feat(sources): update documentation #1518

aws-cdk-automation · 2024-12-23T03:21:15Z

⚠️ This Pull Request updates daily and will overwrite all manual changes pushed to the branch

Updates the documentation source from upstream. See details in workflow run.

Automatically created by projen via the "update-source-documentation" workflow

> ⚠️ This Pull Request updates daily and will overwrite **all** manual changes pushed to the branch Updates the documentation source from upstream. See details in [workflow run]. [Workflow Run]: https://github.com/cdklabs/awscdk-service-spec/actions/runs/12460614694 ------ *Automatically created by projen via the "update-source-documentation" workflow* Signed-off-by: github-actions <[email protected]>

github-actions · 2024-12-23T03:21:17Z

To work on this Pull Request, please create a new branch and PR. This prevents your work from being deleted by the automation.

Run the following commands inside the repo:

gh co 1518
git switch -c fix-pr-1518 && git push -u origin HEAD
gh pr create -t "fix: PR #1518" --body "Fixes https://github.com/cdklabs/awscdk-service-spec/pull/1518"

github-actions · 2024-12-23T03:26:58Z

@aws-cdk/aws-service-spec: Model database diff detected

├[~] service aws-bedrock
│ └ resources
│    ├[~]  resource AWS::Bedrock::Agent
│    │  └ types
│    │     └[~] type Function
│    │       └ properties
│    │          └ RequireConfirmation: (documentation changed)
│    └[~]  resource AWS::Bedrock::Prompt
│       └ types
│          ├[~] type ChatPromptTemplateConfiguration
│          │ ├      - documentation: Configuration for chat prompt template
│          │ │      + documentation: Contains configurations to use a prompt in a conversational format. For more information, see [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) .
│          │ └ properties
│          │    ├ InputVariables: (documentation changed)
│          │    ├ Messages: (documentation changed)
│          │    ├ System: (documentation changed)
│          │    └ ToolConfiguration: (documentation changed)
│          ├[~] type ContentBlock
│          │ ├      - documentation: Configuration for chat prompt template
│          │ │      + documentation: A block of content for a message that you pass to, or receive from, a model with the [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) or [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html) API operations.
│          │ └ properties
│          │    └ Text: (documentation changed)
│          ├[~] type Message
│          │ ├      - documentation: Chat prompt Message
│          │ │      + documentation: A message input, or returned from, a call to [Converse](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_Converse.html) or [ConverseStream](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html) .
│          │ └ properties
│          │    ├ Content: (documentation changed)
│          │    └ Role: (documentation changed)
│          ├[~] type PromptAgentResource
│          │ ├      - documentation: Target Agent to invoke with Prompt
│          │ │      + documentation: Contains specifications for an Amazon Bedrock agent with which to use the prompt. For more information, see [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) and [Automate tasks in your application using conversational agents](https://docs.aws.amazon.com/bedrock/latest/userguide/agents.html) .
│          │ └ properties
│          │    └ AgentIdentifier: (documentation changed)
│          ├[~] type PromptGenAiResource
│          │ ├      - documentation: Target resource to invoke with Prompt
│          │ │      + documentation: Contains specifications for a generative AI resource with which to use the prompt. For more information, see [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) .
│          │ └ properties
│          │    └ Agent: (documentation changed)
│          ├[~] type PromptTemplateConfiguration
│          │ └ properties
│          │    └ Chat: (documentation changed)
│          ├[~] type PromptVariant
│          │ └ properties
│          │    └ GenAiResource: (documentation changed)
│          ├[~] type SpecificToolChoice
│          │ ├      - documentation: Specific Tool choice
│          │ │      + documentation: The model must request a specific tool. For example, `{"tool" : {"name" : "Your tool name"}}` .
│          │ │      > This field is only supported by Anthropic Claude 3 models.
│          │ └ properties
│          │    └ Name: (documentation changed)
│          ├[~] type SystemContentBlock
│          │ ├      - documentation: Configuration for chat prompt template
│          │ │      + documentation: Contains configurations for instructions to provide the model for how to handle input. To learn more, see [Using the Converse API](https://docs.aws.amazon.com/bedrock/latest/userguide/conversation-inference-call.html) .
│          │ └ properties
│          │    └ Text: (documentation changed)
│          ├[~] type Tool
│          │ ├      - documentation: Tool details
│          │ │      + documentation: Information about a tool that you can use with the Converse API. For more information, see [Tool use (function calling)](https://docs.aws.amazon.com/bedrock/latest/userguide/tool-use.html) in the Amazon Bedrock User Guide.
│          │ └ properties
│          │    └ ToolSpec: (documentation changed)
│          ├[~] type ToolChoice
│          │ ├      - documentation: undefined
│          │ │      + documentation: Determines which tools the model should request in a call to `Converse` or `ConverseStream` . `ToolChoice` is only supported by Anthropic Claude 3 models and by Mistral AI Mistral Large.
│          │ └ properties
│          │    ├ Any: (documentation changed)
│          │    ├ Auto: (documentation changed)
│          │    └ Tool: (documentation changed)
│          ├[~] type ToolConfiguration
│          │ ├      - documentation: Tool configuration
│          │ │      + documentation: Configuration information for the tools that you pass to a model. For more information, see [Tool use (function calling)](https://docs.aws.amazon.com/bedrock/latest/userguide/tool-use.html) in the Amazon Bedrock User Guide.
│          │ └ properties
│          │    ├ ToolChoice: (documentation changed)
│          │    └ Tools: (documentation changed)
│          ├[~] type ToolInputSchema
│          │ ├      - documentation: Tool input schema
│          │ │      + documentation: The schema for the tool. The top level schema type must be `object` .
│          │ └ properties
│          │    └ Json: (documentation changed)
│          └[~] type ToolSpecification
│            ├      - documentation: Tool specification
│            │      + documentation: The specification for the tool.
│            └ properties
│               ├ Description: (documentation changed)
│               ├ InputSchema: (documentation changed)
│               └ Name: (documentation changed)
├[~] service aws-cassandra
│ └ resources
│    ├[~]  resource AWS::Cassandra::Keyspace
│    │  ├      - documentation: You can use the `AWS::Cassandra::Keyspace` resource to create a new keyspace in Amazon Keyspaces (for Apache Cassandra). For more information, see [Create a keyspace and a table](https://docs.aws.amazon.com/keyspaces/latest/devguide/getting-started.ddl.html) in the *Amazon Keyspaces Developer Guide* .
│    │  │      + documentation: You can use the `AWS::Cassandra::Keyspace` resource to create a new keyspace in Amazon Keyspaces (for Apache Cassandra). For more information, see [Create a keyspace](https://docs.aws.amazon.com/keyspaces/latest/devguide/getting-started.keyspaces.html) in the *Amazon Keyspaces Developer Guide* .
│    │  ├ properties
│    │  │  └ ClientSideTimestampsEnabled: (documentation changed)
│    │  └ types
│    │     └[~] type ReplicationSpecification
│    │       └      - documentation: You can use `ReplicationSpecification` to configure the `ReplicationStrategy` of a keyspace in Amazon Keyspaces .
│    │              The `ReplicationSpecification` property is `CreateOnly` and cannot be changed after the keyspace has been created. This property applies automatically to all tables in the keyspace.
│    │              For more information, see [Multi-Region Replication](https://docs.aws.amazon.com/keyspaces/latest/devguide/multiRegion-replication.html) in the *Amazon Keyspaces Developer Guide* .
│    │              + documentation: You can use `ReplicationSpecification` to configure the `ReplicationStrategy` of a keyspace in Amazon Keyspaces .
│    │              The `ReplicationSpecification` property applies automatically to all tables in the keyspace.
│    │              To review the permissions that are required to add a new Region to a single-Region keyspace, see [Configure the IAM permissions required to add an AWS Region to a keyspace](https://docs.aws.amazon.com/keyspaces/latest/devguide/howitworks_replication_permissions_addReplica.html) in the *Amazon Keyspaces Developer Guide* .
│    │              For more information about multi-Region replication, see [Multi-Region replication](https://docs.aws.amazon.com/keyspaces/latest/devguide/multiRegion-replication.html) in the *Amazon Keyspaces Developer Guide* .
│    ├[~]  resource AWS::Cassandra::Table
│    │  └      - documentation: You can use the `AWS::Cassandra::Table` resource to create a new table in Amazon Keyspaces (for Apache Cassandra). For more information, see [Create a keyspace and a table](https://docs.aws.amazon.com/keyspaces/latest/devguide/getting-started.ddl.html) in the *Amazon Keyspaces Developer Guide* .
│    │         + documentation: You can use the `AWS::Cassandra::Table` resource to create a new table in Amazon Keyspaces (for Apache Cassandra). For more information, see [Create a table](https://docs.aws.amazon.com/keyspaces/latest/devguide/getting-started.tables.html) in the *Amazon Keyspaces Developer Guide* .
│    └[~]  resource AWS::Cassandra::Type
│       ├ properties
│       │  ├ Fields: (documentation changed)
│       │  ├ KeyspaceName: (documentation changed)
│       │  └ TypeName: (documentation changed)
│       ├ attributes
│       │  ├ DirectParentTypes: (documentation changed)
│       │  ├ DirectReferringTables: (documentation changed)
│       │  ├ KeyspaceArn: (documentation changed)
│       │  ├ LastModifiedTimestamp: (documentation changed)
│       │  └ MaxNestingDepth: (documentation changed)
│       └ types
│          └[~] type Field
│            ├      - documentation: undefined
│            │      + documentation: The name and data type of an individual field in a user-defined type (UDT). In addition to a Cassandra data type, you can also use another UDT. When you nest another UDT or collection data type, you have to declare them with the `FROZEN` keyword.
│            └ properties
│               ├ FieldName: (documentation changed)
│               └ FieldType: (documentation changed)
├[~] service aws-cloudfront
│ └ resources
│    └[~]  resource AWS::CloudFront::Distribution
│       └ types
│          └[~] type CustomOriginConfig
│            └ properties
│               ├ OriginKeepaliveTimeout: (documentation changed)
│               └ OriginReadTimeout: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│    ├[~]  resource AWS::CloudTrail::EventDataStore
│    │  └ types
│    │     └[~] type AdvancedFieldSelector
│    │       └ properties
│    │          └ Field: (documentation changed)
│    └[~]  resource AWS::CloudTrail::Trail
│       └ types
│          └[~] type AdvancedFieldSelector
│            └ properties
│               └ Field: (documentation changed)
├[~] service aws-databrew
│ └ resources
│    └[~]  resource AWS::DataBrew::Dataset
│       ├ properties
│       │  └ Source: (documentation changed)
│       └ types
│          └[~] type S3Location
│            └ properties
│               └ BucketOwner: (documentation changed)
├[~] service aws-datasync
│ └ resources
│    ├[~]  resource AWS::DataSync::LocationEFS
│    │  └ properties
│    │     └ Subdirectory: (documentation changed)
│    ├[~]  resource AWS::DataSync::LocationFSxLustre
│    │  └ properties
│    │     ├ FsxFilesystemArn: (documentation changed)
│    │     ├ Subdirectory: (documentation changed)
│    │     └ Tags: (documentation changed)
│    ├[~]  resource AWS::DataSync::LocationFSxONTAP
│    │  ├ properties
│    │  │  └ Subdirectory: (documentation changed)
│    │  └ types
│    │     └[~] type SMB
│    │       └ properties
│    │          └ Domain: (documentation changed)
│    ├[~]  resource AWS::DataSync::LocationFSxWindows
│    │  └ properties
│    │     └ Domain: (documentation changed)
│    └[~]  resource AWS::DataSync::LocationS3
│       └ types
│          └[~] type S3Config
│            └      - documentation: Specifies the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that DataSync uses to access your S3 bucket.
│                   For more information, see [Accessing S3 buckets](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3-location-access) .
│                   + documentation: Specifies the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that DataSync uses to access your S3 bucket.
│                   For more information, see [Providing DataSync access to S3 buckets](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3-location-access) .
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::EC2Fleet
│    │  └ types
│    │     ├[~] type BaselinePerformanceFactorsRequest
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application.
│    │     │ │      Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying `c6i` would use the CPU performance of the `c6i` family as the baseline reference.
│    │     │ └ properties
│    │     │    └ Cpu: (documentation changed)
│    │     ├[~] type CpuPerformanceFactorRequest
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The CPU performance to consider, using an instance family as the baseline reference.
│    │     │ └ properties
│    │     │    └ References: (documentation changed)
│    │     ├[~] type InstanceRequirementsRequest
│    │     │ └ properties
│    │     │    └ BaselinePerformanceFactors: (documentation changed)
│    │     └[~] type PerformanceFactorReferenceRequest
│    │       ├      - documentation: undefined
│    │       │      + documentation: Specify an instance family to use as the baseline reference for CPU performance. All instance types that match your specified attributes will be compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture.
│    │       │      > Currently, only one instance family can be specified in the list.
│    │       └ properties
│    │          └ InstanceFamily: (documentation changed)
│    ├[~]  resource AWS::EC2::SpotFleet
│    │  └ types
│    │     ├[~] type BaselinePerformanceFactorsRequest
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Amazon EC2 uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application.
│    │     │ │      Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying `c6i` would use the CPU performance of the `c6i` family as the baseline reference.
│    │     │ └ properties
│    │     │    └ Cpu: (documentation changed)
│    │     ├[~] type CpuPerformanceFactorRequest
│    │     │ ├      - documentation: undefined
│    │     │ │      + documentation: The CPU performance to consider, using an instance family as the baseline reference.
│    │     │ └ properties
│    │     │    └ References: (documentation changed)
│    │     ├[~] type InstanceRequirementsRequest
│    │     │ └ properties
│    │     │    └ BaselinePerformanceFactors: (documentation changed)
│    │     └[~] type PerformanceFactorReferenceRequest
│    │       ├      - documentation: undefined
│    │       │      + documentation: Specify an instance family to use as the baseline reference for CPU performance. All instance types that match your specified attributes will be compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture.
│    │       │      > Currently, only one instance family can be specified in the list.
│    │       └ properties
│    │          └ InstanceFamily: (documentation changed)
│    └[~]  resource AWS::EC2::VPCEndpoint
│       ├ properties
│       │  ├ DnsOptions: (documentation changed)
│       │  ├ IpAddressType: (documentation changed)
│       │  ├ ResourceConfigurationArn: (documentation changed)
│       │  └ ServiceNetworkArn: (documentation changed)
│       └ types
│          └[~] type DnsOptionsSpecification
│            ├      - documentation: undefined
│            │      + documentation: Describes the DNS options for an endpoint.
│            └ properties
│               ├ DnsRecordIpType: (documentation changed)
│               └ PrivateDnsOnlyForInboundResolverEndpoint: (documentation changed)
├[~] service aws-ecs
│ └ resources
│    ├[~]  resource AWS::ECS::Service
│    │  └ types
│    │     └[~] type LogConfiguration
│    │       └ properties
│    │          └ Options: (documentation changed)
│    └[~]  resource AWS::ECS::TaskDefinition
│       ├ properties
│       │  └ EnableFaultInjection: (documentation changed)
│       └ types
│          └[~] type LogConfiguration
│            └ properties
│               └ Options: (documentation changed)
├[~] service aws-guardduty
│ └ resources
│    ├[~]  resource AWS::GuardDuty::IPSet
│    │  └ types
│    │     └[~] type TagItem
│    │       └      - documentation: Contains information about a tag.
│    │              + documentation: Describes a tag.
│    ├[~]  resource AWS::GuardDuty::MalwareProtectionPlan
│    │  └ types
│    │     └[~] type TagItem
│    │       └      - documentation: Contains information about a tag.
│    │              + documentation: Describes a tag.
│    └[~]  resource AWS::GuardDuty::ThreatIntelSet
│       └ types
│          └[~] type TagItem
│            └      - documentation: Contains information about a tag.
│                   + documentation: Describes a tag.
├[~] service aws-iot1click
│ └ resources
│    ├[~]  resource AWS::IoT1Click::Device
│    │  └      - documentation: The `AWS::IoT1Click::Device` resource controls the enabled state of an AWS IoT 1-Click compatible device. For more information, see [Device](https://docs.aws.amazon.com/iot-1-click/1.0/devices-apireference/devices-deviceid.html) in the *AWS IoT 1-Click Devices API Reference* .
│    │         + documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . 
│    │         The `AWS::IoT1Click::Device` resource controls the enabled state of an AWS IoT 1-Click compatible device. For more information, see [Device](https://docs.aws.amazon.com/iot-1-click/1.0/devices-apireference/devices-deviceid.html) in the *AWS IoT 1-Click Devices API Reference* .
│    ├[~]  resource AWS::IoT1Click::Placement
│    │  └      - documentation: The `AWS::IoT1Click::Placement` resource creates a placement to be associated with an AWS IoT 1-Click project. A placement is an instance of a device in a location. For more information, see [Projects, Templates, and Placements](https://docs.aws.amazon.com/iot-1-click/latest/developerguide/1click-PTP.html) in the *AWS IoT 1-Click Developer Guide* .
│    │         + documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . 
│    │         The `AWS::IoT1Click::Placement` resource creates a placement to be associated with an AWS IoT 1-Click project. A placement is an instance of a device in a location. For more information, see [Projects, Templates, and Placements](https://docs.aws.amazon.com/iot-1-click/latest/developerguide/1click-PTP.html) in the *AWS IoT 1-Click Developer Guide* .
│    └[~]  resource AWS::IoT1Click::Project
│       ├      - documentation: The `AWS::IoT1Click::Project` resource creates an empty project with a placement template. A project contains zero or more placements that adhere to the placement template defined in the project. For more information, see [CreateProject](https://docs.aws.amazon.com/iot-1-click/latest/projects-apireference/API_CreateProject.html) in the *AWS IoT 1-Click Projects API Reference* .
│       │      + documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . 
│       │      The `AWS::IoT1Click::Project` resource creates an empty project with a placement template. A project contains zero or more placements that adhere to the placement template defined in the project. For more information, see [CreateProject](https://docs.aws.amazon.com/iot-1-click/latest/projects-apireference/API_CreateProject.html) in the *AWS IoT 1-Click Projects API Reference* .
│       └ types
│          └[~] type PlacementTemplate
│            └      - documentation: In AWS CloudFormation , use the `PlacementTemplate` property type to define the template for an AWS IoT 1-Click project.
│                   `PlacementTemplate` is a property of the `AWS::IoT1Click::Project` resource.
│                   + documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) . 
│                   In AWS CloudFormation , use the `PlacementTemplate` property type to define the template for an AWS IoT 1-Click project.
│                   `PlacementTemplate` is a property of the `AWS::IoT1Click::Project` resource.
├[~] service aws-kendra
│ └ resources
│    └[~]  resource AWS::Kendra::Index
│       └ properties
│          └ Edition: (documentation changed)
├[~] service aws-logs
│ └ resources
│    ├[~]  resource AWS::Logs::AccountPolicy
│    │  ├      - documentation: Creates or updates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.
│    │  │      *Data protection policy*
│    │  │      A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
│    │  │      > Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked. 
│    │  │      If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
│    │  │      By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the `logs:Unmask` permission can use a [GetLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) or [FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) operation with the `unmask` parameter set to `true` to view the unmasked log events. Users with the `logs:Unmask` can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the `unmask` query command.
│    │  │      For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) .
│    │  │      To create an account-level policy, you must be signed on with the `logs:PutDataProtectionPolicy` and `logs:PutAccountPolicy` permissions.
│    │  │      An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
│    │  │      *Subscription filter policy*
│    │  │      A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other AWS services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams , Firehose , and Lambda . When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
│    │  │      The following destinations are supported for subscription filters:
│    │  │      - An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
│    │  │      - An Firehose data stream in the same account as the subscription policy, for same-account delivery.
│    │  │      - A Lambda function in the same account as the subscription policy, for same-account delivery.
│    │  │      - A logical destination in a different account created with [PutDestination](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html) , for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
│    │  │      Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in `PolicyName` . To perform a `PutAccountPolicy` subscription filter operation for any destination except a Lambda function, you must also have the `iam:PassRole` permission.
│    │  │      + documentation: Creates or updates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.
│    │  │      *Data protection policy*
│    │  │      A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
│    │  │      > Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked. 
│    │  │      If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
│    │  │      By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the `logs:Unmask` permission can use a [GetLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) or [FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) operation with the `unmask` parameter set to `true` to view the unmasked log events. Users with the `logs:Unmask` can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the `unmask` query command.
│    │  │      For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) .
│    │  │      To create an account-level policy, you must be signed on with the `logs:PutDataProtectionPolicy` and `logs:PutAccountPolicy` permissions.
│    │  │      An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
│    │  │      *Subscription filter policy*
│    │  │      A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other AWS services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams , Firehose , and Lambda . When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
│    │  │      The following destinations are supported for subscription filters:
│    │  │      - An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
│    │  │      - An Firehose data stream in the same account as the subscription policy, for same-account delivery.
│    │  │      - A Lambda function in the same account as the subscription policy, for same-account delivery.
│    │  │      - A logical destination in a different account created with [PutDestination](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html) , for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
│    │  │      Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in `PolicyName` . To perform a `PutAccountPolicy` subscription filter operation for any destination except a Lambda function, you must also have the `iam:PassRole` permission.
│    │  │      *Field index policy*
│    │  │      You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes lowers the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see [Create field indexes to improve query performance and reduce costs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html)
│    │  │      For example, suppose you have created a field index for `requestId` . Then, any CloudWatch Logs Insights query on that log group that includes `requestId = *value*` or `requestId IN [ *value* , *value* , ...]` will attempt to process only the log events where the indexed field matches the specified value.
│    │  │      Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of `RequestId` won't match a log event containing `requestId` .
│    │  │      You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the `SelectionCriteria` parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with `my-log` , you can't have another field index policy filtered to `my-logpprod` or `my-logging` .
│    │  │      *Transformer policy*
│    │  │      A *log transformer policy* transforms ingested log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.
│    │  │      You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.
│    │  │      A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see [Processors that you can use](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors) .
│    │  │      Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major AWS log sources such as VPC flow logs, Lambda , and Amazon RDS . You can use pre-built transformation templates or create custom transformation policies.
│    │  │      You can create transformers only for the log groups in the Standard log class.
│    │  │      You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the `selectionCriteria` parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with `my-log` , you can't have another field index policy filtered to `my-logpprod` or `my-logging` .
│    │  │      You can also set up a transformer at the log-group level. For more information, see [AWS::Logs::Transformer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-transformer.html) . If there is both a log-group level transformer created with `PutTransformer` and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.
│    │  └ properties
│    │     ├ PolicyDocument: (documentation changed)
│    │     ├ Scope: (documentation changed)
│    │     └ SelectionCriteria: (documentation changed)
│    ├[~]  resource AWS::Logs::Delivery
│    │  ├      - documentation: Use this to create or update one *delivery* in your account.
│    │  │      A delivery is a connection between a logical *delivery source* and a logical *delivery destination* .
│    │  │      For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) .
│    │  │      + documentation: This structure contains information about one *delivery* in your account.
│    │  │      A delivery is a connection between a logical *delivery source* and a logical *delivery destination* .
│    │  │      For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) .
│    │  │      To update an existing delivery configuration, use [UpdateDeliveryConfiguration](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UpdateDeliveryConfiguration.html) .
│    │  └ properties
│    │     └ S3SuffixPath: (documentation changed)
│    ├[~]  resource AWS::Logs::DeliveryDestination
│    │  ├      - documentation: Cretes or updates one *delivery destination* in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to. CloudWatch Logs , Amazon S3 , or Firehose are supported as delivery destinations.
│    │  │      To configure logs delivery between a supported AWS service and a destination, you must do the following:
│    │  │      - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [AWS::Logs::DeliverySource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-deliverysource.html) and [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) .
│    │  │      - Create a *delivery destination* , which is a logical object that represents the actual delivery destination.
│    │  │      - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [AWS::Logs::Delivery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-delivery.html) or [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) .
│    │  │      You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
│    │  │      + documentation: This structure contains information about one *delivery destination* in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to. CloudWatch Logs, Amazon S3, are supported as Firehose delivery destinations.
│    │  │      To configure logs delivery between a supported AWS service and a destination, you must do the following:
│    │  │      - Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see [PutDeliverySource](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliverySource.html) .
│    │  │      - Create a *delivery destination* , which is a logical object that represents the actual delivery destination.
│    │  │      - If you are delivering logs cross-account, you must use [PutDeliveryDestinationPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html) in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
│    │  │      - Create a *delivery* by pairing exactly one delivery source and one delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html) .
│    │  │      You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
│    │  └ attributes
│    │     └ DeliveryDestinationType: (documentation changed)
│    ├[~]  resource AWS::Logs::DeliverySource
│    │  └ properties
│    │     ├ ResourceArn: (documentation changed)
│    │     └ Tags: (documentation changed)
│    ├[~]  resource AWS::Logs::Integration
│    │  └ attributes
│    │     └ IntegrationStatus: (documentation changed)
│    └[~]  resource AWS::Logs::LogGroup
│       └ properties
│          └ FieldIndexPolicies: (documentation changed)
├[~] service aws-m2
│ └ resources
│    └[~]  resource AWS::M2::Environment
│       └ properties
│          └ NetworkType: (documentation changed)
├[~] service aws-opensearchservice
│ └ resources
│    └[~]  resource AWS::OpenSearchService::Domain
│       └ types
│          ├[~] type ClusterConfig
│          │ └ properties
│          │    └ NodeOptions: (documentation changed)
│          ├[~] type NodeConfig
│          │ ├      - documentation: undefined
│          │ │      + documentation: Container for specifying configuration of any node type.
│          │ └ properties
│          │    ├ Count: (documentation changed)
│          │    ├ Enabled: (documentation changed)
│          │    └ Type: (documentation changed)
│          └[~] type NodeOption
│            ├      - documentation: undefined
│            │      + documentation: Container for specifying node type.
│            └ properties
│               ├ NodeConfig: (documentation changed)
│               └ NodeType: (documentation changed)
├[~] service aws-pcs
│ └ resources
│    ├[~]  resource AWS::PCS::Cluster
│    │  ├      - documentation: AWS::PCS::Cluster resource creates an AWS PCS cluster.
│    │  │      + documentation: The `AWS::PCS::Cluster` resource creates an AWS PCS cluster.
│    │  └ types
│    │     ├[~] type AuthKey
│    │     │ ├      - documentation: The shared Slurm key for authentication, also known as the cluster secret.
│    │     │ │      + documentation: The shared Slurm key for authentication, also known as the *cluster secret* .
│    │     │ └ properties
│    │     │    └ SecretArn: (documentation changed)
│    │     ├[~] type Networking
│    │     │ └      - documentation: The networking configuration for the cluster's control plane.
│    │     │        + documentation: TThe networking configuration for the cluster's control plane.
│    │     └[~] type SlurmCustomSetting
│    │       └ properties
│    │          ├ ParameterName: (documentation changed)
│    │          └ ParameterValue: (documentation changed)
│    ├[~]  resource AWS::PCS::ComputeNodeGroup
│    │  ├      - documentation: AWS::PCS::ComputeNodeGroup resource creates an AWS PCS compute node group.
│    │  │      + documentation: The `AWS::PCS::ComputeNodeGroup` resource creates an AWS PCS compute node group.
│    │  ├ properties
│    │  │  └ SpotOptions: (documentation changed)
│    │  └ types
│    │     ├[~] type ErrorInfo
│    │     │ └      - documentation: An error that occurred during resource provisioning.
│    │     │        + documentation: The list of errors that occurred during compute node group provisioning.
│    │     ├[~] type InstanceConfig
│    │     │ └ properties
│    │     │    └ InstanceType: (documentation changed)
│    │     ├[~] type SlurmCustomSetting
│    │     │ └ properties
│    │     │    ├ ParameterName: (documentation changed)
│    │     │    └ ParameterValue: (documentation changed)
│    │     └[~] type SpotOptions
│    │       └      - documentation: Additional configuration when you specify SPOT as the purchase option.
│    │              + documentation: Additional configuration when you specify `SPOT` as the `purchaseOption` .
│    └[~]  resource AWS::PCS::Queue
│       ├      - documentation: AWS::PCS::Queue resource creates an AWS PCS queue.
│       │      + documentation: The `AWS::PCS::Queue` resource creates an AWS PCS queue.
│       └ types
│          └[~] type ErrorInfo
│            └ properties
│               └ Message: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│    ├[~]  resource AWS::QuickSight::CustomPermissions
│    │  ├      - documentation: Definition of the AWS::QuickSight::CustomPermissions Resource Type.
│    │  │      + documentation: Creates a custom permissions profile.
│    │  ├ properties
│    │  │  ├ Capabilities: (documentation changed)
│    │  │  └ CustomPermissionsName: (documentation changed)
│    │  ├ attributes
│    │  │  └ Arn: (documentation changed)
│    │  └ types
│    │     └[~] type Capabilities
│    │       ├      - documentation: undefined
│    │       │      + documentation: A set of actions that correspond to Amazon QuickSight permissions.
│    │       └ properties
│    │          ├ AddOrRunAnomalyDetectionForAnalyses: (documentation changed)
│    │          ├ CreateAndUpdateDashboardEmailReports: (documentation changed)
│    │          ├ CreateAndUpdateDatasets: (documentation changed)
│    │          ├ CreateAndUpdateDataSources: (documentation changed)
│    │          ├ CreateAndUpdateThemes: (documentation changed)
│    │          ├ CreateAndUpdateThresholdAlerts: (documentation changed)
│    │          ├ CreateSharedFolders: (documentation changed)
│    │          ├ CreateSPICEDataset: (documentation changed)
│    │          ├ ExportToCsv: (documentation changed)
│    │          ├ ExportToExcel: (documentation changed)
│    │          ├ RenameSharedFolders: (documentation changed)
│    │          ├ ShareAnalyses: (documentation changed)
│    │          ├ ShareDashboards: (documentation changed)
│    │          ├ ShareDatasets: (documentation changed)
│    │          ├ ShareDataSources: (documentation changed)
│    │          ├ SubscribeDashboardEmailReports: (documentation changed)
│    │          └ ViewAccountSPICECapacity: (documentation changed)
│    └[~]  resource AWS::QuickSight::DataSet
│       ├ properties
│       │  └ PerformanceConfiguration: (documentation changed)
│       └ types
│          └[~] type UploadSettings
│            ├      - documentation: Information about the format for a source file or files.
│            │      + documentation: <p>Information about the format for a source file or files.</p>
│            └ properties
│               ├ ContainsHeader: (documentation changed)
│               ├ Delimiter: (documentation changed)
│               ├ Format: (documentation changed)
│               ├ StartFromRow: (documentation changed)
│               └ TextQualifier: (documentation changed)
├[~] service aws-s3
│ └ resources
│    └[~]  resource AWS::S3::Bucket
│       └ properties
│          └ BucketName: (documentation changed)
├[~] service aws-sagemaker
│ └ resources
│    └[~]  resource AWS::SageMaker::PartnerApp
│       ├      - documentation: Resource Type definition for AWS::SageMaker::PartnerApp
│       │      + documentation: Creates an Amazon SageMaker Partner AI App.
│       ├ properties
│       │  ├ Name: (documentation changed)
│       │  └ Type: (documentation changed)
│       ├ attributes
│       │  └ Arn: (documentation changed)
│       └ types
│          ├[~] type PartnerAppConfig
│          │ ├      - documentation: A collection of configuration settings for the PartnerApp.
│          │ │      + documentation: Configuration settings for the SageMaker Partner AI App.
│          │ └ properties
│          │    ├ AdminUsers: (documentation changed)
│          │    └ Arguments: (documentation changed)
│          └[~] type PartnerAppMaintenanceConfig
│            ├      - documentation: A collection of settings that specify the maintenance schedule for the PartnerApp.
│            │      + documentation: Maintenance configuration settings for the SageMaker Partner AI App.
│            └ properties
│               └ MaintenanceWindowStart: (documentation changed)
├[~] service aws-securityhub
│ └ resources
│    ├[~]  resource AWS::SecurityHub::AutomationRule
│    │  └ types
│    │     ├[~] type AutomationRulesFindingFilters
│    │     │ └ properties
│    │     │    ├ CreatedAt: (documentation changed)
│    │     │    ├ FirstObservedAt: (documentation changed)
│    │     │    ├ LastObservedAt: (documentation changed)
│    │     │    ├ NoteUpdatedAt: (documentation changed)
│    │     │    └ UpdatedAt: (documentation changed)
│    │     └[~] type DateFilter
│    │       └ properties
│    │          ├ End: (documentation changed)
│    │          └ Start: (documentation changed)
│    └[~]  resource AWS::SecurityHub::Insight
│       └ types
│          ├[~] type AwsSecurityFindingFilters
│          │ └ properties
│          │    ├ CreatedAt: (documentation changed)
│          │    ├ FirstObservedAt: (documentation changed)
│          │    ├ LastObservedAt: (documentation changed)
│          │    ├ ProcessLaunchedAt: (documentation changed)
│          │    ├ ProcessTerminatedAt: (documentation changed)
│          │    ├ ResourceContainerLaunchedAt: (documentation changed)
│          │    ├ ThreatIntelIndicatorLastObservedAt: (documentation changed)
│          │    └ UpdatedAt: (documentation changed)
│          └[~] type DateFilter
│            └ properties
│               ├ End: (documentation changed)
│               └ Start: (documentation changed)
├[~] service aws-ses
│ └ resources
│    └[~]  resource AWS::SES::MailManagerRuleSet
│       └ types
│          ├[~] type DeliverToQBusinessAction
│          │ ├      - documentation: undefined
│          │ │      + documentation: The action to deliver incoming emails to an Amazon Q Business application for indexing.
│          │ └ properties
│          │    ├ ActionFailurePolicy: (documentation changed)
│          │    ├ ApplicationId: (documentation changed)
│          │    ├ IndexId: (documentation changed)
│          │    └ RoleArn: (documentation changed)
│          └[~] type RuleAction
│            └ properties
│               └ DeliverToQBusiness: (documentation changed)
├[~] service aws-synthetics
│ └ resources
│    └[~]  resource AWS::Synthetics::Canary
│       └ properties
│          ├ FailureRetentionPeriod: (documentation changed)
│          └ SuccessRetentionPeriod: (documentation changed)
└[~] service aws-wafv2
  └ resources
     ├[~]  resource AWS::WAFv2::RuleGroup
     │  └ types
     │     └[~] type RateBasedStatement
     │       └ properties
     │          └ Limit: (documentation changed)
     └[~]  resource AWS::WAFv2::WebACL
        └ types
           ├[~] type ManagedRuleGroupStatement
           │ └ properties
           │    └ RuleActionOverrides: (documentation changed)
           ├[~] type RateBasedStatement
           │ └ properties
           │    └ Limit: (documentation changed)
           └[~] type RuleGroupReferenceStatement
             └ properties
                └ RuleActionOverrides: (documentation changed)

aws-cdk-automation added the auto-approve label Dec 23, 2024

aws-cdk-automation enabled auto-merge December 23, 2024 03:21

github-actions bot approved these changes Dec 23, 2024

View reviewed changes

aws-cdk-automation added this pull request to the merge queue Dec 23, 2024

Merged via the queue into main with commit 6f6ac11 Dec 23, 2024
11 checks passed

aws-cdk-automation deleted the update-source/documentation branch December 23, 2024 03:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(sources): update documentation #1518

feat(sources): update documentation #1518

aws-cdk-automation commented Dec 23, 2024

github-actions bot commented Dec 23, 2024

github-actions bot commented Dec 23, 2024

feat(sources): update documentation #1518

feat(sources): update documentation #1518

Conversation

aws-cdk-automation commented Dec 23, 2024

github-actions bot commented Dec 23, 2024

github-actions bot commented Dec 23, 2024