- + { + "content": "${jsonencode({\n \"openapi\" : \"3.0.0\",\n \"info\" : {\n \"version\" : \"1.0.0\",\n \"title\" : \"Event\"\n },\n \"paths\" : {},\n \"components\" : {\n \"schemas\" : {\n \"Event\" : {\n \"type\" : \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n }\n }\n }\n }\n }\n })}", + "description": "The schema definition for my event", + "name": "my_schema", + "registry_name": "${aws_schemas_registry.test.name}", + "type": "OpenApi3" + } + references: + registry_name: aws_schemas_registry.name + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the discoverer.' + content: '- (Required) The schema specification. Must be a valid Open API 3.0 spec.' + description: '- (Optional) The description of the schema. Maximum of 256 characters.' + last_modified: '- The last modified date of the schema.' + name: '- (Required) The name of the schema. Maximum of 385 characters consisting of lower case letters, upper case letters, ., -, _, @.' + registry_name: '- (Required) The name of the registry in which this schema belongs.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of the schema. Valid values: OpenApi3.' + version: '- The version of the schema.' + version_created_date: '- The created date of the version of the schema.' + aws_secretsmanager_secret: + subCategory: Secrets Manager + description: Provides a resource to manage AWS Secrets Manager secret metadata + name: aws_secretsmanager_secret + titleName: aws_secretsmanager_secret + examples: + - manifest: |- + { + "name": "example" + } + - manifest: |- + { + "name": "rotation-example", + "rotation_lambda_arn": "${aws_lambda_function.example.arn}", + "rotation_rules": [ + { + "automatically_after_days": 7 + } + ] + } + references: + rotation_lambda_arn: aws_lambda_function.arn + argumentDocs: + arn: '- ARN of the secret.' + automatically_after_days: '- (Required) Specifies the number of days between automatic scheduled rotations of the secret.' + description: '- (Optional) Description of the secret.' + id: '- ARN of the secret.' + kms_key_id: '- (Optional) ARN, Key ID, or Alias.' + last_accessed_date: '- Date that you last accessed the secret in the Region.' + name: '- (Optional) Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.' + policy: '- (Optional) Valid JSON document representing a resource policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + recovery_window_in_days: '- (Optional) Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.' + region: '- (Required) Region for replicating the secret.' + replica: '- Attributes of a replica are described below.' + rotation_enabled: '- Whether automatic rotation is enabled for this secret.' + rotation_lambda_arn: '- (Optional, DEPRECATED) ARN of the Lambda function that can rotate the secret. Use the aws_secretsmanager_secret_rotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.' + rotation_rules: '- (Optional, DEPRECATED) Configuration block for the rotation configuration of this secret. Defined below. Use the aws_secretsmanager_secret_rotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.' + status: '- Status can be InProgress, Failed, or InSync.' + status_message: '- Message such as Replication succeeded or Secret with this name already exists in this region.' + tags: '- (Optional) Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_secretsmanager_secret_policy: + subCategory: Secrets Manager + description: Provides a resource to manage AWS Secrets Manager secret policy + name: aws_secretsmanager_secret_policy + titleName: aws_secretsmanager_secret_policy + examples: + - manifest: |- + { + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Sid\": \"EnableAllPermissions\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t\t\"AWS\": \"*\"\n\t },\n\t \"Action\": \"secretsmanager:GetSecretValue\",\n\t \"Resource\": \"*\"\n\t}\n ]\n}\n", + "secret_arn": "${aws_secretsmanager_secret.example.arn}" + } + references: + secret_arn: aws_secretsmanager_secret.arn + argumentDocs: + block_public_policy: '- (Optional) Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.' + id: '- Amazon Resource Name (ARN) of the secret.' + policy: '- (Required) A valid JSON document representing a resource policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + secret_arn: '- (Required) Secret ARN.' + aws_secretsmanager_secret_rotation: + subCategory: Secrets Manager + description: Provides a resource to manage AWS Secrets Manager secret rotation + name: aws_secretsmanager_secret_rotation + titleName: aws_secretsmanager_secret_rotation + examples: + - manifest: |- + { + "rotation_lambda_arn": "${aws_lambda_function.example.arn}", + "rotation_rules": [ + { + "automatically_after_days": 30 + } + ], + "secret_id": "${aws_secretsmanager_secret.example.id}" + } + references: + rotation_lambda_arn: aws_lambda_function.arn + secret_id: aws_secretsmanager_secret.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the secret.' + automatically_after_days: '- (Required) Specifies the number of days between automatic scheduled rotations of the secret.' + id: '- Amazon Resource Name (ARN) of the secret.' + rotation_enabled: '- Specifies whether automatic rotation is enabled for this secret.' + rotation_lambda_arn: '- (Required) Specifies the ARN of the Lambda function that can rotate the secret.' + rotation_rules: '- (Required) A structure that defines the rotation configuration for this secret. Defined below.' + secret_id: '- (Required) Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.' + aws_secretsmanager_secret_version: + subCategory: Secrets Manager + description: Provides a resource to manage AWS Secrets Manager secret version including its secret value + name: aws_secretsmanager_secret_version + titleName: aws_secretsmanager_secret_version + examples: + - manifest: |- + { + "secret_id": "${aws_secretsmanager_secret.example.id}", + "secret_string": "example-string-to-protect" + } + references: + secret_id: aws_secretsmanager_secret.id + - manifest: |- + { + "secret_id": "${aws_secretsmanager_secret.example.id}", + "secret_string": "${jsonencode(var.example)}" + } + references: + secret_id: aws_secretsmanager_secret.id + argumentDocs: + arn: '- The ARN of the secret.' + id: '- A pipe delimited combination of secret ID and version ID.' + secret_binary: '- (Optional) Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.' + secret_id: '- (Required) Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.' + secret_string: '- (Optional) Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.' + version_id: '- The unique identifier of the version of the secret.' + version_stages: '- (Optional) Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that''s already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label AWSCURRENT to this new version on creation.' + aws_security_group: + subCategory: VPC + description: Provides a security group resource. + name: aws_security_group + titleName: aws_security_group + examples: + - manifest: |- + { + "description": "Allow TLS inbound traffic", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "from_port": 0, + "ipv6_cidr_blocks": [ + "::/0" + ], + "protocol": "-1", + "to_port": 0 + } + ], + "ingress": [ + { + "cidr_blocks": [ + "${aws_vpc.main.cidr_block}" + ], + "description": "TLS from VPC", + "from_port": 443, + "ipv6_cidr_blocks": [ + "${aws_vpc.main.ipv6_cidr_block}" + ], + "protocol": "tcp", + "to_port": 443 + } + ], + "name": "allow_tls", + "tags": { + "Name": "allow_tls" + }, + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "from_port": 0, + "ipv6_cidr_blocks": [ + "::/0" + ], + "protocol": "-1", + "to_port": 0 + } + ] + } + - manifest: |- + { + "egress": [ + { + "from_port": 0, + "prefix_list_ids": [ + "${aws_vpc_endpoint.my_endpoint.prefix_list_id}" + ], + "protocol": "-1", + "to_port": 0 + } + ] + } + argumentDocs: + arn: '- ARN of the security group.' + cidr_blocks: '- (Optional) List of CIDR blocks.' + create: '- (Default 10m) How long to wait for a security group to be created.' + delete: '- (Default 15m) How long to retry on DependencyViolation errors during security group deletion from lingering ENIs left by certain AWS services such as Elastic Load Balancing. NOTE: Lambda ENIs can take up to 45 minutes to delete, which is not affected by changing this customizable timeout (in version 2.31.0 and later of the Terraform AWS Provider) unless it is increased above 45 minutes.' + description: '- (Optional) Description of this egress rule.' + egress: '- (Optional, VPC only) Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.' + from_port: '- (Required) Start port (or ICMP type number if protocol is icmp)' + id: '- ID of the security group.' + ingress: '- (Optional) Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.' + ipv6_cidr_blocks: '- (Optional) List of IPv6 CIDR blocks.' + name: '- (Optional, Forces new resource) Name of the security group. If omitted, Terraform will assign a random, unique name.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + owner_id: '- Owner ID.' + prefix_list_ids: '- (Optional) List of Prefix List IDs.' + protocol: '- (Required) Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value to match the AWS API requirement when using Terraform 0.12.x and above. Please make sure that the value of the protocol is specified as lowercase when used with older version of Terraform to avoid issues during upgrade.' + revoke_rules_on_delete: '- (Optional) Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.' + security_groups: '- (Optional) List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.' + self: '- (Optional) Whether the security group itself will be added as a source to this egress rule.' + tags: '- (Optional) Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + to_port: '- (Required) End range port (or ICMP code if protocol is icmp).' + vpc_id: '- (Optional, Forces new resource) VPC ID.' + aws_security_group_rule: + subCategory: VPC + description: Provides an security group rule resource. + name: aws_security_group_rule + titleName: aws_security_group_rule + examples: + - manifest: |- + { + "cidr_blocks": [ + "${aws_vpc.example.cidr_block}" + ], + "from_port": 0, + "ipv6_cidr_blocks": [ + "${aws_vpc.example.ipv6_cidr_block}" + ], + "protocol": "tcp", + "security_group_id": "sg-123456", + "to_port": 65535, + "type": "ingress" + } + - manifest: |- + { + "from_port": 0, + "prefix_list_ids": [ + "${aws_vpc_endpoint.my_endpoint.prefix_list_id}" + ], + "protocol": "-1", + "security_group_id": "sg-123456", + "to_port": 0, + "type": "egress" + } + argumentDocs: + cidr_blocks: '- (Optional) List of CIDR blocks. Cannot be specified with source_security_group_id or self.' + description: '- (Optional) Description of the rule.' + from_port: '- (Required) Start port (or ICMP type number if protocol is "icmp" or "icmpv6").' + id: '- ID of the security group rule.' + ipv6_cidr_blocks: '- (Optional) List of IPv6 CIDR blocks. Cannot be specified with source_security_group_id or self.' + prefix_list_ids: '- (Optional) List of Prefix List IDs.' + protocol: '- (Required) Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number' + security_group_id: '- (Required) Security group to apply this rule to.' + self: '- (Optional) Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or source_security_group_id.' + source_security_group_id: '- (Optional) Security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks, ipv6_cidr_blocks, or self.' + to_port: '- (Required) End port (or ICMP code if protocol is "icmp").' + type: |- + - (Required) Type of rule being created. Valid options are ingress (inbound) + or egress (outbound). + aws_securityhub_account: + subCategory: Security Hub + description: Enables Security Hub for an AWS account. + name: aws_securityhub_account + titleName: aws_securityhub_account + examples: + - manifest: '{}' + argumentDocs: + id: '- AWS Account ID.' + aws_securityhub_action_target: + subCategory: Security Hub + description: Creates Security Hub custom action. + name: aws_securityhub_action_target + titleName: aws_securityhub_action_target + examples: + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "description": "This is custom action sends selected findings to chat", + "identifier": "SendToChat", + "name": "Send notification to chat" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the Security Hub custom action target.' + description: '- (Required) The name of the custom action target.' + identifier: '- (Required) The ID for the custom action target.' + name: '- (Required) The description for the custom action target.' + aws_securityhub_insight: + subCategory: Security Hub + description: Provides a Security Hub custom insight resource. + name: aws_securityhub_insight + titleName: aws_securityhub_insight + examples: + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "filters": [ + { + "aws_account_id": [ + { + "comparison": "EQUALS", + "value": "1234567890" + }, + { + "comparison": "EQUALS", + "value": "09876543210" + } + ] + } + ], + "group_by_attribute": "AwsAccountId", + "name": "example-insight" + } + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "filters": [ + { + "created_at": [ + { + "date_range": [ + { + "unit": "DAYS", + "value": 5 + } + ] + } + ] + } + ], + "group_by_attribute": "CreatedAt", + "name": "example-insight" + } + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "filters": [ + { + "network_destination_ipv4": [ + { + "cidr": "10.0.0.0/16" + } + ] + } + ], + "group_by_attribute": "NetworkDestinationIpV4", + "name": "example-insight" + } + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "filters": [ + { + "confidence": [ + { + "gte": "80" + } + ] + } + ], + "group_by_attribute": "Confidence", + "name": "example-insight" + } + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "filters": [ + { + "resource_tags": [ + { + "comparison": "EQUALS", + "key": "Environment", + "value": "Production" + } + ] + } + ], + "group_by_attribute": "ResourceTags", + "name": "example-insight" + } + argumentDocs: + arn: '- ARN of the insight.' + aws_account_id: '- (Optional) AWS account ID that a finding is generated in. See String_Filter below for more details.' + cidr: '- (Required) A finding''s CIDR value.' + company_name: '- (Optional) The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details.' + comparison: '- (Required) The condition to apply to a string value when querying for findings. Valid values include: EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS.' + compliance_status: '- (Optional) Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details.' + confidence: '- (Optional) A finding''s confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.' + created_at: '- (Optional) An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details.' + criticality: '- (Optional) The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.' + date_range: '- (Optional) A configuration block of the date range for the date filter. See date_range below for more details.' + description: '- (Optional) A finding''s description. See String Filter below for more details.' + end: '- (Optional) An end date for the date filter. Required with start if date_range is not specified.' + eq: '- (Optional) The equal-to condition to be applied to a single field when querying for findings, provided as a String.' + filters: '- (Required) A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.' + finding_provider_fields_confidence: '- (Optional) The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.' + finding_provider_fields_criticality: '- (Optional) The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.' + finding_provider_fields_related_findings_id: '- (Optional) The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details.' + finding_provider_fields_related_findings_product_arn: '- (Optional) The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details.' + finding_provider_fields_severity_label: '- (Optional) The finding provider value for the severity label. See String Filter below for more details.' + finding_provider_fields_severity_original: '- (Optional) The finding provider''s original value for the severity. See String Filter below for more details.' + finding_provider_fields_types: '- (Optional) One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding. Valid namespace values include: Software and Configuration Checks, TTPs, Effects, Unusual Behaviors, and Sensitive Data Identifications. See String Filter below for more details.' + first_observed_at: '- (Optional) An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details.' + generator_id: '- (Optional) The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details.' + group_by_attribute: '- (Required) The attribute used to group the findings for the insight e.g. if an insight is grouped by ResourceId, then the insight produces a list of resource identifiers.' + gte: '- (Optional) The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.' + id: '- ARN of the insight.' + key: '- (Required) The key of the map filter. For example, for ResourceTags, Key identifies the name of the tag. For UserDefinedFields, Key is the name of the field.' + keyword: '- (Optional) A keyword for a finding. See Keyword Filter below for more details.' + last_observed_at: '- (Optional) An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details.' + lte: '- (Optional) The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.' + malware_name: '- (Optional) The name of the malware that was observed. See String Filter below for more details.' + malware_path: '- (Optional) The filesystem path of the malware that was observed. See String Filter below for more details.' + malware_state: '- (Optional) The state of the malware that was observed. See String Filter below for more details.' + malware_type: '- (Optional) The type of the malware that was observed. See String Filter below for more details.' + name: '- (Required) The name of the custom insight.' + network_destination_domain: '- (Optional) The destination domain of network-related information about a finding. See String Filter below for more details.' + network_destination_ipv4: '- (Optional) The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details.' + network_destination_ipv6: '- (Optional) The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details.' + network_destination_port: '- (Optional) The destination port of network-related information about a finding. See Number Filter below for more details.' + network_direction: '- (Optional) Indicates the direction of network traffic associated with a finding. See String Filter below for more details.' + network_protocol: '- (Optional) The protocol of network-related information about a finding. See String Filter below for more details.' + network_source_domain: '- (Optional) The source domain of network-related information about a finding. See String Filter below for more details.' + network_source_ipv4: '- (Optional) The source IPv4 address of network-related information about a finding. See Ip Filter below for more details.' + network_source_ipv6: '- (Optional) The source IPv6 address of network-related information about a finding. See Ip Filter below for more details.' + network_source_mac: '- (Optional) The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details.' + network_source_port: '- (Optional) The source port of network-related information about a finding. See Number Filter below for more details.' + note_text: '- (Optional) The text of a note. See String Filter below for more details.' + note_updated_at: '- (Optional) The timestamp of when the note was updated. See Date Filter below for more details.' + note_updated_by: '- (Optional) The principal that created a note. See String Filter below for more details.' + process_launched_at: '- (Optional) The date/time that the process was launched. See Date Filter below for more details.' + process_name: '- (Optional) The name of the process. See String Filter below for more details.' + process_parent_pid: '- (Optional) The parent process ID. See Number Filter below for more details.' + process_path: '- (Optional) The path to the process executable. See String Filter below for more details.' + process_pid: '- (Optional) The process ID. See Number Filter below for more details.' + process_terminated_at: '- (Optional) The date/time that the process was terminated. See Date Filter below for more details.' + product_arn: '- (Optional) The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider''s product (solution that generates findings) is registered with Security Hub. See String Filter below for more details.' + product_fields: '- (Optional) A data type where security-findings providers can include additional solution-specific details that aren''t part of the defined AwsSecurityFinding format. See Map Filter below for more details.' + product_name: '- (Optional) The name of the solution (product) that generates findings. See String Filter below for more details.' + recommendation_text: '- (Optional) The recommendation of what to do about the issue described in a finding. See String Filter below for more details.' + record_state: '- (Optional) The updated record state for the finding. See String Filter below for more details.' + related_findings_id: '- (Optional) The solution-generated identifier for a related finding. See String Filter below for more details.' + related_findings_product_arn: '- (Optional) The ARN of the solution that generated a related finding. See String Filter below for more details.' + resource_aws_ec2_instance_iam_instance_profile_arn: '- (Optional) The IAM profile ARN of the instance. See String Filter below for more details.' + resource_aws_ec2_instance_image_id: '- (Optional) The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details.' + resource_aws_ec2_instance_ipv4_addresses: '- (Optional) The IPv4 addresses associated with the instance. See Ip Filter below for more details.' + resource_aws_ec2_instance_ipv6_addresses: '- (Optional) The IPv6 addresses associated with the instance. See Ip Filter below for more details.' + resource_aws_ec2_instance_key_name: '- (Optional) The key name associated with the instance. See String Filter below for more details.' + resource_aws_ec2_instance_launched_at: '- (Optional) The date and time the instance was launched. See Date Filter below for more details.' + resource_aws_ec2_instance_subnet_id: '- (Optional) The identifier of the subnet that the instance was launched in. See String Filter below for more details.' + resource_aws_ec2_instance_type: '- (Optional) The instance type of the instance. See String Filter below for more details.' + resource_aws_ec2_instance_vpc_id: '- (Optional) The identifier of the VPC that the instance was launched in. See String Filter below for more details.' + resource_aws_iam_access_key_created_at: '- (Optional) The creation date/time of the IAM access key related to a finding. See Date Filter below for more details.' + resource_aws_iam_access_key_status: '- (Optional) The status of the IAM access key related to a finding. See String Filter below for more details.' + resource_aws_iam_access_key_user_name: '- (Optional) The user associated with the IAM access key related to a finding. See String Filter below for more details.' + resource_aws_s3_bucket_owner_id: '- (Optional) The canonical user ID of the owner of the S3 bucket. See String Filter below for more details.' + resource_aws_s3_bucket_owner_name: '- (Optional) The display name of the owner of the S3 bucket. See String Filter below for more details.' + resource_container_image_id: '- (Optional) The identifier of the image related to a finding. See String Filter below for more details.' + resource_container_image_name: '- (Optional) The name of the image related to a finding. See String Filter below for more details.' + resource_container_launched_at: '- (Optional) The date/time that the container was started. See Date Filter below for more details.' + resource_container_name: '- (Optional) The name of the container related to a finding. See String Filter below for more details.' + resource_details_other: '- (Optional) The details of a resource that doesn''t have a specific subfield for the resource type defined. See Map Filter below for more details.' + resource_id: '- (Optional) The canonical identifier for the given resource type. See String Filter below for more details.' + resource_partition: '- (Optional) The canonical AWS partition name that the Region is assigned to. See String Filter below for more details.' + resource_region: '- (Optional) The canonical AWS external Region name where this resource is located. See String Filter below for more details.' + resource_tags: '- (Optional) A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details.' + resource_type: '- (Optional) Specifies the type of the resource that details are provided for. See String Filter below for more details.' + severity_label: '- (Optional) The label of a finding''s severity. See String Filter below for more details.' + source_url: '- (Optional) A URL that links to a page about the current finding in the security-findings provider''s solution. See String Filter below for more details.' + start: '- (Optional) A start date for the date filter. Required with end if date_range is not specified.' + threat_intel_indicator_category: '- (Optional) The category of a threat intelligence indicator. See String Filter below for more details.' + threat_intel_indicator_last_observed_at: '- (Optional) The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details.' + threat_intel_indicator_source: '- (Optional) The source of the threat intelligence. See String Filter below for more details.' + threat_intel_indicator_source_url: '- (Optional) The URL for more details from the source of the threat intelligence. See String Filter below for more details.' + threat_intel_indicator_type: '- (Optional) The type of a threat intelligence indicator. See String Filter below for more details.' + threat_intel_indicator_value: '- (Optional) The value of a threat intelligence indicator. See String Filter below for more details.' + title: '- (Optional) A finding''s title. See String Filter below for more details.' + type: '- (Optional) A finding type in the format of namespace/category/classifier that classifies a finding. See String Filter below for more details.' + unit: '- (Required) A date range unit for the date filter. Valid values: DAYS.' + updated_at: '- (Optional) An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details.' + user_defined_values: '- (Optional) A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details.' + value: '- (Required) The string filter value. Valid values include: NEW, NOTIFIED, SUPPRESSED, and RESOLVED.' + verification_state: '- (Optional) The veracity of a finding. See String Filter below for more details.' + workflow_status: '- (Optional) The status of the investigation into a finding. See Workflow Status Filter below for more details.' + aws_securityhub_invite_accepter: + subCategory: Security Hub + description: Accepts a Security Hub invitation. + name: aws_securityhub_invite_accepter + titleName: aws_securityhub_invite_accepter + examples: + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.accepter}" + ], + "master_id": "${aws_securityhub_member.example.master_id}", + "provider": "aws.invitee" + } + references: + master_id: aws_securityhub_member.master_id + argumentDocs: + invitation_id: '- The ID of the invitation.' + master_id: '- (Required) The account ID of the master Security Hub account whose invitation you''re accepting.' + aws_securityhub_member: + subCategory: Security Hub + description: Provides a Security Hub member resource. + name: aws_securityhub_member + titleName: aws_securityhub_member + examples: + - manifest: |- + { + "account_id": "123456789012", + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "email": "example@example.com", + "invite": true + } + argumentDocs: + account_id: '- (Required) The ID of the member AWS account.' + email: '- (Required) The email of the member AWS account.' + id: '- The ID of the member AWS account (matches account_id).' + invite: '- (Optional) Boolean whether to invite the account to Security Hub as a member. Defaults to false.' + master_id: '- The ID of the master Security Hub AWS account.' + member_status: '- The status of the member account relationship.' + aws_securityhub_organization_admin_account: + subCategory: Security Hub + description: Manages a Security Hub administrator account for an organization. + name: aws_securityhub_organization_admin_account + titleName: aws_securityhub_organization_admin_account + examples: + - manifest: |- + { + "admin_account_id": "123456789012", + "depends_on": [ + "${aws_organizations_organization.example}" + ] + } + argumentDocs: + admin_account_id: '- (Required) The AWS account identifier of the account to designate as the Security Hub administrator account.' + id: '- AWS account identifier.' + aws_securityhub_organization_configuration: + subCategory: Security Hub + description: Manages the Security Hub Organization Configuration + name: aws_securityhub_organization_configuration + titleName: aws_securityhub_organization_configuration + examples: + - manifest: |- + { + "auto_enable": true + } + argumentDocs: + auto_enable: '- (Required) Whether to automatically enable Security Hub for new accounts in the organization.' + id: '- AWS Account ID.' + aws_securityhub_product_subscription: + subCategory: Security Hub + description: Subscribes to a Security Hub product. + name: aws_securityhub_product_subscription + titleName: aws_securityhub_product_subscription + examples: + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "product_arn": "arn:aws:securityhub:${data.aws_region.current.name}:733251395267:product/alertlogic/althreatmanagement" + } + argumentDocs: + arn: '- The ARN of a resource that represents your subscription to the product that generates the findings that you want to import into Security Hub.' + product_arn: '- (Required) The ARN of the product that generates findings that you want to import into Security Hub - see below.' + aws_securityhub_standards_control: + subCategory: Security Hub + description: Enable/disable Security Hub standards controls. + name: aws_securityhub_standards_control + titleName: aws_securityhub_standards_control + examples: + - manifest: |- + { + "control_status": "DISABLED", + "depends_on": [ + "${aws_securityhub_standards_subscription.cis_aws_foundations_benchmark}" + ], + "disabled_reason": "We handle password policies within Okta", + "standards_control_arn": "arn:aws:securityhub:us-east-1:111111111111:control/cis-aws-foundations-benchmark/v/1.2.0/1.10" + } + argumentDocs: + control_id: – The identifier of the security standard control. + control_status: – (Required) The control status could be ENABLED or DISABLED. You have to specify disabled_reason argument for DISABLED control status. + control_status_updated_at: – The date and time that the status of the security standard control was most recently updated. + description: – The standard control longer description. Provides information about what the control is checking for. + disabled_reason: – (Optional) A description of the reason why you are disabling a security standard control. If you specify this attribute, control_status will be set to DISABLED automatically. + id: '- The standard control ARN.' + related_requirements: – The list of requirements that are related to this control. + remediation_url: – A link to remediation information for the control in the Security Hub user documentation. + severity_rating: – The severity of findings generated from this security standard control. + standards_control_arn: '- (Required) The standards control ARN.' + title: – The standard control title. + aws_securityhub_standards_subscription: + subCategory: Security Hub + description: Subscribes to a Security Hub standard. + name: aws_securityhub_standards_subscription + titleName: aws_securityhub_standards_subscription + examples: + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "standards_arn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0" + } + - manifest: |- + { + "depends_on": [ + "${aws_securityhub_account.example}" + ], + "standards_arn": "arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1" + } + argumentDocs: + id: '- The ARN of a resource that represents your subscription to a supported standard.' + standards_arn: '- (Required) The ARN of a standard - see below.' + aws_serverlessapplicationrepository_cloudformation_stack: + subCategory: Serverless Application Repository + description: Deploys an Application CloudFormation Stack from the Serverless Application Repository. + name: aws_serverlessapplicationrepository_cloudformation_stack + titleName: aws_serverlessapplicationrepository_cloudformation_stack + examples: + - manifest: |- + { + "application_id": "arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser", + "capabilities": [ + "CAPABILITY_IAM", + "CAPABILITY_RESOURCE_POLICY" + ], + "name": "postgres-rotator", + "parameters": { + "endpoint": "secretsmanager.${data.aws_region.current.name}.${data.aws_partition.current.dns_suffix}", + "functionName": "func-postgres-rotator" + } + } + argumentDocs: + application_id: '- (Required) The ARN of the application from the Serverless Application Repository.' + capabilities: '- (Required) A list of capabilities. Valid values are CAPABILITY_IAM, CAPABILITY_NAMED_IAM, CAPABILITY_RESOURCE_POLICY, or CAPABILITY_AUTO_EXPAND' + id: '- A unique identifier of the stack.' + name: '- (Required) The name of the stack to create. The resource deployed in AWS will be prefixed with serverlessrepo-' + outputs: '- A map of outputs from the stack.' + parameters: '- (Optional) A map of Parameter structures that specify input parameters for the stack.' + semantic_version: '- (Optional) The version of the application to deploy. If not supplied, deploys the latest version.' + tags: '- (Optional) A list of tags to associate with this stack. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_service_discovery_http_namespace: + subCategory: Service Discovery + description: Provides a Service Discovery HTTP Namespace resource. + name: aws_service_discovery_http_namespace + titleName: aws_service_discovery_http_namespace + examples: + - manifest: |- + { + "description": "example", + "name": "development" + } + argumentDocs: + arn: '- The ARN that Amazon Route 53 assigns to the namespace when you create it.' + description: '- (Optional) The description that you specify for the namespace when you create it.' + id: '- The ID of a namespace.' + name: '- (Required) The name of the http namespace.' + tags: '- (Optional) A map of tags to assign to the namespace. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_service_discovery_private_dns_namespace: + subCategory: Service Discovery + description: Provides a Service Discovery Private DNS Namespace resource. + name: aws_service_discovery_private_dns_namespace + titleName: aws_service_discovery_private_dns_namespace + examples: + - manifest: |- + { + "description": "example", + "name": "hoge.example.local", + "vpc": "${aws_vpc.example.id}" + } + references: + vpc: aws_vpc.id + argumentDocs: + arn: '- The ARN that Amazon Route 53 assigns to the namespace when you create it.' + description: '- (Optional) The description that you specify for the namespace when you create it.' + hosted_zone: '- The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.' + id: '- The ID of a namespace.' + name: '- (Required) The name of the namespace.' + tags: '- (Optional) A map of tags to assign to the namespace. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc: '- (Required) The ID of VPC that you want to associate the namespace with.' + aws_service_discovery_public_dns_namespace: + subCategory: Service Discovery + description: Provides a Service Discovery Public DNS Namespace resource. + name: aws_service_discovery_public_dns_namespace + titleName: aws_service_discovery_public_dns_namespace + examples: + - manifest: |- + { + "description": "example", + "name": "hoge.example.com" + } + argumentDocs: + arn: '- The ARN that Amazon Route 53 assigns to the namespace when you create it.' + description: '- (Optional) The description that you specify for the namespace when you create it.' + hosted_zone: '- The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.' + id: '- The ID of a namespace.' + name: '- (Required) The name of the namespace.' + tags: '- (Optional) A map of tags to assign to the namespace. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_service_discovery_service: + subCategory: Service Discovery + description: Provides a Service Discovery Service resource. + name: aws_service_discovery_service + titleName: aws_service_discovery_service + examples: + - manifest: |- + { + "dns_config": [ + { + "dns_records": [ + { + "ttl": 10, + "type": "A" + } + ], + "namespace_id": "${aws_service_discovery_private_dns_namespace.example.id}", + "routing_policy": "MULTIVALUE" + } + ], + "health_check_custom_config": [ + { + "failure_threshold": 1 + } + ], + "name": "example" + } + - manifest: |- + { + "dns_config": [ + { + "dns_records": [ + { + "ttl": 10, + "type": "A" + } + ], + "namespace_id": "${aws_service_discovery_public_dns_namespace.example.id}" + } + ], + "health_check_config": [ + { + "failure_threshold": 10, + "resource_path": "path", + "type": "HTTP" + } + ], + "name": "example" + } + argumentDocs: + arn: '- The ARN of the service.' + description: '- (Optional) The description of the service.' + dns_config: '- (Optional) A complex type that contains information about the resource record sets that you want Amazon Route 53 to create when you register an instance.' + dns_records: '- (Required) An array that contains one DnsRecord object for each resource record set.' + failure_threshold: '- (Optional, ForceNew) The number of 30-second intervals that you want service discovery to wait before it changes the health status of a service instance. Maximum value of 10.' + health_check_config: '- (Optional) A complex type that contains settings for an optional health check. Only for Public DNS namespaces.' + health_check_custom_config: '- (Optional, ForceNew) A complex type that contains settings for ECS managed health checks.' + id: '- The ID of the service.' + name: '- (Required, ForceNew) The name of the service.' + namespace_id: '- (Required, ForceNew) The ID of the namespace to use for DNS configuration.' + resource_path: '- (Optional) The path that you want Route 53 to request when performing health checks. Route 53 automatically adds the DNS name for the service. If you don''t specify a value, the default value is /.' + routing_policy: '- (Optional) The routing policy that you want to apply to all records that Route 53 creates when you register an instance and specify the service. Valid Values: MULTIVALUE, WEIGHTED' + tags: '- (Optional) A map of tags to assign to the service. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + ttl: '- (Required) The amount of time, in seconds, that you want DNS resolvers to cache the settings for this resource record set.' + type: '- (Optional, ForceNew) The type of health check that you want to create, which indicates how Route 53 determines whether an endpoint is healthy. Valid Values: HTTP, HTTPS, TCP' + aws_servicecatalog_budget_resource_association: + subCategory: Service Catalog + description: Manages a Service Catalog Budget Resource Association + name: aws_servicecatalog_budget_resource_association + titleName: aws_servicecatalog_budget_resource_association + examples: + - manifest: |- + { + "budget_name": "budget-pjtvyakdlyo3m", + "resource_id": "prod-dnigbtea24ste" + } + argumentDocs: + budget_name: '- (Required) Budget name.' + id: '- Identifier of the association.' + resource_id: '- (Required) Resource identifier.' + aws_servicecatalog_constraint: + subCategory: Service Catalog + description: Manages a Service Catalog Constraint + name: aws_servicecatalog_constraint + titleName: aws_servicecatalog_constraint + examples: + - manifest: |- + { + "description": "Back off, man. I'm a scientist.", + "parameters": "${jsonencode({\n \"RoleArn\" : \"arn:aws:iam::123456789012:role/LaunchRole\"\n })}", + "portfolio_id": "${aws_servicecatalog_portfolio.example.id}", + "product_id": "${aws_servicecatalog_product.example.id}", + "type": "LAUNCH" + } + references: + portfolio_id: aws_servicecatalog_portfolio.id + product_id: aws_servicecatalog_product.id + argumentDocs: + LAUNCH: ': You are required to specify either the RoleArn or the LocalRoleName but can''t use both. If you specify the LocalRoleName property, when an account uses the launch constraint, the IAM role with that name in the account will be used. This allows launch-role constraints to be account-agnostic so the administrator can create fewer resources per shared account. The given role name must exist in the account used to create the launch constraint and the account of the user who launches a product with this launch constraint. You cannot have both a LAUNCH and a STACKSET constraint. You also cannot have more than one LAUNCH constraint on an aws_servicecatalog_product and aws_servicecatalog_portfolio. Specify the RoleArn and LocalRoleName properties as follows:' + NOTIFICATION: ': Specify the NotificationArns property as follows:' + RESOURCE_UPDATE: ': Specify the TagUpdatesOnProvisionedProduct property as follows. The TagUpdatesOnProvisionedProduct property accepts a string value of ALLOWED or NOT_ALLOWED.' + STACKSET: ': Specify the Parameters property as follows. You cannot have both a LAUNCH and a STACKSET constraint. You also cannot have more than one STACKSET constraint on on an aws_servicecatalog_product and aws_servicecatalog_portfolio. Products with a STACKSET constraint will launch an AWS CloudFormation stack set.' + TEMPLATE: ': Specify the Rules property. For more information, see Template Constraint Rules.' + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). Default value is en.' + description: '- (Optional) Description of the constraint.' + id: '- Constraint identifier.' + owner: '- Owner of the constraint.' + parameters: '- (Required) Constraint parameters in JSON format. The syntax depends on the constraint type. See details below.' + portfolio_id: '- (Required) Portfolio identifier.' + product_id: '- (Required) Product identifier.' + type: '- (Required) Type of constraint. Valid values are LAUNCH, NOTIFICATION, RESOURCE_UPDATE, STACKSET, and TEMPLATE.' + aws_servicecatalog_organizations_access: + subCategory: Service Catalog + description: Manages Service Catalog Organizations Access + name: aws_servicecatalog_organizations_access + titleName: aws_servicecatalog_organizations_access + examples: + - manifest: |- + { + "enabled": "true" + } + argumentDocs: + enabled: '- (Required) Whether to enable AWS Organizations access.' + id: '- Account ID for the account using the resource.' + aws_servicecatalog_portfolio: + subCategory: Service Catalog + description: Provides a resource to create a Service Catalog portfolio + name: aws_servicecatalog_portfolio + titleName: aws_servicecatalog_portfolio + examples: + - manifest: |- + { + "description": "List of my organizations apps", + "name": "My App Portfolio", + "provider_name": "Brett" + } + argumentDocs: + description: '- (Required) Description of the portfolio' + id: '- The ID of the Service Catalog Portfolio.' + name: '- (Required) The name of the portfolio.' + provider_name: '- (Required) Name of the person or organization who owns the portfolio.' + tags: '- (Optional) Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_servicecatalog_portfolio_share: + subCategory: Service Catalog + description: Manages a Service Catalog Portfolio Share + name: aws_servicecatalog_portfolio_share + titleName: aws_servicecatalog_portfolio_share + examples: + - manifest: |- + { + "portfolio_id": "${aws_servicecatalog_portfolio.example.id}", + "principal_id": "012128675309", + "type": "ACCOUNT" + } + references: + portfolio_id: aws_servicecatalog_portfolio.id + argumentDocs: + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). Default value is en.' + accepted: '- Whether the shared portfolio is imported by the recipient account. If the recipient is organizational, the share is automatically imported, and the field is always set to true.' + portfolio_id: '- (Required) Portfolio identifier.' + principal_id: '- (Required) Identifier of the principal with whom you will share the portfolio. Valid values AWS account IDs and ARNs of AWS Organizations and organizational units.' + share_tag_options: '- (Optional) Whether to enable sharing of aws_servicecatalog_tag_option resources when creating the portfolio share.' + type: '- (Required) Type of portfolio share. Valid values are ACCOUNT (an external account), ORGANIZATION (a share to every account in an organization), ORGANIZATIONAL_UNIT, ORGANIZATION_MEMBER_ACCOUNT (a share to an account in an organization).' + wait_for_acceptance: '- (Optional) Whether to wait (up to the timeout) for the share to be accepted. Organizational shares are automatically accepted.' + aws_servicecatalog_principal_portfolio_association: + subCategory: Service Catalog + description: Manages a Service Catalog Principal Portfolio Association + name: aws_servicecatalog_principal_portfolio_association + titleName: aws_servicecatalog_principal_portfolio_association + examples: + - manifest: |- + { + "portfolio_id": "port-68656c6c6f", + "principal_arn": "arn:aws:iam::123456789012:user/Eleanor" + } + argumentDocs: + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). Default value is en.' + id: '- Identifier of the association.' + portfolio_id: '- (Required) Portfolio identifier.' + principal_arn: '- (Required) Principal ARN.' + principal_type: '- (Optional) Principal type. Setting this argument empty (e.g., principal_type = "") will result in an error. Valid value is IAM. Default is IAM.' + aws_servicecatalog_product: + subCategory: Service Catalog + description: Manages a Service Catalog Product + name: aws_servicecatalog_product + titleName: aws_servicecatalog_product + examples: + - manifest: |- + { + "name": "example", + "owner": [ + "${aws_security_group.example.id}" + ], + "provisioning_artifact_parameters": [ + { + "template_url": "https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json" + } + ], + "tags": { + "foo": "bar" + }, + "type": "${aws_subnet.main.id}" + } + references: + type: aws_subnet.id + argumentDocs: + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). Default value is en.' + arn: '- ARN of the product.' + created_time: '- Time when the product was created.' + description: '- (Optional) Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.' + disable_template_validation: '- (Optional) Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid.' + distributor: '- (Optional) Distributor (i.e., vendor) of the product.' + has_default_path: '- Whether the product has a default path. If the product does not have a default path, call ListLaunchPaths to disambiguate between paths. Otherwise, ListLaunchPaths is not required, and the output of ProductViewSummary can be used directly with DescribeProvisioningParameters.' + id: '- Product ID. For example, prod-dnigbtea24ste.' + name: '- (Optional) Name of the provisioning artifact (for example, v1, v2beta). No spaces are allowed.' + owner: '- (Required) Owner of the product.' + provisioning_artifact_parameters: '- (Required) Configuration block for provisioning artifact (i.e., version) parameters. Detailed below.' + status: '- Status of the product.' + support_description: '- (Optional) Support information about the product.' + support_email: '- (Optional) Contact email for product support.' + support_url: '- (Optional) Contact URL for product support.' + tags: '- (Optional) Tags to apply to the product. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + template_physical_id: '- (Required if template_url is not provided) Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID].' + template_url: '- (Required if template_physical_id is not provided) Template source as URL of the CloudFormation template in Amazon S3.' + type: '- (Optional) Type of provisioning artifact. Valid values: CLOUD_FORMATION_TEMPLATE, MARKETPLACE_AMI, MARKETPLACE_CAR (Marketplace Clusters and AWS Resources).' + aws_servicecatalog_product_portfolio_association: + subCategory: Service Catalog + description: Manages a Service Catalog Product Portfolio Association + name: aws_servicecatalog_product_portfolio_association + titleName: aws_servicecatalog_product_portfolio_association + examples: + - manifest: |- + { + "portfolio_id": "port-68656c6c6f", + "product_id": "prod-dnigbtea24ste" + } + argumentDocs: + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). Default value is en.' + id: '- Identifier of the association.' + portfolio_id: '- (Required) Portfolio identifier.' + product_id: '- (Required) Product identifier.' + source_portfolio_id: '- (Optional) Identifier of the source portfolio.' + aws_servicecatalog_provisioned_product: + subCategory: Service Catalog + description: Manages a Service Catalog Provisioned Product + name: aws_servicecatalog_provisioned_product + titleName: aws_servicecatalog_provisioned_product + examples: + - manifest: |- + { + "name": "example", + "product_name": "Example product", + "provisioning_artifact_name": "Example version", + "provisioning_parameters": [ + { + "key": "foo", + "value": "bar" + } + ], + "tags": { + "foo": "bar" + } + } + argumentDocs: + AVAILABLE: '- Stable state, ready to perform any operation. The most recent operation succeeded and completed.' + ERROR: '- An unexpected error occurred. The provisioned product exists but the stack is not running. For example, CloudFormation received a parameter value that was not valid and could not launch the stack.' + PLAN_IN_PROGRESS: '- Transitive state. The plan operations were performed to provision a new product, but resources have not yet been created. After reviewing the list of resources to be created, execute the plan. Wait for an AVAILABLE status before performing operations.' + TAINTED: '- Stable state, ready to perform any operation. The stack has completed the requested operation but is not exactly what was requested. For example, a request to update to a new version failed and the stack rolled back to the current version.' + UNDER_CHANGE: |- + - Transitive state. Operations performed might not have + valid results. Wait for an AVAILABLE status before performing operations. + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). Default value is en.' + accounts: '- (Optional) One or more AWS accounts that will have access to the provisioned product. The AWS accounts specified should be within the list of accounts in the STACKSET constraint. To get the list of accounts in the STACKSET constraint, use the aws_servicecatalog_provisioning_parameters data source. If no values are specified, the default value is all accounts from the STACKSET constraint.' + arn: '- ARN of the provisioned product.' + cloudwatch_dashboard_names: '- Set of CloudWatch dashboards that were created when provisioning the product.' + created_time: '- Time when the provisioned product was created.' + failure_tolerance_count: '- (Optional) Number of accounts, per region, for which this operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn''t attempt the operation in any subsequent regions. You must specify either failure_tolerance_count or failure_tolerance_percentage, but not both. The default value is 0 if no value is specified.' + failure_tolerance_percentage: '- (Optional) Percentage of accounts, per region, for which this stack operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn''t attempt the operation in any subsequent regions. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. You must specify either failure_tolerance_count or failure_tolerance_percentage, but not both.' + id: '- Provisioned Product ID.' + ignore_errors: '- (Optional) Only applies to deleting. If set to true, AWS Service Catalog stops managing the specified provisioned product even if it cannot delete the underlying resources. The default value is false.' + key: '- (Required) Parameter key.' + last_provisioning_record_id: '- Record identifier of the last request performed on this provisioned product of the following types: ProvisionedProduct, UpdateProvisionedProduct, ExecuteProvisionedProductPlan, TerminateProvisionedProduct.' + last_record_id: '- Record identifier of the last request performed on this provisioned product.' + last_successful_provisioning_record_id: '- Record identifier of the last successful request performed on this provisioned product of the following types: ProvisionedProduct, UpdateProvisionedProduct, ExecuteProvisionedProductPlan, TerminateProvisionedProduct.' + launch_role_arn: '- ARN of the launch role associated with the provisioned product.' + max_concurrency_count: '- (Optional) Maximum number of accounts in which to perform this operation at one time. This is dependent on the value of failure_tolerance_count. max_concurrency_count is at most one more than the failure_tolerance_count. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either max_concurrency_count or max_concurrency_percentage, but not both.' + max_concurrency_percentage: '- (Optional) Maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, AWS Service Catalog sets the number as 1 instead. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either max_concurrency_count or max_concurrency_percentage, but not both.' + name: '- (Required) User-friendly name of the provisioned product.' + notification_arns: '- (Optional) Passed to CloudFormation. The SNS topic ARNs to which to publish stack-related events.' + path_id: '- (Optional) Path identifier of the product. This value is optional if the product has a default path, and required if the product has more than one path. To list the paths for a product, use aws_servicecatalog_launch_paths. When required, you must provide path_id or path_name, but not both.' + path_name: '- (Optional) Name of the path. You must provide path_id or path_name, but not both.' + product_id: '- (Optional) Product identifier. For example, prod-abcdzk7xy33qa. You must provide product_id or product_name, but not both.' + product_name: '- (Optional) Name of the product. You must provide product_id or product_name, but not both.' + provisioning_artifact_id: '- (Optional) Identifier of the provisioning artifact. For example, pa-4abcdjnxjj6ne. You must provide the provisioning_artifact_id or provisioning_artifact_name, but not both.' + provisioning_artifact_name: '- (Optional) Name of the provisioning artifact. You must provide the provisioning_artifact_id or provisioning_artifact_name, but not both.' + provisioning_parameters: '- (Optional) Configuration block with parameters specified by the administrator that are required for provisioning the product. See details below.' + regions: '- (Optional) One or more AWS Regions where the provisioned product will be available. The specified regions should be within the list of regions from the STACKSET constraint. To get the list of regions in the STACKSET constraint, use the aws_servicecatalog_provisioning_parameters data source. If no values are specified, the default value is all regions from the STACKSET constraint.' + retain_physical_resources: '- (Optional) Only applies to deleting. Whether to delete the Service Catalog provisioned product but leave the CloudFormation stack, stack set, or the underlying resources of the deleted provisioned product. The default value is false.' + stack_set_provisioning_preferences: '- (Optional) Configuration block with information about the provisioning preferences for a stack set. See details below.' + status: '- Current status of the provisioned product. See meanings below.' + status_message: '- Current status message of the provisioned product.' + tags: '- (Optional) Tags to apply to the provisioned product. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- Type of provisioned product. Valid values are CFN_STACK and CFN_STACKSET.' + use_previous_value: '- (Optional) Whether to ignore value and keep the previous parameter value. Ignored when initially provisioning a product.' + value: '- (Optional) Parameter value.' + aws_servicecatalog_provisioning_artifact: + subCategory: Service Catalog + description: Manages a Service Catalog Provisioning Artifact + name: aws_servicecatalog_provisioning_artifact + titleName: aws_servicecatalog_provisioning_artifact + examples: + - manifest: |- + { + "name": "example", + "product_id": "${aws_servicecatalog_product.example.id}", + "template_url": "https://${aws_s3_bucket.example.bucket_regional_domain_name}/${aws_s3_bucket_object.example.key}", + "type": "CLOUD_FORMATION_TEMPLATE" + } + references: + product_id: aws_servicecatalog_product.id + argumentDocs: + accept_language: '- (Optional) Language code. Valid values: en (English), jp (Japanese), zh (Chinese). The default value is en.' + active: '- (Optional) Whether the product version is active. Inactive provisioning artifacts are invisible to end users. End users cannot launch or update a provisioned product from an inactive provisioning artifact. Default is true.' + created_time: '- Time when the provisioning artifact was created.' + description: '- (Optional) Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.' + disable_template_validation: '- (Optional) Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid.' + guidance: '- (Optional) Information set by the administrator to provide guidance to end users about which provisioning artifacts to use. Valid values are DEFAULT and DEPRECATED. The default is DEFAULT. Users are able to make updates to a provisioned product of a deprecated version but cannot launch new provisioned products using a deprecated version.' + id: '- Provisioning Artifact identifier and product identifier separated by a colon.' + name: '- (Optional) Name of the provisioning artifact (for example, v1, v2beta). No spaces are allowed.' + product_id: '- (Required) Identifier of the product.' + status: '- Status of the provisioning artifact.' + template_physical_id: '- (Required if template_url is not provided) Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID].' + template_url: '- (Required if template_physical_id is not provided) Template source as URL of the CloudFormation template in Amazon S3.' + type: '- (Optional) Type of provisioning artifact. Valid values: CLOUD_FORMATION_TEMPLATE, MARKETPLACE_AMI, MARKETPLACE_CAR (Marketplace Clusters and AWS Resources).' + aws_servicecatalog_service_action: + subCategory: Service Catalog + description: Manages a Service Catalog Service Action + name: aws_servicecatalog_service_action + titleName: aws_servicecatalog_service_action + examples: + - manifest: |- + { + "definition": [ + { + "name": "AWS-RestartEC2Instance" + } + ], + "description": "Motor generator unit", + "name": "MGU" + } + argumentDocs: + accept_language: '- (Optional) Language code. Valid values are en (English), jp (Japanese), and zh (Chinese). Default is en.' + assume_role: '- (Optional) ARN of the role that performs the self-service actions on your behalf. For example, arn:aws:iam::12345678910:role/ActionRole. To reuse the provisioned product launch role, set to LAUNCH_ROLE.' + definition: '- (Required) Self-service action definition configuration block. Detailed below.' + description: '- (Optional) Self-service action description.' + id: '- Identifier of the service action.' + name: '- (Required) Name of the SSM document. For example, AWS-RestartEC2Instance. If you are using a shared SSM document, you must provide the ARN instead of the name.' + parameters: '- (Optional) List of parameters in JSON format. For example: [{\"Name\":\"InstanceId\",\"Type\":\"TARGET\"}] or [{\"Name\":\"InstanceId\",\"Type\":\"TEXT_VALUE\"}].' + type: '- (Optional) Service action definition type. Valid value is SSM_AUTOMATION. Default is SSM_AUTOMATION.' + version: '- (Required) SSM document version. For example, 1.' + aws_servicecatalog_tag_option: + subCategory: Service Catalog + description: Manages a Service Catalog Tag Option + name: aws_servicecatalog_tag_option + titleName: aws_servicecatalog_tag_option + examples: + - manifest: |- + { + "key": "nyckel", + "value": "värde" + } + argumentDocs: + active: '- (Optional) Whether tag option is active. Default is true.' + id: '- Identifier (e.g., tag-pjtvagohlyo3m).' + key: '- (Required) Tag option key.' + owner_id: '- AWS account ID of the owner account that created the tag option.' + value: '- (Required) Tag option value.' + aws_servicecatalog_tag_option_resource_association: + subCategory: Service Catalog + description: Manages a Service Catalog Tag Option Resource Association + name: aws_servicecatalog_tag_option_resource_association + titleName: aws_servicecatalog_tag_option_resource_association + examples: + - manifest: |- + { + "resource_id": "prod-dnigbtea24ste", + "tag_option_id": "tag-pjtvyakdlyo3m" + } + argumentDocs: + id: '- Identifier of the association.' + resource_arn: '- ARN of the resource.' + resource_created_time: '- Creation time of the resource.' + resource_description: '- Description of the resource.' + resource_id: '- (Required) Resource identifier.' + resource_name: '- Description of the resource.' + tag_option_id: '- (Required) Tag Option identifier.' + aws_servicequotas_service_quota: + subCategory: Service Quotas + description: Manages an individual Service Quota + name: aws_servicequotas_service_quota + titleName: aws_servicequotas_service_quota + examples: + - manifest: |- + { + "quota_code": "L-F678F1CE", + "service_code": "vpc", + "value": 75 + } + argumentDocs: + adjustable: '- Whether the service quota can be increased.' + arn: '- Amazon Resource Name (ARN) of the service quota.' + default_value: '- Default value of the service quota.' + id: '- Service code and quota code, separated by a front slash (/)' + quota_code: '- (Required) Code of the service quota to track. For example: L-F678F1CE. Available values can be found with the AWS CLI service-quotas list-service-quotas command.' + quota_name: '- Name of the quota.' + service_code: '- (Required) Code of the service to track. For example: vpc. Available values can be found with the AWS CLI service-quotas list-services command.' + service_name: '- Name of the service.' + value: '- (Required) Float specifying the desired value for the service quota. If the desired value is higher than the current value, a quota increase request is submitted. When a known request is submitted and pending, the value reflects the desired value of the pending request.' + aws_ses_active_receipt_rule_set: + subCategory: SES + description: Provides a resource to designate the active SES receipt rule set + name: aws_ses_active_receipt_rule_set + titleName: aws_ses_active_receipt_rule_set + examples: + - manifest: |- + { + "rule_set_name": "primary-rules" + } + argumentDocs: + arn: '- The SES receipt rule set ARN.' + id: '- The SES receipt rule set name.' + rule_set_name: '- (Required) The name of the rule set' + aws_ses_configuration_set: + subCategory: SES + description: Provides an SES configuration set + name: aws_ses_configuration_set + titleName: aws_ses_configuration_set + examples: + - manifest: |- + { + "name": "some-configuration-set-test" + } + - manifest: |- + { + "delivery_options": [ + { + "tls_policy": "Require" + } + ], + "name": "some-configuration-set-test" + } + argumentDocs: + arn: '- SES configuration set ARN.' + delivery_options: '- (Optional) Configuration block. Detailed below.' + id: '- SES configuration set name.' + last_fresh_start: '- The date and time at which the reputation metrics for the configuration set were last reset. Resetting these metrics is known as a fresh start.' + name: '- (Required) Name of the configuration set.' + reputation_metrics_enabled: '- (Optional) Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is false.' + sending_enabled: '- (Optional) Whether email sending is enabled or disabled for the configuration set. The default value is true.' + tls_policy: '- (Optional) Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is Require, messages are only delivered if a TLS connection can be established. If the value is Optional, messages can be delivered in plain text if a TLS connection can''t be established. Valid values: Require or Optional. Defaults to Optional.' + aws_ses_domain_dkim: + subCategory: SES + description: Provides an SES domain DKIM generation resource + name: aws_ses_domain_dkim + titleName: aws_ses_domain_dkim + examples: + - manifest: |- + { + "domain": "${aws_ses_domain_identity.example.domain}" + } + references: + domain: aws_ses_domain_identity.domain + argumentDocs: + dkim_tokens: |- + - DKIM tokens generated by SES. + These tokens should be used to create CNAME records used to verify SES Easy DKIM. + See below for an example of how this might be achieved + when the domain is hosted in Route 53 and managed by Terraform. + Find out more about verifying domains in Amazon SES + in the AWS SES docs. + domain: '- (Required) Verified domain name to generate DKIM tokens for.' + aws_ses_domain_identity: + subCategory: SES + description: Provides an SES domain identity resource + name: aws_ses_domain_identity + titleName: aws_ses_domain_identity + examples: + - manifest: |- + { + "domain": "example.com" + } + argumentDocs: + arn: '- The ARN of the domain identity.' + domain: '- (Required) The domain name to assign to SES' + verification_token: |- + - A code which when added to the domain as a TXT record + will signal to SES that the owner of the domain has authorised SES to act on + their behalf. The domain identity will be in state "verification pending" + until this is done. See below for an example of how this might be achieved + when the domain is hosted in Route 53 and managed by Terraform. Find out + more about verifying domains in Amazon SES in the AWS SES + docs. + aws_ses_domain_identity_verification: + subCategory: SES + description: Waits for and checks successful verification of an SES domain identity. + name: aws_ses_domain_identity_verification + titleName: aws_ses_domain_identity_verification + examples: + - manifest: |- + { + "depends_on": [ + "${aws_route53_record.example_amazonses_verification_record}" + ], + "domain": "${aws_ses_domain_identity.example.id}" + } + references: + domain: aws_ses_domain_identity.id + argumentDocs: + arn: '- The ARN of the domain identity.' + create: '- (Default 45m) How long to wait for a domain identity to be verified.' + domain: '- (Required) The domain name of the SES domain identity to verify.' + id: '- The domain name of the domain identity.' + aws_ses_domain_mail_from: + subCategory: SES + description: Provides an SES domain MAIL FROM resource + name: aws_ses_domain_mail_from + titleName: aws_ses_domain_mail_from + examples: + - manifest: |- + { + "domain": "${aws_ses_domain_identity.example.domain}", + "mail_from_domain": "bounce.${aws_ses_domain_identity.example.domain}" + } + references: + domain: aws_ses_domain_identity.domain + argumentDocs: + behavior_on_mx_failure: '- (Optional) The action that you want Amazon SES to take if it cannot successfully read the required MX record when you send an email. Defaults to UseDefaultValue. See the SES API documentation for more information.' + domain: '- (Required) Verified domain name to generate DKIM tokens for.' + id: '- The domain name.' + mail_from_domain: '- (Required) Subdomain (of above domain) which is to be used as MAIL FROM address (Required for DMARC validation)' + aws_ses_email_identity: + subCategory: SES + description: Provides an SES email identity resource + name: aws_ses_email_identity + titleName: aws_ses_email_identity + examples: + - manifest: |- + { + "email": "email@example.com" + } + argumentDocs: + arn: '- The ARN of the email identity.' + email: '- (Required) The email address to assign to SES' + aws_ses_event_destination: + subCategory: SES + description: Provides an SES event destination + name: aws_ses_event_destination + titleName: aws_ses_event_destination + examples: + - manifest: |- + { + "cloudwatch_destination": [ + { + "default_value": "default", + "dimension_name": "dimension", + "value_source": "emailHeader" + } + ], + "configuration_set_name": "${aws_ses_configuration_set.example.name}", + "enabled": true, + "matching_types": [ + "bounce", + "send" + ], + "name": "event-destination-cloudwatch" + } + references: + configuration_set_name: aws_ses_configuration_set.name + - manifest: |- + { + "configuration_set_name": "${aws_ses_configuration_set.example.name}", + "enabled": true, + "kinesis_destination": [ + { + "role_arn": "${aws_iam_role.example.arn}", + "stream_arn": "${aws_kinesis_firehose_delivery_stream.example.arn}" + } + ], + "matching_types": [ + "bounce", + "send" + ], + "name": "event-destination-kinesis" + } + references: + configuration_set_name: aws_ses_configuration_set.name + - manifest: |- + { + "configuration_set_name": "${aws_ses_configuration_set.example.name}", + "enabled": true, + "matching_types": [ + "bounce", + "send" + ], + "name": "event-destination-sns", + "sns_destination": [ + { + "topic_arn": "${aws_sns_topic.example.arn}" + } + ] + } + references: + configuration_set_name: aws_ses_configuration_set.name + argumentDocs: + arn: '- The SES event destination ARN.' + cloudwatch_destination: '- (Optional) CloudWatch destination for the events' + configuration_set_name: '- (Required) The name of the configuration set' + default_value: '- (Required) The default value for the event' + dimension_name: '- (Required) The name for the dimension' + enabled: '- (Optional) If true, the event destination will be enabled' + id: '- The SES event destination name.' + kinesis_destination: '- (Optional) Send the events to a kinesis firehose destination' + matching_types: '- (Required) A list of matching types. May be any of "send", "reject", "bounce", "complaint", "delivery", "open", "click", or "renderingFailure".' + name: '- (Required) The name of the event destination' + role_arn: '- (Required) The ARN of the role that has permissions to access the Kinesis Stream' + sns_destination: '- (Optional) Send the events to an SNS Topic destination' + stream_arn: '- (Required) The ARN of the Kinesis Stream' + topic_arn: '- (Required) The ARN of the SNS topic' + value_source: '- (Required) The source for the value. May be any of "messageTag", "emailHeader" or "linkTag".' + aws_ses_identity_notification_topic: + subCategory: SES + description: Setting AWS SES Identity Notification Topic + name: aws_ses_identity_notification_topic + titleName: aws_ses_identity_notification_topic + examples: + - manifest: |- + { + "identity": "${aws_ses_domain_identity.example.domain}", + "include_original_headers": true, + "notification_type": "Bounce", + "topic_arn": "${aws_sns_topic.example.arn}" + } + references: + identity: aws_ses_domain_identity.domain + topic_arn: aws_sns_topic.arn + argumentDocs: + identity: '- (Required) The identity for which the Amazon SNS topic will be set. You can specify an identity by using its name or by using its Amazon Resource Name (ARN).' + include_original_headers: '- (Optional) Whether SES should include original email headers in SNS notifications of this type. false by default.' + notification_type: '- (Required) The type of notifications that will be published to the specified Amazon SNS topic. Valid Values: Bounce, Complaint or Delivery.' + topic_arn: '- (Optional) The Amazon Resource Name (ARN) of the Amazon SNS topic. Can be set to "" (an empty string) to disable publishing.' + aws_ses_identity_policy: + subCategory: SES + description: Manages a SES Identity Policy + name: aws_ses_identity_policy + titleName: aws_ses_identity_policy + examples: + - manifest: |- + { + "identity": "${aws_ses_domain_identity.example.arn}", + "name": "example", + "policy": "${data.aws_iam_policy_document.example.json}" + } + references: + identity: aws_ses_domain_identity.arn + policy: data.json + argumentDocs: + identity: '- (Required) Name or Amazon Resource Name (ARN) of the SES Identity.' + name: '- (Required) Name of the policy.' + policy: '- (Required) JSON string of the policy. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + aws_ses_receipt_filter: + subCategory: SES + description: Provides an SES receipt filter + name: aws_ses_receipt_filter + titleName: aws_ses_receipt_filter + examples: + - manifest: |- + { + "cidr": "10.10.10.10", + "name": "block-spammer", + "policy": "Block" + } + argumentDocs: + arn: '- The SES receipt filter ARN.' + cidr: '- (Required) The IP address or address range to filter, in CIDR notation' + id: '- The SES receipt filter name.' + name: '- (Required) The name of the filter' + policy: '- (Required) Block or Allow' + aws_ses_receipt_rule: + subCategory: SES + description: Provides an SES receipt rule resource + name: aws_ses_receipt_rule + titleName: aws_ses_receipt_rule + examples: + - manifest: |- + { + "add_header_action": [ + { + "header_name": "Custom-Header", + "header_value": "Added by SES", + "position": 1 + } + ], + "enabled": true, + "name": "store", + "recipients": [ + "karen@example.com" + ], + "rule_set_name": "default-rule-set", + "s3_action": [ + { + "bucket_name": "emails", + "position": 2 + } + ], + "scan_enabled": true + } + argumentDocs: + add_header_action: '- (Optional) A list of Add Header Action blocks. Documented below.' + after: '- (Optional) The name of the rule to place this rule after' + arn: '- The SES receipt rule ARN.' + bounce_action: '- (Optional) A list of Bounce Action blocks. Documented below.' + bucket_name: '- (Required) The name of the S3 bucket' + enabled: '- (Optional) If true, the rule will be enabled' + encoding: '- (Optional) The encoding to use for the email within the Amazon SNS notification. Default value is UTF-8.' + function_arn: '- (Required) The ARN of the Lambda function to invoke' + header_name: '- (Required) The name of the header to add' + header_value: '- (Required) The value of the header to add' + id: '- The SES receipt rule name.' + invocation_type: '- (Optional) Event or RequestResponse' + kms_key_arn: '- (Optional) The ARN of the KMS key' + lambda_action: '- (Optional) A list of Lambda Action blocks. Documented below.' + message: '- (Required) The message to send' + name: '- (Required) The name of the rule' + object_key_prefix: '- (Optional) The key prefix of the S3 bucket' + organization_arn: '- (Required) The ARN of the WorkMail organization' + position: '- (Required) The position of the action in the receipt rule' + recipients: '- (Optional) A list of email addresses' + rule_set_name: '- (Required) The name of the rule set' + s3_action: '- (Optional) A list of S3 Action blocks. Documented below.' + scan_enabled: '- (Optional) If true, incoming emails will be scanned for spam and viruses' + scope: '- (Required) The scope to apply' + sender: '- (Required) The email address of the sender' + smtp_reply_code: '- (Required) The RFC 5321 SMTP reply code' + sns_action: '- (Optional) A list of SNS Action blocks. Documented below.' + status_code: '- (Optional) The RFC 3463 SMTP enhanced status code' + stop_action: '- (Optional) A list of Stop Action blocks. Documented below.' + tls_policy: '- (Optional) Require or Optional' + topic_arn: '- (Optional) The ARN of an SNS topic to notify' + workmail_action: '- (Optional) A list of WorkMail Action blocks. Documented below.' + aws_ses_receipt_rule_set: + subCategory: SES + description: Provides an SES receipt rule set resource + name: aws_ses_receipt_rule_set + titleName: aws_ses_receipt_rule_set + examples: + - manifest: |- + { + "rule_set_name": "primary-rules" + } + argumentDocs: + arn: '- SES receipt rule set ARN.' + id: '- SES receipt rule set name.' + rule_set_name: '- (Required) Name of the rule set.' + aws_ses_template: + subCategory: SES + description: Provides a resource to create a SES template + name: aws_ses_template + titleName: aws_ses_template + examples: + - manifest: |- + { + "html": "\u003ch1\u003eHello {{name}},\u003c/h1\u003e\u003cp\u003eYour favorite animal is {{favoriteanimal}}.\u003c/p\u003e", + "name": "MyTemplate", + "subject": "Greetings, {{name}}!", + "text": "Hello {{name}},\r\nYour favorite animal is {{favoriteanimal}}." + } + argumentDocs: + arn: '- The ARN of the SES template' + html: '- (Optional) The HTML body of the email. Must be less than 500KB in size, including both the text and HTML parts.' + id: '- The name of the SES template' + name: '- (Required) The name of the template. Cannot exceed 64 characters. You will refer to this name when you send email.' + subject: '- (Optional) The subject line of the email.' + text: '- (Optional) The email body that will be visible to recipients whose email clients do not display HTML. Must be less than 500KB in size, including both the text and HTML parts.' + aws_sfn_activity: + subCategory: Step Function (SFN) + description: Provides a Step Function Activity resource. + name: aws_sfn_activity + titleName: aws_sfn_activity + examples: + - manifest: |- + { + "name": "my-activity" + } + argumentDocs: + creation_date: '- The date the activity was created.' + id: '- The Amazon Resource Name (ARN) that identifies the created activity.' + name: '- The name of the activity.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sfn_state_machine: + subCategory: Step Function (SFN) + description: Provides a Step Function State Machine resource. + name: aws_sfn_state_machine + titleName: aws_sfn_state_machine + examples: + - manifest: |- + { + "definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n", + "name": "my-state-machine", + "role_arn": "${aws_iam_role.iam_for_sfn.arn}" + } + references: + role_arn: aws_iam_role.arn + - manifest: |- + { + "definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n", + "name": "my-state-machine", + "role_arn": "${aws_iam_role.iam_for_sfn.arn}", + "type": "EXPRESS" + } + references: + role_arn: aws_iam_role.arn + - manifest: |- + { + "definition": "{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n", + "logging_configuration": [ + { + "include_execution_data": true, + "level": "ERROR", + "log_destination": "${aws_cloudwatch_log_group.log_group_for_sfn.arn}:*" + } + ], + "name": "my-state-machine", + "role_arn": "${aws_iam_role.iam_for_sfn.arn}" + } + references: + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- The ARN of the state machine.' + creation_date: '- The date the state machine was created.' + definition: '- (Required) The Amazon States Language definition of the state machine.' + enabled: '- (Optional) When set to true, AWS X-Ray tracing is enabled. Make sure the State Machine has the correct IAM policies for logging. See the AWS Step Functions Developer Guide for details.' + id: '- The ARN of the state machine.' + include_execution_data: '- (Optional) Determines whether execution data is included in your log. When set to false, data is excluded.' + level: '- (Optional) Defines which category of execution history events are logged. Valid values: ALL, ERROR, FATAL, OFF' + log_destination: '- (Optional) Amazon Resource Name (ARN) of a CloudWatch log group. Make sure the State Machine has the correct IAM policies for logging. The ARN must end with :*' + logging_configuration: '- (Optional) Defines what execution history events are logged and where they are logged. The logging_configuration parameter is only valid when type is set to EXPRESS. Defaults to OFF. For more information see Logging Express Workflows and Log Levels in the AWS Step Functions User Guide.' + name: '- (Required) The name of the state machine. To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.' + role_arn: '- (Required) The Amazon Resource Name (ARN) of the IAM role to use for this state machine.' + status: '- The current status of the state machine. Either ACTIVE or DELETING.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tracing_configuration: '- (Optional) Selects whether AWS X-Ray tracing is enabled.' + type: '- (Optional) Determines whether a Standard or Express state machine is created. The default is STANDARD. You cannot update the type of a state machine once it has been created. Valid values: STANDARD, EXPRESS.' + aws_shield_protection: + subCategory: Shield + description: Enables AWS Shield Advanced for a specific AWS resource. + name: aws_shield_protection + titleName: aws_shield_protection + examples: + - manifest: |- + { + "name": "example", + "resource_arn": "arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:eip-allocation/${aws_eip.example.id}", + "tags": { + "Environment": "Dev" + } + } + argumentDocs: + arn: '- The ARN of the Protection.' + id: '- The unique identifier (ID) for the Protection object that is created.' + name: '- (Required) A friendly name for the Protection you are creating.' + resource_arn: '- (Required) The ARN (Amazon Resource Name) of the resource to be protected.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_shield_protection_group: + subCategory: Shield + description: Creates a grouping of protected resources so they can be handled as a collective. + name: aws_shield_protection_group + titleName: aws_shield_protection_group + examples: + - manifest: |- + { + "aggregation": "MAX", + "pattern": "ALL", + "protection_group_id": "example" + } + - manifest: |- + { + "aggregation": "MEAN", + "depends_on": [ + "${aws_shield_protection.example}" + ], + "members": [ + "arn:aws:ec2:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:eip-allocation/${aws_eip.example.id}" + ], + "pattern": "ARBITRARY", + "protection_group_id": "example" + } + - manifest: |- + { + "aggregation": "SUM", + "pattern": "BY_RESOURCE_TYPE", + "protection_group_id": "example", + "resource_type": "ELASTIC_IP_ALLOCATION" + } + argumentDocs: + aggregation: '- (Required) Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.' + members: '- (Optional) The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set pattern to ARBITRARY and you must not set it for any other pattern setting.' + pattern: '- (Required) The criteria to use to choose the protected resources for inclusion in the group.' + protection_group_arn: '- The ARN (Amazon Resource Name) of the protection group.' + protection_group_id: '- (Required) The name of the protection group.' + resource_type: '- (Optional) The resource type to include in the protection group. You must set this when you set pattern to BY_RESOURCE_TYPE and you must not set it for any other pattern setting.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_signer_signing_job: + subCategory: Signer + description: Creates a Signer Signing Job. + name: aws_signer_signing_job + titleName: aws_signer_signing_job + examples: + - manifest: |- + { + "destination": [ + { + "s3": [ + { + "bucket": "s3-bucket-name", + "prefix": "signed/" + } + ] + } + ], + "ignore_signing_job_failure": true, + "profile_name": "${aws_signer_signing_profile.test_sp.name}", + "source": [ + { + "s3": [ + { + "bucket": "s3-bucket-name", + "key": "object-to-be-signed.zip", + "version": "jADjFYYYEXAMPLETszPjOmCMFDzd9dN1" + } + ] + } + ] + } + references: + profile_name: aws_signer_signing_profile.name + argumentDocs: + bucket: '- (Required) Name of the S3 bucket.' + completed_at: '- Date and time in RFC3339 format that the signing job was completed.' + created_at: '- Date and time in RFC3339 format that the signing job was created.' + destination: '- (Required) The S3 bucket in which to save your signed object. See Destination below for details.' + ignore_signing_job_failure: '- (Optional) Set this argument to true to ignore signing job failures and retrieve failed status and reason. Default false.' + job_id: '- The ID of the signing job on output.' + job_invoker: '- The IAM entity that initiated the signing job.' + job_owner: '- The AWS account ID of the job owner.' + key: '- (Required) Key name of the bucket object that contains your unsigned code.' + platform_display_name: '- A human-readable name for the signing platform associated with the signing job.' + platform_id: '- The platform to which your signed code image will be distributed.' + prefix: '- (Optional) An Amazon S3 object key prefix that you can use to limit signed objects keys to begin with the specified prefix.' + profile_name: '- (Required) The name of the profile to initiate the signing operation.' + profile_version: '- The version of the signing profile used to initiate the signing job.' + requested_by: '- The IAM principal that requested the signing job.' + revocation_record: '- A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.' + s3: '- (Required) A configuration block describing the S3 Destination object: See S3 Destination below for details.' + signature_expires_at: '- The time when the signature of a signing job expires.' + signed_object: '- Name of the S3 bucket where the signed code image is saved by code signing.' + source: '- (Required) The S3 bucket that contains the object to sign. See Source below for details.' + status: '- Status of the signing job.' + status_reason: '- String value that contains the status reason.' + version: '- (Required) Version of your source image in your version enabled S3 bucket.' + aws_signer_signing_profile: + subCategory: Signer + description: Creates a Signer Signing Profile. + name: aws_signer_signing_profile + titleName: aws_signer_signing_profile + examples: + - manifest: |- + { + "platform_id": "AWSLambda-SHA384-ECDSA" + } + - manifest: |- + { + "name_prefix": "prod_sp_", + "platform_id": "AWSLambda-SHA384-ECDSA", + "signature_validity_period": [ + { + "type": "YEARS", + "value": 5 + } + ], + "tags": { + "tag1": "value1", + "tag2": "value2" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) for the signing profile.' + name: '- The name of the target signing profile.' + name_prefix: '- (Optional) A signing profile name prefix. Terraform will generate a unique suffix. Conflicts with name.' + platform_display_name: '- A human-readable name for the signing platform associated with the signing profile.' + platform_id: '- (Required) The ID of the platform that is used by the target signing profile.' + revocation_record: '- Revocation information for a signing profile.' + signature_validity_period: '- (Optional) The validity period for a signing job.' + status: '- The status of the target signing profile.' + tags: '- (Optional) A list of tags associated with the signing profile. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + version: '- The current version of the signing profile.' + version_arn: '- The signing profile ARN, including the profile version.' + aws_signer_signing_profile_permission: + subCategory: Signer + description: Creates a Signer Signing Profile Permission. + name: aws_signer_signing_profile_permission + titleName: aws_signer_signing_profile_permission + examples: + - manifest: |- + { + "action": "signer:StartSigningJob", + "principal": "${var.aws_account}", + "profile_name": "${aws_signer_signing_profile.prod_sp.name}" + } + references: + principal: var.aws_account + profile_name: aws_signer_signing_profile.name + - manifest: |- + { + "action": "signer:GetSigningProfile", + "principal": "${var.aws_team_role_arn}", + "profile_name": "${aws_signer_signing_profile.prod_sp.name}", + "statement_id": "ProdAccountStartSigningJob_StatementId" + } + references: + principal: var.aws_team_role_arn + profile_name: aws_signer_signing_profile.name + - manifest: |- + { + "action": "signer:RevokeSignature", + "principal": "123456789012", + "profile_name": "${aws_signer_signing_profile.prod_sp.name}", + "profile_version": "${aws_signer_signing_profile.prod_sp.version}", + "statement_id_prefix": "version-permission-" + } + references: + profile_name: aws_signer_signing_profile.name + profile_version: aws_signer_signing_profile.version + argumentDocs: + action: '- (Required) An AWS Signer action permitted as part of cross-account permissions. Valid values: signer:StartSigningJob, signer:GetSigningProfile, or signer:RevokeSignature.' + principal: '- (Required) The AWS principal to be granted a cross-account permission.' + profile_name: '- (Required) Name of the signing profile to add the cross-account permissions.' + profile_version: '- (Optional) The signing profile version that a permission applies to.' + statement_id: '- (Optional) A unique statement identifier. By default generated by Terraform.' + statement_id_prefix: '- (Optional) A statement identifier prefix. Terraform will generate a unique suffix. Conflicts with statement_id.' + aws_simpledb_domain: + subCategory: SimpleDB + description: Provides a SimpleDB domain resource. + name: aws_simpledb_domain + titleName: aws_simpledb_domain + examples: + - manifest: |- + { + "name": "users" + } + argumentDocs: + id: '- The name of the SimpleDB domain' + name: '- (Required) The name of the SimpleDB domain' + aws_snapshot_create_volume_permission: + subCategory: EC2 + description: Adds create volume permission to an EBS Snapshot + name: aws_snapshot_create_volume_permission + titleName: aws_snapshot_create_volume_permission + examples: + - manifest: |- + { + "account_id": "12345678", + "snapshot_id": "${aws_ebs_snapshot.example_snapshot.id}" + } + references: + snapshot_id: aws_ebs_snapshot.id + argumentDocs: + account_id: '- (required) An AWS Account ID to add create volume permissions' + id: '- A combination of "snapshot_id-account_id".' + snapshot_id: '- (required) A snapshot ID' + aws_sns_platform_application: + subCategory: SNS + description: Provides an SNS platform application resource. + name: aws_sns_platform_application + titleName: aws_sns_platform_application + examples: + - manifest: |- + { + "name": "apns_application", + "platform": "APNS", + "platform_credential": "\u003cAPNS PRIVATE KEY\u003e", + "platform_principal": "\u003cAPNS CERTIFICATE\u003e" + } + - manifest: |- + { + "name": "gcm_application", + "platform": "GCM", + "platform_credential": "\u003cGCM API KEY\u003e" + } + argumentDocs: + arn: '- The ARN of the SNS platform application' + event_delivery_failure_topic_arn: '- (Optional) SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure.' + event_endpoint_created_topic_arn: '- (Optional) SNS Topic triggered when a new platform endpoint is added to your platform application.' + event_endpoint_deleted_topic_arn: '- (Optional) SNS Topic triggered when an existing platform endpoint is deleted from your platform application.' + event_endpoint_updated_topic_arn: '- (Optional) SNS Topic triggered when an existing platform endpoint is changed from your platform application.' + failure_feedback_role_arn: '- (Optional) The IAM role permitted to receive failure feedback for this application.' + id: '- The ARN of the SNS platform application' + name: '- (Required) The friendly name for the SNS platform application' + platform: '- (Required) The platform that the app is registered with. See Platform for supported platforms.' + platform_credential: '- (Required) Application Platform credential. See Credential for type of credential required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.' + platform_principal: '- (Optional) Application Platform principal. See Principal for type of principal required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.' + success_feedback_role_arn: '- (Optional) The IAM role permitted to receive success feedback for this application.' + success_feedback_sample_rate: '- (Optional) The percentage of success to sample (0-100)' + aws_sns_sms_preferences: + subCategory: SNS + description: Provides a way to set SNS SMS preferences. + name: aws_sns_sms_preferences + titleName: aws_sns_sms_preferences + examples: + - manifest: '{}' + argumentDocs: + default_sender_id: '- (Optional) A string, such as your business brand, that is displayed as the sender on the receiving device.' + default_sms_type: '- (Optional) The type of SMS message that you will send by default. Possible values are: Promotional, Transactional' + delivery_status_iam_role_arn: '- (Optional) The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs.' + delivery_status_success_sampling_rate: '- (Optional) The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value must be between 0 and 100.' + monthly_spend_limit: '- (Optional) The maximum amount in USD that you are willing to spend each month to send SMS messages.' + usage_report_s3_bucket: '- (Optional) The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS.' + aws_sns_topic: + subCategory: SNS + description: Provides an SNS topic resource. + name: aws_sns_topic + titleName: aws_sns_topic + examples: + - manifest: |- + { + "name": "user-updates-topic" + } + - manifest: |- + { + "delivery_policy": "{\n \"http\": {\n \"defaultHealthyRetryPolicy\": {\n \"minDelayTarget\": 20,\n \"maxDelayTarget\": 20,\n \"numRetries\": 3,\n \"numMaxDelayRetries\": 0,\n \"numNoDelayRetries\": 0,\n \"numMinDelayRetries\": 0,\n \"backoffFunction\": \"linear\"\n },\n \"disableSubscriptionOverrides\": false,\n \"defaultThrottlePolicy\": {\n \"maxReceivesPerSecond\": 1\n }\n }\n}\n", + "name": "user-updates-topic" + } + - manifest: |- + { + "kms_master_key_id": "alias/aws/sns", + "name": "user-updates-topic" + } + - manifest: |- + { + "content_based_deduplication": true, + "fifo_topic": true, + "name": "user-updates-topic.fifo" + } + argumentDocs: + application_failure_feedback_role_arn: '- (Optional) IAM role for failure feedback' + application_success_feedback_role_arn: '- (Optional) The IAM role permitted to receive success feedback for this topic' + application_success_feedback_sample_rate: '- (Optional) Percentage of success to sample' + arn: '- The ARN of the SNS topic, as a more obvious property (clone of id)' + content_based_deduplication: '- (Optional) Enables content-based deduplication for FIFO topics. For more information, see the related documentation' + delivery_policy: '- (Optional) The SNS delivery policy. More on AWS documentation' + display_name: '- (Optional) The display name for the topic' + fifo_topic: '- (Optional) Boolean indicating whether or not to create a FIFO (first-in-first-out) topic (default is false).' + firehose_failure_feedback_role_arn: '- (Optional) IAM role for failure feedback' + firehose_success_feedback_role_arn: '- (Optional) The IAM role permitted to receive success feedback for this topic' + firehose_success_feedback_sample_rate: '- (Optional) Percentage of success to sample' + http_failure_feedback_role_arn: '- (Optional) IAM role for failure feedback' + http_success_feedback_role_arn: '- (Optional) The IAM role permitted to receive success feedback for this topic' + http_success_feedback_sample_rate: '- (Optional) Percentage of success to sample' + id: '- The ARN of the SNS topic' + kms_master_key_id: '- (Optional) The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see Key Terms' + lambda_failure_feedback_role_arn: '- (Optional) IAM role for failure feedback' + lambda_success_feedback_role_arn: '- (Optional) The IAM role permitted to receive success feedback for this topic' + lambda_success_feedback_sample_rate: '- (Optional) Percentage of success to sample' + name: '- (Optional) The name of the topic. Topic names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. For a FIFO (first-in-first-out) topic, the name must end with the .fifo suffix. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name' + owner: '- The AWS Account ID of the SNS topic owner' + policy: '- (Optional) The fully-formed AWS policy as JSON. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + sqs_failure_feedback_role_arn: '- (Optional) IAM role for failure feedback' + sqs_success_feedback_role_arn: '- (Optional) The IAM role permitted to receive success feedback for this topic' + sqs_success_feedback_sample_rate: '- (Optional) Percentage of success to sample' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_sns_topic_policy: + subCategory: SNS + description: Provides an SNS topic policy resource. + name: aws_sns_topic_policy + titleName: aws_sns_topic_policy + examples: + - manifest: |- + { + "arn": "${aws_sns_topic.test.arn}", + "policy": "${data.aws_iam_policy_document.sns_topic_policy.json}" + } + references: + arn: aws_sns_topic.arn + policy: data.json + argumentDocs: + arn: '- (Required) The ARN of the SNS topic' + owner: '- The AWS Account ID of the SNS topic owner' + policy: '- (Required) The fully-formed AWS policy as JSON. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + aws_sns_topic_subscription: + subCategory: SNS + description: Provides a resource for subscribing to SNS topics. + name: aws_sns_topic_subscription + titleName: aws_sns_topic_subscription + examples: + - manifest: |- + { + "endpoint": "arn:aws:sqs:us-west-2:432981146916:terraform-queue-too", + "protocol": "sqs", + "topic_arn": "arn:aws:sns:us-west-2:432981146916:user-updates-topic" + } + - manifest: |- + { + "endpoint": "${aws_sqs_queue.user_updates_queue.arn}", + "protocol": "sqs", + "topic_arn": "${aws_sns_topic.user_updates.arn}" + } + references: + endpoint: aws_sqs_queue.arn + topic_arn: aws_sns_topic.arn + - manifest: |- + { + "endpoint": "${aws_sqs_queue.sqs-queue.arn}", + "protocol": "sqs", + "provider": "aws.sns2sqs", + "topic_arn": "${aws_sns_topic.sns-topic.arn}" + } + references: + endpoint: aws_sqs_queue.arn + topic_arn: aws_sns_topic.arn + argumentDocs: + application: '- Delivers JSON-encoded messages. endpoint is the endpoint ARN of a mobile app and device.' + arn: '- ARN of the subscription.' + confirmation_timeout_in_minutes: '- (Optional) Integer indicating number of minutes to wait in retrying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols. Default is 1.' + confirmation_was_authenticated: '- Whether the subscription confirmation request was authenticated.' + delivery_policy: '- (Optional) JSON String with the delivery policy (retries, backoff, etc.) that will be used in the subscription - this only applies to HTTP/S subscriptions. Refer to the SNS docs for more details.' + email: '- Delivers messages via SMTP. endpoint is an email address.' + email-json: '- Delivers JSON-encoded messages via SMTP. endpoint is an email address.' + endpoint: '- (Required) Endpoint to send data to. The contents vary with the protocol. See details below.' + endpoint_auto_confirms: '- (Optional) Whether the endpoint is capable of auto confirming subscription (e.g., PagerDuty). Default is false.' + filter_policy: '- (Optional) JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. Refer to the SNS docs for more details.' + firehose: |- + - Delivers JSON-encoded messages. endpoint is the ARN of an Amazon Kinesis Data Firehose delivery stream (e.g., + arn:aws:firehose:us-east-1:123456789012:deliverystream/ticketUploadStream). + http: -- Delivers JSON-encoded messages via HTTP POST. endpoint is a URL beginning with http://. + https: -- Delivers JSON-encoded messages via HTTPS POST. endpoint is a URL beginning with https://. + id: '- ARN of the subscription.' + lambda: '- Delivers JSON-encoded messages. endpoint is the ARN of an AWS Lambda function.' + owner_id: '- AWS account ID of the subscription''s owner.' + pending_confirmation: '- Whether the subscription has not been confirmed.' + protocol: '- (Required) Protocol to use. Valid values are: sqs, sms, lambda, firehose, and application. Protocols email, email-json, http and https are also valid but partially supported. See details below.' + raw_message_delivery: '- (Optional) Whether to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is false.' + redrive_policy: '- (Optional) JSON String with the redrive policy that will be used in the subscription. Refer to the SNS docs for more details.' + sms: '- Delivers text messages via SMS. endpoint is the phone number of an SMS-enabled device.' + sqs: '- Delivers JSON-encoded messages. endpoint is the ARN of an Amazon SQS queue (e.g., arn:aws:sqs:us-west-2:123456789012:terraform-queue-too).' + subscription_role_arn: '- (Required if protocol is firehose) ARN of the IAM role to publish to Kinesis Data Firehose delivery stream. Refer to SNS docs.' + topic_arn: '- (Required) ARN of the SNS topic to subscribe to.' + aws_spot_datafeed_subscription: + subCategory: EC2 + description: Provides a Spot Datafeed Subscription resource. + name: aws_spot_datafeed_subscription + titleName: aws_spot_datafeed_subscription + examples: + - manifest: |- + { + "bucket": "${aws_s3_bucket.default.bucket}", + "prefix": "my_subdirectory" + } + references: + bucket: aws_s3_bucket.bucket + argumentDocs: + bucket: '- (Required) The Amazon S3 bucket in which to store the Spot instance data feed.' + prefix: '- (Optional) Path of folder inside bucket to place spot pricing data.' + aws_spot_fleet_request: + subCategory: EC2 + description: Provides a Spot Fleet Request resource. + name: aws_spot_fleet_request + titleName: aws_spot_fleet_request + examples: + - manifest: |- + { + "allocation_strategy": "diversified", + "iam_fleet_role": "arn:aws:iam::12345678:role/spot-fleet", + "launch_specification": [ + { + "ami": "ami-1234", + "iam_instance_profile_arn": "${aws_iam_instance_profile.example.arn}", + "instance_type": "m4.10xlarge", + "placement_tenancy": "dedicated", + "spot_price": "2.793" + }, + { + "ami": "ami-5678", + "availability_zone": "us-west-1a", + "iam_instance_profile_arn": "${aws_iam_instance_profile.example.arn}", + "instance_type": "m4.4xlarge", + "key_name": "my-key", + "root_block_device": [ + { + "volume_size": "300", + "volume_type": "gp2" + } + ], + "spot_price": "1.117", + "subnet_id": "subnet-1234", + "tags": { + "Name": "spot-fleet-example" + }, + "weighted_capacity": 35 + } + ], + "spot_price": "0.03", + "target_capacity": 6, + "valid_until": "2019-11-04T20:44:20Z" + } + - manifest: |- + { + "depends_on": [ + "${aws_iam_policy_attachment.test-attach}" + ], + "iam_fleet_role": "arn:aws:iam::12345678:role/spot-fleet", + "launch_template_config": [ + { + "launch_template_specification": [ + { + "id": "${aws_launch_template.foo.id}", + "version": "${aws_launch_template.foo.latest_version}" + } + ] + } + ], + "spot_price": "0.005", + "target_capacity": 2, + "valid_until": "2019-11-04T20:44:20Z" + } + - manifest: |- + { + "iam_fleet_role": "arn:aws:iam::12345678:role/spot-fleet", + "launch_specification": [ + { + "ami": "ami-d06a90b0", + "availability_zone": "us-west-2a", + "instance_type": "m1.small", + "key_name": "my-key" + }, + { + "ami": "ami-d06a90b0", + "availability_zone": "us-west-2a", + "instance_type": "m5.large", + "key_name": "my-key" + } + ], + "spot_price": "0.005", + "target_capacity": 2, + "valid_until": "2019-11-04T20:44:20Z" + } + - manifest: |- + { + "depends_on": [ + "${aws_iam_policy_attachment.test-attach}" + ], + "iam_fleet_role": "arn:aws:iam::12345678:role/spot-fleet", + "launch_template_config": [ + { + "launch_template_specification": [ + { + "id": "${aws_launch_template.foo.id}", + "version": "${aws_launch_template.foo.latest_version}" + } + ], + "overrides": [ + { + "subnet_id": "${data.aws_subnets.example.ids[0]}" + }, + { + "subnet_id": "${data.aws_subnets.example.ids[1]}" + }, + { + "subnet_id": "${data.aws_subnets.example.ids[2]}" + } + ] + } + ], + "spot_price": "0.005", + "target_capacity": 2, + "valid_until": "2019-11-04T20:44:20Z" + } + argumentDocs: + allocation_strategy: |- + - Indicates how to allocate the target capacity across + the Spot pools specified by the Spot fleet request. The default is + lowestPrice. + availability_zone: '- (Optional) The availability zone in which to place the request.' + capacity_rebalance: '- (Optional) Nested argument containing the capacity rebalance for your fleet request. Defined below.' + create: '- (Defaults to 10 mins) Used when requesting the spot instance (only valid if wait_for_fulfillment = true)' + delete: '- (Defaults to 15 mins) Used when destroying the spot instance' + excess_capacity_termination_policy: |- + - Indicates whether running Spot + instances should be terminated if the target capacity of the Spot fleet + request is decreased below the current size of the Spot fleet. + fleet_type: |- + - (Optional) The type of fleet request. Indicates whether the Spot Fleet only requests the target + capacity or also attempts to maintain it. Default is maintain. + iam_fleet_role: |- + - (Required) Grants the Spot fleet permission to terminate + Spot instances on your behalf when you cancel its Spot fleet request using + CancelSpotFleetRequests or when the Spot fleet request expires, if you set + terminateInstancesWithExpiration. + iam_instance_profile_arn: takes aws_iam_instance_profile attribute arn as input. + id: '- The Spot fleet request ID' + instance_initiated_shutdown_behavior: is confirmed unsupported. + instance_interruption_behaviour: |- + - (Optional) Indicates whether a Spot + instance stops or terminates when it is interrupted. Default is + terminate. + instance_pools_to_use_count: |- + - (Optional; Default: 1) + The number of Spot pools across which to allocate your target Spot capacity. + Valid only when allocation_strategy is set to lowestPrice. Spot Fleet selects + the cheapest Spot pools and evenly allocates your target Spot capacity across + the number of Spot pools that you specify. + instance_type: '- (Optional) The type of instance to request.' + launch_specification: |- + - (Optional) Used to define the launch configuration of the + spot-fleet request. Can be specified multiple times to define different bids + across different markets and instance types. Conflicts with launch_template_config. At least one of launch_specification or launch_template_config is required. + launch_template_config: '- (Optional) Launch template configuration block. See Launch Template Configs below for more details. Conflicts with launch_specification. At least one of launch_specification or launch_template_config is required.' + launch_template_specification: '- (Required) Launch template specification. See Launch Template Specification below for more details.' + load_balancers: (Optional) A list of elastic load balancer names to add to the Spot fleet. + name: '- The name of the launch template. Conflicts with id.' + on_demand_allocation_strategy: '- The order of the launch template overrides to use in fulfilling On-Demand capacity. the possible values are: lowestPrice and prioritized. the default is lowestPrice.' + on_demand_max_total_price: '- The maximum amount per hour for On-Demand Instances that you''re willing to pay. When the maximum amount you''re willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.' + on_demand_target_capacity: '- The number of On-Demand units to request. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.' + overrides: '- (Optional) One or more override configurations. See Overrides below for more details.' + priority: '- (Optional) The priority for the launch template override. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority.' + replace_unhealthy_instances: '- (Optional) Indicates whether Spot fleet should replace unhealthy instances. Default false.' + replacement_strategy: '- (Optional) The replacement strategy to use. Only available for spot fleets with fleet_type set to maintain. Valid values: launch.' + spot_maintenance_strategies: '- (Optional) Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below.' + spot_price: '- (Optional) The maximum spot bid for this override request.' + spot_request_state: '- The state of the Spot fleet request.' + subnet_id: '- (Optional) The subnet in which to launch the requested instance.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_capacity: |- + - The number of units to request. You can choose to set the + target capacity in terms of instances or a performance characteristic that is + important to your application workload, such as vCPUs, memory, or I/O. + target_group_arns: (Optional) A list of aws_alb_target_group ARNs, for use with Application Load Balancing. + terminate_instances_with_expiration: |- + - Indicates whether running Spot + instances should be terminated when the Spot fleet request expires. + valid_from: '- (Optional) The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.' + valid_until: '- (Optional) The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request.' + version: '- (Optional) Template version. Unlike the autoscaling equivalent, does not support $Latest or $Default, so use the launch_template resource''s attribute, e.g. "${aws_launch_template.foo.latest_version}". It will use the default version if omitted.' + wait_for_fulfillment: |- + - (Optional; Default: false) If set, Terraform will + wait for the Spot Request to be fulfilled, and will throw an error if the + timeout of 10m is reached. + weighted_capacity: '- (Optional) The capacity added to the fleet by a fulfilled request.' + aws_spot_instance_request: + subCategory: EC2 + description: Provides a Spot Instance Request resource. + name: aws_spot_instance_request + titleName: aws_spot_instance_request + examples: + - manifest: |- + { + "ami": "ami-1234", + "instance_type": "c4.xlarge", + "spot_price": "0.03", + "tags": { + "Name": "CheapWorker" + } + } + argumentDocs: + block_duration_minutes: |- + - (Optional) The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). + The duration period starts as soon as your Spot instance receives its instance ID. At the end of the duration period, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. + Note that you can't specify an Availability Zone group or a launch group if you specify a duration. + create: '- (Defaults to 10 mins) Used when requesting the spot instance (only valid if wait_for_fulfillment = true)' + delete: '- (Defaults to 20 mins) Used when terminating all instances launched via the given spot instance request' + id: '- The Spot Instance Request ID.' + instance_interruption_behavior: '- (Optional) Indicates Spot instance behavior when it is interrupted. Valid values are terminate, stop, or hibernate. Default value is terminate.' + instance_interruption_behaviour: '- (Optional, Deprecated) Indicates Spot instance behavior when it is interrupted. Valid values are terminate, stop, or hibernate. Default value is terminate. Use the argument instance_interruption_behavior instead.' + launch_group: |- + - (Optional) A launch group is a group of spot instances that launch together and terminate together. + If left empty instances are launched and terminated individually. + private_dns: |- + - The private DNS name assigned to the instance. Can only be + used inside the Amazon EC2, and only available if you've enabled DNS hostnames + for your VPC + private_ip: '- The private IP address assigned to the instance' + public_dns: |- + - The public DNS name assigned to the instance. For EC2-VPC, this + is only available if you've enabled DNS hostnames for your VPC + public_ip: '- The public IP address assigned to the instance, if applicable.' + spot_bid_status: |- + - The current bid + status + of the Spot Instance Request. + spot_instance_id: |- + - The Instance ID (if any) that is currently fulfilling + the Spot Instance request. + spot_price: '- (Optional; Default: On-demand price) The maximum price to request on the spot market.' + spot_request_state: |- + The current request + state + of the Spot Instance Request. + spot_type: |- + - (Optional; Default: persistent) If set to one-time, after + the instance is terminated, the spot request will be closed. + tags: '- (Optional) A map of tags to assign to the Spot Instance Request. These tags are not automatically applied to the launched Instance. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + valid_from: '- (Optional) The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.' + valid_until: '- (Optional) The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request. The default end date is 7 days from the current date.' + wait_for_fulfillment: |- + - (Optional; Default: false) If set, Terraform will + wait for the Spot Request to be fulfilled, and will throw an error if the + timeout of 10m is reached. + aws_sqs_queue: + subCategory: SQS + description: Provides a SQS resource. + name: aws_sqs_queue + titleName: aws_sqs_queue + examples: + - manifest: |- + { + "delay_seconds": 90, + "max_message_size": 2048, + "message_retention_seconds": 86400, + "name": "terraform-example-queue", + "receive_wait_time_seconds": 10, + "redrive_policy": "${jsonencode({\n deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn\n maxReceiveCount = 4\n })}", + "tags": { + "Environment": "production" + } + } + - manifest: |- + { + "content_based_deduplication": true, + "fifo_queue": true, + "name": "terraform-example-queue.fifo" + } + - manifest: |- + { + "deduplication_scope": "messageGroup", + "fifo_queue": true, + "fifo_throughput_limit": "perMessageGroupId", + "name": "terraform-example-queue.fifo" + } + - manifest: |- + { + "kms_data_key_reuse_period_seconds": 300, + "kms_master_key_id": "alias/aws/sqs", + "name": "terraform-example-queue" + } + argumentDocs: + arn: '- The ARN of the SQS queue' + content_based_deduplication: '- (Optional) Enables content-based deduplication for FIFO queues. For more information, see the related documentation' + deduplication_scope: '- (Optional) Specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue (default).' + delay_seconds: '- (Optional) The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 seconds.' + fifo_queue: '- (Optional) Boolean designating a FIFO queue. If not set, it defaults to false making it standard.' + fifo_throughput_limit: '- (Optional) Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue (default) and perMessageGroupId.' + id: '- The URL for the created Amazon SQS queue.' + kms_data_key_reuse_period_seconds: '- (Optional) The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).' + kms_master_key_id: '- (Optional) The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms.' + max_message_size: '- (Optional) The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).' + message_retention_seconds: '- (Optional) The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default for this attribute is 345600 (4 days).' + name: '- (Optional) The name of the queue. Queue names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 80 characters long. For a FIFO (first-in-first-out) queue, the name must end with the .fifo suffix. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix' + name_prefix: '- (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name' + policy: '- (Optional) The JSON policy for the SQS queue. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + receive_wait_time_seconds: '- (Optional) The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.' + redrive_policy: '- (Optional) The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string ("5").' + tags: '- (Optional) A map of tags to assign to the queue. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + url: '- Same as id: The URL for the created Amazon SQS queue.' + visibility_timeout_seconds: '- (Optional) The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30. For more information about visibility timeout, see AWS docs.' + aws_sqs_queue_policy: + subCategory: SQS + description: Provides a SQS Queue Policy resource. + name: aws_sqs_queue_policy + titleName: aws_sqs_queue_policy + examples: + - manifest: |- + { + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"sqspolicy\",\n \"Statement\": [\n {\n \"Sid\": \"First\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n \"Resource\": \"${aws_sqs_queue.q.arn}\",\n \"Condition\": {\n \"ArnEquals\": {\n \"aws:SourceArn\": \"${aws_sns_topic.example.arn}\"\n }\n }\n }\n ]\n}\n", + "queue_url": "${aws_sqs_queue.q.id}" + } + references: + queue_url: aws_sqs_queue.id + argumentDocs: + policy: '- (Required) The JSON policy for the SQS queue. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + queue_url: '- (Required) The URL of the SQS Queue to which to attach the policy' + aws_ssm_activation: + subCategory: SSM + description: Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command. + name: aws_ssm_activation + titleName: aws_ssm_activation + examples: + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy_attachment.test_attach}" + ], + "description": "Test", + "iam_role": "${aws_iam_role.test_role.id}", + "name": "test_ssm_activation", + "registration_limit": "5" + } + references: + iam_role: aws_iam_role.id + argumentDocs: + activation_code: '- The code the system generates when it processes the activation.' + description: '- The description of the resource that was registered.' + expiration_date: '- The date by which this activation request should expire. The default value is 24 hours.' + expired: '- If the current activation has expired.' + iam_role: '- The IAM Role attached to the managed instance.' + id: '- The activation ID.' + name: '- The default name of the registered managed instance.' + registration_count: '- The number of managed instances that are currently registered using this activation.' + registration_limit: '- The maximum number of managed instances you want to be registered. The default value is 1 instance.' + tags: '- (Optional) A map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ssm_association: + subCategory: SSM + description: Associates an SSM Document to an instance or EC2 tag. + name: aws_ssm_association + titleName: aws_ssm_association + examples: + - manifest: |- + { + "name": "${aws_ssm_document.example.name}", + "targets": [ + { + "key": "InstanceIds", + "values": [ + "${aws_instance.example.id}" + ] + } + ] + } + references: + name: aws_ssm_document.name + argumentDocs: + apply_only_at_cron_interval: '- (Optional) By default, when you create a new or update associations, the system runs it immediately and then according to the schedule you specified. Enable this option if you do not want an association to run immediately after you create or update it. This parameter is not supported for rate expressions. Default: false.' + association_id: '- The ID of the SSM association.' + association_name: '- (Optional) The descriptive name for the association.' + automation_target_parameter_name: '- (Optional) Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.' + compliance_severity: '- (Optional) The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL' + document_version: '- (Optional) The document version you want to associate with the target(s). Can be a specific version or the default version.' + instance_id: '- The instance id that the SSM document was applied to.' + key: '- (Required) Either InstanceIds or tag:Tag Name to specify an EC2 tag.' + max_concurrency: '- (Optional) The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.' + max_errors: '- (Optional) The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.' + name: '- The name of the SSM document to apply.' + output_location: '- (Optional) An output location block. Output Location is documented below.' + parameters: '- Additional parameters passed to the SSM document.' + s3_bucket_name: '- (Required) The S3 bucket name.' + s3_key_prefix: '- (Optional) The S3 bucket prefix. Results stored in the root if not configured.' + schedule_expression: '- (Optional) A cron expression when the association will be applied to the target(s).' + targets: '- (Optional) A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.' + values: '- (Required) A list of instance IDs or tag values. AWS currently limits this list size to one value.' + aws_ssm_document: + subCategory: SSM + description: Provides an SSM Document resource + name: aws_ssm_document + titleName: aws_ssm_document + examples: + - manifest: |- + { + "content": " {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Check ip configuration of a Linux instance.\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"ifconfig\"]\n }\n ]\n }\n }\n }\n", + "document_type": "Command", + "name": "test_document" + } + - manifest: |- + { + "attachments_source": [ + { + "key": "SourceUrl", + "values": [ + "s3://${aws_s3_bucket.object_bucket.bucket}/test.zip" + ] + } + ], + "document_type": "Package", + "lifecycle": [ + { + "ignore_changes": [ + "${attachments_source}" + ] + } + ], + "name": "test_document" + } + argumentDocs: + account_ids: '- The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs or All.' + attachments_source: '- (Optional) One or more configuration blocks describing attachments sources to a version of a document. Defined below.' + content: '- (Required) The JSON or YAML content of the document.' + created_date: '- The date the document was created.' + default_version: '- The default version of the document.' + description: '- The description of the document.' + document_format: '- (Optional, defaults to JSON) The format of the document. Valid document types include: JSON and YAML' + document_type: '- (Required) The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session' + document_version: '- The document version.' + hash: '- The sha1 or sha256 of the document content' + hash_type: '- "Sha1" "Sha256". The hashing algorithm used when hashing the content.' + key: '- (Required) The key describing the location of an attachment to a document. Valid key types include: SourceUrl and S3FileUrl' + latest_version: '- The latest version of the document.' + name: '- (Optional) The name of the document attachment file' + owner: '- The AWS user account of the person who created the document.' + parameter: '- The parameters that are available to this document.' + permissions: '- (Optional) Additional Permissions to attach to the document. See Permissions below for details.' + platform_types: '- A list of OS platforms compatible with this SSM document, either "Windows" or "Linux".' + schema_version: '- The schema version of the document.' + status: '- "Creating", "Active" or "Deleting". The current status of the document.' + tags: '- (Optional) A map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_type: '- (Optional) The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)' + type: '- The permission type for the document. The permission type can be Share.' + values: '- (Required) The value describing the location of an attachment to a document' + version_name: '- (Optional) A field specifying the version of the artifact you are creating with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document and cannot be changed for an existing document version.' + aws_ssm_maintenance_window: + subCategory: SSM + description: Provides an SSM Maintenance Window resource + name: aws_ssm_maintenance_window + titleName: aws_ssm_maintenance_window + examples: + - manifest: |- + { + "cutoff": 1, + "duration": 3, + "name": "maintenance-window-application", + "schedule": "cron(0 16 ? * TUE *)" + } + argumentDocs: + allow_unassociated_targets: '- (Optional) Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.' + cutoff: '- (Required) The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.' + description: '- (Optional) A description for the maintenance window.' + duration: '- (Required) The duration of the Maintenance Window in hours.' + enabled: '- (Optional) Whether the maintenance window is enabled. Default: true.' + end_date: '- (Optional) Timestamp in ISO-8601 extended format when to no longer run the maintenance window.' + id: '- The ID of the maintenance window.' + name: '- (Required) The name of the maintenance window.' + schedule: '- (Required) The schedule of the Maintenance Window in the form of a cron or rate expression.' + schedule_offset: '- (Optional) The number of days to wait after the date and time specified by a CRON expression before running the maintenance window.' + schedule_timezone: '- (Optional) Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.' + start_date: '- (Optional) Timestamp in ISO-8601 extended format when to begin the maintenance window.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ssm_maintenance_window_target: + subCategory: SSM + description: Provides an SSM Maintenance Window Target resource + name: aws_ssm_maintenance_window_target + titleName: aws_ssm_maintenance_window_target + examples: + - manifest: |- + { + "description": "This is a maintenance window target", + "name": "maintenance-window-target", + "resource_type": "INSTANCE", + "targets": [ + { + "key": "tag:Name", + "values": [ + "acceptance_test" + ] + } + ], + "window_id": "${aws_ssm_maintenance_window.window.id}" + } + references: + window_id: aws_ssm_maintenance_window.id + - manifest: |- + { + "description": "This is a maintenance window target", + "name": "maintenance-window-target", + "resource_type": "RESOURCE_GROUP", + "targets": [ + { + "key": "resource-groups:ResourceTypeFilters", + "values": [ + "AWS::EC2::Instance" + ] + } + ], + "window_id": "${aws_ssm_maintenance_window.window.id}" + } + references: + window_id: aws_ssm_maintenance_window.id + argumentDocs: + description: '- (Optional) The description of the maintenance window target.' + id: '- The ID of the maintenance window target.' + name: '- (Optional) The name of the maintenance window target.' + owner_information: '- (Optional) User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.' + resource_type: '- (Required) The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.' + targets: |- + - (Required) The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see + (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html) + window_id: '- (Required) The Id of the maintenance window to register the target with.' + aws_ssm_maintenance_window_task: + subCategory: SSM + description: Provides an SSM Maintenance Window Task resource + name: aws_ssm_maintenance_window_task + titleName: aws_ssm_maintenance_window_task + examples: + - manifest: |- + { + "max_concurrency": 2, + "max_errors": 1, + "priority": 1, + "targets": [ + { + "key": "InstanceIds", + "values": [ + "${aws_instance.example.id}" + ] + } + ], + "task_arn": "AWS-RestartEC2Instance", + "task_invocation_parameters": [ + { + "automation_parameters": [ + { + "document_version": "$LATEST", + "parameter": [ + { + "name": "InstanceId", + "values": [ + "${aws_instance.example.id}" + ] + } + ] + } + ] + } + ], + "task_type": "AUTOMATION", + "window_id": "${aws_ssm_maintenance_window.example.id}" + } + references: + window_id: aws_ssm_maintenance_window.id + - manifest: |- + { + "max_concurrency": 2, + "max_errors": 1, + "priority": 1, + "targets": [ + { + "key": "InstanceIds", + "values": [ + "${aws_instance.example.id}" + ] + } + ], + "task_arn": "${aws_lambda_function.example.arn}", + "task_invocation_parameters": [ + { + "lambda_parameters": [ + { + "client_context": "${base64encode(\"{\\\"key1\\\":\\\"value1\\\"}\")}", + "payload": "{\"key1\":\"value1\"}" + } + ] + } + ], + "task_type": "LAMBDA", + "window_id": "${aws_ssm_maintenance_window.example.id}" + } + references: + task_arn: aws_lambda_function.arn + window_id: aws_ssm_maintenance_window.id + - manifest: |- + { + "max_concurrency": 2, + "max_errors": 1, + "priority": 1, + "targets": [ + { + "key": "InstanceIds", + "values": [ + "${aws_instance.example.id}" + ] + } + ], + "task_arn": "AWS-RunShellScript", + "task_invocation_parameters": [ + { + "run_command_parameters": [ + { + "notification_config": [ + { + "notification_arn": "${aws_sns_topic.example.arn}", + "notification_events": [ + "All" + ], + "notification_type": "Command" + } + ], + "output_s3_bucket": "${aws_s3_bucket.example.bucket}", + "output_s3_key_prefix": "output", + "parameter": [ + { + "name": "commands", + "values": [ + "date" + ] + } + ], + "service_role_arn": "${aws_iam_role.example.arn}", + "timeout_seconds": 600 + } + ] + } + ], + "task_type": "RUN_COMMAND", + "window_id": "${aws_ssm_maintenance_window.example.id}" + } + references: + window_id: aws_ssm_maintenance_window.id + - manifest: |- + { + "max_concurrency": 2, + "max_errors": 1, + "priority": 1, + "targets": [ + { + "key": "InstanceIds", + "values": [ + "${aws_instance.example.id}" + ] + } + ], + "task_arn": "${aws_sfn_activity.example.id}", + "task_invocation_parameters": [ + { + "step_functions_parameters": [ + { + "input": "{\"key1\":\"value1\"}", + "name": "example" + } + ] + } + ], + "task_type": "STEP_FUNCTIONS", + "window_id": "${aws_ssm_maintenance_window.example.id}" + } + references: + task_arn: aws_sfn_activity.id + window_id: aws_ssm_maintenance_window.id + argumentDocs: + automation_parameters: '- (Optional) The parameters for an AUTOMATION task type. Documented below.' + client_context: '- (Optional) Pass client-specific information to the Lambda function that you are invoking.' + cloudwatch_config: '- (Optional) Configuration options for sending command output to CloudWatch Logs. Documented below.' + cloudwatch_log_group_name: '- (Optional) The name of the CloudWatch log group where you want to send command output. If you don''t specify a group name, Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName.' + cloudwatch_output_enabled: '- (Optional) Enables Systems Manager to send command output to CloudWatch Logs.' + comment: '- (Optional) Information about the command(s) to execute.' + description: '- (Optional) The description of the maintenance window task.' + document_hash: '- (Optional) The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.' + document_hash_type: '- (Optional) SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: Sha256 and Sha1' + document_version: '- (Optional) The version of an Automation document to use during task execution.' + id: '- The ID of the maintenance window task.' + input: '- (Optional) The inputs for the STEP_FUNCTION task.' + lambda_parameters: '- (Optional) The parameters for a LAMBDA task type. Documented below.' + max_concurrency: '- (Required) The maximum number of targets this task can be run for in parallel.' + max_errors: '- (Required) The maximum number of errors allowed before this task stops being scheduled.' + name: '- (Required) The parameter name.' + notification_arn: '- (Optional) An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic.' + notification_config: '- (Optional) Configurations for sending notifications about command status changes on a per-instance basis. Documented below.' + notification_events: '- (Optional) The different events for which you can receive notifications. Valid values: All, InProgress, Success, TimedOut, Cancelled, and Failed' + notification_type: '- (Optional) When specified with Command, receive notification when the status of a command changes. When specified with Invocation, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: Command and Invocation' + output_s3_bucket: '- (Optional) The name of the Amazon S3 bucket.' + output_s3_key_prefix: '- (Optional) The Amazon S3 bucket subfolder.' + parameter: '- (Optional) The parameters for the RUN_COMMAND task execution. Documented below.' + payload: '- (Optional) JSON to provide to your Lambda function as input.' + priority: '- (Optional) The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.' + qualifier: '- (Optional) Specify a Lambda function version or alias name.' + run_command_parameters: '- (Optional) The parameters for a RUN_COMMAND task type. Documented below.' + service_role_arn: '- (Optional) The IAM service role to assume during task execution.' + step_functions_parameters: '- (Optional) The parameters for a STEP_FUNCTIONS task type. Documented below.' + targets: '- (Required) The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.' + task_arn: '- (Required) The ARN of the task to execute.' + task_invocation_parameters: '- (Optional) Configuration block with parameters for task execution.' + task_type: '- (Required) The type of task being registered. Valid values: AUTOMATION, LAMBDA, RUN_COMMAND or STEP_FUNCTIONS.' + timeout_seconds: '- (Optional) If this time is reached and the command has not already started executing, it doesn''t run.' + values: '- (Required) The array of strings.' + window_id: '- (Required) The Id of the maintenance window to register the task with.' + aws_ssm_parameter: + subCategory: SSM + description: Provides a SSM Parameter resource + name: aws_ssm_parameter + titleName: aws_ssm_parameter + examples: + - manifest: |- + { + "name": "foo", + "type": "String", + "value": "bar" + } + - manifest: |- + { + "description": "The parameter description", + "name": "/production/database/password/master", + "tags": { + "environment": "production" + }, + "type": "SecureString", + "value": "${var.database_master_password}" + } + references: + value: var.database_master_password + argumentDocs: + allowed_pattern: '- (Optional) A regular expression used to validate the parameter value.' + arn: '- The ARN of the parameter.' + data_type: '- (Optional) The data_type of the parameter. Valid values: text and aws:ec2:image for AMI format, see the Native parameter support for Amazon Machine Image IDs' + description: '- (Required) The description of the parameter.' + key_id: '- (Optional) The KMS key id or arn for encrypting a SecureString.' + name: '- (Required) The name of the parameter.' + overwrite: '- (Optional) Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by terraform to avoid overwrite of existing resource and will default to true otherwise (terraform lifecycle rules should then be used to manage the update behavior).' + tags: '- (Optional) A map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tier: '- (Optional) The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard, Advanced, and Intelligent-Tiering. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.' + type: '- (Required) The type of the parameter. Valid types are String, StringList and SecureString.' + value: '- (Required) The value of the parameter.' + version: '- The version of the parameter.' + aws_ssm_patch_baseline: + subCategory: SSM + description: Provides an SSM Patch Baseline resource + name: aws_ssm_patch_baseline + titleName: aws_ssm_patch_baseline + examples: + - manifest: |- + { + "approved_patches": [ + "KB123456" + ], + "name": "patch-baseline" + } + - manifest: |- + { + "approval_rule": [ + { + "approve_after_days": 7, + "compliance_level": "HIGH", + "patch_filter": [ + { + "key": "PRODUCT", + "values": [ + "WindowsServer2016" + ] + }, + { + "key": "CLASSIFICATION", + "values": [ + "CriticalUpdates", + "SecurityUpdates", + "Updates" + ] + }, + { + "key": "MSRC_SEVERITY", + "values": [ + "Critical", + "Important", + "Moderate" + ] + } + ] + }, + { + "approve_after_days": 7, + "patch_filter": [ + { + "key": "PRODUCT", + "values": [ + "WindowsServer2012" + ] + } + ] + } + ], + "approved_patches": [ + "KB123456", + "KB456789" + ], + "description": "Patch Baseline Description", + "global_filter": [ + { + "key": "PRODUCT", + "values": [ + "WindowsServer2008" + ] + }, + { + "key": "CLASSIFICATION", + "values": [ + "ServicePacks" + ] + }, + { + "key": "MSRC_SEVERITY", + "values": [ + "Low" + ] + } + ], + "name": "patch-baseline", + "rejected_patches": [ + "KB987654" + ] + } + - manifest: |- + { + "approval_rule": [ + { + "approve_after_days": 7, + "patch_filter": [ + { + "key": "CLASSIFICATION", + "values": [ + "CriticalUpdates", + "SecurityUpdates" + ] + }, + { + "key": "MSRC_SEVERITY", + "values": [ + "Critical", + "Important" + ] + } + ] + }, + { + "approve_after_days": 7, + "patch_filter": [ + { + "key": "PATCH_SET", + "values": [ + "APPLICATION" + ] + }, + { + "key": "PRODUCT", + "values": [ + "Office 2013", + "Office 2016" + ] + } + ] + } + ], + "description": "Patch both Windows and Microsoft apps", + "name": "WindowsOSAndMicrosoftApps", + "operating_system": "WINDOWS" + } + - manifest: |- + { + "approval_rule": [ + {} + ], + "description": "My patch repository for Amazon Linux 2017.09", + "name": "Amazon-Linux-2017.09", + "operating_system": "AMAZON_LINUX", + "source": [ + { + "configuration": "[amzn-main]\nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list\nmirrorlist_expire=300\nmetadata_expire=300\npriority=10\nfailovermethod=priority\nfastestmirror_enabled=0\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga\nenabled=1\nretries=3\ntimeout=5\nreport_instanceid=yes\n", + "name": "My-AL2017.09", + "products": [ + "AmazonLinux2017.09" + ] + } + ] + } + argumentDocs: + PATCH_SET: defaults to OS if unspecified + approval_rule: '- (Optional) A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.' + approve_after_days: '- (Optional) The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with approve_until_date' + approve_until_date: '- (Optional) The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as YYYY-MM-DD. Conflicts with approve_after_days' + approved_patches: '- (Optional) A list of explicitly approved patches for the baseline.' + approved_patches_compliance_level: '- (Optional) Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.' + approved_patches_enable_non_security: '- (Optional) Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.' + arn: '- The ARN of the patch baseline.' + compliance_level: '- (Optional) Defines the compliance level for patches approved by this rule. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.' + configuration: '- (Required) The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the dnf.conf documentation' + description: '- (Optional) The description of the patch baseline.' + enable_non_security: '- (Optional) Boolean enabling the application of non-security updates. The default value is ''false''. Valid for Linux instances only.' + global_filter: '- (Optional) A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.' + id: '- The ID of the patch baseline.' + name: '- (Required) The name specified to identify the patch source.' + operating_system: '- (Optional) Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.' + patch_filter: '- (Required) The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid Keys are PATCH_SET | PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID. Valid combinations of these Keys and the operating_system value can be found in the SSM DescribePatchProperties API Reference. Valid Values are exact values for the patch property given as the key, or a wildcard *, which matches all values.' + products: '- (Required) The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.' + rejected_patches: '- (Optional) A list of rejected patches.' + rejected_patches_action: '- (Optional) The action for Patch Manager to take on patches included in the rejected_patches list. Allow values are ALLOW_AS_DEPENDENCY and BLOCK.' + source: '- (Optional) Configuration block(s) with alternate sources for patches. Applies to Linux instances only. Documented below.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ssm_patch_group: + subCategory: SSM + description: Provides an SSM Patch Group resource + name: aws_ssm_patch_group + titleName: aws_ssm_patch_group + examples: + - manifest: |- + { + "baseline_id": "${aws_ssm_patch_baseline.production.id}", + "patch_group": "patch-group-name" + } + references: + baseline_id: aws_ssm_patch_baseline.id + argumentDocs: + baseline_id: '- (Required) The ID of the patch baseline to register the patch group with.' + id: '- The name of the patch group and ID of the patch baseline separated by a comma (,).' + patch_group: '- (Required) The name of the patch group that should be registered with the patch baseline.' + aws_ssm_resource_data_sync: + subCategory: SSM + description: Provides a SSM resource data sync. + name: aws_ssm_resource_data_sync + titleName: aws_ssm_resource_data_sync + examples: + - manifest: |- + { + "name": "foo", + "s3_destination": [ + { + "bucket_name": "${aws_s3_bucket.hoge.bucket}", + "region": "${aws_s3_bucket.hoge.region}" + } + ] + } + argumentDocs: + bucket_name: '- (Required) Name of S3 bucket where the aggregated data is stored.' + kms_key_arn: '- (Optional) ARN of an encryption key for a destination in Amazon S3.' + name: '- (Required) Name for the configuration.' + prefix: '- (Optional) Prefix for the bucket.' + region: '- (Required) Region with the bucket targeted by the Resource Data Sync.' + s3_destination: '- (Required) Amazon S3 configuration details for the sync.' + sync_format: '- (Optional) A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe.' + aws_ssoadmin_account_assignment: + subCategory: SSO Admin + description: Manages a Single Sign-On (SSO) Account Assignment + name: aws_ssoadmin_account_assignment + titleName: aws_ssoadmin_account_assignment + examples: + - manifest: |- + { + "instance_arn": "${data.aws_ssoadmin_permission_set.example.instance_arn}", + "permission_set_arn": "${data.aws_ssoadmin_permission_set.example.arn}", + "principal_id": "${data.aws_identitystore_group.example.group_id}", + "principal_type": "GROUP", + "target_id": "012347678910", + "target_type": "AWS_ACCOUNT" + } + references: + instance_arn: data.instance_arn + permission_set_arn: data.arn + principal_id: data.group_id + argumentDocs: + id: '- The identifier of the Account Assignment i.e. principal_id, principal_type, target_id, target_type, permission_set_arn, instance_arn separated by commas (,).' + instance_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance.' + permission_set_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.' + principal_id: '- (Required, Forces new resource) An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6).' + principal_type: '- (Required, Forces new resource) The entity type for which the assignment will be created. Valid values: USER, GROUP.' + target_id: '- (Required, Forces new resource) An AWS account identifier, typically a 10-12 digit string.' + target_type: '- (Optional, Forces new resource) The entity type for which the assignment will be created. Valid values: AWS_ACCOUNT.' + aws_ssoadmin_managed_policy_attachment: + subCategory: SSO Admin + description: Manages an IAM managed policy for a Single Sign-On (SSO) Permission Set + name: aws_ssoadmin_managed_policy_attachment + titleName: aws_ssoadmin_managed_policy_attachment + examples: + - manifest: |- + { + "instance_arn": "${tolist(data.aws_ssoadmin_instances.example.arns)[0]}", + "managed_policy_arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", + "permission_set_arn": "${aws_ssoadmin_permission_set.example.arn}" + } + references: + permission_set_arn: aws_ssoadmin_permission_set.arn + argumentDocs: + id: '- The Amazon Resource Names (ARNs) of the Managed Policy, Permission Set, and SSO Instance, separated by a comma (,).' + instance_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.' + managed_policy_arn: '- (Required, Forces new resource) The IAM managed policy Amazon Resource Name (ARN) to be attached to the Permission Set.' + managed_policy_name: '- The name of the IAM Managed Policy.' + permission_set_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the Permission Set.' + aws_ssoadmin_permission_set: + subCategory: SSO Admin + description: Manages a Single Sign-On (SSO) Permission Set + name: aws_ssoadmin_permission_set + titleName: aws_ssoadmin_permission_set + examples: + - manifest: |- + { + "description": "An example", + "instance_arn": "${tolist(data.aws_ssoadmin_instances.example.arns)[0]}", + "name": "Example", + "relay_state": "https://s3.console.aws.amazon.com/s3/home?region=us-east-1#", + "session_duration": "PT2H" + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the Permission Set.' + created_date: '- The date the Permission Set was created in RFC3339 format.' + description: '- (Optional) The description of the Permission Set.' + id: '- The Amazon Resource Names (ARNs) of the Permission Set and SSO Instance, separated by a comma (,).' + instance_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.' + name: '- (Required, Forces new resource) The name of the Permission Set.' + relay_state: '- (Optional) The relay state URL used to redirect users within the application during the federation authentication process.' + session_duration: '- (Optional) The length of time that the application user sessions are valid in the ISO-8601 standard. Default: PT1H.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_ssoadmin_permission_set_inline_policy: + subCategory: SSO Admin + description: Manages an IAM inline policy for a Single Sign-On (SSO) Permission Set + name: aws_ssoadmin_permission_set_inline_policy + titleName: aws_ssoadmin_permission_set_inline_policy + examples: + - manifest: |- + { + "inline_policy": "${data.aws_iam_policy_document.example.json}", + "instance_arn": "${aws_ssoadmin_permission_set.example.instance_arn}", + "permission_set_arn": "${aws_ssoadmin_permission_set.example.arn}" + } + references: + inline_policy: data.json + instance_arn: aws_ssoadmin_permission_set.instance_arn + permission_set_arn: aws_ssoadmin_permission_set.arn + argumentDocs: + id: '- The Amazon Resource Names (ARNs) of the Permission Set and SSO Instance, separated by a comma (,).' + inline_policy: '- (Required) The IAM inline policy to attach to a Permission Set.' + instance_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.' + permission_set_arn: '- (Required, Forces new resource) The Amazon Resource Name (ARN) of the Permission Set.' + aws_storagegateway_cache: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway cache + name: aws_storagegateway_cache + titleName: aws_storagegateway_cache + examples: + - manifest: |- + { + "disk_id": "${data.aws_storagegateway_local_disk.example.id}", + "gateway_arn": "${aws_storagegateway_gateway.example.arn}" + } + references: + disk_id: data.id + gateway_arn: aws_storagegateway_gateway.arn + argumentDocs: + disk_id: '- (Required) Local disk identifier. For example, pci-0000:03:00.0-scsi-0:0:0:0.' + gateway_arn: '- (Required) The Amazon Resource Name (ARN) of the gateway.' + id: '- Combined gateway Amazon Resource Name (ARN) and local disk identifier.' + aws_storagegateway_cached_iscsi_volume: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway cached iSCSI volume + name: aws_storagegateway_cached_iscsi_volume + titleName: aws_storagegateway_cached_iscsi_volume + examples: + - manifest: |- + { + "gateway_arn": "${aws_storagegateway_cache.example.gateway_arn}", + "network_interface_id": "${aws_instance.example.private_ip}", + "target_name": "example", + "volume_size_in_bytes": 5368709120 + } + references: + gateway_arn: aws_storagegateway_cache.gateway_arn + network_interface_id: aws_instance.private_ip + - manifest: |- + { + "gateway_arn": "${aws_storagegateway_cache.example.gateway_arn}", + "network_interface_id": "${aws_instance.example.private_ip}", + "snapshot_id": "${aws_ebs_snapshot.example.id}", + "target_name": "example", + "volume_size_in_bytes": "${aws_ebs_snapshot.example.volume_size * 1024 * 1024 * 1024}" + } + references: + gateway_arn: aws_storagegateway_cache.gateway_arn + network_interface_id: aws_instance.private_ip + snapshot_id: aws_ebs_snapshot.id + - manifest: |- + { + "gateway_arn": "${aws_storagegateway_cache.example.gateway_arn}", + "network_interface_id": "${aws_instance.example.private_ip}", + "source_volume_arn": "${aws_storagegateway_cached_iscsi_volume.existing.arn}", + "target_name": "example", + "volume_size_in_bytes": "${aws_storagegateway_cached_iscsi_volume.existing.volume_size_in_bytes}" + } + references: + gateway_arn: aws_storagegateway_cache.gateway_arn + network_interface_id: aws_instance.private_ip + source_volume_arn: aws_storagegateway_cached_iscsi_volume.arn + volume_size_in_bytes: aws_storagegateway_cached_iscsi_volume.volume_size_in_bytes + argumentDocs: + arn: '- Volume Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678.' + chap_enabled: '- Whether mutual CHAP is enabled for the iSCSI target.' + gateway_arn: '- (Required) The Amazon Resource Name (ARN) of the gateway.' + id: '- Volume Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678.' + kms_encrypted: '- (Optional) Set to true to use Amazon S3 server side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3.' + kms_key: '- (Optional) The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. Is required when kms_encrypted is set.' + lun_number: '- Logical disk number.' + network_interface_id: '- (Required) The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.' + network_interface_port: '- The port used to communicate with iSCSI targets.' + snapshot_id: '- (Optional) The snapshot ID of the snapshot to restore as the new cached volume. e.g. snap-1122aabb.' + source_volume_arn: '- (Optional) The ARN for an existing volume. Specifying this ARN makes the new volume into an exact copy of the specified existing volume''s latest recovery point. The volume_size_in_bytes value for this new volume must be equal to or larger than the size of the existing volume, in bytes.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_arn: '- Target Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/target/iqn.1997-05.com.amazon:TargetName.' + target_name: '- (Required) The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.' + volume_arn: '- Volume Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678.' + volume_id: '- Volume ID, e.g. vol-12345678.' + volume_size_in_bytes: '- (Required) The size of the volume in bytes.' + aws_storagegateway_file_system_association: + subCategory: Storage Gateway + description: Mananges an association between an Amazon FSx file system and an Amazon FSx File Gateway. + name: aws_storagegateway_file_system_association + titleName: aws_storagegateway_file_system_association + examples: + - manifest: |- + { + "audit_destination_arn": "${aws_s3_bucket.example.arn}", + "gateway_arn": "${aws_storagegateway_gateway.example.arn}", + "location_arn": "${aws_fsx_windows_file_system.example.arn}", + "password": "avoid-plaintext-passwords", + "username": "Admin" + } + references: + audit_destination_arn: aws_s3_bucket.arn + gateway_arn: aws_storagegateway_gateway.arn + location_arn: aws_fsx_windows_file_system.arn + - manifest: |- + { + "audit_destination_arn": "${aws_cloudwatch_log_group.test.arn}", + "cache_attributes": [ + { + "cache_stale_timeout_in_seconds": 400 + } + ], + "gateway_arn": "${aws_storagegateway_gateway.test.arn}", + "location_arn": "${aws_fsx_windows_file_system.test.arn}", + "password": "${aws_directory_service_directory.test.password}", + "username": "Admin" + } + references: + audit_destination_arn: aws_cloudwatch_log_group.arn + gateway_arn: aws_storagegateway_gateway.arn + location_arn: aws_fsx_windows_file_system.arn + password: aws_directory_service_directory.password + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the newly created file system association.' + audit_destination_arn: '- (Optional) The Amazon Resource Name (ARN) of the storage used for the audit logs.' + cache_attributes: '- (Optional) Refresh cache information. see Cache Attributes for more details.' + cache_stale_timeout_in_seconds: |- + - (Optional) Refreshes a file share's cache by using Time To Live (TTL). + TTL is the length of time since the last refresh after which access to the directory would cause the file gateway + to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 0 or 300 to 2592000 seconds (5 minutes to 30 days). Defaults to 0 + gateway_arn: '- (Required) The Amazon Resource Name (ARN) of the gateway.' + id: '- Amazon Resource Name (ARN) of the FSx file system association' + location_arn: '- (Required) The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the FSx File Gateway.' + password: '- (Required, sensitive) The password of the user credential.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + username: '- (Required) The user name of the user credential that has permission to access the root share of the Amazon FSx file system. The user account must belong to the Amazon FSx delegated admin user group.' + aws_storagegateway_gateway: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway file, tape, or volume gateway in the provider region + name: aws_storagegateway_gateway + titleName: aws_storagegateway_gateway + examples: + - manifest: |- + { + "gateway_ip_address": "1.2.3.4", + "gateway_name": "example", + "gateway_timezone": "GMT", + "gateway_type": "FILE_FSX_SMB", + "smb_active_directory_settings": [ + { + "domain_name": "corp.example.com", + "password": "avoid-plaintext-passwords", + "username": "Admin" + } + ] + } + - manifest: |- + { + "gateway_ip_address": "1.2.3.4", + "gateway_name": "example", + "gateway_timezone": "GMT", + "gateway_type": "FILE_S3" + } + - manifest: |- + { + "gateway_ip_address": "1.2.3.4", + "gateway_name": "example", + "gateway_timezone": "GMT", + "gateway_type": "VTL", + "medium_changer_type": "AWS-Gateway-VTL", + "tape_drive_type": "IBM-ULT3580-TD5" + } + - manifest: |- + { + "gateway_ip_address": "1.2.3.4", + "gateway_name": "example", + "gateway_timezone": "GMT", + "gateway_type": "CACHED" + } + - manifest: |- + { + "gateway_ip_address": "1.2.3.4", + "gateway_name": "example", + "gateway_timezone": "GMT", + "gateway_type": "STORED" + } + - manifest: |- + { + "gateway_ip_address": "${aws_instance.sgw.private_ip}", + "lifecycle": [ + { + "ignore_changes": [ + "gateway_ip_address" + ] + } + ] + } + references: + gateway_ip_address: aws_instance.private_ip + argumentDocs: + activation_key: '- (Optional) Gateway activation key during resource creation. Conflicts with gateway_ip_address. Additional information is available in the Storage Gateway User Guide.' + arn: '- Amazon Resource Name (ARN) of the gateway.' + average_download_rate_limit_in_bits_per_sec: '- (Optional) The average download bandwidth rate limit in bits per second. This is supported for the CACHED, STORED, and VTL gateway types.' + average_upload_rate_limit_in_bits_per_sec: '- (Optional) The average upload bandwidth rate limit in bits per second. This is supported for the CACHED, STORED, and VTL gateway types.' + cloudwatch_log_group_arn: '- (Optional) The Amazon Resource Name (ARN) of the Amazon CloudWatch log group to use to monitor and log events in the gateway.' + create: '- (Default 10m) How long to wait for gateway activation and connection to Storage Gateway.' + domain_controllers: |- + - (Optional) List of IPv4 addresses, NetBIOS names, or host names of your domain server. + If you need to specify the port number include it after the colon (“:”). For example, mydc.mydomain.com:389. + domain_name: '- (Required) The name of the domain that you want the gateway to join.' + ec2_instance_id: '- The ID of the Amazon EC2 instance that was used to launch the gateway.' + endpoint_type: '- The type of endpoint for your gateway.' + gateway_id: '- Identifier of the gateway.' + gateway_ip_address: '- (Optional) Gateway IP address to retrieve activation key during resource creation. Conflicts with activation_key. Gateway must be accessible on port 80 from where Terraform is running. Additional information is available in the Storage Gateway User Guide.' + gateway_name: '- (Required) Name of the gateway.' + gateway_network_interface: '- An array that contains descriptions of the gateway network interfaces. See Gateway Network Interface.' + gateway_timezone: '- (Required) Time zone for the gateway. The time zone is of the format "GMT", "GMT-hr:mm", or "GMT+hr:mm". For example, GMT-4:00 indicates the time is 4 hours behind GMT. The time zone is used, for example, for scheduling snapshots and your gateway''s maintenance schedule.' + gateway_type: '- (Optional) Type of the gateway. The default value is STORED. Valid values: CACHED, FILE_FSX_SMB, FILE_S3, STORED, VTL.' + gateway_vpc_endpoint: '- (Optional) VPC endpoint address to be used when activating your gateway. This should be used when your instance is in a private subnet. Requires HTTP access from client computer running terraform. More info on what ports are required by your VPC Endpoint Security group in Activating a Gateway in a Virtual Private Cloud.' + host_environment: '- The type of hypervisor environment used by the host.' + id: '- Amazon Resource Name (ARN) of the gateway.' + ipv4_address: '- The Internet Protocol version 4 (IPv4) address of the interface.' + medium_changer_type: '- (Optional) Type of medium changer to use for tape gateway. Terraform cannot detect drift of this argument. Valid values: STK-L700, AWS-Gateway-VTL, IBM-03584L32-0402.' + organizational_unit: |- + - (Optional) The organizational unit (OU) is a container in an Active Directory that can hold users, groups, + computers, and other OUs and this parameter specifies the OU that the gateway will join within the AD domain. + password: '- (Required) The password of the user who has permission to add the gateway to the Active Directory domain.' + smb_active_directory_settings: '- (Optional) Nested argument with Active Directory domain join information for Server Message Block (SMB) file shares. Only valid for FILE_S3 and FILE_FSX_SMB gateway types. Must be set before creating ActiveDirectory authentication SMB file shares. More details below.' + smb_file_share_visibility: '- (Optional) Specifies whether the shares on this gateway appear when listing shares.' + smb_guest_password: '- (Optional) Guest password for Server Message Block (SMB) file shares. Only valid for FILE_S3 and FILE_FSX_SMB gateway types. Must be set before creating GuestAccess authentication SMB file shares. Terraform can only detect drift of the existence of a guest password, not its actual value from the gateway. Terraform can however update the password with changing the argument.' + smb_security_strategy: '- (Optional) Specifies the type of security strategy. Valid values are: ClientSpecified, MandatorySigning, and MandatoryEncryption. See Setting a Security Level for Your Gateway for more information.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + tape_drive_type: '- (Optional) Type of tape drive to use for tape gateway. Terraform cannot detect drift of this argument. Valid values: IBM-ULT3580-TD5.' + timeout_in_seconds: '- (Optional) Specifies the time in seconds, in which the JoinDomain operation must complete. The default is 20 seconds.' + username: '- (Required) The user name of user who has permission to add the gateway to the Active Directory domain.' + aws_storagegateway_nfs_file_share: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway NFS File Share + name: aws_storagegateway_nfs_file_share + titleName: aws_storagegateway_nfs_file_share + examples: + - manifest: |- + { + "client_list": [ + "0.0.0.0/0" + ], + "gateway_arn": "${aws_storagegateway_gateway.example.arn}", + "location_arn": "${aws_s3_bucket.example.arn}", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + gateway_arn: aws_storagegateway_gateway.arn + location_arn: aws_s3_bucket.arn + role_arn: aws_iam_role.arn + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the NFS File Share.' + cache_attributes: '- (Optional) Refresh cache information. see Cache Attributes for more details.' + cache_stale_timeout_in_seconds: |- + - (Optional) Refreshes a file share's cache by using Time To Live (TTL). + TTL is the length of time since the last refresh after which access to the directory would cause the file gateway + to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) + client_list: '- (Required) The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks. Set to ["0.0.0.0/0"] to not limit access. Minimum 1 item. Maximum 100 items.' + create: '- (Default 10m) How long to wait for file share creation.' + default_storage_class: '- (Optional) The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to S3_STANDARD. Valid values: S3_STANDARD, S3_STANDARD_IA, S3_ONEZONE_IA.' + delete: '- (Default 10m) How long to wait for file share deletion.' + directory_mode: '- (Optional) The Unix directory mode in the string form "nnnn". Defaults to "0777".' + file_mode: '- (Optional) The Unix file mode in the string form "nnnn". Defaults to "0666".' + file_share_name: '- (Optional) The name of the file share. Must be set if an S3 prefix name is set in location_arn.' + fileshare_id: '- ID of the NFS File Share.' + gateway_arn: '- (Required) Amazon Resource Name (ARN) of the file gateway.' + group_id: '- (Optional) The default group ID for the file share (unless the files have another group ID specified). Defaults to 65534 (nfsnobody). Valid values: 0 through 4294967294.' + guess_mime_type_enabled: '- (Optional) Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to true.' + id: '- Amazon Resource Name (ARN) of the NFS File Share.' + kms_encrypted: '- (Optional) Boolean value if true to use Amazon S3 server side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Defaults to false.' + kms_key_arn: '- (Optional) Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when kms_encrypted is true.' + location_arn: '- (Required) The ARN of the backed storage used for storing file data.' + nfs_file_share_defaults: '- (Optional) Nested argument with file share default values. More information below. see NFS File Share Defaults for more details.' + notification_policy: '- (Optional) The notification policy of the file share. For more information see the AWS Documentation. Default value is {}.' + object_acl: '- (Optional) Access Control List permission for S3 bucket objects. Defaults to private.' + owner_id: '- (Optional) The default owner ID for the file share (unless the files have another owner ID specified). Defaults to 65534 (nfsnobody). Valid values: 0 through 4294967294.' + path: '- File share path used by the NFS client to identify the mount point.' + read_only: '- (Optional) Boolean to indicate write status of file share. File share does not accept writes if true. Defaults to false.' + requester_pays: '- (Optional) Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to true if you want the requester to pay instead of the bucket owner. Defaults to false.' + role_arn: '- (Required) The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.' + squash: '- (Optional) Maps a user to anonymous user. Defaults to RootSquash. Valid values: RootSquash (only root is mapped to anonymous user), NoSquash (no one is mapped to anonymous user), AllSquash (everyone is mapped to anonymous user)' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10m) How long to wait for file share updates.' + aws_storagegateway_smb_file_share: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway SMB File Share + name: aws_storagegateway_smb_file_share + titleName: aws_storagegateway_smb_file_share + examples: + - manifest: |- + { + "authentication": "ActiveDirectory", + "gateway_arn": "${aws_storagegateway_gateway.example.arn}", + "location_arn": "${aws_s3_bucket.example.arn}", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + gateway_arn: aws_storagegateway_gateway.arn + location_arn: aws_s3_bucket.arn + role_arn: aws_iam_role.arn + - manifest: |- + { + "authentication": "GuestAccess", + "gateway_arn": "${aws_storagegateway_gateway.example.arn}", + "location_arn": "${aws_s3_bucket.example.arn}", + "role_arn": "${aws_iam_role.example.arn}" + } + references: + gateway_arn: aws_storagegateway_gateway.arn + location_arn: aws_s3_bucket.arn + role_arn: aws_iam_role.arn + argumentDocs: + access_based_enumeration: '- (Optional) The files and folders on this share will only be visible to users with read access. Default value is false.' + admin_user_list: '- (Optional) A list of users in the Active Directory that have admin access to the file share. Only valid if authentication is set to ActiveDirectory.' + arn: '- Amazon Resource Name (ARN) of the SMB File Share.' + audit_destination_arn: '- (Optional) The Amazon Resource Name (ARN) of the CloudWatch Log Group used for the audit logs.' + authentication: '- (Optional) The authentication method that users use to access the file share. Defaults to ActiveDirectory. Valid values: ActiveDirectory, GuestAccess.' + bucket_region: '- (Optional) The region of the S3 buck used by the file share. Required when specifying a vpc_endpoint_dns_name.' + cache_attributes: '- (Optional) Refresh cache information. see Cache Attributes for more details.' + cache_stale_timeout_in_seconds: |- + - (Optional) Refreshes a file share's cache by using Time To Live (TTL). + TTL is the length of time since the last refresh after which access to the directory would cause the file gateway + to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) + case_sensitivity: '- (Optional) The case of an object name in an Amazon S3 bucket. For ClientSpecified, the client determines the case sensitivity. For CaseSensitive, the gateway determines the case sensitivity. The default value is ClientSpecified.' + create: '- (Default 10m) How long to wait for file share creation.' + default_storage_class: '- (Optional) The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to S3_STANDARD. Valid values: S3_STANDARD, S3_STANDARD_IA, S3_ONEZONE_IA.' + delete: '- (Default 15m) How long to wait for file share deletion.' + file_share_name: '- (Optional) The name of the file share. Must be set if an S3 prefix name is set in location_arn.' + fileshare_id: '- ID of the SMB File Share.' + gateway_arn: '- (Required) Amazon Resource Name (ARN) of the file gateway.' + guess_mime_type_enabled: '- (Optional) Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to true.' + id: '- Amazon Resource Name (ARN) of the SMB File Share.' + invalid_user_list: '- (Optional) A list of users in the Active Directory that are not allowed to access the file share. Only valid if authentication is set to ActiveDirectory.' + kms_encrypted: '- (Optional) Boolean value if true to use Amazon S3 server side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Defaults to false.' + kms_key_arn: '- (Optional) Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when kms_encrypted is true.' + location_arn: '- (Required) The ARN of the backed storage used for storing file data.' + notification_policy: '- (Optional) The notification policy of the file share. For more information see the AWS Documentation. Default value is {}.' + object_acl: '- (Optional) Access Control List permission for S3 bucket objects. Defaults to private.' + oplocks_enabled: '- (Optional) Boolean to indicate Opportunistic lock (oplock) status. Defaults to true.' + path: '- File share path used by the NFS client to identify the mount point.' + read_only: '- (Optional) Boolean to indicate write status of file share. File share does not accept writes if true. Defaults to false.' + requester_pays: '- (Optional) Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to true if you want the requester to pay instead of the bucket owner. Defaults to false.' + role_arn: '- (Required) The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.' + smb_acl_enabled: '- (Optional) Set this value to true to enable ACL (access control list) on the SMB fileshare. Set it to false to map file and directory permissions to the POSIX permissions. This setting applies only to ActiveDirectory authentication type.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10m) How long to wait for file share updates.' + valid_user_list: '- (Optional) A list of users in the Active Directory that are allowed to access the file share. Only valid if authentication is set to ActiveDirectory.' + vpc_endpoint_dns_name: '- (Optional) The DNS name of the VPC endpoint for S3 private link.' + aws_storagegateway_stored_iscsi_volume: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway stored iSCSI volume + name: aws_storagegateway_stored_iscsi_volume + titleName: aws_storagegateway_stored_iscsi_volume + examples: + - manifest: |- + { + "disk_id": "${data.aws_storagegateway_local_disk.test.id}", + "gateway_arn": "${aws_storagegateway_cache.example.gateway_arn}", + "network_interface_id": "${aws_instance.example.private_ip}", + "preserve_existing_data": false, + "target_name": "example" + } + references: + disk_id: data.id + gateway_arn: aws_storagegateway_cache.gateway_arn + network_interface_id: aws_instance.private_ip + - manifest: |- + { + "disk_id": "${data.aws_storagegateway_local_disk.test.id}", + "gateway_arn": "${aws_storagegateway_cache.example.gateway_arn}", + "network_interface_id": "${aws_instance.example.private_ip}", + "preserve_existing_data": false, + "snapshot_id": "${aws_ebs_snapshot.example.id}", + "target_name": "example" + } + references: + disk_id: data.id + gateway_arn: aws_storagegateway_cache.gateway_arn + network_interface_id: aws_instance.private_ip + snapshot_id: aws_ebs_snapshot.id + argumentDocs: + arn: '- Volume Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678.' + chap_enabled: '- Whether mutual CHAP is enabled for the iSCSI target.' + disk_id: '- (Required) The unique identifier for the gateway local disk that is configured as a stored volume.' + gateway_arn: '- (Required) The Amazon Resource Name (ARN) of the gateway.' + id: '- Volume Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678.' + kms_encrypted: '- (Optional) true to use Amazon S3 server side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.' + kms_key: '- (Optional) The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. This value can only be set when kms_encrypted is true.' + lun_number: '- Logical disk number.' + network_interface_id: '- (Required) The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.' + network_interface_port: '- The port used to communicate with iSCSI targets.' + preserve_existing_data: '- (Required) Specify this field as true if you want to preserve the data on the local disk. Otherwise, specifying this field as false creates an empty volume.' + snapshot_id: '- (Optional) The snapshot ID of the snapshot to restore as the new stored volume. e.g. snap-1122aabb.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target_arn: '- Target Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/target/iqn.1997-05.com.amazon:TargetName.' + target_name: '- (Required) The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.' + volume_arn: '- Volume Amazon Resource Name (ARN), e.g. arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678.' + volume_attachment_status: '- A value that indicates whether a storage volume is attached to, detached from, or is in the process of detaching from a gateway.' + volume_id: '- Volume ID, e.g. vol-12345678.' + volume_size_in_bytes: '- The size of the data stored on the volume in bytes.' + volume_status: '- indicates the state of the storage volume.' + volume_type: '- indicates the type of the volume.' + aws_storagegateway_tape_pool: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway Tape Pool + name: aws_storagegateway_tape_pool + titleName: aws_storagegateway_tape_pool + examples: + - manifest: |- + { + "pool_name": "example", + "storage_class": "GLACIER" + } + argumentDocs: + arn: '- Volume Amazon Resource Name (ARN), e.g. aws_storagegateway_tape_pool.example arn:aws:storagegateway:us-east-1:123456789012:tapepool/pool-12345678.' + pool_name: '- (Required) The name of the new custom tape pool.' + retention_lock_time_in_days: '- (Optional) Tape retention lock time is set in days. Tape retention lock can be enabled for up to 100 years (36,500 days). Default value is 0.' + retention_lock_type: '- (Required) Tape retention lock can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account. Possible values are COMPLIANCE, GOVERNANCE, and NONE. Default value is NONE.' + storage_class: '- (Required) The storage class that is associated with the new custom pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class that corresponds to the pool. Possible values are DEEP_ARCHIVE or GLACIER.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_storagegateway_upload_buffer: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway upload buffer + name: aws_storagegateway_upload_buffer + titleName: aws_storagegateway_upload_buffer + examples: + - manifest: |- + { + "disk_path": "${data.aws_storagegateway_local_disk.test.disk_path}", + "gateway_arn": "${aws_storagegateway_gateway.test.arn}" + } + references: + disk_path: data.disk_path + gateway_arn: aws_storagegateway_gateway.arn + - manifest: |- + { + "disk_id": "${data.aws_storagegateway_local_disk.example.id}", + "gateway_arn": "${aws_storagegateway_gateway.example.arn}" + } + references: + disk_id: data.id + gateway_arn: aws_storagegateway_gateway.arn + argumentDocs: + disk_id: '- (Optional) Local disk identifier. For example, pci-0000:03:00.0-scsi-0:0:0:0.' + disk_path: '- (Optional) Local disk path. For example, /dev/nvme1n1.' + gateway_arn: '- (Required) The Amazon Resource Name (ARN) of the gateway.' + id: '- Combined gateway Amazon Resource Name (ARN) and local disk identifier.' + aws_storagegateway_working_storage: + subCategory: Storage Gateway + description: Manages an AWS Storage Gateway working storage + name: aws_storagegateway_working_storage + titleName: aws_storagegateway_working_storage + examples: + - manifest: |- + { + "disk_id": "${data.aws_storagegateway_local_disk.example.id}", + "gateway_arn": "${aws_storagegateway_gateway.example.arn}" + } + references: + disk_id: data.id + gateway_arn: aws_storagegateway_gateway.arn + argumentDocs: + disk_id: '- (Required) Local disk identifier. For example, pci-0000:03:00.0-scsi-0:0:0:0.' + gateway_arn: '- (Required) The Amazon Resource Name (ARN) of the gateway.' + id: '- Combined gateway Amazon Resource Name (ARN) and local disk identifier.' + aws_subnet: + subCategory: VPC + description: Provides an VPC subnet resource. + name: aws_subnet + titleName: aws_subnet + examples: + - manifest: |- + { + "cidr_block": "10.0.1.0/24", + "tags": { + "Name": "Main" + }, + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "cidr_block": "172.2.0.0/24", + "vpc_id": "${aws_vpc_ipv4_cidr_block_association.secondary_cidr.vpc_id}" + } + references: + vpc_id: aws_vpc_ipv4_cidr_block_association.vpc_id + argumentDocs: + arn: '- The ARN of the subnet.' + assign_ipv6_address_on_creation: |- + - (Optional) Specify true to indicate + that network interfaces created in the specified subnet should be + assigned an IPv6 address. Default is false + availability_zone: '- (Optional) The AZ for the subnet.' + availability_zone_id: '- (Optional) The AZ ID of the subnet.' + cidr_block: '- (Required) The CIDR block for the subnet.' + create: '- (Default 10m) How long to wait for a subnet to be created.' + customer_owned_ipv4_pool: '- (Optional) The customer owned IPv4 address pool. Typically used with the map_customer_owned_ip_on_launch argument. The outpost_arn argument must be specified when configured.' + delete: '- (Default 20m) How long to retry on DependencyViolation errors during subnet deletion from lingering ENIs left by certain AWS services such as Elastic Load Balancing. NOTE: Lambda ENIs can take up to 45 minutes to delete, which is not affected by changing this customizable timeout (in version 2.31.0 and later of the Terraform AWS Provider) unless it is increased above 45 minutes.' + id: '- The ID of the subnet' + ipv6_cidr_block: |- + - (Optional) The IPv6 network range for the subnet, + in CIDR notation. The subnet size must use a /64 prefix length. + ipv6_cidr_block_association_id: '- The association ID for the IPv6 CIDR block.' + map_customer_owned_ip_on_launch: '- (Optional) Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The customer_owned_ipv4_pool and outpost_arn arguments must be specified when set to true. Default is false.' + map_public_ip_on_launch: |- + - (Optional) Specify true to indicate + that instances launched into the subnet should be assigned + a public IP address. Default is false. + outpost_arn: '- (Optional) The Amazon Resource Name (ARN) of the Outpost.' + owner_id: '- The ID of the AWS account that owns the subnet.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Required) The VPC ID.' + aws_swf_domain: + subCategory: SWF + description: Provides an SWF Domain resource + name: aws_swf_domain + titleName: aws_swf_domain + examples: + - manifest: |- + { + "description": "Terraform SWF Domain", + "name": "foo", + "workflow_execution_retention_period_in_days": 30 + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + description: '- (Optional, Forces new resource) The domain description.' + id: '- The name of the domain.' + name: '- (Optional, Forces new resource) The name of the domain. If omitted, Terraform will assign a random, unique name.' + name_prefix: '- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with name.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + workflow_execution_retention_period_in_days: '- (Required, Forces new resource) Length of time that SWF will continue to retain information about the workflow execution after the workflow execution is complete, must be between 0 and 90 days.' + aws_synthetics_canary: + subCategory: Synthetics + description: Provides a Synthetics Canary resource + name: aws_synthetics_canary + titleName: aws_synthetics_canary + examples: + - manifest: |- + { + "artifact_s3_location": "s3://some-bucket/", + "execution_role_arn": "some-role", + "handler": "exports.handler", + "name": "some-canary", + "runtime_version": "syn-1.0", + "schedule": [ + { + "expression": "rate(0 minute)" + } + ], + "zip_file": "test-fixtures/lambdatest.zip" + } + argumentDocs: + active_tracing: '- (Optional) Whether this canary is to use active AWS X-Ray tracing when it runs. You can enable active tracing only for canaries that use version syn-nodejs-2.0 or later for their canary runtime.' + arn: '- Amazon Resource Name (ARN) of the Canary.' + artifact_s3_location: '- (Required) Location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary.' + created: '- Date and time the canary was created.' + duration_in_seconds: '- (Optional) Duration in seconds, for the canary to continue making regular runs according to the schedule in the Expression value.' + engine_arn: '- ARN of the Lambda function that is used as your canary''s engine.' + execution_role_arn: '- (Required) ARN of the IAM role to be used to run the canary. see AWS Docs for permissions needs for IAM Role.' + expression: '- (Required) Rate expression that defines how often the canary is to run. The syntax is rate(number unit). unit can be minute, minutes, or hour.' + failure_retention_period: '- (Optional) Number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.' + handler: '- (Required) Entry point to use for the source code when running the canary. This value must end with the string .handler .' + id: '- Name for this canary.' + last_modified: '- Date and time the canary was most recently modified.' + last_started: '- Date and time that the canary''s most recent run started.' + last_stopped: '- Date and time that the canary''s most recent run ended.' + memory_in_mb: '- (Optional) Maximum amount of memory available to the canary while it is running, in MB. The value you specify must be a multiple of 64.' + name: '- (Required) Name for this canary. Has a maximum length of 21 characters. Valid characters are lowercase alphanumeric, hyphen, or underscore.' + run_config: '- (Optional) Configuration block for individual canary runs. Detailed below.' + runtime_version: '- (Required) Runtime version to use for the canary. Versions change often so consult the Amazon CloudWatch documentation for the latest valid versions. Values include syn-python-selenium-1.0, syn-nodejs-puppeteer-3.0, syn-nodejs-2.2, syn-nodejs-2.1, syn-nodejs-2.0, and syn-1.0.' + s3_bucket: ', s3_key, and s3_version.' + s3_key: '- (Optional) S3 key of your script. Conflicts with' + s3_version: '- (Optional) S3 version ID of your script. Conflicts with' + schedule: '- (Required) Configuration block providing how often the canary is to run and when these test runs are to stop. Detailed below.' + security_group_ids: '- (Required) IDs of the security groups for this canary.' + source_location_arn: '- ARN of the Lambda layer where Synthetics stores the canary script code.' + start_canary: '- (Optional) Whether to run or stop the canary.' + status: '- Canary status.' + subnet_ids: '- (Required) IDs of the subnets where this canary is to run.' + success_retention_period: '- (Optional) Number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + timeline: '- Structure that contains information about when the canary was created, modified, and most recently run. see Timeline.' + timeout_in_seconds: '- (Optional) Number of seconds the canary is allowed to run before it must stop. If you omit this field, the frequency of the canary is used, up to a maximum of 840 (14 minutes).' + vpc_config: '- (Optional) Configuration block. Detailed below.' + vpc_id: '- ID of the VPC where this canary is to run.' + zip_file: '- (Optional) ZIP file that contains the script, if you input your canary script directly into the canary instead of referring to an S3 location. It can be up to 5 MB. Conflicts with' + aws_timestreamwrite_database: + subCategory: Timestream Write + description: Provides a Timestream database resource. + name: aws_timestreamwrite_database + titleName: aws_timestreamwrite_database + examples: + - manifest: |- + { + "database_name": "database-example" + } + - manifest: |- + { + "database_name": "database-example", + "kms_key_id": "${aws_kms_key.example.arn}", + "tags": { + "Name": "value" + } + } + references: + kms_key_id: aws_kms_key.arn + argumentDocs: + arn: '- The ARN that uniquely identifies this database.' + database_name: – (Required) The name of the Timestream database. Minimum length of 3. Maximum length of 64. + id: '- The name of the Timestream database.' + kms_key_id: '- The ARN of the KMS key used to encrypt the data stored in the database.' + table_count: '- The total number of tables found within the Timestream database.' + tags: '- (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_timestreamwrite_table: + subCategory: Timestream Write + description: Provides a Timestream table resource. + name: aws_timestreamwrite_table + titleName: aws_timestreamwrite_table + examples: + - manifest: |- + { + "database_name": "${aws_timestreamwrite_database.example.database_name}", + "table_name": "example" + } + references: + database_name: aws_timestreamwrite_database.database_name + - manifest: |- + { + "database_name": "${aws_timestreamwrite_database.example.database_name}", + "retention_properties": [ + { + "magnetic_store_retention_period_in_days": 30, + "memory_store_retention_period_in_hours": 8 + } + ], + "table_name": "example", + "tags": { + "Name": "example-timestream-table" + } + } + references: + database_name: aws_timestreamwrite_database.database_name + argumentDocs: + arn: '- The ARN that uniquely identifies this table.' + database_name: – (Required) The name of the Timestream database. + id: '- The table_name and database_name separated by a colon (:).' + magnetic_store_retention_period_in_days: '- (Required) The duration for which data must be stored in the magnetic store. Minimum value of 1. Maximum value of 73000.' + memory_store_retention_period_in_hours: '- (Required) The duration for which data must be stored in the memory store. Minimum value of 1. Maximum value of 8766.' + retention_properties: '- (Optional) The retention duration for the memory store and magnetic store. See Retention Properties below for more details. If not provided, magnetic_store_retention_period_in_days default to 73000 and memory_store_retention_period_in_hours defaults to 6.' + table_name: '- (Required) The name of the Timestream table.' + tags: '- (Optional) Map of tags to assign to this resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_transfer_server: + subCategory: Transfer + description: Provides a AWS Transfer Server resource. + name: aws_transfer_server + titleName: aws_transfer_server + examples: + - manifest: |- + { + "tags": { + "Name": "Example" + } + } + - manifest: |- + { + "security_policy_name": "TransferSecurityPolicy-2020-06" + } + - manifest: |- + { + "endpoint_details": [ + { + "address_allocation_ids": [ + "${aws_eip.example.id}" + ], + "subnet_ids": [ + "${aws_subnet.example.id}" + ], + "vpc_id": "${aws_vpc.example.id}" + } + ], + "endpoint_type": "VPC" + } + - manifest: |- + { + "certificate": "${aws_acm_certificate.example.arn}", + "endpoint_details": [ + { + "subnet_ids": [ + "${aws_subnet.example.id}" + ], + "vpc_id": "${aws_vpc.example.id}" + } + ], + "endpoint_type": "VPC", + "identity_provider_type": "API_GATEWAY", + "protocols": [ + "FTP", + "FTPS" + ], + "url": "${aws_api_gateway_deployment.example.invoke_url}${aws_api_gateway_resource.example.path}" + } + references: + certificate: aws_acm_certificate.arn + argumentDocs: + FTP: ': Unencrypted file transfer' + FTPS: ': File transfer with TLS encryption' + SFTP: ': File transfer over SSH' + address_allocation_ids: '- (Optional) A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server''s endpoint. This property can only be used when endpoint_type is set to VPC.' + arn: '- Amazon Resource Name (ARN) of Transfer Server' + certificate: '- (Optional) The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when protocols is set to FTPS' + domain: '- (Optional) The domain of the storage system that is used for file transfers. Valid values are: S3 and EFS. The default value is S3.' + endpoint: '- The endpoint of the Transfer Server (e.g. s-12345678.server.transfer.REGION.amazonaws.com)' + endpoint_details: '- (Optional) The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.' + endpoint_type: '- (Optional) The type of endpoint that you want your SFTP server connect to. If you connect to a VPC (or VPC_ENDPOINT), your SFTP server isn''t accessible over the public internet. If you want to connect your SFTP server via public internet, set PUBLIC. Defaults to PUBLIC.' + force_destroy: '- (Optional) A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is false. This option only applies to servers configured with a SERVICE_MANAGED identity_provider_type.' + host_key: '- (Optional) RSA private key (e.g. as generated by the ssh-keygen -N "" -m PEM -f my-new-server-key command).' + host_key_fingerprint: '- This value contains the message-digest algorithm (MD5) hash of the server''s host key. This value is equivalent to the output of the ssh-keygen -l -E md5 -f my-new-server-key command.' + id: '- The Server ID of the Transfer Server (e.g. s-12345678)' + identity_provider_type: '- (Optional) The mode of authentication enabled for this service. The default value is SERVICE_MANAGED, which allows you to store and access SFTP user credentials within the service. API_GATEWAY indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.' + invocation_role: '- (Optional) Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.' + logging_role: '- (Optional) Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.' + protocols: '- (Optional) Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server''s endpoint. This defaults to SFTP . The available protocols are:' + security_group_ids: '- (Optional) A list of security groups IDs that are available to attach to your server''s endpoint. If no security groups are specified, the VPC''s default security groups are automatically assigned to your endpoint. This property can only be used when endpoint_type is set to VPC.' + security_policy_name: '- (Optional) Specifies the name of the security policy that is attached to the server. Possible values are TransferSecurityPolicy-2018-11, TransferSecurityPolicy-2020-06, and TransferSecurityPolicy-FIPS-2020-06. Default value is: TransferSecurityPolicy-2018-11.' + subnet_ids: '- (Optional) A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when endpoint_type is set to VPC.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + url: '- (Optional) - URL of the service endpoint used to authenticate users with an identity_provider_type of API_GATEWAY.' + vpc_endpoint_id: '- (Optional) The ID of the VPC endpoint. This property can only be used when endpoint_type is set to VPC_ENDPOINT' + vpc_id: '- (Optional) The VPC ID of the virtual private cloud in which the SFTP server''s endpoint will be hosted. This property can only be used when endpoint_type is set to VPC.' + aws_transfer_ssh_key: + subCategory: Transfer + description: Provides a AWS Transfer SSH Public Key resource. + name: aws_transfer_ssh_key + titleName: aws_transfer_ssh_key + examples: + - manifest: |- + { + "body": "... SSH key ...", + "server_id": "${aws_transfer_server.example.id}", + "user_name": "${aws_transfer_user.example.user_name}" + } + references: + server_id: aws_transfer_server.id + user_name: aws_transfer_user.user_name + argumentDocs: + body: '- (Requirement) The public key portion of an SSH key pair.' + server_id: '- (Requirement) The Server ID of the Transfer Server (e.g. s-12345678)' + user_name: '- (Requirement) The name of the user account that is assigned to one or more servers.' + aws_transfer_user: + subCategory: Transfer + description: Provides a AWS Transfer User resource. + name: aws_transfer_user + titleName: aws_transfer_user + examples: + - manifest: |- + { + "home_directory_mappings": [ + { + "entry": "/test.pdf", + "target": "/bucket3/test-path/tftestuser.pdf" + } + ], + "home_directory_type": "LOGICAL", + "role": "${aws_iam_role.foo.arn}", + "server_id": "${aws_transfer_server.foo.id}", + "user_name": "tftestuser" + } + references: + role: aws_iam_role.arn + server_id: aws_transfer_server.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of Transfer User' + entry: '- (Required) Represents an entry and a target.' + gid: '- (Required) The POSIX group ID used for all EFS operations by this user.' + home_directory: '- (Optional) The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a /. The first item in the path is the name of the home bucket (accessible as ${Transfer:HomeBucket} in the policy) and the rest is the home directory (accessible as ${Transfer:HomeDirectory} in the policy). For example, /example-bucket-1234/username would set the home bucket to example-bucket-1234 and the home directory to username.' + home_directory_mappings: '- (Optional) Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.' + home_directory_type: '- (Optional) The type of landing directory (folder) you mapped for your users'' home directory. Valid values are PATH and LOGICAL.' + policy: '- (Optional) An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include ${Transfer:UserName}, ${Transfer:HomeDirectory}, and ${Transfer:HomeBucket}. Since the IAM variable syntax matches Terraform''s interpolation syntax, they must be escaped inside Terraform configuration strings ($${Transfer:UserName}). These are evaluated on-the-fly when navigating the bucket.' + posix_profile: '- (Optional) Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users'' access to your Amazon EFS file systems. See Posix Profile below.' + role: '- (Required) Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.' + secondary_gids: '- (Optional) The secondary POSIX group IDs used for all EFS operations by this user.' + server_id: '- (Required) The Server ID of the Transfer Server (e.g. s-12345678)' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + target: '- (Required) Represents the map target.' + uid: '- (Required) The POSIX user ID used for all EFS operations by this user.' + user_name: '- (Required) The name used for log in to your SFTP server.' + aws_volume_attachment: + subCategory: EC2 + description: Provides an AWS EBS Volume Attachment + name: aws_volume_attachment + titleName: aws_volume_attachment + examples: + - manifest: |- + { + "device_name": "/dev/sdh", + "instance_id": "${aws_instance.web.id}", + "volume_id": "${aws_ebs_volume.example.id}" + } + references: + instance_id: aws_instance.id + volume_id: aws_ebs_volume.id + argumentDocs: + device_name: '- The device name exposed to the instance' + force_detach: |- + - (Optional, Boolean) Set to true if you want to force the + volume to detach. Useful if previous attempts failed, but use this option only + as a last resort, as this can result in data loss. See + Detaching an Amazon EBS Volume from an Instance for more information. + instance_id: '- ID of the Instance' + skip_destroy: |- + - (Optional, Boolean) Set this to true if you do not wish + to detach the volume from the instance to which it is attached at destroy + time, and instead just remove the attachment from Terraform state. This is + useful when destroying an instance which has volumes created by some other + means attached. + volume_id: '- ID of the Volume' + aws_vpc: + subCategory: VPC + description: Provides a VPC resource. + name: aws_vpc + titleName: aws_vpc + examples: + - manifest: |- + { + "cidr_block": "10.0.0.0/16" + } + - manifest: |- + { + "cidr_block": "10.0.0.0/16", + "instance_tenancy": "default", + "tags": { + "Name": "main" + } + } + argumentDocs: + arn: '- Amazon Resource Name (ARN) of VPC' + assign_generated_ipv6_cidr_block: |- + - (Optional) Requests an Amazon-provided IPv6 CIDR + block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or + the size of the CIDR block. Default is false. + cidr_block: '- The CIDR block of the VPC' + default_network_acl_id: '- The ID of the network ACL created by default on VPC creation' + default_route_table_id: '- The ID of the route table created by default on VPC creation' + default_security_group_id: '- The ID of the security group created by default on VPC creation' + enable_classiclink: '- Whether or not the VPC has Classiclink enabled' + enable_classiclink_dns_support: |- + - (Optional) A boolean flag to enable/disable ClassicLink DNS Support for the VPC. + Only valid in regions and accounts that support EC2 Classic. + enable_dns_hostnames: '- Whether or not the VPC has DNS hostname support' + enable_dns_support: '- Whether or not the VPC has DNS support' + id: '- The ID of the VPC' + instance_tenancy: '- Tenancy of instances spin up within VPC.' + ipv6_association_id: '- The association ID for the IPv6 CIDR block.' + ipv6_cidr_block: '- The IPv6 CIDR block.' + main_route_table_id: |- + - The ID of the main route table associated with + this VPC. Note that you can change a VPC's main route table by using an + aws_main_route_table_association. + owner_id: '- The ID of the AWS account that owns the VPC.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_vpc_dhcp_options: + subCategory: VPC + description: Provides a VPC DHCP Options resource. + name: aws_vpc_dhcp_options + titleName: aws_vpc_dhcp_options + examples: + - manifest: |- + { + "domain_name_servers": [ + "8.8.8.8", + "8.8.4.4" + ] + } + - manifest: |- + { + "domain_name": "service.consul", + "domain_name_servers": [ + "127.0.0.1", + "10.0.0.2" + ], + "netbios_name_servers": [ + "127.0.0.1" + ], + "netbios_node_type": 2, + "ntp_servers": [ + "127.0.0.1" + ], + "tags": { + "Name": "foo-name" + } + } + argumentDocs: + arn: '- The ARN of the DHCP Options Set.' + default: DHCP Option Set. + domain_name: '- (Optional) the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the search value in the /etc/resolv.conf file.' + domain_name_servers: to AmazonProvidedDNS. + id: '- The ID of the DHCP Options Set.' + netbios_name_servers: '- (Optional) List of NETBIOS name servers.' + netbios_node_type: '- (Optional) The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132.' + ntp_servers: '- (Optional) List of NTP servers to configure.' + owner_id: '- The ID of the AWS account that owns the DHCP options set.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_vpc_dhcp_options_association: + subCategory: VPC + description: Provides a VPC DHCP Options Association resource. + name: aws_vpc_dhcp_options_association + titleName: aws_vpc_dhcp_options_association + examples: + - manifest: |- + { + "dhcp_options_id": "${aws_vpc_dhcp_options.foo.id}", + "vpc_id": "${aws_vpc.foo.id}" + } + references: + dhcp_options_id: aws_vpc_dhcp_options.id + vpc_id: aws_vpc.id + argumentDocs: + default: DHCP Options Set to the VPC. + dhcp_options_id: '- (Required) The ID of the DHCP Options Set to associate to the VPC.' + id: '- The ID of the DHCP Options Set Association.' + vpc_id: '- (Required) The ID of the VPC to which we would like to associate a DHCP Options Set.' + aws_vpc_endpoint: + subCategory: VPC + description: Provides a VPC Endpoint resource. + name: aws_vpc_endpoint + titleName: aws_vpc_endpoint + examples: + - manifest: |- + { + "service_name": "com.amazonaws.us-west-2.s3", + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "service_name": "com.amazonaws.us-west-2.s3", + "tags": { + "Environment": "test" + }, + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "private_dns_enabled": true, + "security_group_ids": [ + "${aws_security_group.sg1.id}" + ], + "service_name": "com.amazonaws.us-west-2.ec2", + "vpc_endpoint_type": "Interface", + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + - manifest: |- + { + "service_name": "${aws_vpc_endpoint_service.example.service_name}", + "subnet_ids": [ + "${aws_subnet.example.id}" + ], + "vpc_endpoint_type": "${aws_vpc_endpoint_service.example.service_type}", + "vpc_id": "${aws_vpc.example.id}" + } + references: + service_name: aws_vpc_endpoint_service.service_name + vpc_endpoint_type: aws_vpc_endpoint_service.service_type + vpc_id: aws_vpc.id + - manifest: |- + { + "private_dns_enabled": false, + "security_group_ids": [ + "${aws_security_group.ptfe_service.id}" + ], + "service_name": "${var.ptfe_service}", + "subnet_ids": [ + "${local.subnet_ids}" + ], + "vpc_endpoint_type": "Interface", + "vpc_id": "${var.vpc_id}" + } + references: + service_name: var.ptfe_service + vpc_id: var.vpc_id + argumentDocs: + arn: '- The Amazon Resource Name (ARN) of the VPC endpoint.' + auto_accept: '- (Optional) Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).' + cidr_blocks: '- The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.' + create: '- (Default 10 minutes) Used for creating a VPC endpoint' + delete: '- (Default 10 minutes) Used for destroying VPC endpoints' + dns_entry: '- The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.' + dns_name: '- The DNS name.' + hosted_zone_id: '- The ID of the private hosted zone.' + id: '- The ID of the VPC endpoint.' + network_interface_ids: '- One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.' + owner_id: '- The ID of the AWS account that owns the VPC endpoint.' + policy: '- (Optional) A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.' + prefix_list_id: '- The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.' + private_dns_enabled: |- + - (Optional; AWS services and AWS Marketplace partner services only) Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. + Defaults to false. + requester_managed: '- Whether or not the VPC Endpoint is being managed by its service - true or false.' + route_table_ids: '- (Optional) One or more route table IDs. Applicable for endpoints of type Gateway.' + security_group_ids: '- (Optional) The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.' + service_name: '- (Required) The service name. For AWS services the service name is usually in the form com.amazonaws.. (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker..notebook).' + state: '- The state of the VPC endpoint.' + subnet_ids: '- (Optional) The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10 minutes) Used for VPC endpoint modifications' + vpc_endpoint_type: '- (Optional) The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.' + vpc_id: '- (Required) The ID of the VPC in which the endpoint will be used.' + aws_vpc_endpoint_connection_notification: + subCategory: VPC + description: Provides a VPC Endpoint connection notification resource. + name: aws_vpc_endpoint_connection_notification + titleName: aws_vpc_endpoint_connection_notification + examples: + - manifest: |- + { + "connection_events": [ + "Accept", + "Reject" + ], + "connection_notification_arn": "${aws_sns_topic.topic.arn}", + "vpc_endpoint_service_id": "${aws_vpc_endpoint_service.foo.id}" + } + references: + connection_notification_arn: aws_sns_topic.arn + vpc_endpoint_service_id: aws_vpc_endpoint_service.id + argumentDocs: + connection_events: '- (Required) One or more endpoint events for which to receive notifications.' + connection_notification_arn: '- (Required) The ARN of the SNS topic for the notifications.' + id: '- The ID of the VPC connection notification.' + notification_type: '- The type of notification.' + state: '- The state of the notification.' + vpc_endpoint_id: '- (Optional) The ID of the VPC Endpoint to receive notifications for.' + vpc_endpoint_service_id: '- (Optional) The ID of the VPC Endpoint Service to receive notifications for.' + aws_vpc_endpoint_route_table_association: + subCategory: VPC + description: Manages a VPC Endpoint Route Table Association + name: aws_vpc_endpoint_route_table_association + titleName: aws_vpc_endpoint_route_table_association + examples: + - manifest: |- + { + "route_table_id": "${aws_route_table.example.id}", + "vpc_endpoint_id": "${aws_vpc_endpoint.example.id}" + } + references: + route_table_id: aws_route_table.id + vpc_endpoint_id: aws_vpc_endpoint.id + argumentDocs: + id: '- A hash of the EC2 Route Table and VPC Endpoint identifiers.' + route_table_id: '- (Required) Identifier of the EC2 Route Table to be associated with the VPC Endpoint.' + vpc_endpoint_id: '- (Required) Identifier of the VPC Endpoint with which the EC2 Route Table will be associated.' + aws_vpc_endpoint_service: + subCategory: VPC + description: Provides a VPC Endpoint Service resource. + name: aws_vpc_endpoint_service + titleName: aws_vpc_endpoint_service + examples: + - manifest: |- + { + "acceptance_required": false, + "network_load_balancer_arns": [ + "${aws_lb.example.arn}" + ] + } + - manifest: |- + { + "acceptance_required": false, + "gateway_load_balancer_arns": [ + "${aws_lb.example.arn}" + ] + } + argumentDocs: + acceptance_required: '- (Required) Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - true or false.' + allowed_principals: '- (Optional) The ARNs of one or more principals allowed to discover the endpoint service.' + arn: '- The Amazon Resource Name (ARN) of the VPC endpoint service.' + availability_zones: '- The Availability Zones in which the service is available.' + base_endpoint_dns_names: '- The DNS names for the service.' + gateway_load_balancer_arns: '- (Optional) Amazon Resource Names (ARNs) of one or more Gateway Load Balancers for the endpoint service.' + id: '- The ID of the VPC endpoint service.' + manages_vpc_endpoints: '- Whether or not the service manages its VPC endpoints - true or false.' + name: '- Name of the record subdomain the service provider needs to create.' + network_load_balancer_arns: '- (Optional) Amazon Resource Names (ARNs) of one or more Network Load Balancers for the endpoint service.' + private_dns_name: '- (Optional) The private DNS name for the service.' + private_dns_name_configuration: '- List of objects containing information about the endpoint service private DNS name configuration.' + service_name: '- The service name.' + service_type: '- The service type, Gateway or Interface.' + state: '- Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is verified.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- Endpoint service verification type, for example TXT.' + value: '- Value the service provider adds to the private DNS name domain record before verification.' + aws_vpc_endpoint_service_allowed_principal: + subCategory: VPC + description: Provides a resource to allow a principal to discover a VPC endpoint service. + name: aws_vpc_endpoint_service_allowed_principal + titleName: aws_vpc_endpoint_service_allowed_principal + examples: + - manifest: |- + { + "principal_arn": "${data.aws_caller_identity.current.arn}", + "vpc_endpoint_service_id": "${aws_vpc_endpoint_service.foo.id}" + } + references: + principal_arn: data.arn + vpc_endpoint_service_id: aws_vpc_endpoint_service.id + argumentDocs: + id: '- The ID of the association.' + principal_arn: '- (Required) The ARN of the principal to allow permissions.' + vpc_endpoint_service_id: '- (Required) The ID of the VPC endpoint service to allow permission.' + aws_vpc_endpoint_subnet_association: + subCategory: VPC + description: Provides a resource to create an association between a VPC endpoint and a subnet. + name: aws_vpc_endpoint_subnet_association + titleName: aws_vpc_endpoint_subnet_association + examples: + - manifest: |- + { + "subnet_id": "${aws_subnet.sn.id}", + "vpc_endpoint_id": "${aws_vpc_endpoint.ec2.id}" + } + references: + subnet_id: aws_subnet.id + vpc_endpoint_id: aws_vpc_endpoint.id + argumentDocs: + create: '- (Default 10 minutes) Used for creating the association' + delete: '- (Default 10 minutes) Used for destroying the association' + id: '- The ID of the association.' + subnet_id: '- (Required) The ID of the subnet to be associated with the VPC endpoint.' + vpc_endpoint_id: '- (Required) The ID of the VPC endpoint with which the subnet will be associated.' + aws_vpc_ipv4_cidr_block_association: + subCategory: VPC + description: Associate additional IPv4 CIDR blocks with a VPC + name: aws_vpc_ipv4_cidr_block_association + titleName: aws_vpc_ipv4_cidr_block_association + examples: + - manifest: |- + { + "cidr_block": "172.2.0.0/16", + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + cidr_block: '- (Required) The additional IPv4 CIDR block to associate with the VPC.' + create: '- (Default 10 minutes) Used for creating the association' + delete: '- (Default 10 minutes) Used for destroying the association' + id: '- The ID of the VPC CIDR association' + vpc_id: '- (Required) The ID of the VPC to make the association with.' + aws_vpc_peering_connection: + subCategory: VPC + description: Provides a resource to manage a VPC peering connection. + name: aws_vpc_peering_connection + titleName: aws_vpc_peering_connection + examples: + - manifest: |- + { + "peer_owner_id": "${var.peer_owner_id}", + "peer_vpc_id": "${aws_vpc.bar.id}", + "vpc_id": "${aws_vpc.foo.id}" + } + references: + peer_owner_id: var.peer_owner_id + peer_vpc_id: aws_vpc.id + vpc_id: aws_vpc.id + - manifest: |- + { + "accepter": [ + { + "allow_remote_vpc_dns_resolution": true + } + ], + "peer_owner_id": "${var.peer_owner_id}", + "peer_vpc_id": "${aws_vpc.bar.id}", + "requester": [ + { + "allow_remote_vpc_dns_resolution": true + } + ], + "vpc_id": "${aws_vpc.foo.id}" + } + references: + peer_owner_id: var.peer_owner_id + peer_vpc_id: aws_vpc.id + vpc_id: aws_vpc.id + - manifest: |- + { + "auto_accept": true, + "peer_owner_id": "${var.peer_owner_id}", + "peer_vpc_id": "${aws_vpc.bar.id}", + "tags": { + "Name": "VPC Peering between foo and bar" + }, + "vpc_id": "${aws_vpc.foo.id}" + } + references: + peer_owner_id: var.peer_owner_id + peer_vpc_id: aws_vpc.id + vpc_id: aws_vpc.id + - manifest: |- + { + "peer_owner_id": "${var.peer_owner_id}", + "peer_region": "us-east-1", + "peer_vpc_id": "${aws_vpc.bar.id}", + "vpc_id": "${aws_vpc.foo.id}" + } + references: + peer_owner_id: var.peer_owner_id + peer_vpc_id: aws_vpc.id + vpc_id: aws_vpc.id + argumentDocs: + accept_status: '- The status of the VPC Peering Connection request.' + accepter: |- + (Optional) - An optional configuration block that allows for VPC Peering Connection options to be set for the VPC that accepts + the peering connection (a maximum of one). + allow_classic_link_to_remote_vpc: |- + - (Optional) Allow a local linked EC2-Classic instance to communicate + with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection + to the remote VPC. + allow_remote_vpc_dns_resolution: |- + - (Optional) Allow a local VPC to resolve public DNS hostnames to + private IP addresses when queried from instances in the peer VPC. This is + not supported for + inter-region VPC peering. + allow_vpc_to_remote_classic_link: |- + - (Optional) Allow a local VPC to communicate with a linked EC2-Classic + instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink + connection. + auto_accept: '- (Optional) Accept the peering (both VPCs need to be in the same AWS account).' + create: '- (Default 1 minute) Used for creating a peering connection' + delete: '- (Default 1 minute) Used for destroying peering connections' + id: '- The ID of the VPC Peering Connection.' + peer_owner_id: |- + - (Optional) The AWS account ID of the owner of the peer VPC. + Defaults to the account ID the AWS provider is currently connected to. + peer_region: |- + - (Optional) The region of the accepter VPC of the VPC Peering Connection. auto_accept must be false, + and use the aws_vpc_peering_connection_accepter to manage the accepter side. + peer_vpc_id: '- (Required) The ID of the VPC with which you are creating the VPC Peering Connection.' + requester: |- + (Optional) - A optional configuration block that allows for VPC Peering Connection options to be set for the VPC that requests + the peering connection (a maximum of one). + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 1 minute) Used for peering connection modifications' + vpc_id: '- (Required) The ID of the requester VPC.' + aws_vpc_peering_connection_accepter: + subCategory: VPC + description: Manage the accepter's side of a VPC Peering Connection. + name: aws_vpc_peering_connection_accepter + titleName: aws_vpc_peering_connection_accepter + examples: + - manifest: |- + { + "auto_accept": true, + "provider": "${aws.peer}", + "tags": { + "Side": "Accepter" + }, + "vpc_peering_connection_id": "${aws_vpc_peering_connection.peer.id}" + } + references: + provider: aws.peer + vpc_peering_connection_id: aws_vpc_peering_connection.id + - manifest: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${auto_accept}" + ] + } + ] + } + argumentDocs: + accept_status: '- The status of the VPC Peering Connection request.' + accepter: |- + - A configuration block that describes [VPC Peering Connection] + (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the accepter VPC. + allow_classic_link_to_remote_vpc: |- + - Indicates whether a local ClassicLink connection can communicate + with the peer VPC over the VPC Peering Connection. + allow_remote_vpc_dns_resolution: |- + - Indicates whether a local VPC can resolve public DNS hostnames to + private IP addresses when queried from instances in a peer VPC. + allow_vpc_to_remote_classic_link: |- + - Indicates whether a local VPC can communicate with a ClassicLink + connection in the peer VPC over the VPC Peering Connection. + auto_accept: '- (Optional) Whether or not to accept the peering request. Defaults to false.' + id: '- The ID of the VPC Peering Connection.' + peer_owner_id: '- The AWS account ID of the owner of the requester VPC.' + peer_region: '- The region of the accepter VPC.' + peer_vpc_id: '- The ID of the requester VPC.' + requester: |- + - A configuration block that describes [VPC Peering Connection] + (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the requester VPC. + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- The ID of the accepter VPC.' + vpc_peering_connection_id: '- (Required) The VPC Peering Connection ID to manage.' + aws_vpc_peering_connection_options: + subCategory: VPC + description: Provides a resource to manage VPC peering connection options. + name: aws_vpc_peering_connection_options + titleName: aws_vpc_peering_connection_options + examples: + - manifest: |- + { + "accepter": [ + { + "allow_remote_vpc_dns_resolution": true + } + ], + "requester": [ + { + "allow_classic_link_to_remote_vpc": true, + "allow_vpc_to_remote_classic_link": true + } + ], + "vpc_peering_connection_id": "${aws_vpc_peering_connection.foo.id}" + } + references: + vpc_peering_connection_id: aws_vpc_peering_connection.id + - manifest: |- + { + "provider": "${aws.requester}", + "requester": [ + { + "allow_remote_vpc_dns_resolution": true + } + ], + "vpc_peering_connection_id": "${aws_vpc_peering_connection_accepter.peer.id}" + } + references: + provider: aws.requester + vpc_peering_connection_id: aws_vpc_peering_connection_accepter.id + - manifest: |- + { + "accepter": [ + { + "allow_remote_vpc_dns_resolution": true + } + ], + "provider": "${aws.accepter}", + "vpc_peering_connection_id": "${aws_vpc_peering_connection_accepter.peer.id}" + } + references: + provider: aws.accepter + vpc_peering_connection_id: aws_vpc_peering_connection_accepter.id + argumentDocs: + accepter: |- + (Optional) - An optional configuration block that allows for [VPC Peering Connection] + (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts + the peering connection (a maximum of one). + allow_classic_link_to_remote_vpc: |- + - (Optional) Allow a local linked EC2-Classic instance to communicate + with instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection + to the remote VPC. This option is not supported for inter-region VPC peering. + allow_remote_vpc_dns_resolution: |- + - (Optional) Allow a local VPC to resolve public DNS hostnames to + private IP addresses when queried from instances in the peer VPC. + allow_vpc_to_remote_classic_link: |- + - (Optional) Allow a local VPC to communicate with a linked EC2-Classic + instance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink + connection. This option is not supported for inter-region VPC peering. + id: '- The ID of the VPC Peering Connection Options.' + requester: |- + (Optional) - A optional configuration block that allows for [VPC Peering Connection] + (https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests + the peering connection (a maximum of one). + vpc_peering_connection_id: '- (Required) The ID of the requester VPC peering connection.' + aws_vpn_connection: + subCategory: VPC + description: Manages an EC2 VPN connection. These objects can be connected to customer gateways, and allow you to establish tunnels between your network and Amazon. + name: aws_vpn_connection + titleName: aws_vpn_connection + examples: + - manifest: |- + { + "customer_gateway_id": "${aws_customer_gateway.example.id}", + "transit_gateway_id": "${aws_ec2_transit_gateway.example.id}", + "type": "${aws_customer_gateway.example.type}" + } + references: + customer_gateway_id: aws_customer_gateway.id + transit_gateway_id: aws_ec2_transit_gateway.id + type: aws_customer_gateway.type + - manifest: |- + { + "customer_gateway_id": "${aws_customer_gateway.customer_gateway.id}", + "static_routes_only": true, + "type": "ipsec.1", + "vpn_gateway_id": "${aws_vpn_gateway.vpn_gateway.id}" + } + references: + customer_gateway_id: aws_customer_gateway.id + vpn_gateway_id: aws_vpn_gateway.id + argumentDocs: + arn: '- Amazon Resource Name (ARN) of the VPN Connection.' + customer_gateway_configuration: '- The configuration information for the VPN connection''s customer gateway (in the native XML format).' + customer_gateway_id: '- The ID of the customer gateway to which the connection is attached.' + enable_acceleration: '- (Optional, Default false) Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.' + id: '- The amazon-assigned ID of the VPN connection.' + local_ipv4_network_cidr: '- (Optional, Default 0.0.0.0/0) The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.' + local_ipv6_network_cidr: '- (Optional, Default ::/0) The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.' + remote_ipv4_network_cidr: '- (Optional, Default 0.0.0.0/0) The IPv4 CIDR on the AWS side of the VPN connection.' + remote_ipv6_network_cidr: '- (Optional, Default ::/0) The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.' + static_routes_only: '- Whether the VPN connection uses static routes exclusively.' + tags: '- (Optional) Tags to apply to the connection. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + transit_gateway_attachment_id: '- When associated with an EC2 Transit Gateway (transit_gateway_id argument), the attachment ID. See also the aws_ec2_tag resource for tagging the EC2 Transit Gateway VPN Attachment.' + transit_gateway_id: '- (Optional) The ID of the EC2 Transit Gateway.' + tunnel_inside_ip_version: '- (Optional, Default ipv4) Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are ipv4 | ipv6. ipv6 Supports only EC2 Transit Gateway.' + tunnel1_address: '- The public IP address of the first VPN tunnel.' + tunnel1_bgp_asn: '- The bgp asn number of the first VPN tunnel.' + tunnel1_bgp_holdtime: '- The bgp holdtime of the first VPN tunnel.' + tunnel1_cgw_inside_address: '- The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).' + tunnel1_dpd_timeout_action: '- (Optional, Default clear) The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.' + tunnel1_dpd_timeout_seconds: '- (Optional, Default 30) The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than 30.' + tunnel1_ike_versions: '- (Optional) The IKE versions that are permitted for the first VPN tunnel. Valid values are ikev1 | ikev2.' + tunnel1_inside_cidr: '- (Optional) The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.' + tunnel1_inside_ipv6_cidr: '- (Optional) The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.' + tunnel1_phase1_dh_group_numbers: '- (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.' + tunnel1_phase1_encryption_algorithms: '- (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.' + tunnel1_phase1_integrity_algorithms: '- (Optional) One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.' + tunnel1_phase1_lifetime_seconds: '- (Optional, Default 28800) The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 28800.' + tunnel1_phase2_dh_group_numbers: '- (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.' + tunnel1_phase2_encryption_algorithms: '- (Optional) List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.' + tunnel1_phase2_integrity_algorithms: '- (Optional) List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.' + tunnel1_phase2_lifetime_seconds: '- (Optional, Default 3600) The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between 900 and 3600.' + tunnel1_preshared_key: '- The preshared key of the first VPN tunnel.' + tunnel1_rekey_fuzz_percentage: '- (Optional, Default 100) The percentage of the rekey window for the first VPN tunnel (determined by tunnel1_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.' + tunnel1_rekey_margin_time_seconds: '- (Optional, Default 540) The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel1_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel1_phase2_lifetime_seconds.' + tunnel1_replay_window_size: '- (Optional, Default 1024) The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between 64 and 2048.' + tunnel1_startup_action: '- (Optional, Default add) The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.' + tunnel1_vgw_inside_address: '- The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).' + tunnel2_address: '- The public IP address of the second VPN tunnel.' + tunnel2_bgp_asn: '- The bgp asn number of the second VPN tunnel.' + tunnel2_bgp_holdtime: '- The bgp holdtime of the second VPN tunnel.' + tunnel2_cgw_inside_address: '- The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).' + tunnel2_dpd_timeout_action: '- (Optional, Default clear) The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are clear | none | restart.' + tunnel2_dpd_timeout_seconds: '- (Optional, Default 30) The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than 30.' + tunnel2_ike_versions: '- (Optional) The IKE versions that are permitted for the second VPN tunnel. Valid values are ikev1 | ikev2.' + tunnel2_inside_cidr: '- (Optional) The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.' + tunnel2_inside_ipv6_cidr: '- (Optional) The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.' + tunnel2_phase1_dh_group_numbers: '- (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.' + tunnel2_phase1_encryption_algorithms: '- (Optional) List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.' + tunnel2_phase1_integrity_algorithms: '- (Optional) One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.' + tunnel2_phase1_lifetime_seconds: '- (Optional, Default 28800) The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 28800.' + tunnel2_phase2_dh_group_numbers: '- (Optional) List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are 2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24.' + tunnel2_phase2_encryption_algorithms: '- (Optional) List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16.' + tunnel2_phase2_integrity_algorithms: '- (Optional) List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are SHA1 | SHA2-256 | SHA2-384 | SHA2-512.' + tunnel2_phase2_lifetime_seconds: '- (Optional, Default 3600) The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between 900 and 3600.' + tunnel2_preshared_key: '- The preshared key of the second VPN tunnel.' + tunnel2_rekey_fuzz_percentage: '- (Optional, Default 100) The percentage of the rekey window for the second VPN tunnel (determined by tunnel2_rekey_margin_time_seconds) during which the rekey time is randomly selected. Valid value is between 0 and 100.' + tunnel2_rekey_margin_time_seconds: '- (Optional, Default 540) The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for tunnel2_rekey_fuzz_percentage. Valid value is between 60 and half of tunnel2_phase2_lifetime_seconds.' + tunnel2_replay_window_size: '- (Optional, Default 1024) The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between 64 and 2048.' + tunnel2_startup_action: '- (Optional, Default add) The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are add | start.' + tunnel2_vgw_inside_address: '- The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).' + type: '- (Required) The type of VPN connection. The only type AWS supports at this time is "ipsec.1".' + vpn_gateway_id: '- The ID of the virtual private gateway to which the connection is attached.' + aws_vpn_connection_route: + subCategory: VPC + description: Provides a static route between a VPN connection and a customer gateway. + name: aws_vpn_connection_route + titleName: aws_vpn_connection_route + examples: + - manifest: |- + { + "destination_cidr_block": "192.168.10.0/24", + "vpn_connection_id": "${aws_vpn_connection.main.id}" + } + references: + vpn_connection_id: aws_vpn_connection.id + argumentDocs: + destination_cidr_block: '- The CIDR block associated with the local subnet of the customer network.' + vpn_connection_id: '- The ID of the VPN connection.' + aws_vpn_gateway: + subCategory: VPC + description: Provides a resource to create a VPC VPN Gateway. + name: aws_vpn_gateway + titleName: aws_vpn_gateway + examples: + - manifest: |- + { + "tags": { + "Name": "main" + }, + "vpc_id": "${aws_vpc.main.id}" + } + references: + vpc_id: aws_vpc.id + argumentDocs: + amazon_side_asn: '- (Optional) The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don''t specify an ASN, the virtual private gateway is created with the default ASN.' + arn: '- Amazon Resource Name (ARN) of the VPN Gateway.' + availability_zone: '- (Optional) The Availability Zone for the virtual private gateway.' + id: '- The ID of the VPN Gateway.' + tags: '- (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + vpc_id: '- (Optional) The VPC ID to create in.' + aws_vpn_gateway_attachment: + subCategory: VPC + description: Provides a Virtual Private Gateway attachment resource. + name: aws_vpn_gateway_attachment + titleName: aws_vpn_gateway_attachment + examples: + - manifest: |- + { + "vpc_id": "${aws_vpc.network.id}", + "vpn_gateway_id": "${aws_vpn_gateway.vpn.id}" + } + references: + vpc_id: aws_vpc.id + vpn_gateway_id: aws_vpn_gateway.id + argumentDocs: + vpc_id: '- The ID of the VPC that Virtual Private Gateway is attached to.' + vpn_gateway_id: '- The ID of the Virtual Private Gateway.' + aws_vpn_gateway_route_propagation: + subCategory: VPC + description: Requests automatic route propagation between a VPN gateway and a route table. + name: aws_vpn_gateway_route_propagation + titleName: aws_vpn_gateway_route_propagation + examples: + - manifest: |- + { + "route_table_id": "${aws_route_table.example.id}", + "vpn_gateway_id": "${aws_vpn_gateway.example.id}" + } + references: + route_table_id: aws_route_table.id + vpn_gateway_id: aws_vpn_gateway.id + argumentDocs: + route_table_id: '- The id of the aws_route_table to propagate routes into.' + vpn_gateway_id: '- The id of the aws_vpn_gateway to propagate routes from.' + aws_waf_byte_match_set: + subCategory: WAF + description: Provides a AWS WAF Byte Match Set resource. + name: aws_waf_byte_match_set + titleName: aws_waf_byte_match_set + examples: + - manifest: |- + { + "byte_match_tuples": [ + { + "field_to_match": [ + { + "data": "referer", + "type": "HEADER" + } + ], + "positional_constraint": "CONTAINS", + "target_string": "badrefer1", + "text_transformation": "NONE" + } + ], + "name": "tf_waf_byte_match_set" + } + argumentDocs: + byte_match_tuples: |- + - Specifies the bytes (typically a string that corresponds + with ASCII characters) that you want to search for in web requests, + the location in requests that you want to search, and other settings. + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) The part of a web request that you want to search, such as a specified header or a query string.' + id: '- The ID of the WAF Byte Match Set.' + name: '- (Required) The name or description of the Byte Match Set.' + positional_constraint: |- + - (Required) Within the portion of a web request that you want to search + (for example, in the query string, if any), specify where you want to search. + e.g. CONTAINS, CONTAINS_WORD or EXACTLY. + See docs + for all supported values. + target_string: |- + - (Optional) The value that you want to search for. e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + If you specify a transformation, AWS WAF performs the transformation on target_string before inspecting a request for a match. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_waf_geo_match_set: + subCategory: WAF + description: Provides a AWS WAF GeoMatchSet resource. + name: aws_waf_geo_match_set + titleName: aws_waf_geo_match_set + examples: + - manifest: |- + { + "geo_match_constraint": [ + { + "type": "Country", + "value": "US" + }, + { + "type": "Country", + "value": "CA" + } + ], + "name": "geo_match_set" + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + geo_match_constraint: '- (Optional) The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.' + id: '- The ID of the WAF GeoMatchSet.' + name: '- (Required) The name or description of the GeoMatchSet.' + type: '- (Required) The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.' + value: |- + - (Required) The country that you want AWS WAF to search for. + This is the two-letter country code, e.g. US, CA, RU, CN, etc. + See docs for all supported values. + aws_waf_ipset: + subCategory: WAF + description: Provides a AWS WAF IPSet resource. + name: aws_waf_ipset + titleName: aws_waf_ipset + examples: + - manifest: |- + { + "ip_set_descriptors": [ + { + "type": "IPV4", + "value": "192.0.7.0/24" + }, + { + "type": "IPV4", + "value": "10.16.16.0/16" + } + ], + "name": "tfIPSet" + } + argumentDocs: + arn: '- The ARN of the WAF IPSet.' + id: '- The ID of the WAF IPSet.' + ip_set_descriptors: '- (Optional) One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.' + name: '- (Required) The name or description of the IPSet.' + type: '- (Required) Type of the IP address - IPV4 or IPV6.' + value: '- (Required) An IPv4 or IPv6 address specified via CIDR notation. e.g. 192.0.2.44/32 or 1111:0000:0000:0000:0000:0000:0000:0000/64' + aws_waf_rate_based_rule: + subCategory: WAF + description: Provides a AWS WAF rule resource. + name: aws_waf_rate_based_rule + titleName: aws_waf_rate_based_rule + examples: + - manifest: |- + { + "depends_on": [ + "${aws_waf_ipset.ipset}" + ], + "metric_name": "tfWAFRule", + "name": "tfWAFRule", + "predicates": [ + { + "data_id": "${aws_waf_ipset.ipset.id}", + "negated": false, + "type": "IPMatch" + } + ], + "rate_key": "IP", + "rate_limit": 100 + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + data_id: '- (Required) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.' + id: '- The ID of the WAF rule.' + metric_name: '- (Required) The name or description for the Amazon CloudWatch metric of this rule.' + name: '- (Required) The name or description of the rule.' + negated: |- + - (Required) Set this to false if you want to allow, block, or count requests + based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. + For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. + If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44. + predicates: '- (Optional) The objects to include in a rule (documented below).' + rate_key: '- (Required) Valid value is IP.' + rate_limit: '- (Required) The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.' + aws_waf_regex_match_set: + subCategory: WAF + description: Provides a AWS WAF Regex Match Set resource. + name: aws_waf_regex_match_set + titleName: aws_waf_regex_match_set + examples: + - manifest: |- + { + "name": "example", + "regex_match_tuple": [ + { + "field_to_match": [ + { + "data": "User-Agent", + "type": "HEADER" + } + ], + "regex_pattern_set_id": "${aws_waf_regex_pattern_set.example.id}", + "text_transformation": "NONE" + } + ] + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) The part of a web request that you want to search, such as a specified header or a query string.' + id: '- The ID of the WAF Regex Match Set.' + name: '- (Required) The name or description of the Regex Match Set.' + regex_match_tuple: '- (Required) The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.' + regex_pattern_set_id: '- (Required) The ID of a Regex Pattern Set.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_waf_regex_pattern_set: + subCategory: WAF + description: Provides a AWS WAF Regex Pattern Set resource. + name: aws_waf_regex_pattern_set + titleName: aws_waf_regex_pattern_set + examples: + - manifest: |- + { + "name": "tf_waf_regex_pattern_set", + "regex_pattern_strings": [ + "one", + "two" + ] + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + id: '- The ID of the WAF Regex Pattern Set.' + name: '- (Required) The name or description of the Regex Pattern Set.' + regex_pattern_strings: '- (Optional) A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.' + aws_waf_rule: + subCategory: WAF + description: Provides a AWS WAF rule resource. + name: aws_waf_rule + titleName: aws_waf_rule + examples: + - manifest: |- + { + "depends_on": [ + "${aws_waf_ipset.ipset}" + ], + "metric_name": "tfWAFRule", + "name": "tfWAFRule", + "predicates": [ + { + "data_id": "${aws_waf_ipset.ipset.id}", + "negated": false, + "type": "IPMatch" + } + ] + } + argumentDocs: + arn: '- The ARN of the WAF rule.' + data_id: '- (Required) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.' + id: '- The ID of the WAF rule.' + metric_name: '- (Required) The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can''t contain whitespace.' + name: '- (Required) The name or description of the rule.' + negated: |- + - (Required) Set this to false if you want to allow, block, or count requests + based on the settings in the specified waf_byte_match_set, waf_ipset, aws_waf_size_constraint_set, aws_waf_sql_injection_match_set or aws_waf_xss_match_set. + For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. + If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44. + predicates: '- (Optional) The objects to include in a rule (documented below).' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.' + aws_waf_rule_group: + subCategory: WAF + description: Provides a AWS WAF rule group resource. + name: aws_waf_rule_group + titleName: aws_waf_rule_group + examples: + - manifest: |- + { + "activated_rule": [ + { + "action": [ + { + "type": "COUNT" + } + ], + "priority": 50, + "rule_id": "${aws_waf_rule.example.id}" + } + ], + "metric_name": "example", + "name": "example" + } + argumentDocs: + action: '- (Required) Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.' + activated_rule: '- (Optional) A list of activated rules, see below' + arn: '- The ARN of the WAF rule group.' + id: '- The ID of the WAF rule group.' + metric_name: '- (Required) A friendly name for the metrics from the rule group' + name: '- (Required) A friendly name of the rule group' + priority: '- (Required) Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.' + rule_id: '- (Required) The ID of a rule' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.' + aws_waf_size_constraint_set: + subCategory: WAF + description: Provides a AWS WAF Size Constraint Set resource. + name: aws_waf_size_constraint_set + titleName: aws_waf_size_constraint_set + examples: + - manifest: |- + { + "name": "tfsize_constraints", + "size_constraints": [ + { + "comparison_operator": "EQ", + "field_to_match": [ + { + "type": "BODY" + } + ], + "size": "4096", + "text_transformation": "NONE" + } + ] + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + comparison_operator: |- + - (Required) The type of comparison you want to perform. + e.g. EQ, NE, LT, GT. + See docs for all supported values. + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) Specifies where in a web request to look for the size constraint.' + id: '- The ID of the WAF Size Constraint Set.' + name: '- (Required) The name or description of the Size Constraint Set.' + size: |- + - (Required) The size in bytes that you want to compare against the size of the specified field_to_match. + Valid values are between 0 - 21474836480 bytes (0 - 20 GB). + size_constraints: '- (Optional) Specifies the parts of web requests that you want to inspect the size of.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + Note: if you choose BODY as type, you must choose NONE because CloudFront forwards only the first 8192 bytes for inspection. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_waf_sql_injection_match_set: + subCategory: WAF + description: Provides a AWS WAF SQL Injection Match Set resource. + name: aws_waf_sql_injection_match_set + titleName: aws_waf_sql_injection_match_set + examples: + - manifest: |- + { + "name": "tf-sql_injection_match_set", + "sql_injection_match_tuples": [ + { + "field_to_match": [ + { + "type": "QUERY_STRING" + } + ], + "text_transformation": "URL_DECODE" + } + ] + } + argumentDocs: + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) Specifies where in a web request to look for snippets of malicious SQL code.' + id: '- The ID of the WAF SQL Injection Match Set.' + name: '- (Required) The name or description of the SQL Injection Match Set.' + sql_injection_match_tuples: '- (Optional) The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_waf_web_acl: + subCategory: WAF + description: Provides a AWS WAF web access control group (ACL) resource. + name: aws_waf_web_acl + titleName: aws_waf_web_acl + examples: + - manifest: |- + { + "default_action": [ + { + "type": "ALLOW" + } + ], + "depends_on": [ + "${aws_waf_ipset.ipset}", + "${aws_waf_rule.wafrule}" + ], + "metric_name": "tfWebACL", + "name": "tfWebACL", + "rules": [ + { + "action": [ + { + "type": "BLOCK" + } + ], + "priority": 1, + "rule_id": "${aws_waf_rule.wafrule.id}", + "type": "REGULAR" + } + ] + } + - manifest: |- + { + "logging_configuration": [ + { + "log_destination": "${aws_kinesis_firehose_delivery_stream.example.arn}", + "redacted_fields": [ + { + "field_to_match": [ + { + "type": "URI" + }, + { + "data": "referer", + "type": "HEADER" + } + ] + } + ] + } + ] + } + argumentDocs: + action: '- (Optional) The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.' + arn: '- The ARN of the WAF WebACL.' + data: '- (Optional) When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.' + default_action: '- (Required) Configuration block with action that you want AWS WAF to take when a request doesn''t match the criteria in any of the rules that are associated with the web ACL. Detailed below.' + field_to_match: '- (Required) Set of configuration blocks for fields to redact. Detailed below.' + id: '- The ID of the WAF WebACL.' + log_destination: '- (Required) Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream' + logging_configuration: '- (Optional) Configuration block to enable WAF logging. Detailed below.' + metric_name: '- (Required) The name or description for the Amazon CloudWatch metric of this web ACL.' + name: '- (Required) The name or description of the web ACL.' + override_action: '- (Optional) Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.' + priority: |- + - (Required) Specifies the order in which the rules in a WebACL are evaluated. + Rules with a lower value are evaluated before rules with a higher value. + redacted_fields: '- (Optional) Configuration block containing parts of the request that you want redacted from the logs. Detailed below.' + rule_id: '- (Required) ID of the associated WAF (Global) rule (e.g. aws_waf_rule). WAF (Regional) rules cannot be used.' + rules: '- (Optional) Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.' + aws_waf_xss_match_set: + subCategory: WAF + description: Provides a AWS WAF XssMatchSet resource. + name: aws_waf_xss_match_set + titleName: aws_waf_xss_match_set + examples: + - manifest: |- + { + "name": "xss_match_set", + "xss_match_tuples": [ + { + "field_to_match": [ + { + "type": "URI" + } + ], + "text_transformation": "NONE" + }, + { + "field_to_match": [ + { + "type": "QUERY_STRING" + } + ], + "text_transformation": "NONE" + } + ] + } + argumentDocs: + arn: '- Amazon Resource Name (ARN)' + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) Specifies where in a web request to look for cross-site scripting attacks.' + id: '- The ID of the WAF XssMatchSet.' + name: '- (Required) The name or description of the SizeConstraintSet.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + If you specify a transformation, AWS WAF performs the transformation on target_string before inspecting a request for a match. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + xss_match_tuples: '- (Optional) The parts of web requests that you want to inspect for cross-site scripting attacks.' + aws_wafregional_byte_match_set: + subCategory: WAF Regional + description: Provides a AWS WAF Regional ByteMatchSet resource for use with ALB. + name: aws_wafregional_byte_match_set + titleName: aws_wafregional_byte_match_set + examples: + - manifest: |- + { + "byte_match_tuples": [ + { + "field_to_match": [ + { + "data": "referer", + "type": "HEADER" + } + ], + "positional_constraint": "CONTAINS", + "target_string": "badrefer1", + "text_transformation": "NONE" + } + ], + "name": "tf_waf_byte_match_set" + } + argumentDocs: + byte_match_tuples: '- (Optional)Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.' + data: '- (Optional) When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data.' + field_to_match: '- (Required) Settings for the ByteMatchTuple. FieldToMatch documented below.' + id: '- The ID of the WAF ByteMatchSet.' + name: '- (Required) The name or description of the ByteMatchSet.' + positional_constraint: '- (Required) Within the portion of a web request that you want to search.' + target_string: '- (Required) The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes.' + text_transformation: '- (Required) The formatting way for web request.' + type: '- (Required) The part of the web request that you want AWS WAF to search for a specified string.' + aws_wafregional_geo_match_set: + subCategory: WAF Regional + description: Provides a AWS WAF Regional Geo Match Set resource. + name: aws_wafregional_geo_match_set + titleName: aws_wafregional_geo_match_set + examples: + - manifest: |- + { + "geo_match_constraint": [ + { + "type": "Country", + "value": "US" + }, + { + "type": "Country", + "value": "CA" + } + ], + "name": "geo_match_set" + } + argumentDocs: + geo_match_constraint: '- (Optional) The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.' + id: '- The ID of the WAF Regional Geo Match Set.' + name: '- (Required) The name or description of the Geo Match Set.' + type: '- (Required) The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.' + value: |- + - (Required) The country that you want AWS WAF to search for. + This is the two-letter country code, e.g. US, CA, RU, CN, etc. + See docs for all supported values. + aws_wafregional_ipset: + subCategory: WAF Regional + description: Provides a AWS WAF Regional IPSet resource for use with ALB. + name: aws_wafregional_ipset + titleName: aws_wafregional_ipset + examples: + - manifest: |- + { + "ip_set_descriptor": [ + { + "type": "IPV4", + "value": "192.0.7.0/24" + }, + { + "type": "IPV4", + "value": "10.16.16.0/16" + } + ], + "name": "tfIPSet" + } + argumentDocs: + arn: '- The ARN of the WAF IPSet.' + id: '- The ID of the WAF IPSet.' + ip_set_descriptor: '- (Optional) One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.' + name: '- (Required) The name or description of the IPSet.' + type: '- (Required) The string like IPV4 or IPV6.' + value: '- (Required) The CIDR notation.' + aws_wafregional_rate_based_rule: + subCategory: WAF Regional + description: Provides a AWS WAF Regional rate based rule resource. + name: aws_wafregional_rate_based_rule + titleName: aws_wafregional_rate_based_rule + examples: + - manifest: |- + { + "depends_on": [ + "${aws_wafregional_ipset.ipset}" + ], + "metric_name": "tfWAFRule", + "name": "tfWAFRule", + "predicate": [ + { + "data_id": "${aws_wafregional_ipset.ipset.id}", + "negated": false, + "type": "IPMatch" + } + ], + "rate_key": "IP", + "rate_limit": 100 + } + argumentDocs: + arn: '- The ARN of the WAF Regional Rate Based Rule.' + data_id: '- (Required) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.' + id: '- The ID of the WAF Regional Rate Based Rule.' + metric_name: '- (Required) The name or description for the Amazon CloudWatch metric of this rule.' + name: '- (Required) The name or description of the rule.' + negated: |- + - (Required) Set this to false if you want to allow, block, or count requests + based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. + For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. + If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44. + predicate: '- (Optional) The objects to include in a rule (documented below).' + rate_key: '- (Required) Valid value is IP.' + rate_limit: '- (Required) The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.' + aws_wafregional_regex_match_set: + subCategory: WAF Regional + description: Provides a AWS WAF Regional Regex Match Set resource. + name: aws_wafregional_regex_match_set + titleName: aws_wafregional_regex_match_set + examples: + - manifest: |- + { + "name": "example", + "regex_match_tuple": [ + { + "field_to_match": [ + { + "data": "User-Agent", + "type": "HEADER" + } + ], + "regex_pattern_set_id": "${aws_wafregional_regex_pattern_set.example.id}", + "text_transformation": "NONE" + } + ] + } + argumentDocs: + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) The part of a web request that you want to search, such as a specified header or a query string.' + id: '- The ID of the WAF Regional Regex Match Set.' + name: '- (Required) The name or description of the Regex Match Set.' + regex_match_tuple: '- (Required) The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.' + regex_pattern_set_id: '- (Required) The ID of a Regex Pattern Set.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_wafregional_regex_pattern_set: + subCategory: WAF Regional + description: Provides a AWS WAF Regional Regex Pattern Set resource. + name: aws_wafregional_regex_pattern_set + titleName: aws_wafregional_regex_pattern_set + examples: + - manifest: |- + { + "name": "example", + "regex_pattern_strings": [ + "one", + "two" + ] + } + argumentDocs: + id: '- The ID of the WAF Regional Regex Pattern Set.' + name: '- (Required) The name or description of the Regex Pattern Set.' + regex_pattern_strings: '- (Optional) A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.' + aws_wafregional_rule: + subCategory: WAF Regional + description: Provides an AWS WAF Regional rule resource for use with ALB. + name: aws_wafregional_rule + titleName: aws_wafregional_rule + examples: + - manifest: |- + { + "metric_name": "tfWAFRule", + "name": "tfWAFRule", + "predicate": [ + { + "data_id": "${aws_wafregional_ipset.ipset.id}", + "negated": false, + "type": "IPMatch" + } + ] + } + argumentDocs: + arn: '- The ARN of the WAF Regional Rule.' + data_id: '- (Required) The unique identifier of a predicate, such as the ID of a ByteMatchSet or IPSet.' + id: '- The ID of the WAF Regional Rule.' + metric_name: '- (Required) The name or description for the Amazon CloudWatch metric of this rule.' + name: '- (Required) The name or description of the rule.' + negated: '- (Required) Whether to use the settings or the negated settings that you specified in the objects.' + predicate: '- (Optional) The objects to include in a rule (documented below).' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch' + aws_wafregional_rule_group: + subCategory: WAF Regional + description: Provides a AWS WAF Regional Rule Group resource. + name: aws_wafregional_rule_group + titleName: aws_wafregional_rule_group + examples: + - manifest: |- + { + "activated_rule": [ + { + "action": [ + { + "type": "COUNT" + } + ], + "priority": 50, + "rule_id": "${aws_wafregional_rule.example.id}" + } + ], + "metric_name": "example", + "name": "example" + } + argumentDocs: + action: '- (Required) Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.' + activated_rule: '- (Optional) A list of activated rules, see below' + arn: '- The ARN of the WAF Regional Rule Group.' + id: '- The ID of the WAF Regional Rule Group.' + metric_name: '- (Required) A friendly name for the metrics from the rule group' + name: '- (Required) A friendly name of the rule group' + priority: '- (Required) Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.' + rule_id: '- (Required) The ID of a rule' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Optional) The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.' + aws_wafregional_size_constraint_set: + subCategory: WAF Regional + description: Provides an AWS WAF Regional Size Constraint Set resource for use with ALB. + name: aws_wafregional_size_constraint_set + titleName: aws_wafregional_size_constraint_set + examples: + - manifest: |- + { + "name": "tfsize_constraints", + "size_constraints": [ + { + "comparison_operator": "EQ", + "field_to_match": [ + { + "type": "BODY" + } + ], + "size": "4096", + "text_transformation": "NONE" + } + ] + } + argumentDocs: + comparison_operator: |- + - (Required) The type of comparison you want to perform. + e.g. EQ, NE, LT, GT. + See docs for all supported values. + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) Specifies where in a web request to look for the size constraint.' + id: '- The ID of the WAF Size Constraint Set.' + name: '- (Required) The name or description of the Size Constraint Set.' + size: |- + - (Required) The size in bytes that you want to compare against the size of the specified field_to_match. + Valid values are between 0 - 21474836480 bytes (0 - 20 GB). + size_constraints: '- (Optional) Specifies the parts of web requests that you want to inspect the size of.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + Note: if you choose BODY as type, you must choose NONE because CloudFront forwards only the first 8192 bytes for inspection. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_wafregional_sql_injection_match_set: + subCategory: WAF Regional + description: Provides a AWS WAF Regional SqlInjectionMatchSet resource for use with ALB. + name: aws_wafregional_sql_injection_match_set + titleName: aws_wafregional_sql_injection_match_set + examples: + - manifest: |- + { + "name": "tf-sql_injection_match_set", + "sql_injection_match_tuple": [ + { + "field_to_match": [ + { + "type": "QUERY_STRING" + } + ], + "text_transformation": "URL_DECODE" + } + ] + } + argumentDocs: + data: |- + - (Optional) When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. + If type is any other value, omit this field. + field_to_match: '- (Required) Specifies where in a web request to look for snippets of malicious SQL code.' + id: '- The ID of the WAF SqlInjectionMatchSet.' + name: '- (Required) The name or description of the SizeConstraintSet.' + sql_injection_match_tuple: '- (Optional) The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.' + text_transformation: |- + - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. + If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. + e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. + See docs + for all supported values. + type: |- + - (Required) The part of the web request that you want AWS WAF to search for a specified string. + e.g. HEADER, METHOD or BODY. + See docs + for all supported values. + aws_wafregional_web_acl: + subCategory: WAF Regional + description: Provides a AWS WAF Regional web access control group (ACL) resource for use with ALB. + name: aws_wafregional_web_acl + titleName: aws_wafregional_web_acl + examples: + - manifest: |- + { + "default_action": [ + { + "type": "ALLOW" + } + ], + "metric_name": "tfWebACL", + "name": "tfWebACL", + "rule": [ + { + "action": [ + { + "type": "BLOCK" + } + ], + "priority": 1, + "rule_id": "${aws_wafregional_rule.wafrule.id}", + "type": "REGULAR" + } + ] + } + - manifest: |- + { + "default_action": [ + { + "type": "ALLOW" + } + ], + "metric_name": "example", + "name": "example", + "rule": [ + { + "override_action": [ + { + "type": "NONE" + } + ], + "priority": 1, + "rule_id": "${aws_wafregional_rule_group.example.id}", + "type": "GROUP" + } + ] + } + - manifest: |- + { + "logging_configuration": [ + { + "log_destination": "${aws_kinesis_firehose_delivery_stream.example.arn}", + "redacted_fields": [ + { + "field_to_match": [ + { + "type": "URI" + }, + { + "data": "referer", + "type": "HEADER" + } + ] + } + ] + } + ] + } + argumentDocs: + action: '- (Optional) Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.' + arn: '- Amazon Resource Name (ARN) of the WAF Regional WebACL.' + data: '- (Optional) When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.' + default_action: '- (Required) The action that you want AWS WAF Regional to take when a request doesn''t match the criteria in any of the rules that are associated with the web ACL.' + field_to_match: '- (Required) Set of configuration blocks for fields to redact. Detailed below.' + id: '- The ID of the WAF Regional WebACL.' + log_destination: '- (Required) Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream' + logging_configuration: '- (Optional) Configuration block to enable WAF logging. Detailed below.' + metric_name: '- (Required) The name or description for the Amazon CloudWatch metric of this web ACL.' + name: '- (Required) The name or description of the web ACL.' + override_action: '- (Optional) Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.' + priority: |- + - (Required) Specifies the order in which the rules in a WebACL are evaluated. + Rules with a lower value are evaluated before rules with a higher value. + redacted_fields: '- (Optional) Configuration block containing parts of the request that you want redacted from the logs. Detailed below.' + rule: '- (Optional) Set of configuration blocks containing rules for the web ACL. Detailed below.' + rule_id: '- (Required) ID of the associated WAF (Regional) rule (e.g. aws_wafregional_rule). WAF (Global) rules cannot be used.' + tags: '- (Optional) Key-value map of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + type: '- (Required) Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT' + aws_wafregional_web_acl_association: + subCategory: WAF Regional + description: Manages an association with WAF Regional Web ACL + name: aws_wafregional_web_acl_association + titleName: aws_wafregional_web_acl_association + examples: + - manifest: |- + { + "resource_arn": "${aws_alb.foo.arn}", + "web_acl_id": "${aws_wafregional_web_acl.foo.id}" + } + references: + resource_arn: aws_alb.arn + web_acl_id: aws_wafregional_web_acl.id + - manifest: |- + { + "resource_arn": "${aws_api_gateway_stage.example.arn}", + "web_acl_id": "${aws_wafregional_web_acl.foo.id}" + } + references: + resource_arn: aws_api_gateway_stage.arn + web_acl_id: aws_wafregional_web_acl.id + argumentDocs: + id: '- The ID of the association' + resource_arn: '- (Required) ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.' + web_acl_id: '- (Required) The ID of the WAF Regional WebACL to create an association.' + aws_wafregional_xss_match_set: + subCategory: WAF Regional + description: Provides an AWS WAF Regional XSS Match Set resource for use with ALB. + name: aws_wafregional_xss_match_set + titleName: aws_wafregional_xss_match_set + examples: + - manifest: |- + { + "name": "xss_match_set", + "xss_match_tuple": [ + { + "field_to_match": [ + { + "type": "URI" + } + ], + "text_transformation": "NONE" + }, + { + "field_to_match": [ + { + "type": "QUERY_STRING" + } + ], + "text_transformation": "NONE" + } + ] + } + argumentDocs: + data: '- (Optional) When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.' + field_to_match: '- (Required) Specifies where in a web request to look for cross-site scripting attacks.' + id: '- The ID of the Regional WAF XSS Match Set.' + name: '- (Required) The name of the set' + text_transformation: '- (Required) Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.' + type: '- (Required) The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER or METHOD' + xss_match_tuple: '- (Optional) The parts of web requests that you want to inspect for cross-site scripting attacks.' + aws_wafv2_ip_set: + subCategory: WAFv2 + description: Provides an AWS WAFv2 IP Set resource. + name: aws_wafv2_ip_set + titleName: aws_wafv2_ip_set + examples: + - manifest: |- + { + "addresses": [ + "1.2.3.4/32", + "5.6.7.8/32" + ], + "description": "Example IP set", + "ip_address_version": "IPV4", + "name": "example", + "scope": "REGIONAL", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + } + } + argumentDocs: + addresses: '- (Required) Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all address ranges for IP versions IPv4 and IPv6.' + arn: '- The Amazon Resource Name (ARN) that identifies the cluster.' + description: '- (Optional) A friendly description of the IP set.' + id: '- A unique identifier for the set.' + ip_address_version: '- (Required) Specify IPV4 or IPV6. Valid values are IPV4 or IPV6.' + name: '- (Required) A friendly name of the IP set.' + scope: '- (Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the Region US East (N. Virginia).' + tags: '- (Optional) An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_wafv2_regex_pattern_set: + subCategory: WAFv2 + description: Provides an AWS WAFv2 Regex Pattern Set resource. + name: aws_wafv2_regex_pattern_set + titleName: aws_wafv2_regex_pattern_set + examples: + - manifest: |- + { + "description": "Example regex pattern set", + "name": "example", + "regular_expression": [ + { + "regex_string": "one" + }, + { + "regex_string": "two" + } + ], + "scope": "REGIONAL", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + } + } + argumentDocs: + arn: '- The Amazon Resource Name (ARN) that identifies the cluster.' + description: '- (Optional) A friendly description of the regular expression pattern set.' + id: '- A unique identifier for the set.' + name: '- (Required) A friendly name of the regular expression pattern set.' + regex_string: '- (Required) The string representing the regular expression, see the AWS WAF documentation for more information.' + regular_expression: '- (Optional) One or more blocks of regular expression patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t. See Regular Expression below for details.' + scope: '- (Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.' + tags: '- (Optional) An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_wafv2_rule_group: + subCategory: WAFv2 + description: Creates a WAFv2 rule group resource. + name: aws_wafv2_rule_group + titleName: aws_wafv2_rule_group + examples: + - manifest: |- + { + "capacity": 2, + "name": "example-rule", + "rule": [ + { + "action": [ + { + "allow": [ + {} + ] + } + ], + "name": "rule-1", + "priority": 1, + "statement": [ + { + "geo_match_statement": [ + { + "country_codes": [ + "US", + "NL" + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-rule-metric-name", + "sampled_requests_enabled": false + } + ] + } + ], + "scope": "REGIONAL", + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-metric-name", + "sampled_requests_enabled": false + } + ] + } + - manifest: |- + { + "capacity": 500, + "description": "An rule group containing all statements", + "name": "complex-example", + "rule": [ + { + "action": [ + { + "block": [ + {} + ] + } + ], + "name": "rule-1", + "priority": 1, + "statement": [ + { + "not_statement": [ + { + "statement": [ + { + "and_statement": [ + { + "statement": [ + { + "geo_match_statement": [ + { + "country_codes": [ + "US" + ] + } + ] + }, + { + "byte_match_statement": [ + { + "field_to_match": [ + { + "all_query_arguments": [ + {} + ] + } + ], + "positional_constraint": "CONTAINS", + "search_string": "word", + "text_transformation": [ + { + "priority": 5, + "type": "CMD_LINE" + }, + { + "priority": 2, + "type": "LOWERCASE" + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "rule-1", + "sampled_requests_enabled": false + } + ] + }, + { + "action": [ + { + "count": [ + {} + ] + } + ], + "name": "rule-2", + "priority": 2, + "statement": [ + { + "or_statement": [ + { + "statement": [ + { + "sqli_match_statement": [ + { + "field_to_match": [ + { + "body": [ + {} + ] + } + ], + "text_transformation": [ + { + "priority": 5, + "type": "URL_DECODE" + }, + { + "priority": 4, + "type": "HTML_ENTITY_DECODE" + }, + { + "priority": 3, + "type": "COMPRESS_WHITE_SPACE" + } + ] + } + ] + }, + { + "xss_match_statement": [ + { + "field_to_match": [ + { + "method": [ + {} + ] + } + ], + "text_transformation": [ + { + "priority": 2, + "type": "NONE" + } + ] + } + ] + } + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "rule-2", + "sampled_requests_enabled": false + } + ] + }, + { + "action": [ + { + "block": [ + {} + ] + } + ], + "name": "rule-3", + "priority": 3, + "statement": [ + { + "size_constraint_statement": [ + { + "comparison_operator": "GT", + "field_to_match": [ + { + "single_query_argument": [ + { + "name": "username" + } + ] + } + ], + "size": 100, + "text_transformation": [ + { + "priority": 5, + "type": "NONE" + } + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "rule-3", + "sampled_requests_enabled": false + } + ] + }, + { + "action": [ + { + "block": [ + {} + ] + } + ], + "name": "rule-4", + "priority": 4, + "statement": [ + { + "or_statement": [ + { + "statement": [ + { + "ip_set_reference_statement": [ + { + "arn": "${aws_wafv2_ip_set.test.arn}" + } + ] + }, + { + "regex_pattern_set_reference_statement": [ + { + "arn": "${aws_wafv2_regex_pattern_set.test.arn}", + "field_to_match": [ + { + "single_header": [ + { + "name": "referer" + } + ] + } + ], + "text_transformation": [ + { + "priority": 2, + "type": "NONE" + } + ] + } + ] + } + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "rule-4", + "sampled_requests_enabled": false + } + ] + } + ], + "scope": "REGIONAL", + "tags": { + "Code": "123456", + "Name": "example-and-statement" + }, + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-metric-name", + "sampled_requests_enabled": false + } + ] + } + argumentDocs: + action: '- (Required) The action that AWS WAF should take on a web request when it matches the rule''s statement. Settings at the aws_wafv2_web_acl level can override the rule action setting. See Action below for details.' + all_query_arguments: '- (Optional) Inspect all query arguments.' + allow: '- (Optional) Instructs AWS WAF to allow the web request. See Allow below for details.' + and_statement: '- (Optional) A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.' + arn: '- The ARN of the WAF rule group.' + block: '- (Optional) Instructs AWS WAF to block the web request. See Block below for details.' + body: '- (Optional) Inspect the request body, which immediately follows the request headers.' + byte_match_statement: '- (Optional) A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.' + capacity: '- (Required, Forces new resource) The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.' + cloudwatch_metrics_enabled: '- (Required) A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.' + comparison_operator: '- (Required) The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.' + count: '- (Optional) Instructs AWS WAF to count the web request and allow it. See Count below for details.' + country_codes: '- (Required) An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.' + custom_request_handling: '- (Optional) Defines custom handling for the web request. See Custom Request Handling below for details.' + custom_response: '- (Optional) Defines a custom response for the web request. See Custom Response below for details.' + description: '- (Optional) A friendly description of the rule group.' + fallback_behavior: '- (Required) - The match status to assign to the web request if the request doesn''t have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.' + field_to_match: '- (Required) The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.' + forwarded_ip_config: '- (Optional) The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that''s reported by the web request origin. See Forwarded IP Config below for details.' + geo_match_statement: '- (Optional) A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.' + header_name: '- (Required) - The name of the HTTP header to use for the IP address.' + id: '- The ID of the WAF rule group.' + insert_header: '- (Required) The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.' + ip_set_forwarded_ip_config: '- (Optional) The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that''s reported by the web request origin. See IPSet Forwarded IP Config below for more details.' + ip_set_reference_statement: '- (Optional) A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.' + method: '- (Optional) Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.' + metric_name: '- (Required, Forces new resource) A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can''t contain whitespace or metric names reserved for AWS WAF, for example All and Default_Action.' + name: '- (Optional) The name of the query header to inspect. This setting must be provided as lower case characters.' + not_statement: '- (Optional) A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.' + or_statement: '- (Optional) A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.' + position: '- (Required) - The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.' + positional_constraint: '- (Required) The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.' + priority: '- (Required) The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.' + query_string: '- (Optional) Inspect the query string. This is the part of a URL that appears after a ? character, if any.' + regex_pattern_set_reference_statement: '- (Optional) A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.' + response_code: '- (Optional) The HTTP status code to return to the client.' + response_header: '- (Optional) The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.' + rule: '- (Optional) The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.' + sampled_requests_enabled: '- (Required) A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.' + scope: '- (Required, Forces new resource) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.' + search_string: '- (Required) A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.' + single_header: '- (Optional) Inspect a single header. See Single Header below for details.' + single_query_argument: '- (Optional) Inspect a single query argument. See Single Query Argument below for details.' + size: '- (Required) The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.' + size_constraint_statement: '- (Optional) A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.' + sqli_match_statement: '- (Optional) An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.' + statement: '- (Required) The statements to combine with OR logic. You can use any statements that can be nested. See Statement above for details.' + tags: '- (Optional) An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + text_transformation: '- (Required) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.' + type: '- (Required) The transformation to apply, please refer to the Text Transformation documentation for more details.' + uri_path: '- (Optional) Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.' + value: '- The value of the custom header.' + visibility_config: '- (Required) Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.' + xss_match_statement: '- (Optional) A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.' + aws_wafv2_web_acl: + subCategory: WAFv2 + description: Creates a WAFv2 Web ACL resource. + name: aws_wafv2_web_acl + titleName: aws_wafv2_web_acl + examples: + - manifest: |- + { + "default_action": [ + { + "allow": [ + {} + ] + } + ], + "description": "Example of a managed rule.", + "name": "managed-rule-example", + "rule": [ + { + "name": "rule-1", + "override_action": [ + { + "count": [ + {} + ] + } + ], + "priority": 1, + "statement": [ + { + "managed_rule_group_statement": [ + { + "excluded_rule": [ + { + "name": "SizeRestrictions_QUERYSTRING" + }, + { + "name": "NoUserAgent_HEADER" + } + ], + "name": "AWSManagedRulesCommonRuleSet", + "scope_down_statement": [ + { + "geo_match_statement": [ + { + "country_codes": [ + "US", + "NL" + ] + } + ] + } + ], + "vendor_name": "AWS" + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-rule-metric-name", + "sampled_requests_enabled": false + } + ] + } + ], + "scope": "REGIONAL", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-metric-name", + "sampled_requests_enabled": false + } + ] + } + - manifest: |- + { + "default_action": [ + { + "block": [ + {} + ] + } + ], + "description": "Example of a rate based statement.", + "name": "rate-based-example", + "rule": [ + { + "action": [ + { + "count": [ + {} + ] + } + ], + "name": "rule-1", + "priority": 1, + "statement": [ + { + "rate_based_statement": [ + { + "aggregate_key_type": "IP", + "limit": 10000, + "scope_down_statement": [ + { + "geo_match_statement": [ + { + "country_codes": [ + "US", + "NL" + ] + } + ] + } + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-rule-metric-name", + "sampled_requests_enabled": false + } + ] + } + ], + "scope": "REGIONAL", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-metric-name", + "sampled_requests_enabled": false + } + ] + } + - manifest: |- + { + "default_action": [ + { + "block": [ + {} + ] + } + ], + "name": "rule-group-example", + "rule": [ + { + "name": "rule-1", + "override_action": [ + { + "count": [ + {} + ] + } + ], + "priority": 1, + "statement": [ + { + "rule_group_reference_statement": [ + { + "arn": "${aws_wafv2_rule_group.example.arn}", + "excluded_rule": [ + { + "name": "rule-to-exclude-b" + }, + { + "name": "rule-to-exclude-a" + } + ] + } + ] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-rule-metric-name", + "sampled_requests_enabled": false + } + ] + } + ], + "scope": "REGIONAL", + "tags": { + "Tag1": "Value1", + "Tag2": "Value2" + }, + "visibility_config": [ + { + "cloudwatch_metrics_enabled": false, + "metric_name": "friendly-metric-name", + "sampled_requests_enabled": false + } + ] + } + argumentDocs: + action: '- (Optional) The action that AWS WAF should take on a web request when it matches the rule''s statement. This is used only for rules whose statements do not reference a rule group. See Action below for details.' + aggregate_key_type: '- (Optional) Setting that indicates how to aggregate the request counts. Valid values include: FORWARDED_IP or IP. Default: IP.' + all_query_arguments: '- (Optional) Inspect all query arguments.' + allow: '- (Optional) Instructs AWS WAF to allow the web request. See Allow below for details.' + and_statement: '- (Optional) A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.' + arn: '- The ARN of the WAF WebACL.' + block: '- (Optional) Instructs AWS WAF to block the web request. See Block below for details.' + body: '- (Optional) Inspect the request body, which immediately follows the request headers.' + byte_match_statement: '- (Optional) A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.' + capacity: '- The web ACL capacity units (WCUs) currently being used by this web ACL.' + cloudwatch_metrics_enabled: '- (Required) A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.' + comparison_operator: '- (Required) The operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.' + count: '- (Optional) Override the rule action setting to count (i.e. only count matches). Configured as an empty block {}.' + country_codes: '- (Required) An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.' + custom_request_handling: '- (Optional) Defines custom handling for the web request. See Custom Request Handling below for details.' + custom_response: '- (Optional) Defines a custom response for the web request. See Custom Response below for details.' + default_action: '- (Required) The action to perform if none of the rules contained in the WebACL match. See Default Action below for details.' + description: '- (Optional) A friendly description of the WebACL.' + excluded_rule: '- (Optional) The rules whose actions are set to COUNT by the web ACL, regardless of the action that is set on the rule. See Excluded Rule below for details.' + fallback_behavior: '- (Required) - The match status to assign to the web request if the request doesn''t have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.' + field_to_match: '- (Optional) The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.' + forwarded_ip_config: '- (Optional) The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that''s reported by the web request origin. If aggregate_key_type is set to FORWARDED_IP, this block is required. See Forwarded IP Config below for details.' + geo_match_statement: '- (Optional) A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.' + header_name: '- (Required) - The name of the HTTP header to use for the IP address.' + id: '- The ID of the WAF WebACL.' + insert_header: '- (Required) The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.' + ip_set_forwarded_ip_config: '- (Optional) The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that''s reported by the web request origin. See IPSet Forwarded IP Config below for more details.' + ip_set_reference_statement: '- (Optional) A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.' + limit: '- (Required) The limit on requests per 5-minute period for a single originating IP address.' + managed_rule_group_statement: '- (Optional) A rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.' + method: '- (Optional) Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.' + metric_name: '- (Required) A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can''t contain whitespace or metric names reserved for AWS WAF, for example All and Default_Action.' + name: '- (Optional) The name of the query header to inspect. This setting must be provided as lower case characters.' + none: '- (Optional) Don''t override the rule action setting. Configured as an empty block {}.' + not_statement: '- (Optional) A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.' + or_statement: '- (Optional) A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.' + override_action: '- (Optional) The override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See Override Action below for details.' + position: '- (Required) - The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.' + positional_constraint: '- (Required) The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.' + priority: '- (Required) The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.' + query_string: '- (Optional) Inspect the query string. This is the part of a URL that appears after a ? character, if any.' + rate_based_statement: '- (Optional) A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.' + regex_pattern_set_reference_statement: '- (Optional) A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.' + response_code: '- (Optional) The HTTP status code to return to the client.' + response_header: '- (Optional) The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.' + rule: '- (Optional) The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.' + rule_group_reference_statement: '- (Optional) A rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.' + sampled_requests_enabled: '- (Required) A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.' + scope: '- (Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.' + scope_down_statement: '- (Optional) An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details.' + search_string: '- (Required) A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.' + single_header: '- (Optional) Inspect a single header. See Single Header below for details.' + single_query_argument: '- (Optional) Inspect a single query argument. See Single Query Argument below for details.' + size: '- (Required) The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.' + size_constraint_statement: '- (Optional) A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.' + sqli_match_statement: '- (Optional) An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.' + statement: '- (Required) The statements to combine with OR logic. You can use any statements that can be nested. See Statement above for details.' + tags: '- (Optional) An map of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + text_transformation: '- (Required) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.' + type: '- (Required) The transformation to apply, please refer to the Text Transformation documentation for more details.' + uri_path: '- (Optional) Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.' + value: '- The value of the custom header.' + vendor_name: '- (Required) The name of the managed rule group vendor.' + visibility_config: '- (Required) Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.' + xss_match_statement: '- (Optional) A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.' + aws_wafv2_web_acl_association: + subCategory: WAFv2 + description: Creates a WAFv2 Web ACL Association. + name: aws_wafv2_web_acl_association + titleName: aws_wafv2_web_acl_association + examples: + - manifest: |- + { + "resource_arn": "${aws_api_gateway_stage.example.arn}", + "web_acl_arn": "${aws_wafv2_web_acl.example.arn}" + } + references: + resource_arn: aws_api_gateway_stage.arn + web_acl_arn: aws_wafv2_web_acl.arn + argumentDocs: + resource_arn: '- (Required) The Amazon Resource Name (ARN) of the resource to associate with the web ACL. This must be an ARN of an Application Load Balancer or an Amazon API Gateway stage.' + web_acl_arn: '- (Required) The Amazon Resource Name (ARN) of the Web ACL that you want to associate with the resource.' + aws_wafv2_web_acl_logging_configuration: + subCategory: WAFv2 + description: Creates a WAFv2 Web ACL Logging Configuration resource. + name: aws_wafv2_web_acl_logging_configuration + titleName: aws_wafv2_web_acl_logging_configuration + examples: + - manifest: |- + { + "log_destination_configs": [ + "${aws_kinesis_firehose_delivery_stream.example.arn}" + ], + "redacted_fields": [ + { + "single_header": [ + { + "name": "user-agent" + } + ] + } + ], + "resource_arn": "${aws_wafv2_web_acl.example.arn}" + } + references: + resource_arn: aws_wafv2_web_acl.arn + - manifest: |- + { + "log_destination_configs": [ + "${aws_kinesis_firehose_delivery_stream.example.arn}" + ], + "logging_filter": [ + { + "default_behavior": "KEEP", + "filter": [ + { + "behavior": "DROP", + "condition": [ + { + "action_condition": [ + { + "action": "COUNT" + } + ] + }, + { + "label_name_condition": [ + { + "label_name": "awswaf:111122223333:rulegroup:testRules:LabelNameZ" + } + ] + } + ], + "requirement": "MEETS_ALL" + }, + { + "behavior": "KEEP", + "condition": [ + { + "action_condition": [ + { + "action": "ALLOW" + } + ] + } + ], + "requirement": "MEETS_ANY" + } + ] + } + ], + "resource_arn": "${aws_wafv2_web_acl.example.arn}" + } + references: + resource_arn: aws_wafv2_web_acl.arn + argumentDocs: + action: '- (Required) The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.' + action_condition: '- (Optional) A single action condition. See Action Condition below for more details.' + all_query_arguments: '- (Optional, DEPRECATED) Redact all query arguments.' + behavior: '- (Required) How to handle logs that satisfy the filter''s conditions and requirement. Valid values: KEEP or DROP.' + body: '- (Optional, DEPRECATED) Redact the request body, which immediately follows the request headers.' + condition: '- (Required) Match condition(s) for the filter. See Condition below for more details.' + default_behavior: '- (Required) Default handling for logs that don''t match any of the specified filtering conditions. Valid values: KEEP or DROP.' + filter: '- (Required) Filter(s) that you want to apply to the logs. See Filter below for more details.' + id: '- The Amazon Resource Name (ARN) of the WAFv2 Web ACL.' + label_name: '- (Required) The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.' + label_name_condition: '- (Optional) A single label name condition. See Label Name Condition below for more details.' + log_destination_configs: '- (Required) The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL. Currently, only 1 ARN is supported.' + logging_filter: '- (Optional) A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.' + method: '- (Optional) Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.' + name: '- (Optional) The name of the query header to redact. This setting must be provided as lower case characters.' + query_string: '- (Optional) Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.' + redacted_fields: '- (Optional) The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.' + requirement: '- (Required) Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.' + resource_arn: '- (Required) The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.' + single_header: '- (Optional) Redact a single header. See Single Header below for details.' + single_query_argument: '- (Optional, DEPRECATED) Redact a single query argument. See Single Query Argument below for details.' + uri_path: '- (Optional) Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.' + aws_worklink_fleet: + subCategory: WorkLink + description: Provides a AWS WorkLink Fleet resource. + name: aws_worklink_fleet + titleName: aws_worklink_fleet + examples: + - manifest: |- + { + "name": "terraform-example" + } + - manifest: |- + { + "name": "terraform-example", + "network": [ + { + "security_group_ids": [ + "${aws_security_group.test.id}" + ], + "subnet_ids": [ + "${aws_subnet.test.*.id}" + ], + "vpc_id": "${aws_vpc.test.id}" + } + ] + } + - manifest: |- + { + "identity_provider": [ + { + "saml_metadata": "${file(\"saml-metadata.xml\")}", + "type": "SAML" + } + ], + "name": "tf-worklink-fleet" + } + argumentDocs: + arn: '- The ARN of the created WorkLink Fleet.' + audit_stream_arn: '- (Optional) The ARN of the Amazon Kinesis data stream that receives the audit events. Kinesis data stream name must begin with "AmazonWorkLink-".' + company_code: '- The identifier used by users to sign in to the Amazon WorkLink app.' + created_time: '- The time that the fleet was created.' + device_ca_certificate: '- (Optional) The certificate chain, including intermediate certificates and the root certificate authority certificate used to issue device certificates.' + display_name: '- (Optional) The name of the fleet.' + id: '- The ARN of the created WorkLink Fleet.' + identity_provider: '- (Optional) Provide this to allow manage the identity provider configuration for the fleet. Fields documented below.' + last_updated_time: '- The time that the fleet was last updated.' + name: '- (Required) A region-unique name for the AMI.' + network: '- (Optional) Provide this to allow manage the company network configuration for the fleet. Fields documented below.' + optimize_for_end_user_location: '- (Optional) The option to optimize for better performance by routing traffic through the closest AWS Region to users, which may be outside of your home Region. Defaults to true.' + saml_metadata: '- (Required) The SAML metadata document provided by the customer’s identity provider.' + security_group_ids: '- (Required) A list of security group IDs associated with access to the provided subnets.' + subnet_ids: '- (Required) A list of subnet IDs used for X-ENI connections from Amazon WorkLink rendering containers.' + type: '- (Required) The type of identity provider.' + vpc_id: '- (Required) The VPC ID with connectivity to associated websites.' + aws_worklink_website_certificate_authority_association: + subCategory: WorkLink + description: Provides a AWS WorkLink Website Certificate Authority Association resource. + name: aws_worklink_website_certificate_authority_association + titleName: aws_worklink_website_certificate_authority_association + examples: + - manifest: |- + { + "certificate": "${file(\"certificate.pem\")}", + "fleet_arn": "${aws_worklink_fleet.test.arn}" + } + references: + fleet_arn: aws_worklink_fleet.arn + argumentDocs: + certificate: '- (Required, ForceNew) The root certificate of the Certificate Authority.' + display_name: '- (Optional, ForceNew) The certificate name to display.' + fleet_arn: '- (Required, ForceNew) The ARN of the fleet.' + website_ca_id: '- A unique identifier for the Certificate Authority.' + aws_workspaces_directory: + subCategory: WorkSpaces + description: Provides a WorkSpaces directory in AWS WorkSpaces Service. + name: aws_workspaces_directory + titleName: aws_workspaces_directory + examples: + - manifest: |- + { + "depends_on": [ + "${aws_iam_role_policy_attachment.workspaces_default_service_access}", + "${aws_iam_role_policy_attachment.workspaces_default_self_service_access}" + ], + "directory_id": "${aws_directory_service_directory.example.id}", + "self_service_permissions": [ + { + "change_compute_type": true, + "increase_volume_size": true, + "rebuild_workspace": true, + "restart_workspace": true, + "switch_running_mode": true + } + ], + "subnet_ids": [ + "${aws_subnet.example_c.id}", + "${aws_subnet.example_d.id}" + ], + "tags": { + "Example": true + }, + "workspace_access_properties": [ + { + "device_type_android": "ALLOW", + "device_type_chromeos": "ALLOW", + "device_type_ios": "ALLOW", + "device_type_linux": "DENY", + "device_type_osx": "ALLOW", + "device_type_web": "DENY", + "device_type_windows": "DENY", + "device_type_zeroclient": "DENY" + } + ], + "workspace_creation_properties": [ + { + "custom_security_group_id": "${aws_security_group.example.id}", + "default_ou": "OU=AWS,DC=Workgroup,DC=Example,DC=com", + "enable_internet_access": true, + "enable_maintenance_mode": true, + "user_enabled_as_local_administrator": true + } + ] + } + references: + directory_id: aws_directory_service_directory.id + - manifest: |- + { + "directory_id": "${aws_directory_service_directory.example.id}", + "ip_group_ids": [ + "${aws_workspaces_ip_group.example.id}" + ] + } + references: + directory_id: aws_directory_service_directory.id + argumentDocs: + alias: '- The directory alias.' + change_compute_type: – (Optional) Whether WorkSpaces directory users can change the compute type (bundle) for their workspace. Default false. + custom_security_group_id: – (Optional) The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in. + customer_user_name: '- The user name for the service account.' + default_ou: – (Optional) The default organizational unit (OU) for your WorkSpace directories. Should conform "OU=,DC=,...,DC=" pattern. + device_type_android: – (Optional) Indicates whether users can use Android devices to access their WorkSpaces. + device_type_chromeos: – (Optional) Indicates whether users can use Chromebooks to access their WorkSpaces. + device_type_ios: – (Optional) Indicates whether users can use iOS devices to access their WorkSpaces. + device_type_linux: – (Optional) Indicates whether users can use Linux clients to access their WorkSpaces. + device_type_osx: – (Optional) Indicates whether users can use macOS clients to access their WorkSpaces. + device_type_web: – (Optional) Indicates whether users can access their WorkSpaces through a web browser. + device_type_windows: – (Optional) Indicates whether users can use Windows clients to access their WorkSpaces. + device_type_zeroclient: – (Optional) Indicates whether users can use zero client devices to access their WorkSpaces. + directory_id: '- (Required) The directory identifier for registration in WorkSpaces service.' + directory_name: '- The name of the directory.' + directory_type: '- The directory type.' + dns_ip_addresses: '- The IP addresses of the DNS servers for the directory.' + enable_internet_access: – (Optional) Indicates whether internet access is enabled for your WorkSpaces. + enable_maintenance_mode: – (Optional) Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see WorkSpace Maintenance.. + iam_role_id: '- The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.' + id: '- The WorkSpaces directory identifier.' + increase_volume_size: – (Optional) Whether WorkSpaces directory users can increase the volume size of the drives on their workspace. Default false. + ip_group_ids: '- The identifiers of the IP access control groups associated with the directory.' + rebuild_workspace: – (Optional) Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state. Default false. + registration_code: '- The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.' + restart_workspace: – (Optional) Whether WorkSpaces directory users can restart their workspace. Default true. + self_service_permissions: – (Optional) Permissions to enable or disable self-service capabilities. Defined below. + subnet_ids: '- (Optional) The identifiers of the subnets where the directory resides.' + switch_running_mode: – (Optional) Whether WorkSpaces directory users can switch the running mode of their workspace. Default false. + tags: – (Optional) A map of tags assigned to the WorkSpaces directory. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + user_enabled_as_local_administrator: – (Optional) Indicates whether users are local administrators of their WorkSpaces. + workspace_access_properties: – (Optional) Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below. + workspace_creation_properties: – (Optional) Default properties that are used for creating WorkSpaces. Defined below. + workspace_security_group_id: '- The identifier of the security group that is assigned to new WorkSpaces.' + aws_workspaces_ip_group: + subCategory: WorkSpaces + description: Provides an IP access control group in AWS WorkSpaces Service. + name: aws_workspaces_ip_group + titleName: aws_workspaces_ip_group + examples: + - manifest: |- + { + "description": "Contractors IP access control group", + "name": "Contractors", + "rules": [ + { + "description": "NY", + "source": "150.24.14.0/24" + }, + { + "description": "LA", + "source": "125.191.14.85/32" + }, + { + "description": "STL", + "source": "44.98.100.0/24" + } + ] + } + argumentDocs: + description: '- (Optional) The description.' + id: '- The IP group identifier.' + name: '- (Required) The name of the IP group.' + rules: '- (Optional) One or more pairs specifying the IP group rule (in CIDR format) from which web requests originate.' + source: '- (Required) The IP address range, in CIDR notation, e.g. 10.0.0.0/16' + tags: – (Optional) A map of tags assigned to the WorkSpaces directory. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_workspaces_workspace: + subCategory: WorkSpaces + description: Provides a workspaces in AWS Workspaces Service. + name: aws_workspaces_workspace + titleName: aws_workspaces_workspace + examples: + - manifest: |- + { + "bundle_id": "${data.aws_workspaces_bundle.value_windows_10.id}", + "directory_id": "${aws_workspaces_directory.example.id}", + "root_volume_encryption_enabled": true, + "tags": { + "Department": "IT" + }, + "user_name": "john.doe", + "user_volume_encryption_enabled": true, + "volume_encryption_key": "alias/aws/workspaces", + "workspace_properties": [ + { + "compute_type_name": "VALUE", + "root_volume_size_gib": 80, + "running_mode": "AUTO_STOP", + "running_mode_auto_stop_timeout_in_minutes": 60, + "user_volume_size_gib": 10 + } + ] + } + references: + bundle_id: data.id + directory_id: aws_workspaces_directory.id + argumentDocs: + bundle_id: '- (Required) The ID of the bundle for the WorkSpace.' + compute_type_name: – (Optional) The compute type. For more information, see Amazon WorkSpaces Bundles. Valid values are VALUE, STANDARD, PERFORMANCE, POWER, GRAPHICS, POWERPRO and GRAPHICSPRO. + computer_name: '- The name of the WorkSpace, as seen by the operating system.' + create: '- (Default 30 minutes) Used for WorkSpace creation.' + delete: '- (Default 10 minutes) Used for WorkSpace termination.' + directory_id: '- (Required) The ID of the directory for the WorkSpace.' + id: '- The workspaces ID.' + ip_address: '- The IP address of the WorkSpace.' + root_volume_encryption_enabled: '- (Optional) Indicates whether the data stored on the root volume is encrypted.' + root_volume_size_gib: – (Optional) The size of the root volume. + running_mode: – (Optional) The running mode. For more information, see Manage the WorkSpace Running Mode. Valid values are AUTO_STOP and ALWAYS_ON. + running_mode_auto_stop_timeout_in_minutes: – (Optional) The time after a user logs off when WorkSpaces are automatically stopped. Configured in 60-minute intervals. + state: '- The operational state of the WorkSpace.' + tags: '- (Optional) The tags for the WorkSpace. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + update: '- (Default 10 minutes) Used for WorkSpace updating.' + user_name: – (Required) The user name of the user for the WorkSpace. This user name must exist in the directory for the WorkSpace. + user_volume_encryption_enabled: – (Optional) Indicates whether the data stored on the user volume is encrypted. + user_volume_size_gib: – (Optional) The size of the user storage. + volume_encryption_key: – (Optional) The symmetric AWS KMS customer master key (CMK) used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric CMKs. + workspace_properties: – (Optional) The WorkSpace properties. + aws_xray_encryption_config: + subCategory: XRay + description: Creates and manages an AWS XRay Encryption Config. + name: aws_xray_encryption_config + titleName: aws_xray_encryption_config + examples: + - manifest: |- + { + "type": "NONE" + } + - manifest: |- + { + "key_id": "${aws_kms_key.example.arn}", + "type": "KMS" + } + references: + key_id: aws_kms_key.arn + argumentDocs: + id: '- Region name.' + key_id: '- (Optional) An AWS KMS customer master key (CMK) ARN.' + type: '- (Required) The type of encryption. Set to KMS to use your own key for encryption. Set to NONE for default encryption.' + aws_xray_group: + subCategory: XRay + description: Creates and manages an AWS XRay Group. + name: aws_xray_group + titleName: aws_xray_group + examples: + - manifest: |- + { + "filter_expression": "responsetime \u003e 5", + "group_name": "example" + } + argumentDocs: + arn: '- The ARN of the Group.' + filter_expression: '- (Required) The filter expression defining criteria by which to group traces. more info can be found in official docs.' + group_name: '- (Required) The name of the group.' + id: '- The ARN of the Group.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + aws_xray_sampling_rule: + subCategory: XRay + description: Creates and manages an AWS XRay Sampling Rule. + name: aws_xray_sampling_rule + titleName: aws_xray_sampling_rule + examples: + - manifest: |- + { + "attributes": { + "Hello": "Tris" + }, + "fixed_rate": 0.05, + "host": "*", + "http_method": "*", + "priority": 10000, + "reservoir_size": 1, + "resource_arn": "*", + "rule_name": "example", + "service_name": "*", + "service_type": "*", + "url_path": "*", + "version": 1 + } + argumentDocs: + arn: '- The ARN of the sampling rule.' + attributes: '- (Optional) Matches attributes derived from the request.' + fixed_rate: '- (Required) The percentage of matching requests to instrument, after the reservoir is exhausted.' + host: '- (Required) Matches the hostname from a request URL.' + http_method: '- (Required) Matches the HTTP method of a request.' + id: '- The name of the sampling rule.' + priority: '- (Required) The priority of the sampling rule.' + reservoir_size: '- (Required) A fixed number of matching requests to instrument per second, prior to applying the fixed rate. The reservoir is not used directly by services, but applies to all services using the rule collectively.' + resource_arn: '- (Required) Matches the ARN of the AWS resource on which the service runs.' + rule_name: '- (Required) The name of the sampling rule.' + service_name: '- (Required) Matches the name that the service uses to identify itself in segments.' + service_type: '- (Required) Matches the origin that the service uses to identify its type in segments.' + tags: '- (Optional) Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.' + tags_all: '- A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.' + url_path: '- (Required) Matches the path from a request URL.' + version: '- (Required) The version of the sampling rule format (1 )' diff --git a/package/crds/autoscaling.aws.jet.crossplane.io_attachments.yaml b/package/crds/autoscaling.aws.jet.crossplane.io_attachments.yaml index adf766589..a2bfc556e 100644 --- a/package/crds/autoscaling.aws.jet.crossplane.io_attachments.yaml +++ b/package/crds/autoscaling.aws.jet.crossplane.io_attachments.yaml @@ -169,6 +169,9 @@ spec: description: AttachmentStatus defines the observed state of Attachment. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/autoscaling.aws.jet.crossplane.io_autoscalinggroups.yaml b/package/crds/autoscaling.aws.jet.crossplane.io_autoscalinggroups.yaml index 9a88e401e..883cf3a30 100644 --- a/package/crds/autoscaling.aws.jet.crossplane.io_autoscalinggroups.yaml +++ b/package/crds/autoscaling.aws.jet.crossplane.io_autoscalinggroups.yaml @@ -367,6 +367,8 @@ spec: properties: arn: type: string + id: + type: string loadBalancers: items: type: string diff --git a/package/crds/ebs.aws.jet.crossplane.io_volumes.yaml b/package/crds/ebs.aws.jet.crossplane.io_volumes.yaml index 0b591a6f8..efc7bed92 100644 --- a/package/crds/ebs.aws.jet.crossplane.io_volumes.yaml +++ b/package/crds/ebs.aws.jet.crossplane.io_volumes.yaml @@ -171,6 +171,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ec2.aws.jet.crossplane.io_elasticips.yaml b/package/crds/ec2.aws.jet.crossplane.io_elasticips.yaml index 8cc1a52cb..2510872a0 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_elasticips.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_elasticips.yaml @@ -194,6 +194,8 @@ spec: type: string domain: type: string + id: + type: string privateDns: type: string privateIp: diff --git a/package/crds/ec2.aws.jet.crossplane.io_instances.yaml b/package/crds/ec2.aws.jet.crossplane.io_instances.yaml index 35c143eb7..71614e63f 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_instances.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_instances.yaml @@ -474,6 +474,8 @@ spec: properties: arn: type: string + id: + type: string instanceState: type: string outpostArn: diff --git a/package/crds/ec2.aws.jet.crossplane.io_ipv4cidrblockassociations.yaml b/package/crds/ec2.aws.jet.crossplane.io_ipv4cidrblockassociations.yaml index 0865d5ac3..b4cf7c43c 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_ipv4cidrblockassociations.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_ipv4cidrblockassociations.yaml @@ -148,6 +148,9 @@ spec: of IPv4CIDRBlockAssociation. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/ec2.aws.jet.crossplane.io_launchtemplates.yaml b/package/crds/ec2.aws.jet.crossplane.io_launchtemplates.yaml index 98e3e8347..ad49e821b 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_launchtemplates.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_launchtemplates.yaml @@ -593,6 +593,8 @@ spec: properties: arn: type: string + id: + type: string latestVersion: format: int64 type: integer diff --git a/package/crds/ec2.aws.jet.crossplane.io_networkinterfaces.yaml b/package/crds/ec2.aws.jet.crossplane.io_networkinterfaces.yaml index 064801688..dfd2d86a4 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_networkinterfaces.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_networkinterfaces.yaml @@ -234,6 +234,8 @@ spec: properties: atProvider: properties: + id: + type: string macAddress: type: string outpostArn: diff --git a/package/crds/ec2.aws.jet.crossplane.io_peeringconnectionaccepters.yaml b/package/crds/ec2.aws.jet.crossplane.io_peeringconnectionaccepters.yaml index 292afce22..c25b0ff78 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_peeringconnectionaccepters.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_peeringconnectionaccepters.yaml @@ -154,6 +154,8 @@ spec: properties: acceptStatus: type: string + id: + type: string peerOwnerId: type: string peerRegion: diff --git a/package/crds/ec2.aws.jet.crossplane.io_routes.yaml b/package/crds/ec2.aws.jet.crossplane.io_routes.yaml index 28168027d..6452758d9 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_routes.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_routes.yaml @@ -284,6 +284,8 @@ spec: properties: atProvider: properties: + id: + type: string instanceOwnerId: type: string origin: diff --git a/package/crds/ec2.aws.jet.crossplane.io_routetableassociations.yaml b/package/crds/ec2.aws.jet.crossplane.io_routetableassociations.yaml index 38ea9379d..dcd3fa6c5 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_routetableassociations.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_routetableassociations.yaml @@ -171,6 +171,9 @@ spec: RouteTableAssociation. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/ec2.aws.jet.crossplane.io_routetables.yaml b/package/crds/ec2.aws.jet.crossplane.io_routetables.yaml index cdad2bc2c..5033a6bb6 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_routetables.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_routetables.yaml @@ -280,6 +280,8 @@ spec: properties: arn: type: string + id: + type: string ownerId: type: string tagsAll: diff --git a/package/crds/ec2.aws.jet.crossplane.io_securitygrouprules.yaml b/package/crds/ec2.aws.jet.crossplane.io_securitygrouprules.yaml index be398baa2..82b72c43e 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_securitygrouprules.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_securitygrouprules.yaml @@ -175,6 +175,9 @@ spec: description: SecurityGroupRuleStatus defines the observed state of SecurityGroupRule. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/ec2.aws.jet.crossplane.io_securitygroups.yaml b/package/crds/ec2.aws.jet.crossplane.io_securitygroups.yaml index 924c33475..a01ddd3d3 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_securitygroups.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_securitygroups.yaml @@ -283,6 +283,8 @@ spec: properties: arn: type: string + id: + type: string ownerId: type: string tagsAll: diff --git a/package/crds/ec2.aws.jet.crossplane.io_subnets.yaml b/package/crds/ec2.aws.jet.crossplane.io_subnets.yaml index bb2ba3b1b..c407f5a9a 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_subnets.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_subnets.yaml @@ -168,6 +168,8 @@ spec: properties: arn: type: string + id: + type: string ipv6CidrBlockAssociationId: type: string ownerId: diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutes.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutes.yaml index 6cca9c01a..6efa8e348 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutes.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutes.yaml @@ -173,6 +173,9 @@ spec: description: TransitGatewayRouteStatus defines the observed state of TransitGatewayRoute. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetableassociations.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetableassociations.yaml index 4298ad259..9bbc1c8cb 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetableassociations.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetableassociations.yaml @@ -171,6 +171,8 @@ spec: properties: atProvider: properties: + id: + type: string resourceId: type: string resourceType: diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetablepropagations.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetablepropagations.yaml index d636dbdf1..73f3f5a99 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetablepropagations.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetablepropagations.yaml @@ -171,6 +171,8 @@ spec: properties: atProvider: properties: + id: + type: string resourceId: type: string resourceType: diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetables.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetables.yaml index 840380720..1563ee149 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetables.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayroutetables.yaml @@ -156,6 +156,8 @@ spec: type: boolean defaultPropagationRouteTable: type: boolean + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgateways.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgateways.yaml index 7407b2b05..3c77ddc11 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgateways.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgateways.yaml @@ -141,6 +141,8 @@ spec: type: string associationDefaultRouteTableId: type: string + id: + type: string ownerId: type: string propagationDefaultRouteTableId: diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachmentaccepters.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachmentaccepters.yaml index 228d1768d..8c1f0f007 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachmentaccepters.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachmentaccepters.yaml @@ -158,6 +158,8 @@ spec: type: string dnsSupport: type: string + id: + type: string ipv6Support: type: string subnetIds: diff --git a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachments.yaml b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachments.yaml index dfc126caf..821b27ee4 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachments.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_transitgatewayvpcattachments.yaml @@ -214,6 +214,8 @@ spec: properties: atProvider: properties: + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ec2.aws.jet.crossplane.io_vpcendpoints.yaml b/package/crds/ec2.aws.jet.crossplane.io_vpcendpoints.yaml index 4669c228f..0fe85761c 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_vpcendpoints.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_vpcendpoints.yaml @@ -260,6 +260,8 @@ spec: type: string type: object type: array + id: + type: string networkInterfaceIds: items: type: string diff --git a/package/crds/ec2.aws.jet.crossplane.io_vpcpeeringconnections.yaml b/package/crds/ec2.aws.jet.crossplane.io_vpcpeeringconnections.yaml index cbb27e002..bc0a28020 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_vpcpeeringconnections.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_vpcpeeringconnections.yaml @@ -204,6 +204,8 @@ spec: properties: acceptStatus: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ec2.aws.jet.crossplane.io_vpcs.yaml b/package/crds/ec2.aws.jet.crossplane.io_vpcs.yaml index 667bc6e6c..cbd1873c0 100644 --- a/package/crds/ec2.aws.jet.crossplane.io_vpcs.yaml +++ b/package/crds/ec2.aws.jet.crossplane.io_vpcs.yaml @@ -147,6 +147,8 @@ spec: type: string dhcpOptionsId: type: string + id: + type: string ipv6AssociationId: type: string ipv6CidrBlock: diff --git a/package/crds/ecr.aws.jet.crossplane.io_repositories.yaml b/package/crds/ecr.aws.jet.crossplane.io_repositories.yaml index bb5162f4c..09286623f 100644 --- a/package/crds/ecr.aws.jet.crossplane.io_repositories.yaml +++ b/package/crds/ecr.aws.jet.crossplane.io_repositories.yaml @@ -168,6 +168,8 @@ spec: properties: arn: type: string + id: + type: string registryId: type: string repositoryUrl: diff --git a/package/crds/ecrpublic.aws.jet.crossplane.io_repositories.yaml b/package/crds/ecrpublic.aws.jet.crossplane.io_repositories.yaml index 33e839983..e7f41a9c8 100644 --- a/package/crds/ecrpublic.aws.jet.crossplane.io_repositories.yaml +++ b/package/crds/ecrpublic.aws.jet.crossplane.io_repositories.yaml @@ -143,6 +143,8 @@ spec: properties: arn: type: string + id: + type: string registryId: type: string repositoryUri: diff --git a/package/crds/ecs.aws.jet.crossplane.io_capacityproviders.yaml b/package/crds/ecs.aws.jet.crossplane.io_capacityproviders.yaml index 14c9ffebb..46fee8c9b 100644 --- a/package/crds/ecs.aws.jet.crossplane.io_capacityproviders.yaml +++ b/package/crds/ecs.aws.jet.crossplane.io_capacityproviders.yaml @@ -177,6 +177,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ecs.aws.jet.crossplane.io_clusters.yaml b/package/crds/ecs.aws.jet.crossplane.io_clusters.yaml index 785d47efd..bfea88a1f 100644 --- a/package/crds/ecs.aws.jet.crossplane.io_clusters.yaml +++ b/package/crds/ecs.aws.jet.crossplane.io_clusters.yaml @@ -209,6 +209,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ecs.aws.jet.crossplane.io_services.yaml b/package/crds/ecs.aws.jet.crossplane.io_services.yaml index bafb0a2b2..133858492 100644 --- a/package/crds/ecs.aws.jet.crossplane.io_services.yaml +++ b/package/crds/ecs.aws.jet.crossplane.io_services.yaml @@ -359,6 +359,8 @@ spec: properties: atProvider: properties: + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/ecs.aws.jet.crossplane.io_taskdefinitions.yaml b/package/crds/ecs.aws.jet.crossplane.io_taskdefinitions.yaml index 27e772796..1bf44744a 100644 --- a/package/crds/ecs.aws.jet.crossplane.io_taskdefinitions.yaml +++ b/package/crds/ecs.aws.jet.crossplane.io_taskdefinitions.yaml @@ -299,6 +299,8 @@ spec: properties: arn: type: string + id: + type: string revision: format: int64 type: integer diff --git a/package/crds/eks.aws.jet.crossplane.io_addons.yaml b/package/crds/eks.aws.jet.crossplane.io_addons.yaml index b98732ba0..b16e15f18 100644 --- a/package/crds/eks.aws.jet.crossplane.io_addons.yaml +++ b/package/crds/eks.aws.jet.crossplane.io_addons.yaml @@ -180,6 +180,8 @@ spec: type: string createdAt: type: string + id: + type: string modifiedAt: type: string tagsAll: diff --git a/package/crds/eks.aws.jet.crossplane.io_clusters.yaml b/package/crds/eks.aws.jet.crossplane.io_clusters.yaml index 964c1113d..12d5a283a 100644 --- a/package/crds/eks.aws.jet.crossplane.io_clusters.yaml +++ b/package/crds/eks.aws.jet.crossplane.io_clusters.yaml @@ -268,6 +268,8 @@ spec: type: string endpoint: type: string + id: + type: string identity: items: properties: diff --git a/package/crds/eks.aws.jet.crossplane.io_fargateprofiles.yaml b/package/crds/eks.aws.jet.crossplane.io_fargateprofiles.yaml index 48e428caa..ca90c4696 100644 --- a/package/crds/eks.aws.jet.crossplane.io_fargateprofiles.yaml +++ b/package/crds/eks.aws.jet.crossplane.io_fargateprofiles.yaml @@ -217,6 +217,8 @@ spec: properties: arn: type: string + id: + type: string status: type: string tagsAll: diff --git a/package/crds/eks.aws.jet.crossplane.io_identityproviderconfigs.yaml b/package/crds/eks.aws.jet.crossplane.io_identityproviderconfigs.yaml index 8c0a5f928..10ed477a2 100644 --- a/package/crds/eks.aws.jet.crossplane.io_identityproviderconfigs.yaml +++ b/package/crds/eks.aws.jet.crossplane.io_identityproviderconfigs.yaml @@ -179,6 +179,8 @@ spec: properties: arn: type: string + id: + type: string status: type: string tagsAll: diff --git a/package/crds/eks.aws.jet.crossplane.io_nodegroups.yaml b/package/crds/eks.aws.jet.crossplane.io_nodegroups.yaml index c15839013..944101aa7 100644 --- a/package/crds/eks.aws.jet.crossplane.io_nodegroups.yaml +++ b/package/crds/eks.aws.jet.crossplane.io_nodegroups.yaml @@ -307,6 +307,8 @@ spec: properties: arn: type: string + id: + type: string resources: items: properties: diff --git a/package/crds/elasticache.aws.jet.crossplane.io_clusters.yaml b/package/crds/elasticache.aws.jet.crossplane.io_clusters.yaml index 8b72144c5..b7279c5ef 100644 --- a/package/crds/elasticache.aws.jet.crossplane.io_clusters.yaml +++ b/package/crds/elasticache.aws.jet.crossplane.io_clusters.yaml @@ -220,6 +220,8 @@ spec: type: string engineVersionActual: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/elasticache.aws.jet.crossplane.io_parametergroups.yaml b/package/crds/elasticache.aws.jet.crossplane.io_parametergroups.yaml index 7a1672aac..fa2a694c7 100644 --- a/package/crds/elasticache.aws.jet.crossplane.io_parametergroups.yaml +++ b/package/crds/elasticache.aws.jet.crossplane.io_parametergroups.yaml @@ -141,6 +141,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/elasticache.aws.jet.crossplane.io_replicationgroups.yaml b/package/crds/elasticache.aws.jet.crossplane.io_replicationgroups.yaml index 2929f7b7a..fbe0826c9 100644 --- a/package/crds/elasticache.aws.jet.crossplane.io_replicationgroups.yaml +++ b/package/crds/elasticache.aws.jet.crossplane.io_replicationgroups.yaml @@ -225,6 +225,8 @@ spec: type: string engineVersionActual: type: string + id: + type: string memberClusters: items: type: string diff --git a/package/crds/elasticache.aws.jet.crossplane.io_usergroups.yaml b/package/crds/elasticache.aws.jet.crossplane.io_usergroups.yaml index 532522727..ca6992b3a 100644 --- a/package/crds/elasticache.aws.jet.crossplane.io_usergroups.yaml +++ b/package/crds/elasticache.aws.jet.crossplane.io_usergroups.yaml @@ -156,6 +156,8 @@ spec: properties: atProvider: properties: + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/elasticache.aws.jet.crossplane.io_users.yaml b/package/crds/elasticache.aws.jet.crossplane.io_users.yaml index 79dd24c1b..a18e9b8af 100644 --- a/package/crds/elasticache.aws.jet.crossplane.io_users.yaml +++ b/package/crds/elasticache.aws.jet.crossplane.io_users.yaml @@ -139,6 +139,8 @@ spec: properties: atProvider: properties: + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancerlisteners.yaml b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancerlisteners.yaml index 70765e243..2ac4c2e06 100644 --- a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancerlisteners.yaml +++ b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancerlisteners.yaml @@ -367,6 +367,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancers.yaml b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancers.yaml index 9cffb9760..ad606f77a 100644 --- a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancers.yaml +++ b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_loadbalancers.yaml @@ -279,6 +279,8 @@ spec: type: string dnsName: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroupattachments.yaml b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroupattachments.yaml index d2d92e5bb..b571d679b 100644 --- a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroupattachments.yaml +++ b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroupattachments.yaml @@ -152,6 +152,9 @@ spec: TargetGroupAttachment. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroups.yaml b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroups.yaml index 03b8f109d..7e0159c8e 100644 --- a/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroups.yaml +++ b/package/crds/elasticloadbalancing.aws.jet.crossplane.io_targetgroups.yaml @@ -220,6 +220,8 @@ spec: type: string arnSuffix: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/iam.aws.jet.crossplane.io_accesskeys.yaml b/package/crds/iam.aws.jet.crossplane.io_accesskeys.yaml index a4141ba55..87fd97ef7 100644 --- a/package/crds/iam.aws.jet.crossplane.io_accesskeys.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_accesskeys.yaml @@ -147,6 +147,8 @@ spec: type: string encryptedSesSmtpPasswordV4: type: string + id: + type: string keyFingerprint: type: string type: object diff --git a/package/crds/iam.aws.jet.crossplane.io_grouppolicyattachments.yaml b/package/crds/iam.aws.jet.crossplane.io_grouppolicyattachments.yaml index 802678f47..5eac9cf4e 100644 --- a/package/crds/iam.aws.jet.crossplane.io_grouppolicyattachments.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_grouppolicyattachments.yaml @@ -163,6 +163,9 @@ spec: GroupPolicyAttachment. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/iam.aws.jet.crossplane.io_groups.yaml b/package/crds/iam.aws.jet.crossplane.io_groups.yaml index 6724be96a..c3f3e694a 100644 --- a/package/crds/iam.aws.jet.crossplane.io_groups.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_groups.yaml @@ -116,6 +116,8 @@ spec: properties: arn: type: string + id: + type: string uniqueId: type: string type: object diff --git a/package/crds/iam.aws.jet.crossplane.io_instanceprofiles.yaml b/package/crds/iam.aws.jet.crossplane.io_instanceprofiles.yaml index 6677f8b6b..e0bbb9a28 100644 --- a/package/crds/iam.aws.jet.crossplane.io_instanceprofiles.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_instanceprofiles.yaml @@ -147,6 +147,8 @@ spec: type: string createDate: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/iam.aws.jet.crossplane.io_policies.yaml b/package/crds/iam.aws.jet.crossplane.io_policies.yaml index 99dcbb594..d8323470d 100644 --- a/package/crds/iam.aws.jet.crossplane.io_policies.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_policies.yaml @@ -130,6 +130,8 @@ spec: properties: arn: type: string + id: + type: string policyId: type: string tagsAll: diff --git a/package/crds/iam.aws.jet.crossplane.io_rolepolicyattachments.yaml b/package/crds/iam.aws.jet.crossplane.io_rolepolicyattachments.yaml index d92a471cf..9cbb9d2c9 100644 --- a/package/crds/iam.aws.jet.crossplane.io_rolepolicyattachments.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_rolepolicyattachments.yaml @@ -163,6 +163,9 @@ spec: RolePolicyAttachment. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/iam.aws.jet.crossplane.io_roles.yaml b/package/crds/iam.aws.jet.crossplane.io_roles.yaml index a9491e871..7bff23808 100644 --- a/package/crds/iam.aws.jet.crossplane.io_roles.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_roles.yaml @@ -148,6 +148,8 @@ spec: type: string createDate: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/iam.aws.jet.crossplane.io_usergroupmemberships.yaml b/package/crds/iam.aws.jet.crossplane.io_usergroupmemberships.yaml index 856d91fad..2009f2847 100644 --- a/package/crds/iam.aws.jet.crossplane.io_usergroupmemberships.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_usergroupmemberships.yaml @@ -166,6 +166,9 @@ spec: description: UserGroupMembershipStatus defines the observed state of UserGroupMembership. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/iam.aws.jet.crossplane.io_userpolicyattachments.yaml b/package/crds/iam.aws.jet.crossplane.io_userpolicyattachments.yaml index a097c2cdb..2966d2526 100644 --- a/package/crds/iam.aws.jet.crossplane.io_userpolicyattachments.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_userpolicyattachments.yaml @@ -163,6 +163,9 @@ spec: UserPolicyAttachment. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/iam.aws.jet.crossplane.io_users.yaml b/package/crds/iam.aws.jet.crossplane.io_users.yaml index eca1c0a6c..6b2749db9 100644 --- a/package/crds/iam.aws.jet.crossplane.io_users.yaml +++ b/package/crds/iam.aws.jet.crossplane.io_users.yaml @@ -126,6 +126,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/kms.aws.jet.crossplane.io_keys.yaml b/package/crds/kms.aws.jet.crossplane.io_keys.yaml index 2356ab635..3c1b7616d 100644 --- a/package/crds/kms.aws.jet.crossplane.io_keys.yaml +++ b/package/crds/kms.aws.jet.crossplane.io_keys.yaml @@ -141,6 +141,8 @@ spec: properties: arn: type: string + id: + type: string keyId: type: string tagsAll: diff --git a/package/crds/rds.aws.jet.crossplane.io_dbclusters.yaml b/package/crds/rds.aws.jet.crossplane.io_dbclusters.yaml index 47680b2b6..23fb8b684 100644 --- a/package/crds/rds.aws.jet.crossplane.io_dbclusters.yaml +++ b/package/crds/rds.aws.jet.crossplane.io_dbclusters.yaml @@ -282,6 +282,8 @@ spec: type: string hostedZoneId: type: string + id: + type: string readerEndpoint: type: string tagsAll: diff --git a/package/crds/rds.aws.jet.crossplane.io_dbinstances.yaml b/package/crds/rds.aws.jet.crossplane.io_dbinstances.yaml index d077eb111..96e009268 100644 --- a/package/crds/rds.aws.jet.crossplane.io_dbinstances.yaml +++ b/package/crds/rds.aws.jet.crossplane.io_dbinstances.yaml @@ -457,6 +457,8 @@ spec: type: string hostedZoneId: type: string + id: + type: string latestRestorableTime: type: string replicas: diff --git a/package/crds/rds.aws.jet.crossplane.io_dbparametergroups.yaml b/package/crds/rds.aws.jet.crossplane.io_dbparametergroups.yaml index ed4f17fc0..070377f8f 100644 --- a/package/crds/rds.aws.jet.crossplane.io_dbparametergroups.yaml +++ b/package/crds/rds.aws.jet.crossplane.io_dbparametergroups.yaml @@ -143,6 +143,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/route53.aws.jet.crossplane.io_delegationsets.yaml b/package/crds/route53.aws.jet.crossplane.io_delegationsets.yaml index 63be66dcc..1164d6a69 100644 --- a/package/crds/route53.aws.jet.crossplane.io_delegationsets.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_delegationsets.yaml @@ -120,6 +120,8 @@ spec: properties: atProvider: properties: + id: + type: string nameServers: items: type: string diff --git a/package/crds/route53.aws.jet.crossplane.io_healthchecks.yaml b/package/crds/route53.aws.jet.crossplane.io_healthchecks.yaml index 1c94d9997..66989a0c2 100644 --- a/package/crds/route53.aws.jet.crossplane.io_healthchecks.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_healthchecks.yaml @@ -169,6 +169,8 @@ spec: properties: atProvider: properties: + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/route53.aws.jet.crossplane.io_hostedzonednssecs.yaml b/package/crds/route53.aws.jet.crossplane.io_hostedzonednssecs.yaml index 0cde37243..cd5ffb3aa 100644 --- a/package/crds/route53.aws.jet.crossplane.io_hostedzonednssecs.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_hostedzonednssecs.yaml @@ -144,6 +144,9 @@ spec: description: HostedZoneDnssecStatus defines the observed state of HostedZoneDnssec. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_keysigningkeys.yaml b/package/crds/route53.aws.jet.crossplane.io_keysigningkeys.yaml index 31b3610aa..c91388163 100644 --- a/package/crds/route53.aws.jet.crossplane.io_keysigningkeys.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_keysigningkeys.yaml @@ -187,6 +187,8 @@ spec: flag: format: int64 type: integer + id: + type: string keyTag: format: int64 type: integer diff --git a/package/crds/route53.aws.jet.crossplane.io_querylogs.yaml b/package/crds/route53.aws.jet.crossplane.io_querylogs.yaml index c616a4b79..aa8c4c499 100644 --- a/package/crds/route53.aws.jet.crossplane.io_querylogs.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_querylogs.yaml @@ -123,6 +123,9 @@ spec: description: QueryLogStatus defines the observed state of QueryLog. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_records.yaml b/package/crds/route53.aws.jet.crossplane.io_records.yaml index 3aa244dd9..ba6cc2ee6 100644 --- a/package/crds/route53.aws.jet.crossplane.io_records.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_records.yaml @@ -243,6 +243,8 @@ spec: properties: fqdn: type: string + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverendpoints.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverendpoints.yaml index e1beaa5bc..3ba999635 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverendpoints.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverendpoints.yaml @@ -148,6 +148,8 @@ spec: type: string hostVpcId: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverfirewallconfigs.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverfirewallconfigs.yaml index fe0b23d00..d52f2d941 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverfirewallconfigs.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverfirewallconfigs.yaml @@ -125,6 +125,8 @@ spec: properties: atProvider: properties: + id: + type: string ownerId: type: string type: object diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverfirewalldomainlists.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverfirewalldomainlists.yaml index 456105ab2..63f97a98b 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverfirewalldomainlists.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverfirewalldomainlists.yaml @@ -134,6 +134,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrulegroupassociations.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrulegroupassociations.yaml index 7ffcb5342..ab866839a 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrulegroupassociations.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrulegroupassociations.yaml @@ -142,6 +142,8 @@ spec: properties: arn: type: string + id: + type: string tagsAll: additionalProperties: type: string diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrules.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrules.yaml index 7e9288213..711d384a8 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrules.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverfirewallrules.yaml @@ -144,6 +144,9 @@ spec: ResolverFirewallRule. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigassociations.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigassociations.yaml index 53c35ab04..23a6665ea 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigassociations.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigassociations.yaml @@ -126,6 +126,9 @@ spec: state of ResolverQueryLogConfigAssociation. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigs.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigs.yaml index a420d981c..1682fd323 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigs.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverquerylogconfigs.yaml @@ -132,6 +132,8 @@ spec: properties: arn: type: string + id: + type: string ownerId: type: string shareStatus: diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverruleassociations.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverruleassociations.yaml index ac339e2a9..4874231a7 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverruleassociations.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverruleassociations.yaml @@ -128,6 +128,9 @@ spec: of ResolverRuleAssociation. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_resolverrules.yaml b/package/crds/route53.aws.jet.crossplane.io_resolverrules.yaml index 33154d780..ccc4f611d 100644 --- a/package/crds/route53.aws.jet.crossplane.io_resolverrules.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_resolverrules.yaml @@ -146,6 +146,8 @@ spec: properties: arn: type: string + id: + type: string ownerId: type: string shareStatus: diff --git a/package/crds/route53.aws.jet.crossplane.io_vpcassociationauthorizations.yaml b/package/crds/route53.aws.jet.crossplane.io_vpcassociationauthorizations.yaml index 7fd7b510a..e61b1c132 100644 --- a/package/crds/route53.aws.jet.crossplane.io_vpcassociationauthorizations.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_vpcassociationauthorizations.yaml @@ -172,6 +172,9 @@ spec: of VpcAssociationAuthorization. properties: atProvider: + properties: + id: + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/route53.aws.jet.crossplane.io_zoneassociations.yaml b/package/crds/route53.aws.jet.crossplane.io_zoneassociations.yaml index 77ccbb8e3..89d383aa0 100644 --- a/package/crds/route53.aws.jet.crossplane.io_zoneassociations.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_zoneassociations.yaml @@ -170,6 +170,8 @@ spec: properties: atProvider: properties: + id: + type: string owningAccount: type: string type: object diff --git a/package/crds/route53.aws.jet.crossplane.io_zones.yaml b/package/crds/route53.aws.jet.crossplane.io_zones.yaml index 5e8aad180..a6720fcce 100644 --- a/package/crds/route53.aws.jet.crossplane.io_zones.yaml +++ b/package/crds/route53.aws.jet.crossplane.io_zones.yaml @@ -187,6 +187,8 @@ spec: properties: atProvider: properties: + id: + type: string nameServers: items: type: string diff --git a/package/crds/s3.aws.jet.crossplane.io_buckets.yaml b/package/crds/s3.aws.jet.crossplane.io_buckets.yaml index 3a2286f53..08a41b167 100644 --- a/package/crds/s3.aws.jet.crossplane.io_buckets.yaml +++ b/package/crds/s3.aws.jet.crossplane.io_buckets.yaml @@ -428,6 +428,8 @@ spec: type: string bucketRegionalDomainName: type: string + id: + type: string tagsAll: additionalProperties: type: string