Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update L1 CloudFormation resource definitions #28442

Conversation

aws-cdk-automation
Copy link
Collaborator

Updates the L1 CloudFormation resource definitions with the latest changes from @aws-cdk/aws-service-spec

L1 CloudFormation resource definition changes:

├[~] service aws-appsync
│ └ resources
│    └[~] resource AWS::AppSync::GraphQLApi
│      └ attributes
│         └ GraphQLEndpointArn: (documentation changed)
├[~] service aws-b2bi
│ └ resources
│    ├[~] resource AWS::B2BI::Capability
│    │ ├  - documentation: Definition of AWS::B2BI::Capability Resource Type
│    │ │  + documentation: Instantiates a capability based on the specified parameters. A trading capability contains the information required to transform incoming EDI documents into JSON or XML outputs.
│    │ ├ properties
│    │ │  ├ Configuration: (documentation changed)
│    │ │  ├ InstructionsDocuments: (documentation changed)
│    │ │  ├ Name: (documentation changed)
│    │ │  ├ Tags: (documentation changed)
│    │ │  └ Type: (documentation changed)
│    │ ├ attributes
│    │ │  ├ CapabilityArn: (documentation changed)
│    │ │  ├ CapabilityId: (documentation changed)
│    │ │  ├ CreatedAt: (documentation changed)
│    │ │  └ ModifiedAt: (documentation changed)
│    │ └ types
│    │    ├[~] type CapabilityConfiguration
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: A capability object. Currently, only EDI (electronic data interchange) capabilities are supported. A trading capability contains the information required to transform incoming EDI documents into JSON or XML outputs.
│    │    │ └ properties
│    │    │    └ Edi: (documentation changed)
│    │    ├[~] type EdiConfiguration
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Specifies the details for the EDI (electronic data interchange) transformation.
│    │    │ └ properties
│    │    │    ├ InputLocation: (documentation changed)
│    │    │    ├ OutputLocation: (documentation changed)
│    │    │    ├ TransformerId: (documentation changed)
│    │    │    └ Type: (documentation changed)
│    │    ├[~] type EdiType
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents.
│    │    │ └ properties
│    │    │    └ X12Details: (documentation changed)
│    │    ├[~] type S3Location
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Specifies the details for the Amazon S3 file location that is being used with AWS B2BI Data Interchange. File locations in Amazon S3 are identified using a combination of the bucket and key.
│    │    │ └ properties
│    │    │    ├ BucketName: (documentation changed)
│    │    │    └ Key: (documentation changed)
│    │    └[~] type X12Details
│    │      └ properties
│    │         ├ TransactionSet: (documentation changed)
│    │         └ Version: (documentation changed)
│    ├[~] resource AWS::B2BI::Partnership
│    │ ├  - documentation: Definition of AWS::B2BI::Partnership Resource Type
│    │ │  + documentation: Creates a partnership between a customer and a trading partner, based on the supplied parameters. A partnership represents the connection between you and your trading partner. It ties together a profile and one or more trading capabilities.
│    │ ├ properties
│    │ │  ├ Capabilities: (documentation changed)
│    │ │  ├ Name: (documentation changed)
│    │ │  ├ ProfileId: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ └ attributes
│    │    ├ CreatedAt: (documentation changed)
│    │    ├ ModifiedAt: (documentation changed)
│    │    ├ PartnershipArn: (documentation changed)
│    │    ├ PartnershipId: (documentation changed)
│    │    └ TradingPartnerId: (documentation changed)
│    ├[~] resource AWS::B2BI::Profile
│    │ ├  - documentation: Definition of AWS::B2BI::Profile Resource Type
│    │ │  + documentation: Creates a customer profile. You can have up to five customer profiles, each representing a distinct private network. A profile is the mechanism used to create the concept of a private network.
│    │ ├ properties
│    │ │  ├ BusinessName: (documentation changed)
│    │ │  ├ Logging: (documentation changed)
│    │ │  ├ Name: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ └ attributes
│    │    ├ CreatedAt: (documentation changed)
│    │    ├ LogGroupName: (documentation changed)
│    │    ├ ModifiedAt: (documentation changed)
│    │    └ ProfileArn: (documentation changed)
│    └[~] resource AWS::B2BI::Transformer
│      ├  - documentation: Definition of AWS::B2BI::Transformer Resource Type
│      │  + documentation: Creates a transformer. A transformer describes how to process the incoming EDI documents and extract the necessary information to the output file.
│      ├ properties
│      │  ├ EdiType: (documentation changed)
│      │  ├ FileFormat: (documentation changed)
│      │  ├ MappingTemplate: (documentation changed)
│      │  ├ ModifiedAt: (documentation changed)
│      │  ├ Name: (documentation changed)
│      │  ├ SampleDocument: (documentation changed)
│      │  ├ Status: (documentation changed)
│      │  └ Tags: (documentation changed)
│      ├ attributes
│      │  ├ CreatedAt: (documentation changed)
│      │  ├ TransformerArn: (documentation changed)
│      │  └ TransformerId: (documentation changed)
│      └ types
│         ├[~] type EdiType
│         │ ├  - documentation: undefined
│         │ │  + documentation: Specifies the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents.
│         │ └ properties
│         │    └ X12Details: (documentation changed)
│         └[~] type X12Details
│           ├  - documentation: undefined
│           │  + documentation: A structure that contains the X12 transaction set and version. The X12 structure is used when the system transforms an EDI (electronic data interchange) file.
│           │  > If an EDI input file contains more than one transaction, each transaction must have the same transaction set and version, for example 214/4010. If not, the transformer cannot parse the file.
│           └ properties
│              ├ TransactionSet: (documentation changed)
│              └ Version: (documentation changed)
├[~] service aws-batch
│ └ resources
│    └[~] resource AWS::Batch::JobDefinition
│      ├ properties
│      │  ├ ContainerProperties: - ContainerProperties
│      │  │                      + ContainerProperties (immutable)
│      │  ├ EksProperties: - EksProperties
│      │  │                + EksProperties (immutable)
│      │  ├ NodeProperties: - NodeProperties
│      │  │                 + NodeProperties (immutable)
│      │  ├ Parameters: - json
│      │  │             + Map<string, string> ⇐ json (immutable)
│      │  ├ PlatformCapabilities: - Array<string>
│      │  │                       + Array<string> (immutable)
│      │  ├ PropagateTags: - boolean
│      │  │                + boolean (immutable)
│      │  ├ RetryStrategy: - RetryStrategy
│      │  │                + RetryStrategy (immutable)
│      │  ├ SchedulingPriority: - integer
│      │  │                     + integer (immutable)
│      │  ├ Tags: - json (immutable)
│      │  │       + Map<string, string> ⇐ json (immutable)
│      │  ├ Timeout: - Timeout
│      │  │          + JobTimeout ⇐ Timeout (immutable)
│      │  └ Type: - string (required)
│      │          + string (required, immutable)
│      ├ attributes
│      │  ├[+] ContainerOrchestrationType: string
│      │  ├[+] JobDefinitionArn: string
│      │  ├[+] Revision: integer
│      │  └[+] Status: string
│      └ types
│         ├[~] type ContainerProperties
│         │ └ properties
│         │    ├ MountPoints: - Array<MountPoints>
│         │    │              + Array<MountPoint> ⇐ Array<MountPoints>
│         │    └ Volumes: - Array<Volumes>
│         │               + Array<Volume> ⇐ Array<Volumes>
│         ├[+] type EFSAuthorizationConfig
│         │ ├  name: EFSAuthorizationConfig
│         │ └ properties
│         │    ├AccessPointId: string
│         │    └Iam: string
│         ├[+] type EFSVolumeConfiguration
│         │ ├  name: EFSVolumeConfiguration
│         │ └ properties
│         │    ├FileSystemId: string (required)
│         │    ├RootDirectory: string
│         │    ├TransitEncryption: string
│         │    ├TransitEncryptionPort: integer
│         │    └AuthorizationConfig: EFSAuthorizationConfig
│         ├[+] type EksMetadata
│         │ ├  name: EksMetadata
│         │ └ properties
│         │    └Labels: Map<string, string>
│         ├[+] type EksPodProperties
│         │ ├  name: EksPodProperties
│         │ └ properties
│         │    ├ServiceAccountName: string
│         │    ├HostNetwork: boolean
│         │    ├DnsPolicy: string
│         │    ├Containers: Array<EksContainer>
│         │    ├Volumes: Array<EksVolume>
│         │    └Metadata: EksMetadata
│         ├[~] type EksProperties
│         │ └ properties
│         │    └ PodProperties: - PodProperties
│         │                     + EksPodProperties ⇐ PodProperties
│         ├[+] type Host
│         │ ├  name: Host
│         │ └ properties
│         │    └SourcePath: string
│         ├[+] type JobTimeout
│         │ ├  name: JobTimeout
│         │ └ properties
│         │    └AttemptDurationSeconds: integer
│         ├[~] type LogConfiguration
│         │ └ properties
│         │    └ Options: - json
│         │               + Map<string, string> ⇐ json
│         ├[+] type MountPoint
│         │ ├  name: MountPoint
│         │ └ properties
│         │    ├ContainerPath: string
│         │    ├ReadOnly: boolean
│         │    └SourceVolume: string
│         ├[~] type Resources
│         │ └ properties
│         │    ├ Limits: - json
│         │    │         + Map<string, string> ⇐ json
│         │    └ Requests: - json
│         │                + Map<string, string> ⇐ json
│         └[+] type Volume
│           ├  name: Volume
│           └ properties
│              ├Host: Host
│              ├EfsVolumeConfiguration: EFSVolumeConfiguration
│              └Name: string
├[~] service aws-cloud9
│ └ resources
│    └[~] resource AWS::Cloud9::EnvironmentEC2
│      └ properties
│         └ ImageId: (documentation changed)
├[~] service aws-cloudtrail
│ └ resources
│    ├[~] resource AWS::CloudTrail::EventDataStore
│    │ └ types
│    │    └[~] type AdvancedFieldSelector
│    │      └ properties
│    │         └ Field: (documentation changed)
│    └[~] resource AWS::CloudTrail::Trail
│      ├ properties
│      │  └ CloudWatchLogsLogGroupArn: (documentation changed)
│      └ types
│         ├[~] type AdvancedFieldSelector
│         │ └ properties
│         │    └ Field: (documentation changed)
│         └[~] type DataResource
│           └ properties
│              └ Type: (documentation changed)
├[~] service aws-codedeploy
│ └ resources
│    └[~] resource AWS::CodeDeploy::DeploymentGroup
│      └ properties
│         └ TerminationHookEnabled: (documentation changed)
├[~] service aws-cognito
│ └ resources
│    └[~] resource AWS::Cognito::UserPool
│      └ types
│         └[~] type LambdaConfig
│           └ properties
│              └ PreTokenGeneration: (documentation changed)
├[~] service aws-connect
│ └ resources
│    ├[~] resource AWS::Connect::HoursOfOperation
│    │ └ properties
│    │    └ Tags: (documentation changed)
│    ├[~] resource AWS::Connect::Queue
│    │ └ properties
│    │    └ Tags: (documentation changed)
│    ├[~] resource AWS::Connect::QuickConnect
│    │ ├ properties
│    │ │  └ Tags: (documentation changed)
│    │ └ attributes
│    │    └ QuickConnectArn: (documentation changed)
│    ├[~] resource AWS::Connect::RoutingProfile
│    │ └ properties
│    │    └ Tags: (documentation changed)
│    └[~] resource AWS::Connect::SecurityProfile
│      └ properties
│         └ Tags: (documentation changed)
├[~] service aws-datasync
│ └ resources
│    ├[~] resource AWS::DataSync::LocationAzureBlob
│    │ └  - documentation: Creates an endpoint for a Microsoft Azure Blob Storage container that AWS DataSync can use as a transfer source or destination.
│    │    Before you begin, make sure you know [how DataSync accesses Azure Blob Storage](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access) and works with [access tiers](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access-tiers) and [blob types](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#blob-types) . You also need a [DataSync agent](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-creating-agent) that can connect to your container.
│    │    + documentation: Creates a transfer *location* for a Microsoft Azure Blob Storage container. AWS DataSync can use this location as a transfer source or destination.
│    │    Before you begin, make sure you know [how DataSync accesses Azure Blob Storage](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access) and works with [access tiers](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-access-tiers) and [blob types](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#blob-types) . You also need a [DataSync agent](https://docs.aws.amazon.com/datasync/latest/userguide/creating-azure-blob-location.html#azure-blob-creating-agent) that can connect to your container.
│    ├[~] resource AWS::DataSync::LocationFSxONTAP
│    │ └ types
│    │    └[~] type SMB
│    │      └ properties
│    │         └ Domain: (documentation changed)
│    ├[~] resource AWS::DataSync::LocationFSxWindows
│    │ └ properties
│    │    ├ Domain: (documentation changed)
│    │    └ Password: (documentation changed)
│    ├[~] resource AWS::DataSync::LocationS3
│    │ └ types
│    │    └[~] type S3Config
│    │      └  - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket.
│    │         For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/working-with-locations.html#create-s3-location) in the *AWS DataSync User Guide* .
│    │         + documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket.
│    │         For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* .
│    ├[~] resource AWS::DataSync::LocationSMB
│    │ └ properties
│    │    └ Domain: (documentation changed)
│    └[~] resource AWS::DataSync::Task
│      └ types
│         └[~] type Options
│           └ properties
│              ├ LogLevel: (documentation changed)
│              └ ObjectTags: (documentation changed)
├[~] service aws-ec2
│ └ resources
│    ├[~] resource AWS::EC2::Subnet
│    │ └ properties
│    │    └[+] Ipv6CidrBlocks: Array<string>
│    └[~] resource AWS::EC2::Volume
│      └  - documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume. You can attach the volume to an instance in the same Availability Zone using [AWS::EC2::VolumeAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html) .
│         When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time.
│         Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback.
│         Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
│         - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
│         - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period.
│         For more information on the cooldown period, see [Requirements when modifying volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html) .
│         *DeletionPolicy attribute*
│         To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│         > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.
│         + documentation: Specifies an Amazon Elastic Block Store (Amazon EBS) volume.
│         When you use AWS CloudFormation to update an Amazon EBS volume that modifies `Iops` , `Size` , or `VolumeType` , there is a cooldown period before another operation can occur. This can cause your stack to report being in `UPDATE_IN_PROGRESS` or `UPDATE_ROLLBACK_IN_PROGRESS` for long periods of time.
│         Amazon EBS does not support sizing down an Amazon EBS volume. AWS CloudFormation does not attempt to modify an Amazon EBS volume to a smaller size on rollback.
│         Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
│         - You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
│         - You successfully update an Amazon EBS volume and the update succeeds but another change in your `update-stack` call fails. The rollback will be subject to a cooldown period.
│         For more information on the cooldown period, see [Requirements when modifying volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/modify-volume-requirements.html) .
│         *DeletionPolicy attribute*
│         To control how AWS CloudFormation handles the volume when the stack is deleted, set a deletion policy for your volume. You can choose to retain the volume, to delete the volume, or to create a snapshot of the volume. For more information, see [DeletionPolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) .
│         > If you set a deletion policy that creates a snapshot, all tags on the volume are included in the snapshot.
├[~] service aws-ecs
│ └ resources
│    └[~] resource AWS::ECS::Service
│      ├ properties
│      │  └[+] VolumeConfigurations: Array<ServiceVolumeConfiguration>
│      └ types
│         ├[+] type EBSTagSpecification
│         │ ├  name: EBSTagSpecification
│         │ └ properties
│         │    ├ResourceType: string (required)
│         │    ├Tags: Array<tag>
│         │    └PropagateTags: string
│         ├[+] type ServiceManagedEBSVolumeConfiguration
│         │ ├  name: ServiceManagedEBSVolumeConfiguration
│         │ └ properties
│         │    ├Encrypted: boolean
│         │    ├KmsKeyId: string
│         │    ├VolumeType: string
│         │    ├SizeInGiB: integer
│         │    ├SnapshotId: string
│         │    ├Iops: integer
│         │    ├Throughput: integer
│         │    ├TagSpecifications: Array<EBSTagSpecification>
│         │    ├RoleArn: string (required)
│         │    └FilesystemType: string
│         └[+] type ServiceVolumeConfiguration
│           ├  name: ServiceVolumeConfiguration
│           └ properties
│              ├Name: string (required)
│              └ManagedEBSVolume: ServiceManagedEBSVolumeConfiguration
├[~] service aws-efs
│ └ resources
│    └[~] resource AWS::EFS::FileSystem
│      ├ properties
│      │  ├ AvailabilityZoneName: (documentation changed)
│      │  └ LifecyclePolicies: (documentation changed)
│      └ types
│         ├[~] type FileSystemProtection
│         │ ├  - documentation: undefined
│         │ │  + documentation: Describes the protection on the file system.
│         │ └ properties
│         │    └ ReplicationOverwriteProtection: (documentation changed)
│         ├[~] type LifecyclePolicy
│         │ ├  - documentation: Describes a policy used by EFS lifecycle management and EFS Intelligent-Tiering that specifies when to transition files into and out of the file system's Infrequent Access (IA) storage class. For more information, see [EFS Intelligent‐Tiering and EFS Lifecycle Management](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) .
│         │ │  > - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToPrimaryStorageClass` .
│         │ │  > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page.
│         │ │  + documentation: Describes a policy used by Lifecycle management that specifies when to transition files into and out of the EFS storage classes. For more information, see [Managing file system storage](https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html) .
│         │ │  > - Each `LifecyclePolicy` object can have only a single transition. This means that in a request body, `LifecyclePolicies` must be structured as an array of `LifecyclePolicy` objects, one object for each transition, `TransitionToIA` , `TransitionToArchive` , `TransitionToPrimaryStorageClass` .
│         │ │  > - See the AWS::EFS::FileSystem examples for the correct `LifecyclePolicy` structure. Do not use the syntax shown on this page.
│         │ └ properties
│         │    └ TransitionToArchive: (documentation changed)
│         └[~] type ReplicationDestination
│           └ properties
│              ├ AvailabilityZoneName: (documentation changed)
│              └ Region: (documentation changed)
├[~] service aws-eks
│ └ resources
│    ├[+] resource AWS::EKS::AccessEntry
│    │ ├  name: AccessEntry
│    │ │  cloudFormationType: AWS::EKS::AccessEntry
│    │ │  documentation: Creates an access entry.
│    │ │  An access entry allows an IAM principal to access your cluster. Access entries can replace the need to maintain entries in the `aws-auth` `ConfigMap` for authentication. You have the following options for authorizing an IAM principal to access Kubernetes objects on your cluster: Kubernetes role-based access control (RBAC), Amazon EKS, or both. Kubernetes RBAC authorization requires you to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects, in addition to managing access entries. If you use Amazon EKS authorization exclusively, you don't need to create and manage Kubernetes `Role` , `ClusterRole` , `RoleBinding` , and `ClusterRoleBinding` objects.
│    │ │  For more information about access entries, see [Access entries](https://docs.aws.amazon.com/eks/latest/userguide/access-entries.html) in the *Amazon EKS User Guide* .
│    │ │  tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│    │ ├ properties
│    │ │  ├ClusterName: string (required, immutable)
│    │ │  ├PrincipalArn: string (required, immutable)
│    │ │  ├Username: string
│    │ │  ├Tags: Array<tag>
│    │ │  ├KubernetesGroups: Array<string>
│    │ │  ├AccessPolicies: Array<AccessPolicy>
│    │ │  └Type: string (immutable)
│    │ ├ attributes
│    │ │  └AccessEntryArn: string
│    │ └ types
│    │    ├type AccessPolicy
│    │    │├  documentation: An access policy includes permissions that allow Amazon EKS to authorize an IAM principal to work with Kubernetes objects on your cluster. The policies are managed by Amazon EKS, but they're not IAM policies. You can't view the permissions in the policies using the API. The permissions for many of the policies are similar to the Kubernetes `cluster-admin` , `admin` , `edit` , and `view` cluster roles. For more information about these cluster roles, see [User-facing roles](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) in the Kubernetes documentation. To view the contents of the policies, see [Access policy permissions](https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html#access-policy-permissions) in the *Amazon EKS User Guide* .
│    │    ││  name: AccessPolicy
│    │    │└ properties
│    │    │   ├PolicyArn: string (required)
│    │    │   └AccessScope: AccessScope (required)
│    │    └type AccessScope
│    │     ├  documentation: The scope of an `AccessPolicy` that's associated to an `AccessEntry` .
│    │     │  name: AccessScope
│    │     └ properties
│    │        ├Type: string (required)
│    │        └Namespaces: Array<string>
│    ├[~] resource AWS::EKS::Addon
│    │ └ properties
│    │    └ ClusterName: (documentation changed)
│    ├[~] resource AWS::EKS::Cluster
│    │ ├ properties
│    │ │  ├[+] AccessConfig: AccessConfig
│    │ │  └ ResourcesVpcConfig: (documentation changed)
│    │ └ types
│    │    ├[+] type AccessConfig
│    │    │ ├  documentation: The access configuration for the cluster.
│    │    │ │  name: AccessConfig
│    │    │ └ properties
│    │    │    ├BootstrapClusterCreatorAdminPermissions: boolean (immutable)
│    │    │    └AuthenticationMode: string
│    │    ├[~] type ControlPlanePlacement
│    │    │ └ properties
│    │    │    └ GroupName: (documentation changed)
│    │    ├[~] type EncryptionConfig
│    │    │ └ properties
│    │    │    └ Resources: (documentation changed)
│    │    ├[~] type KubernetesNetworkConfig
│    │    │ └ properties
│    │    │    └ ServiceIpv4Cidr: (documentation changed)
│    │    └[~] type ResourcesVpcConfig
│    │      └ properties
│    │         └ PublicAccessCidrs: (documentation changed)
│    ├[~] resource AWS::EKS::FargateProfile
│    │ ├  - documentation: Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
│    │ │  The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
│    │ │  When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* .
│    │ │  Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
│    │ │  If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
│    │ │  For more information, see [AWS Fargate Profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* .
│    │ │  + documentation: Creates an AWS Fargate profile for your Amazon EKS cluster. You must have at least one Fargate profile in a cluster to be able to run pods on Fargate.
│    │ │  The Fargate profile allows an administrator to declare which pods run on Fargate and specify which pods run on which Fargate profile. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and labels. A namespace is required for every selector. The label field consists of multiple optional key-value pairs. Pods that match the selectors are scheduled on Fargate. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is run on Fargate.
│    │ │  When you create a Fargate profile, you must specify a pod execution role to use with the pods that are scheduled with the profile. This role is added to the cluster's Kubernetes [Role Based Access Control](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC) for authorization so that the `kubelet` that is running on the Fargate infrastructure can register with your Amazon EKS cluster so that it can appear in your cluster as a node. The pod execution role also provides IAM permissions to the Fargate infrastructure to allow read access to Amazon ECR image repositories. For more information, see [Pod Execution Role](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) in the *Amazon EKS User Guide* .
│    │ │  Fargate profiles are immutable. However, you can create a new updated profile to replace an existing profile and then delete the original after the updated profile has finished creating.
│    │ │  If any Fargate profiles in a cluster are in the `DELETING` status, you must wait for that Fargate profile to finish deleting before you can create any other profiles in that cluster.
│    │ │  For more information, see [AWS Fargate profile](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) in the *Amazon EKS User Guide* .
│    │ ├ properties
│    │ │  ├ ClusterName: (documentation changed)
│    │ │  ├ PodExecutionRoleArn: (documentation changed)
│    │ │  ├ Selectors: (documentation changed)
│    │ │  ├ Subnets: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    └[~] type Selector
│    │      └ properties
│    │         └ Namespace: (documentation changed)
│    ├[~] resource AWS::EKS::IdentityProviderConfig
│    │ ├  - documentation: Associate an identity provider configuration to a cluster.
│    │ │  If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `roles` and `clusterroles` to assign permissions to the roles, and then bind the roles to the identities using Kubernetes `rolebindings` and `clusterrolebindings` . For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation.
│    │ │  + documentation: Associates an identity provider configuration to a cluster.
│    │ │  If you want to authenticate identities using an identity provider, you can create an identity provider configuration and associate it to your cluster. After configuring authentication to your cluster you can create Kubernetes `Role` and `ClusterRole` objects, assign permissions to them, and then bind them to the identities using Kubernetes `RoleBinding` and `ClusterRoleBinding` objects. For more information see [Using RBAC Authorization](https://docs.aws.amazon.com/https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in the Kubernetes documentation.
│    │ └ properties
│    │    ├ ClusterName: (documentation changed)
│    │    └ Tags: (documentation changed)
│    ├[~] resource AWS::EKS::Nodegroup
│    │ ├  - documentation: Creates a managed node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster.
│    │ │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│    │ │  > Windows AMI types are only supported for commercial Regions that support Windows Amazon EKS.
│    │ │  + documentation: Creates a managed node group for an Amazon EKS cluster.
│    │ │  You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see [Launch template support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) .
│    │ │  An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* .
│    │ │  > Windows AMI types are only supported for commercial AWS Regions that support Windows on Amazon EKS.
│    │ ├ properties
│    │ │  ├ ClusterName: (documentation changed)
│    │ │  ├ ForceUpdateEnabled: (documentation changed)
│    │ │  ├ Labels: (documentation changed)
│    │ │  ├ NodeRole: (documentation changed)
│    │ │  ├ Subnets: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ ├ attributes
│    │ │  └ ClusterName: (documentation changed)
│    │ └ types
│    │    ├[~] type ScalingConfig
│    │    │ └ properties
│    │    │    └ DesiredSize: (documentation changed)
│    │    ├[~] type Taint
│    │    │ └  - documentation: A property that allows a node to repel a set of pods. For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) .
│    │    │    + documentation: A property that allows a node to repel a `Pod` . For more information, see [Node taints on managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/node-taints-managed-node-groups.html) in the *Amazon EKS User Guide* .
│    │    └[~] type UpdateConfig
│    │      └ properties
│    │         ├ MaxUnavailable: (documentation changed)
│    │         └ MaxUnavailablePercentage: (documentation changed)
│    └[~] resource AWS::EKS::PodIdentityAssociation
│      └ properties
│         └ Tags: (documentation changed)
├[~] service aws-emr
│ └ resources
│    └[~] resource AWS::EMR::Cluster
│      ├ properties
│      │  ├ EbsRootVolumeIops: (documentation changed)
│      │  └ EbsRootVolumeThroughput: (documentation changed)
│      └ types
│         └[~] type PlacementGroupConfig
│           ├  - documentation: undefined
│           │  + documentation: Placement group configuration for an Amazon EMR cluster. The configuration specifies the placement strategy that can be applied to instance roles during cluster creation.
│           │  To use this configuration, consider attaching managed policy AmazonElasticMapReducePlacementGroupPolicy to the Amazon EMR role.
│           └ properties
│              ├ InstanceRole: (documentation changed)
│              └ PlacementStrategy: (documentation changed)
├[~] service aws-eventschemas
│ └ resources
│    └[~] resource AWS::EventSchemas::Schema
│      └ attributes
│         └ LastModified: (documentation changed)
├[~] service aws-gamelift
│ └ resources
│    └[~] resource AWS::GameLift::MatchmakingConfiguration
│      └ types
│         └[~] type GameProperty
│           └  - documentation: Set of key-value pairs that contain information about a game session. When included in a game session request, these properties communicate details to be used when setting up the new game session. For example, a game property might specify a game mode, level, or map. Game properties are passed to the game server process when initiating a new game session. For more information, see the [Amazon GameLift Developer Guide](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-client-api.html#gamelift-sdk-client-api-create) .
│              + documentation: This key-value pair can store custom data about a game session. For example, you might use a `GameProperty` to track a game session's map, level of difficulty, or remaining time. The difficulty level could be specified like this: `{"Key": "difficulty", "Value":"Novice"}` .
│              You can set game properties when creating a game session. You can also modify game properties of an active game session. When searching for game sessions, you can filter on game property keys and values. You can't delete game properties from a game session.
│              For examples of working with game properties, see [Create a game session with properties](https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-client-api.html#game-properties) .
├[~] service aws-greengrass
│ └ resources
│    ├[~] resource AWS::Greengrass::ConnectorDefinition
│    │ ├ properties
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    └[~] type Connector
│    │      ├  - documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/latest/developerguide/connectors.html) in the *Developer Guide* .
│    │      │  In an AWS CloudFormation template, the `Connectors` property of the [`ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connectordefinitionversion.html) property type contains a list of `Connector` property types.
│    │      │  + documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/v1/developerguide/connectors.html) in the *Developer Guide* .
│    │      │  In an AWS CloudFormation template, the `Connectors` property of the [`ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-connectordefinition-connectordefinitionversion.html) property type contains a list of `Connector` property types.
│    │      └ properties
│    │         ├ ConnectorArn: (documentation changed)
│    │         └ Parameters: (documentation changed)
│    ├[~] resource AWS::Greengrass::ConnectorDefinitionVersion
│    │ └ types
│    │    └[~] type Connector
│    │      ├  - documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/latest/developerguide/connectors.html) in the *Developer Guide* .
│    │      │  In an AWS CloudFormation template, the `Connectors` property of the [`AWS::Greengrass::ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-connectordefinitionversion.html) resource contains a list of `Connector` property types.
│    │      │  + documentation: Connectors are modules that provide built-in integration with local infrastructure, device protocols, AWS , and other cloud services. For more information, see [Integrate with Services and Protocols Using Greengrass Connectors](https://docs.aws.amazon.com/greengrass/v1/developerguide/connectors.html) in the *Developer Guide* .
│    │      │  In an AWS CloudFormation template, the `Connectors` property of the [`AWS::Greengrass::ConnectorDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-connectordefinitionversion.html) resource contains a list of `Connector` property types.
│    │      └ properties
│    │         ├ ConnectorArn: (documentation changed)
│    │         └ Parameters: (documentation changed)
│    ├[~] resource AWS::Greengrass::CoreDefinition
│    │ ├ properties
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    └[~] type Core
│    │      └  - documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Cores` property of the [`CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-coredefinition-coredefinitionversion.html) property type contains a list of `Core` property types. Currently, the list can contain only one core.
│    │         + documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Cores` property of the [`CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-coredefinition-coredefinitionversion.html) property type contains a list of `Core` property types. Currently, the list can contain only one core.
│    ├[~] resource AWS::Greengrass::CoreDefinitionVersion
│    │ └ types
│    │    └[~] type Core
│    │      └  - documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Cores` property of the [`AWS::Greengrass::CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-coredefinitionversion.html) resource contains a list of `Core` property types. Currently, the list can contain only one core.
│    │         + documentation: A core is an AWS IoT device that runs the AWS IoT Greengrass core software and manages local processes for a Greengrass group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Cores` property of the [`AWS::Greengrass::CoreDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-coredefinitionversion.html) resource contains a list of `Core` property types. Currently, the list can contain only one core.
│    ├[~] resource AWS::Greengrass::DeviceDefinition
│    │ ├ properties
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    └[~] type Device
│    │      └  - documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Devices` property of the [`DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-devicedefinition-devicedefinitionversion.html) property type contains a list of `Device` property types.
│    │         + documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Devices` property of the [`DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-devicedefinition-devicedefinitionversion.html) property type contains a list of `Device` property types.
│    ├[~] resource AWS::Greengrass::DeviceDefinitionVersion
│    │ └ types
│    │    └[~] type Device
│    │      └  - documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Devices` property of the [`AWS::Greengrass::DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-devicedefinitionversion.html) resource contains a list of `Device` property types.
│    │         + documentation: A device is an AWS IoT device (thing) that's added to a Greengrass group. Greengrass devices can communicate with the Greengrass core in the same group. For more information, see [What Is AWS IoT Greengrass ?](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Devices` property of the [`AWS::Greengrass::DeviceDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-devicedefinitionversion.html) resource contains a list of `Device` property types.
│    ├[~] resource AWS::Greengrass::FunctionDefinition
│    │ ├ properties
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    ├[~] type Execution
│    │    │ └ properties
│    │    │    ├ IsolationMode: (documentation changed)
│    │    │    └ RunAs: (documentation changed)
│    │    ├[~] type Function
│    │    │ └  - documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-functions.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, the `Functions` property of the [`FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-functiondefinitionversion.html) property type contains a list of `Function` property types.
│    │    │    + documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-functions.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, the `Functions` property of the [`FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-functiondefinitionversion.html) property type contains a list of `Function` property types.
│    │    ├[~] type FunctionConfiguration
│    │    │ └  - documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-function.html) property type.
│    │    │    + documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-function.html) property type.
│    │    └[~] type RunAs
│    │      └  - documentation: The access identity whose permissions are used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│    │         > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-running-as-root) . 
│    │         In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-execution.html) property type.
│    │         + documentation: The access identity whose permissions are used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│    │         > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-running-as-root) . 
│    │         In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinition-execution.html) property type.
│    ├[~] resource AWS::Greengrass::FunctionDefinitionVersion
│    │ └ types
│    │    ├[~] type Execution
│    │    │ └ properties
│    │    │    ├ IsolationMode: (documentation changed)
│    │    │    └ RunAs: (documentation changed)
│    │    ├[~] type Function
│    │    │ └  - documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-functions.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, the `Functions` property of the [`AWS::Greengrass::FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-functiondefinitionversion.html) resource contains a list of `Function` property types.
│    │    │    + documentation: A function is a Lambda function that's referenced from an AWS IoT Greengrass group. The function is deployed to a Greengrass core where it runs locally. For more information, see [Run Lambda Functions on the AWS IoT Greengrass Core](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-functions.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, the `Functions` property of the [`AWS::Greengrass::FunctionDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-functiondefinitionversion.html) resource contains a list of `Function` property types.
│    │    ├[~] type FunctionConfiguration
│    │    │ └  - documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-function.html) property type.
│    │    │    + documentation: The group-specific configuration settings for a Lambda function. These settings configure the function's behavior in the Greengrass group. For more information, see [Controlling Execution of Greengrass Lambda Functions by Using Group-Specific Configuration](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html) in the *Developer Guide* .
│    │    │    In an AWS CloudFormation template, `FunctionConfiguration` is a property of the [`Function`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-function.html) property type.
│    │    └[~] type RunAs
│    │      └  - documentation: The user and group permissions used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│    │         > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/latest/developerguide/lambda-group-config.html#lambda-running-as-root) . 
│    │         In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-execution.html) property type.
│    │         + documentation: The user and group permissions used to run the Lambda function. This setting overrides the default access identity that's specified for the group (by default, ggc_user and ggc_group). You can override the user, group, or both. For more information, see [Run as](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-access-identity.html) in the *Developer Guide* .
│    │         > Running as the root user increases risks to your data and device. Do not run as root (UID/GID=0) unless your business case requires it. For more information and requirements, see [Running a Lambda Function as Root](https://docs.aws.amazon.com/greengrass/v1/developerguide/lambda-group-config.html#lambda-running-as-root) . 
│    │         In an AWS CloudFormation template, `RunAs` is a property of the [`Execution`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-functiondefinitionversion-execution.html) property type.
│    ├[~] resource AWS::Greengrass::Group
│    │ ├  - documentation: AWS IoT Greengrass seamlessly extends AWS to edge devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With AWS IoT Greengrass , connected devices can run AWS Lambda functions, execute predictions based on machine learning models, keep device data in sync, and communicate with other devices securely – even when not connected to the internet. For more information, see the [Developer Guide](https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html) .
│    │ │  > For AWS Region support, see [AWS CloudFormation Support for AWS IoT Greengrass](https://docs.aws.amazon.com/greengrass/latest/developerguide/cloudformation-support.html) in the *Developer Guide* . 
│    │ │  The `AWS::Greengrass::Group` resource represents a group in AWS IoT Greengrass . In the AWS IoT Greengrass API, groups are used to organize your group versions.
│    │ │  Groups can reference multiple group versions. All group versions must be associated with a group. A group version references a device definition version, subscription definition version, and other version types that contain the components you want to deploy to a Greengrass core device.
│    │ │  To deploy a group version, the group version must reference a core definition version that contains one core. Other version types are optionally included, depending on your business need.
│    │ │  > When you create a group, you can optionally include an initial group version. To associate a group version later, create a [`AWS::Greengrass::GroupVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-groupversion.html) resource and specify the ID of this group.
│    │ │  > 
│    │ │  > To change group components (such as devices, subscriptions, or functions), you must create new versions. This is because versions are immutable. For example, to add a function, you create a function definition version that contains the new function (and all other functions that you want to deploy). Then you create a group version that references the new function definition version (and all other version types that you want to deploy). 
│    │ │  *Deploying a Group Version*
│    │ │  After you create the group version in your AWS CloudFormation template, you can deploy it using the [`aws greengrass create-deployment`](https://docs.aws.amazon.com/greengrass/latest/apireference/createdeployment-post.html) command in the AWS CLI or from the *Greengrass* node in the AWS IoT console. To deploy a group version, you must have a Greengrass service role associated with your AWS account . For more information, see [AWS CloudFormation Support for AWS IoT Greengrass](https://docs.aws.amazon.com/greengrass/latest/developerguide/cloudformation-support.html) in the *Developer Guide* .
│    │ │  + documentation: AWS IoT Greengrass seamlessly extends AWS to edge devices so they can act locally on the data they generate, while still using the cloud for management, analytics, and durable storage. With AWS IoT Greengrass , connected devices can run AWS Lambda functions, execute predictions based on machine learning models, keep device data in sync, and communicate with other devices securely – even when not connected to the internet. For more information, see the [Developer Guide](https://docs.aws.amazon.com/greengrass/v1/developerguide/what-is-gg.html) .
│    │ │  > For AWS Region support, see [AWS CloudFormation Support for AWS IoT Greengrass](https://docs.aws.amazon.com/greengrass/v1/developerguide/cloudformation-support.html) in the *Developer Guide* . 
│    │ │  The `AWS::Greengrass::Group` resource represents a group in AWS IoT Greengrass . In the AWS IoT Greengrass API, groups are used to organize your group versions.
│    │ │  Groups can reference multiple group versions. All group versions must be associated with a group. A group version references a device definition version, subscription definition version, and other version types that contain the components you want to deploy to a Greengrass core device.
│    │ │  To deploy a group version, the group version must reference a core definition version that contains one core. Other version types are optionally included, depending on your business need.
│    │ │  > When you create a group, you can optionally include an initial group version. To associate a group version later, create a [`AWS::Greengrass::GroupVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-groupversion.html) resource and specify the ID of this group.
│    │ │  > 
│    │ │  > To change group components (such as devices, subscriptions, or functions), you must create new versions. This is because versions are immutable. For example, to add a function, you create a function definition version that contains the new function (and all other functions that you want to deploy). Then you create a group version that references the new function definition version (and all other version types that you want to deploy). 
│    │ │  *Deploying a Group Version*
│    │ │  After you create the group version in your AWS CloudFormation template, you can deploy it using the [`aws greengrass create-deployment`](https://docs.aws.amazon.com/greengrass/v1/apireference/createdeployment-post.html) command in the AWS CLI or from the *Greengrass* node in the AWS IoT console. To deploy a group version, you must have a Greengrass service role associated with your AWS account . For more information, see [AWS CloudFormation Support for AWS IoT Greengrass](https://docs.aws.amazon.com/greengrass/v1/developerguide/cloudformation-support.html) in the *Developer Guide* .
│    │ └ properties
│    │    └ Tags: (documentation changed)
│    ├[~] resource AWS::Greengrass::LoggerDefinition
│    │ ├ properties
│    │ │  └ Tags: (documentation changed)
│    │ └ types
│    │    └[~] type Logger
│    │      └  - documentation: A logger represents logging settings for the AWS IoT Greengrass group, which can be stored in CloudWatch and the local file system of your core device. All log entries include a timestamp, log level, and information about the event. For more information, see [Monitoring with AWS IoT Greengrass Logs](https://docs.aws.amazon.com/greengrass/latest/developerguide/greengrass-logs-overview.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Loggers` property of the [`LoggerDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-loggerdefinition-loggerdefinitionversion.html) property type contains a list of `Logger` property types.
│    │         + documentation: A logger represents logging settings for the AWS IoT Greengrass group, which can be stored in CloudWatch and the local file system of your core device. All log entries include a timestamp, log level, and information about the event. For more information, see [Monitoring with AWS IoT Greengrass Logs](https://docs.aws.amazon.com/greengrass/v1/developerguide/greengrass-logs-overview.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Loggers` property of the [`LoggerDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-greengrass-loggerdefinition-loggerdefinitionversion.html) property type contains a list of `Logger` property types.
│    ├[~] resource AWS::Greengrass::LoggerDefinitionVersion
│    │ └ types
│    │    └[~] type Logger
│    │      └  - documentation: A logger represents logging settings for the AWS IoT Greengrass group, which can be stored in CloudWatch and the local file system of your core device. All log entries include a timestamp, log level, and information about the event. For more information, see [Monitoring with AWS IoT Greengrass Logs](https://docs.aws.amazon.com/greengrass/latest/developerguide/greengrass-logs-overview.html) in the *Developer Guide* .
│    │         In an AWS CloudFormation template, the `Loggers` property of the [`AWS::Greengrass::LoggerDefinitionVersion`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-greengrass-loggerdefinitionversion.html) resource contains a lis

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
@aws-cdk-automation aws-cdk-automation added auto-approve contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels Dec 20, 2023
@aws-cdk-automation aws-cdk-automation requested a review from a team December 20, 2023 18:03
@github-actions github-actions bot added the p2 label Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-approve contribution/core This is a PR that came from AWS. dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-test The PR linter will not require test changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants