Change Type Schemas - AMS Advanced Change Type Reference
ct-00tlkda4242x7ct-00zr0b0ozlcn3ct-0176f0n99vcpsct-01zl37gmuk4q2ct-02ocqy2i0jx3tct-02u0hoaa9gratct-03ms1d7xrck8wct-03t7kvuwx6rgrct-03ytgoevfebjrct-042luqo63j4mxct-046aizcwg5idfct-04gzyy008v1bgct-059ewa92tc2i1ct-05muqzievnxk5ct-05yb337abq3x5ct-063qsm82cfxu6ct-06bwg93ukgg8tct-06mjngx5flwtoct-07jzw8bzd2on7ct-08avsj2e9mc7gct-09qbhy7kvtxqwct-09t6q7j9v5hrnct-0ah3gwb9seqk2ct-0aqx5t0pgfzbgct-0ary07xiajwx4ct-0attesnjqy2cxct-0bpxsrtu16igpct-0c38gftq56zj6ct-0cupn1txog5tkct-0cyqd7laxyhlmct-0el2j07llrxs7ct-0erkoad6uyvvgct-0ffvihqwjvqj1ct-0fpjlxa808sh2ct-0fqo03yizfnw6ct-0g690ekkyfm79ct-0h3p576mj4rqmct-0hahohe17csncct-0hi7z7tyikjf6ct-0hu3q3957aghjct-0idxb0xsg1ui6ct-0ikpop8zqhkxgct-0ixp4ch2tiu04ct-0jb01cofkhwk1ct-0k4b96aatyqglct-0kbey7hb00atpct-0loed9dzig1zect-0lqruajvhwsbkct-0ltm873rsebx9ct-0mss4i7neuj7fct-0o4zi9bzg74lpct-0pgvtw5rpcsb6ct-0q0bic0ywqk6cct-0q43l40hxrzumct-0qbikxr9okwvyct-0rmgrnr9w8mzhct-0tmpmp1wpgkr9ct-0tpbr6lfa3zngct-0ttx8eh3ice91ct-0vdiy51oyrhhmct-0vevjppj9eta4ct-0vzsr2nyraedlct-0wglhholzo0uwct-0wspy4o646g9pct-0x6dylrnfjgz5ct-0xdawir96cy7kct-0xi6q7uwuwrqect-0xqwmtn1hfh8uct-0ywnhc8e5k9z5ct-0zko7t3rk2efbct-1078jhyxq32dpct-111fhplhx9axect-111r1yayblnw4ct-117rmp64d5mvbct-128svy9nn2yj8ct-12amsdz909cfhct-12lyw7otiyr6fct-12w49boaiwtzpct-13lk0noacn6uact-13swbwdxg106zct-13xvbj5pqg253ct-14027q0sjyt1hct-1404e21baa2oxct-14v49adibs4dbct-14yjom3kvpinuct-15mazjj88xc69ct-16pknsfa8lul7ct-16xg8qguovg2wct-1706xvvk6j9hfct-17cj84y7632o6ct-17vnu10suy631ct-17w6f6kzf6w51ct-1895yr1p87noqct-18fzkt86jmw1sct-18r16ldqil6w9ct-1962s5oczal9zct-1976sir132k22ct-199h35t7uz6jlct-19f40lfm5umy8ct-19fdy7np55xiuct-1a1zzgi2nb83dct-1a68ck03fn98rct-1aqsjf86w6vxgct-1ax768xtu8c9qct-1ay83wy4vxa3kct-1b8fudnqq7m8rct-1c0jrxd3su5oect-1d2fml15b9ethct-1d55pi44ff21uct-1d84keiri1jhgct-1dmlg9g1l91h6ct-1e0xmuy1diafqct-1e1xtak34nx76ct-1eft8s6vdhz0wct-1eiczxw8ihc18ct-1erytvmumckoact-1ezarc5xph3tqct-1f9hi4bephqa9ct-1fzddqrr20c2ict-1g6x4ev0hnvfnct-1gi93jhvj28egct-1h1tuxn2oxrtfct-1h5xgl9cr4bzyct-1hzofpphabs3ict-1i20abktsm05vct-1icghmq38rnsnct-1icrtx8ydvdwect-1j3503fres5a5ct-1k3oui719dcjuct-1ksyoxreh35tuct-1malj7snzxrkrct-1n323w7eu27u9ct-1n9gfnog5x7flct-1o1x2itfd6rk8ct-1opjmhuddw194ct-1oxx2g2d7hc90ct-1pvlhug439gl2ct-1pybwg08h8qszct-1q8q56cmwqj9mct-1r19m51jeijlkct-1r1vbr8ahr156ct-1taxucdyi84iyct-1urj94c3hdfu5ct-1v9g9n30woc8hct-1vbv99ko7bsrqct-1vd3y4ygbqmfkct-1vjbacfr4ufdvct-1vq0f289r36ayct-1w8z66n899dctct-1wle0ai4en6kmct-1x66wvkjw2zp5ct-1yq7hhqse71ygct-1yqy4frl5s8y8ct-1zdasmc2ewzrsct-2019s9y3nfml4ct-2052miu12d8fnct-20san5sgtwd9ect-211l2gxvsrrhyct-220bdb8blaixfct-22cbvc1yujhecct-24pi85mjtza8kct-257p9zjk14ijact-25v6r7t8gvkq5ct-26vhhlj9jmlpfct-2781aqd6f6svsct-27apldkhqr0olct-27jjy5wnrfef2ct-27tuth19k52b4ct-281dpwh9tqnanct-281et7bs9ep4sct-2aaaqid7asjy6ct-2b9q8339bj2sact-2bxelbn765ivect-2c7ve50jost1vct-2d55p1d7z6w3dct-2dphvdy1krpj6ct-2edc3sd1sqmrbct-2eof6j3mlcwhfct-2epp05svrlwodct-2fqmbyud166z9ct-2fzh1wckpl7f5ct-2gd0u847qd9d2ct-2ha68tpd7nr3yct-2hh93eyzmwbkdct-2hhqzgxvkcig8ct-2hhud2lx01tq7ct-2hxcllf1b4ey0ct-2hyozbpa0sx0mct-2j7q1hgf26x5cct-2jndrh7uit8ufct-2jvzjwunghrhyct-2lt0jeydeumpect-2mf36chtp1ejhct-2murl5xzbxoxfct-2ni31oyto1i5kct-2nyeguspp2g1lct-2oxl37nphsrjzct-2p93tyd5angmict-2paw0y79kvr3lct-2pbqoffhclpekct-2pfarpvczsstrct-2pkdckieh62psct-2ptn20pq7ur3xct-2pxyajek47am2ct-2q5azjd8p1ag5ct-2qhl8j1pjnbgnct-2qjqju7h67s7wct-2qldv4h9osmauct-2r2bffv9u6q4mct-2r9xvd3sdsic0ct-2rfzmkm6ugighct-2rnjx5yd6jgptct-2svg4k2fqi4akct-2syhk4sr7cvywct-2taqdgegqthjrct-2tqi3kjcusen4ct-2tylseo8rxfscct-2u5rcyv5h34znct-2uimt36z7j6vnct-2utx36abv83pvct-2uw99b8hpncnuct-2uzbqr7x7mekdct-2v82sp4np40kict-2w3rbmnny1qpoct-2wlfo2jxj2rkjct-2wllq61djysxzct-2wrvu4kca9xkyct-2x14cv67uym46ct-2xd2anlb5hbzoct-2y6q4vco4miypct-2yja7ihh30plyct-2z60dyvto9g6cct-2zebb2czoxpjdct-2zqwr34epwzx1ct-2zxya20wmf5bfct-3047c34zuvswhct-309eozh6lpkr8ct-30bfiwxjku1nuct-30ecvfi3tq4k3ct-30j78u6li9aqrct-31eb7rrxb7qjuct-31eyj2hlvqjwuct-33ste5yc7hprsct-34alumbtv2b9pct-34jldf2qihaicct-34sxfo53yuzahct-35p977vul06dfct-361tlo1k7339xct-361vpyun9a9ddct-369odosk0pd9wct-36cn2avfrrj9vct-36emj2uapfbu8ct-36jq7gvwyty8hct-36x3u7v2oklwdct-36zubwzxp44a4ct-379uwo67vbvngct-37bq2l9c8fzxvct-37kcp2v1mriu6ct-37qquo9wbpa8xct-37vqa0oggka3qct-38s4s4tm4ic4uct-38xcr0q86k9lhct-3929xwf222jrict-393q3yaq9ewlmct-39c5qiasbe4hect-3cp96z7r065e4ct-3cx7we852p3afct-3d0lrfb8eckuuct-3da2lxapopb86ct-3dfnglm4ombbsct-3dfubbpesm2v9ct-3dgbnh6gpst4dct-3dpd8mdd9jn1rct-3dscwaeyi6cupct-3e3h8u0sp5z80ct-3e3prksxmdhw8ct-3ebotglihggsect-3eutt7grkict4ct-3fi2cx8b83iuact-3g6fq83nxg1a7ct-3g9dbtun44malct-3gf8dolbo8x9pct-3gg0id58rn82hct-3gjfayulf5hhsct-3glr80c15rp7zct-3hox8uwjgze1fct-3j2zstluz6dxqct-3jo8yccbin4itct-3jrqmeq7j0wkect-3jx80fquylzhfct-3kh1wiizlne1ict-3kinq0u4l33zfct-3l14e139i5p50ct-3lkbpansfv69kct-3ll9hnadql9s1ct-3memthlcmvc1bct-3mlsibqhugrf1ct-3mvvt2zkyveqjct-3nba0wtdugnanct-3nmhh0qr338q6ct-3oafsdbzjtuqpct-3ovo7px2vsa6nct-3oy53m1qzl2s5ct-3pc215bnwb6p7ct-3pwbixz27n3tnct-3qe6io8t6jtnyct-3r2ckznmt0a59ct-3rcl9u1k017wuct-3rd4781c2nnhpct-3rk1nl1ufn5g3ct-3rqqu43krekbyct-3s3ik03uzw19tct-3sk74t8igor0sct-3skaisgnq0pf8ct-3t4lifos8tu58ct-3u61cd4edns0xct-3u9yd8jznb2zdct-3vfxkiudtovm9ct-3w4lxdl3pqxob

Change Type Schemas

Change type schemas specify the execution input parameters for a change type.

Schema for Change Type ct-00tlkda4242x7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create CodeDeploy deployment group for EC2 instance as target.", "description": "Create an AWS CodeDeploy application deployment group specifically for an EC2 instance as target. Tags you create in the EC2 instances, and specify here (EC2FilterTag1, 2, and 3), mark the instances as targets for the deployment group. A name for the deployment group is automatically generated.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-n3hsoirgqeqqdbpk2", "type": "string", "enum": [ "stm-n3hsoirgqeqqdbpk2" ], "default": "stm-n3hsoirgqeqqdbpk2" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "ApplicationName": { "type": "string", "description": "The name of an existing AWS CodeDeploy application within your AMS account.", "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "DeploymentConfigName": { "type": "string", "description": "The configuration for deployment operations. To deploy as many instances as possible at once, use CodeDeployDefault.AllAtOnce. To deploy half of the instances at a time, use CodeDeployDefaultHalfAtATime. To deploy only one instance at a time, use CodeDeployDefault.OneAtATime.", "enum": [ "CodeDeployDefault.AllAtOnce", "CodeDeployDefault.HalfAtATime", "CodeDeployDefault.OneAtATime" ], "default": "CodeDeployDefault.OneAtATime" }, "AutoRollbackEnabled": { "type": "string", "description": "True to enable an automatic rollback of a deployment if it fails; if that happens, CodeDeploy redeploys the last known good revision as a new deployment. False to not enable the automatic rollback.", "enum": [ "True", "False" ], "default": "False" }, "EC2FilterTag": { "type": "string", "description": "Key=Value pair tag for CodeDeploy to filter EC2 instances; for example Name=Application01. The specified tag is used to identify instances as targets for the deployment group.", "pattern": "^([a-zA-Z0-9\\s_.=+/-]{0,127})=([a-zA-Z0-9\\s_.=+/-]{0,255})$" }, "EC2FilterTag2": { "type": "string", "description": "Second Key=Value pair tag for CodeDeploy to filter EC2 instances; for example Environment=Test01. The specified tag is used to identify instances as targets for the deployment group.", "pattern": "^([a-zA-Z0-9\\s_.=+/-]{0,127})=([a-zA-Z0-9\\s_.=+/-]{0,255})$|^$", "default": "" }, "EC2FilterTag3": { "type": "string", "description": "Third Key=Value pair tag for CodeDeploy to filter EC2 instances; for example Version=Latest. The specified tag is used to identify instances as targets for the deployment group.", "pattern": "^([a-zA-Z0-9\\s_.=+/-]{0,127})=([a-zA-Z0-9\\s_.=+/-]{0,255})$|^$", "default": "" }, "ServiceRoleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of an existing CodeDeploy service role that grants permission to make calls to AWS services on your behalf, in the form arn:aws:iam::ACCOUNT_ID:role/aws-codedeploy-role. If blank arn:aws:iam::ACCOUNT_ID:role/aws-codedeploy-role is used.", "pattern": "^$|^arn:aws:iam::[0-9]{12}:role/[\\w-]+$", "default": "" } }, "metadata": { "ui:order": [ "ApplicationName", "DeploymentConfigName", "AutoRollbackEnabled", "EC2FilterTag", "EC2FilterTag2", "EC2FilterTag3", "ServiceRoleArn" ] }, "required": [ "ApplicationName", "EC2FilterTag" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-00zr0b0ozlcn3

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Receive Replication Replica", "description": "Receive S3 object replicas in the destination bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ReceiveReplicationReplica.", "type": "string", "enum": [ "AWSManagedServices-ReceiveReplicationReplica" ], "default": "AWSManagedServices-ReceiveReplicationReplica" }, "Region": { "description": "The AWS Region in which the destination account is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DestinationBucketName": { "description": "The destination S3 bucket name.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "maxItems": 1 }, "SourceBucketName": { "description": "The source S3 bucket name.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "maxItems": 1 }, "ReplicationRole": { "description": "The ARN of the role that allows S3 to perform the replication on your behalf.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::[0-9]{12}:role/[A-Za-z0-9_\\-/]+$" }, "maxItems": 1 }, "EncryptReplicaKMSKey": { "description": "The KMS key used to encrypt destination objects.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" }, "maxItems": 1 }, "OwnerTranslation": { "description": "True to change replica ownership to the AWS account that owns the destination bucket, false to not change replica ownership. This parameter cannot be left blank.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "false" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DestinationBucketName", "SourceBucketName", "ReplicationRole", "EncryptReplicaKMSKey", "OwnerTranslation" ] }, "additionalProperties": false, "required": [ "DestinationBucketName", "SourceBucketName", "ReplicationRole" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0176f0n99vcps

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Resource Tags (Review Required)", "description": "Add tags to existing, supported resources except those in AMS infrastructure stacks (stacks named mc-*). Tags simplify categorization, identification and targeting AWS resources. For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use the automated CT ct-3cx7we852p3af.", "type": "object", "properties": { "Resources": { "description": "Parameters for up to fifty resources that you want to tag.", "type": "array", "items": { "type": "object", "properties": { "ResourceArn": { "description": "The ARN or the resource ID of the resource to be tagged. Resource ID is allowed only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. All other resource types must be provided with the full ARN.", "type": "string", "pattern": "^arn:aws:(|[a-z][a-z0-9-]+):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):([^,\\s]+)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "ResourceArn", "AddOrUpdateTags" ] }, "required": [ "ResourceArn", "AddOrUpdateTags" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Resources", "Priority" ] }, "required": [ "Resources" ] }

Schema for Change Type ct-01zl37gmuk4q2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete SAML Identity Provider", "description": "Delete a SAML identity provider (IdP). The given IdP must not be referenced in any IAM role and must not be the only IdP in the account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleDeleteSamlProvider-Admin", "type": "string", "enum": [ "AWSManagedServices-HandleDeleteSamlProvider-Admin" ], "default": "AWSManagedServices-HandleDeleteSamlProvider-Admin" }, "Region": { "description": "The AWS Region of the account, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Name": { "description": "The name of the SAML IdP.", "type": "array", "items": { "type": "string", "pattern": "^[\\w._-]{1,128}$" }, "minItems": 1, "maxItems": 1 }, "MetadataBackup": { "description": "True for a backup of the SAML provider metadata to be taken before deleting, False for no backup to be taken. Default is True.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Name", "MetadataBackup" ] }, "required": [ "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-02ocqy2i0jx3t

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start Aurora DB Cluster", "description": "Start an Aurora DB cluster, which is a provisioned capacity type and does not have cross-region read replicas. The cluster must be in the 'stopped' state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartDBCluster.", "type": "string", "enum": [ "AWSManagedServices-StartDBCluster" ], "default": "AWSManagedServices-StartDBCluster" }, "Region": { "description": "The AWS Region where the cluster is.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "DBClusterIdentifier": { "description": "The unique RDS DB cluster identifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$" } }, "metadata": { "ui:order": [ "DBClusterIdentifier" ] }, "additionalProperties": false, "required": [ "DBClusterIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-02u0hoaa9grat

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reboot stack", "description": "Use to reboot all running EC2 and RDS DB instances in the specified stack.", "additionalProperties": false, "type": "object", "properties": { "StackId": { "pattern": "^stack-[a-z0-9]{17}$", "description": "The ID of the stack to reboot, in the form stack-a1b2c3d4e5f67890e. All running EC2 and RDS DB instances in the stack are rebooted.", "type": "string" } }, "required": [ "StackId" ] }

Schema for Change Type ct-03ms1d7xrck8w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Termination Protection", "description": "Update existing defined termination protection for EC2 instances.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ManageResourceTerminationProtection.", "type": "string", "enum": [ "AWSManagedServices-ManageResourceTerminationProtection" ], "default": "AWSManagedServices-ManageResourceTerminationProtection" }, "Region": { "description": "The AWS Region in which the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ResourceId": { "description": "EC2 instance ID.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "maxItems": 1 }, "TerminationProtectionDesiredState": { "description": "Enabled to protect your instance against elimination. Disabled to allow your instance to be eliminated.", "type": "array", "items": { "type": "string", "enum": [ "enabled", "disabled" ] }, "maxItems": 1 } }, "metadata": { "ui:order": [ "ResourceId", "TerminationProtectionDesiredState" ] }, "additionalProperties": false, "required": [ "ResourceId", "TerminationProtectionDesiredState" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-03t7kvuwx6rgr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start EC2 Instances", "description": "Start up to 50 stopped EC2 instances.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartInstances.", "type": "string", "enum": [ "AWSManagedServices-StartInstances" ], "default": "AWSManagedServices-StartInstances" }, "Region": { "description": "The AWS Region where the instances are, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceIds": { "description": "A list of up to 50 EC2 instance IDs, in the form i-1234567890abcdef0 or i-b188560f.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "InstanceIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-03ytgoevfebjr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Cluster Permissions", "description": "Grants full control to the Cluster object on the Listener object to bring the SQL Server Listener object online. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateClusterDNSPermission-Admin.", "type": "string", "enum": [ "AWSManagedServices-UpdateClusterDNSPermission-Admin" ], "default": "AWSManagedServices-UpdateClusterDNSPermission-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ClusterName": { "description": "The name of the Cluster record in DNS.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\-]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "ClusterNodeComputerName": { "description": "The name of the Cluster object that is granted permissions to the Cluster DNS record.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\-]{1,15}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ClusterName", "ClusterNodeComputerName" ] }, "additionalProperties": false, "required": [ "ClusterName", "ClusterNodeComputerName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-042luqo63j4mx

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Resource Scheduler Period", "description": "Delete an existing period used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteScheduleOrPeriod.", "type": "string", "enum": [ "AWSManagedServices-DeleteScheduleOrPeriod" ], "default": "AWSManagedServices-DeleteScheduleOrPeriod" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ConfigurationType": { "description": "Specify the value: period. This explicitly requests that the Resource Scheduler period be deleted. The option cannot be left blank; it must be period.", "type": "array", "items": { "type": "string", "enum": [ "period" ], "default": "period" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "The name of the period to delete.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,64}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "ConfigurationType", "Name" ] }, "required": [ "ConfigurationType", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-046aizcwg5idf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy AMI", "description": "Copy an Amazon Machine Image (AMI) in your AMS account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyAMI.", "type": "string", "enum": [ "AWSManagedServices-CopyAMI" ], "default": "AWSManagedServices-CopyAMI" }, "Region": { "description": "The AWS Region to copy the AMI to, in the form us-east-1. This must be the account's default AWS Region.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "Name": { "description": "A name for the new AMI.", "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9\\-\\/\\(\\)_.\\ ]{3,128}$" }, "minItems": 1, "maxItems": 1 }, "SourceImageId": { "description": "The ID of the AMI to copy.", "type": "array", "items": { "type": "string", "pattern": "^ami-[a-f0-9]{8}$|^ami-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "SourceRegion": { "description": "The ID of the AWS Region that contains the source AMI, in the form us-east-1.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "minItems": 1, "maxItems": 1 }, "Encrypted": { "description": "True to encrypt the snapshot of the destination AMI. The default customer master key (CMK) for Amazon Elastic Block Store (EBS) is used unless you specify a non-default AWS Key Management Service (KMS) CMK using the KmsKeyId parameter. False to not encrypt the snapshot. Default is False.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "The KMS key to encrypt the snapshot of the destination AMI. Specify the KMS Key ARN or the KMS key identifier. If left blank and the snapshot of the source AMI is encrypted, the snapshot of the target AMI is encrypted using the default EBS KMS key.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Name", "SourceImageId", "SourceRegion", "Encrypted", "KmsKeyId" ] }, "additionalProperties": false, "required": [ "Name", "SourceImageId", "SourceRegion" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-04gzyy008v1bg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete KMS Alias", "description": "Delete an alias of an AWS Key Management Service (KMS) customer master key (CMK).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteKMSAlias.", "type": "string", "enum": [ "AWSManagedServices-DeleteKMSAlias" ], "default": "AWSManagedServices-DeleteKMSAlias" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AliasName": { "description": "Name of the alias to be deleted. Do not specify the prefix alias/, it will be added during the execution.", "type": "array", "items": { "type": "string", "pattern": "^(?!alias/)(?!aws/)[a-zA-Z0-9/_-]{1,250}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "AliasName" ] }, "required": [ "AliasName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-059ewa92tc2i1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Archive EBS Snapshots", "description": "Archive Elastic Block Store (EBS) snapshots. The maximum number of EBS snapshots that can be archived concurrently depends on the 'In-progress snapshot archives per account' AWS Service Quota. Snapshots that are in the 'completed' state, storage tier is 'standard', or belonging to the current owner account, can be archived. Snapshots created by the AWS Backup service, used by AMIs, or shared with other accounts, cannot be archived. If you specify snapshots that are invalid, or the archival in-progress quota limit is reached, the RFC fails.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ArchiveEBSSnapshots.", "type": "string", "enum": [ "AWSManagedServices-ArchiveEBSSnapshots" ], "default": "AWSManagedServices-ArchiveEBSSnapshots" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SnapshotIds": { "description": "A comma-separated list of the EBS snapshots to archive. The maximum number of in-progress snapshot archives per account can be checked through the AWS Service Quotas console (search: In-progress snapshot archives per account).", "type": "array", "items": { "type": "string", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 100 } }, "metadata": { "ui:order": [ "SnapshotIds" ] }, "additionalProperties": false, "required": [ "SnapshotIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-05muqzievnxk5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS target endpoint for S3", "description": "Use to create a Database Migration Service (DMS) target endpoint for S3.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-knghtmmgefafdq89u", "type": "string", "enum": [ "stm-knghtmmgefafdq89u" ], "default": "stm-knghtmmgefafdq89u" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "EndpointIdentifier": { "type": "string", "description": "The identifier to be used for the target endpoint. This is a label for the endpoint to help you identify it. It must be unique for all endpoints owned by your AWS account in the current region. It must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "EngineName": { "type": "string", "description": "Must be S3.", "enum": [ "s3" ], "default": "s3" }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. For example, to specify a maximum file size of 512 KB of any CSV file created while migrating to S3 specify maxFileSize=512. See 'Targets for Data Migration' in AWS DMS documentation.", "default": "" }, "S3BucketFolder": { "type": "string", "description": "The folder name in the S3 bucket. If provided, tables are created in the path <bucketFolder>/<schema_name>/<table_name>/ instead of <schema_name>/<table_name>/ within the bucket.", "default": "" }, "S3BucketName": { "type": "string", "description": "The name of the S3 bucket for the target endpoint. Must be in the same region as the DMS replication instance you are using to migrate data." }, "S3CompressionType": { "type": "string", "description": "If, and how, target files should be compressed. Use GZIP to compress the target files in the target endpoint. Use NONE for no file compression.", "enum": [ "GZIP", "NONE" ], "default": "NONE" }, "S3CsvDelimiter": { "type": "string", "description": "The delimiter used to separate columns in the target files. Leave blank to use the default comma (,) delimiter.", "default": "" }, "S3CsvRowDelimiter": { "type": "string", "description": "The delimiter used to separate rows in the source files. Leave blank to use the default carriage return (\\n) delimiter.", "default": "" }, "S3ServiceAccessRoleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the service access IAM role.", "pattern": "^$|^arn:aws:iam::[0-9]{12}:role/[\\w-]+$" } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ExtraConnectionAttributes", "S3BucketFolder", "S3BucketName", "S3CompressionType", "S3CsvDelimiter", "S3CsvRowDelimiter", "S3ServiceAccessRoleArn" ] }, "required": [ "EngineName", "S3BucketName", "S3ServiceAccessRoleArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-05yb337abq3x5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share KMS Key", "description": "Allow cross-account access to a KMS key by adding a statement to the key policy with encrypt and decrypt permissions.", "type": "object", "properties": { "KMSKeyArn": { "description": "The Amazon Resource Name (ARN) of the KMS key, in the form arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.", "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" }, "TargetAccountId": { "description": "The ID of the AWS account that you want to share the KMS key with.", "type": "string", "pattern": "^[0-9]{12}$" }, "IncludeKeyGrantPermissions": { "description": "Add permissions for managing grants of the KMS key. These are required for performing tasks such as copying an encrypted AMI or snapshot.", "type": "boolean", "default": false }, "IAMUserOrRoleARN": { "description": "The ARN of an IAM Role or User in the target account to grant permission to. If no value is provided, the root principal of the target account is used.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:(role|user)/[A-Za-z0-9_-]+$|^$", "default": "" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "KMSKeyArn", "IncludeKeyGrantPermissions", "TargetAccountId", "IAMUserOrRoleARN", "Priority" ] }, "required": [ "KMSKeyArn", "TargetAccountId" ] }

Schema for Change Type ct-063qsm82cfxu6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EBS From Backup", "description": "Create an AWS Elastic Block Store (EBS) stack from backup.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobEBS.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobEBS" ], "default": "AWSManagedServices-StartRestoreJobEBS" }, "Region": { "description": "The AWS Region in which the EBS snapshot is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AvailabilityZone": { "description": "The Availability Zone in which to restore the EBS snapshot, in the form us-east-1a.", "type": "array", "items": { "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-[0-9]{1}[a-z]{1})$" }, "maxItems": 1 }, "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "IOPS": { "description": "The requested number of I/O operations per second that the new EBS volume can support if VolumeType is io1, io2 or gp3. This value is ignored for other volume types. If VolumeType is gp3, then the IOPS should be between 3000 and 16000, else it should be between 100 and 64000. The IOPS must respect the max ratio of 50 IOPS per GiB.", "type": "array", "items": { "type": "string", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "maxItems": 1 }, "Throughput": { "description": "The Throughput to use for the restored volume if VolumeType is gp3. If VolumeType is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000.", "type": "array", "items": { "type": "string", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "maxItems": 1 }, "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the recovery point to restore.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "VolumeSize": { "description": "The size of the volume, in GiBs. The volume size must be equal to or larger than the snapshot size. If not specified, the default will be the snapshot size. Valid values are between 1 and 16384.", "type": "array", "items": { "type": "string", "pattern": "^([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|1[0-5][0-9]{3}|16[0-2][0-9]{2}|163[0-7][0-9]|1638[0-4])$" }, "maxItems": 1 }, "VolumeType": { "description": "The volume type for the restored volume. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed. If not specified gp3 will be used as default.", "type": "array", "items": { "type": "string", "default": "gp3", "pattern": "^(standard|io1|io2|gp2|gp3|sc1|st1)$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "AvailabilityZone", "BackupVaultName", "IOPS", "Throughput", "RecoveryPointArn", "VolumeSize", "VolumeType" ] }, "additionalProperties": false, "required": [ "AvailabilityZone", "BackupVaultName", "RecoveryPointArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-06bwg93ukgg8t

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Static Route", "description": "Create a static route on your route table inside a VPC.", "type": "object", "properties": { "RouteTableId": { "description": "The ID of the route table for the route, in the form of rtb-01234567890abcdef.", "type": "string", "pattern": "^rtb-[a-z0-9]{8,17}$" }, "Destination": { "description": "The IPv4 CIDR address block in the form 192.168.10.0/24 or the ID of a prefix list in the form pl-01234567890abcdef used for the destination match.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/(3[0-2]|[1-2][0-9]|[0-9]))$|^pl-[a-z0-9]{8,17}$" }, "RouteTableTarget": { "description": "The ID of the resource that will serve as the route table target. You must specify one of the following targets: internet gateway or virtual private gateway, NAT gateway or VPC peering connection.", "type": "string", "pattern": "^(vgw|igw|nat|tgw|pcx)-[a-z0-9]{8,17}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "RouteTableId", "Destination", "RouteTableTarget", "Priority" ] }, "required": [ "RouteTableId", "Destination", "RouteTableTarget" ], "additionalProperties": false }

Schema for Change Type ct-06mjngx5flwto

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create high availability two-tier stack", "description": "Creates a stack consisting of an Auto Scaling group, an RDS DB instance, and a load balancer (ELB). Optionally allows for application deployment with CodeDeploy by also creating a CodeDeploy application and deployment group both named the value given for ApplicationName. All resource parameters can be configured.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "default": 360 }, "VpcId": { "description": "The ID of the VPC to create the Auto Scaling group in, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack; this becomes the searchable stack name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to forty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "AutoScalingGroup": { "description": "Specifications for the application tier.", "type": "object", "properties": { "AmiId": { "description": "The AMI ID for the Auto Scaling Group to utilize, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-z0-9]{8}$|^ami-[a-z0-9]{17}$" }, "Cooldown": { "description": "The number of seconds after a scaling activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "DesiredCapacity": { "description": "The number of EC2 instances you want running in the group. This number must be greater than or equal to the MinInstances setting and less than or equal to the MaxInstances setting.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 2 }, "EBSOptimized": { "description": "True to create EBS-optimized instances, false to not. EBS-optimization provides dedicated throughput to Amazon EBS and optimal EBS I/O performance.", "type": "boolean", "default": false }, "HealthCheckGracePeriod": { "description": "The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "type": "integer", "minimum": 600, "maximum": 1800, "default": 1800 }, "IAMInstanceProfile": { "description": "The IAM instance profile for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available.", "type": "string", "default": "customer-mc-ec2-instance-profile" }, "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring.", "type": "boolean", "default": true }, "InstanceRootVolumeIops": { "description": "The Iops to use for the root volume if io1 volume type is specified.", "type": "integer", "minimum": 0, "maximum": 20000, "default": 0 }, "InstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to /dev/xvda for Linux, and /dev/sda for Windows.", "type": "string" }, "InstanceRootVolumeSize": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "integer", "minimum": 8, "maximum": 16000 }, "InstanceRootVolumeType": { "description": "Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads; choose standard for HDD-backed volumes optimized for large streaming workloads.", "type": "string", "enum": [ "standard", "io1", "gp2" ], "default": "standard" }, "InstanceType": { "description": "The instance type for the Auto Scaling group to use when creating new EC2 instances.", "type": "string", "default": "m4.large" }, "MaxInstances": { "description": "The maximum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 2 }, "MinInstances": { "description": "The minimum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 2 }, "ScaleDownPolicyCooldown": { "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ScaleDownPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "type": "integer", "minimum": 2, "default": 4 }, "ScaleDownPolicyPeriod": { "description": "The time over which the specified ScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleDownPolicyScalingAdjustment": { "description": "The number of instances by which to scale down.", "type": "integer", "maximum": 0, "default": -1 }, "ScaleDownPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ScaleDownPolicyThreshold": { "description": "The value against which the specified ASGScaleDownPolicyStatistic is compared.", "type": "number", "default": 35 }, "ScaleMetricName": { "description": "The metric to use in a scaling event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ScaleUpPolicyCooldown": { "description": "The amount of time, in seconds, after a scale-up activity is completed before any further trigger-related scaling activities can start.", "type": "integer", "minimum": 60, "default": 60 }, "ScaleUpPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "type": "integer", "minimum": 2, "default": 2 }, "ScaleUpPolicyPeriod": { "description": "The time over which the specified ScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleUpPolicyScalingAdjustment": { "description": "The number of instances by which to scale up.", "type": "integer", "minimum": 0, "default": 2 }, "ScaleUpPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ScaleUpPolicyThreshold": { "description": "The value against which the specified ScaleUpPolicyStatistic is compared.", "type": "number", "default": 75 }, "SubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "UserData": { "description": "A comma-delimited list where each element is a line of script to be run on boot.", "type": "array", "items": { "type": "string" }, "minItems": 1, "default": [ "" ] } }, "additionalProperties": false, "required": [ "AmiId", "SubnetIds" ] }, "LoadBalancer": { "description": "Specifications for the load-balancing tier.", "type": "object", "properties": { "SubnetIds": { "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "HealthCheckInterval": { "description": "The approximate interval, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300, "default": 30 }, "HealthCheckTarget": { "description": "Specifies the instance being checked. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535. For example, HTTP:80/", "type": "string", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][a-zA-Z0-9/_.-]*$|^(SSL|TCP):[0-9]{1,5}$" }, "HealthCheckTimeout": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval.", "type": "number", "minimum": 2, "maximum": 60, "default": 5 }, "Public": { "description": "True if the load balancer endpoint is public, false if it is not. Default is false. Set to true if you choose a public subnet for the load balancer.", "type": "boolean", "default": false }, "AccessCIDRRange": { "default": "0.0.0.0/0", "description": "IPv4 CIDR block that the load balancer can receive traffic from.", "type": "string" } }, "additionalProperties": false, "required": [ "SubnetIds" ] }, "Database": { "description": "Specifications for the RDS DB instance.", "type": "object", "properties": { "AllocatedStorage": { "description": "The amount of storage (in gigabytes) to be initially allocated for the database (DB) instance.", "type": "number", "minimum": 5, "maximum": 6144 }, "BackupRetentionPeriod": { "description": "The number of days for which automatic DB snapshots are retained. Setting this to a positive number enables backups. Setting this to 0 disables automated backups.", "type": "number", "minimum": 0, "maximum": 35, "default": 7 }, "Backups": { "description": "True if the RDS instance should have automatic backups, false if it should not. Default is true.", "type": "boolean", "default": true }, "DBEngine": { "description": "The name of the database engine for the DB instance. Not every database engine is available for every AWS region.", "type": "string", "enum": [ "MySQL", "oracle-se1", "oracle-se", "oracle-ee", "sqlserver-ee", "sqlserver-se", "sqlserver-ex", "sqlserver-web", "postgres" ] }, "DBName": { "default": "main", "description": "A name for the database. The meaning of this parameter differs according to the database engine you use.", "type": "string", "minLength": 1 }, "EngineVersion": { "description": "The version number of the database engine to use.", "type": "string" }, "InstanceType": { "description": "The compute and memory capacity for the DB instance.", "type": "string", "enum": [ "db.m1.medium", "db.m1.large", "db.m1.xlarge", "db.m2.xlarge", "db.m2.2xlarge", "db.m2.4xlarge", "db.m3.medium", "db.m3.large", "db.m3.xlarge", "db.m3.2xlarge", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.t2.micro", "db.t2.small", "db.t2.medium" ], "default": "db.m3.medium" }, "IOPS": { "description": "The provisioned IOPS for RDS storage. Must be a multiple between 3 and 10 of the storage amount for the DB instance. Must also be an integer multiple of 1000. For example, if the size of your DB instance is 500 GB, then your Iops value can be 2000, 3000, 4000, or 5000.", "type": "number", "default": 0 }, "LicenseModel": { "description": "License model information for this DB instance.", "type": "string", "enum": [ "bring-your-own-license", "general-public-license", "license-included", "postgresql-license" ] }, "MasterUsername": { "description": "The username that you will use with the configured MasterUserPassword to log in to your DB instance. Must begin with a letter and contain only alphanumeric characters.", "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9]{1,127}$" }, "MasterUserPassword": { "description": "The password that you will use with the configured MasterUserName to log in to your DB instance. Must contain from 8 to 30 printable ASCII alphanumeric characters (excluding backslash, double quotes, and at sign).", "type": "string", "pattern": "^[!#-.0-?A-~]{8,30}$", "metadata": { "ams:sensitive": true } }, "MultiAZ": { "description": "True to have a standby replica of your DB instance created in another Availability Zone for failover support, false to not have a standby replica. Default is true.", "type": "boolean", "default": true }, "PreferredBackupWindow": { "description": "The daily time range during which automated backups are created if BackupRetentionPeriod is set to a positive number. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the PreferredMaintenanceWindow setting, and must be at least 30 minutes.", "type": "string", "default": "22:00-23:00", "pattern": "^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]-(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$" }, "Port": { "description": "The port number on which the database accepts connections. Defaults vary by DB engine.", "type": "number" }, "PreferredMaintenanceWindow": { "description": "The weekly time range (in UTC) during which system maintenance can occur.", "type": "string", "default": "wed:03:32-wed:04:02", "pattern": "^(mon|tues|wed|thurs|fri|sat|sun):(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]-(mon|tues|wed|thurs|fri|sat|sun):(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$" }, "StorageEncrypted": { "description": "True to enable database encryption, false to not. Default is false.", "type": "boolean", "default": false }, "StorageEncryptionKey": { "description": "The ARN of the custom KMS key to encrypt the database if StorageEncrypted = true. If StorageEncrypted = true and you do not specify a StorageEncryptionKey, RDS uses your default encryption key, which AWS KMS creates. Your AWS account has a different default encryption key for each AWS region.", "type": "string", "default": "" }, "StorageType": { "description": "Storage type for the RDS instance. If you specify io1, you must also include a value for the IOPS parameter.", "type": "string", "enum": [ "standard", "gp2", "io1" ], "default": "gp2" }, "SubnetIds": { "description": "Subnet IDs for the RDS instance, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "maxItems": 20, "uniqueItems": true } }, "additionalProperties": false, "required": [ "DBName", "DBEngine", "EngineVersion", "LicenseModel", "MasterUsername", "MasterUserPassword", "SubnetIds" ] }, "Application": { "description": "Optional parameters for including an application to deploy with CodeDeploy. Given a unique ID if none is provided.", "type": "object", "properties": { "ApplicationName": { "description": "The name of an AWS CodeDeploy application.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "DeploymentConfigName": { "description": "The configuration for deployment operations: as many instances as possible at once, half of the instances at a time, or only one instance at a time.", "type": "string", "enum": [ "CodeDeployDefault.AllAtOnce", "CodeDeployDefault.HalfAtATime", "CodeDeployDefault.OneAtATime" ], "default": "CodeDeployDefault.OneAtATime" } }, "additionalProperties": false }, "EnforceIMDSv2": { "description": "For the instance to be launched with only Instance Metadata Service Version 2 (IMDSv2), use required; if IMDSv2 is not required, use optional. Default is optional.", "type": "string", "default": "optional" } }, "additionalProperties": false, "required": [ "Description", "Name", "LoadBalancer", "AutoScalingGroup", "Database", "VpcId", "TimeoutInMinutes" ] }

Schema for Change Type ct-07jzw8bzd2on7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update GuardDuty IPSet", "description": "Use to update an Amazon GuardDuty IPSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "Activate": { "description": "Specified whether the IPSet is active or not.", "type": "boolean", "default": true }, "DetectorId": { "description": "The detector ID that specifies the GuardDuty service to which you want to update an IPSet. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "IpSet": { "description": "The URI of the file that contains the IPSet.", "minLength": 1, "type": "string" }, "IpSetId": { "description": "The unique ID that specifies the IPSet that you want to update.", "type": "string", "minLength": 1 }, "Name": { "description": "The friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.", "minLength": 1, "type": "string" }, "Region": { "description": "The region containing the GuardDuty detector to use; in the form of us-east-1.", "minLength": 1, "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "IpSetId", "Name", "IpSet", "Activate", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "IpSetId", "Region" ] }

Schema for Change Type ct-08avsj2e9mc7g

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create GuardDuty IPSet", "description": "Use to create an Amazon GuardDuty IPSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "Activate": { "description": "Specified whether the IPSet is active or not.", "type": "boolean", "default": true }, "DetectorId": { "description": "The detector ID that specifies the GuardDuty service to which you want to add an IPSet. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "Format": { "default": "TXT", "description": "The format of the file that contains the IPSet.", "enum": [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ], "type": "string" }, "Name": { "description": "The friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.", "minLength": 1, "type": "string" }, "IpSet": { "description": "The URI of the file that contains the IPSet.", "minLength": 1, "type": "string" }, "Region": { "description": "The region containing the GuardDuty detector to use; in the form of us-east-1.", "minLength": 1, "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "Name", "IpSet", "Format", "Activate", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "Name", "IpSet", "Region" ] }

Schema for Change Type ct-09qbhy7kvtxqw

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reboot EC2 instance", "description": "Use to reboot an EC2 instance.", "additionalProperties": false, "type": "object", "properties": { "InstanceId": { "pattern": "^i-[a-zA-Z0-9]{8}$|^i-[a-zA-Z0-9]{17}$", "description": "ID of the instance to reboot, in the form i-12345678901234567 or i-1234567.", "type": "string" } }, "required": [ "InstanceId" ] }

Schema for Change Type ct-09t6q7j9v5hrn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create high availability one-tier stack", "description": "Use to create an Application Load Balancer and an Auto Scaling Group.", "type": "object", "properties": { "DatabaseStackId": { "description": "Stack ID of the database to use, in the form stack-1ab2cd3456789101.", "type": "string", "pattern": "^stack-[0-9a-z]{17}$" }, "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to forty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "default": 360 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "ApplicationLoadBalancer": { "description": "Specifications for the ALB.", "type": "object", "properties": { "HealthCheckHealthyThreshold": { "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 2 }, "HealthCheckIntervalInSeconds": { "description": "The amount of time, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300, "default": 10 }, "HealthCheckTargetPath": { "default": "/", "description": "The ping path destination on the application hosts where the load balancer sends health check requests.", "type": "string" }, "HealthCheckTargetPort": { "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "type": "number", "minimum": 1, "maximum": 65535 }, "HealthCheckTargetProtocol": { "default": "HTTP", "description": "The protocol the load balancer uses when performing health checks on targets.", "type": "string", "enum": [ "HTTP", "HTTPS" ] }, "HealthCheckTimeoutSeconds": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckIntervalInSeconds.", "type": "number", "minimum": 2, "maximum": 60, "default": 5 }, "HealthCheckUnhealthyThreshold": { "description": "The number of consecutive health check failures required to declare an EC2 instance unhealthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 2 }, "InstancePort": { "default": 80, "description": "The TCP port the listener uses to send traffic to the target instance.", "type": "number", "minimum": 1, "maximum": 65535 }, "InstanceProtocol": { "default": "HTTP", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "type": "string", "enum": [ "HTTP", "HTTPS", "TCP" ] }, "LoadBalancerCookieExpirationPeriodInSeconds": { "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "number" }, "LoadBalancerPort": { "default": 80, "description": "The port number for the load balancer to use when routing external incoming traffic.", "type": "number", "minimum": 1, "maximum": 65535 }, "LoadBalancerAccessCIDRRange": { "default": "0.0.0.0/0", "description": "IPv4 CIDR block that the load balancer can receive traffic from.", "type": "string" }, "LoadBalancerProtocol": { "default": "HTTP", "description": "The transport protocol to use for routing front-end connections (client to load balancer).", "type": "string", "enum": [ "HTTP", "HTTPS" ] }, "LoadBalancerSslPolicy": { "default": "ELBSecurityPolicy-2016-08", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Only applies if ALBLoadBalancerProtocol = HTTPS.", "type": "string", "enum": [ "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2015-05", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-Res-2020-10" ] }, "Public": { "description": "True if the load balancer endpoint is public, false if it is not. Default is false.", "type": "boolean", "default": false }, "SSLCertificateId": { "description": "The Amazon Resource Name (ARN) of the SSL certificate to use, in the form arn:aws:acm:us-east-1:ACCOUNT-ID:certificate/12345678-1234-1234-1234-123456789012.", "type": "string" }, "SubnetIds": { "description": "Two or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "uniqueItems": true }, "ValidHTTPCode": { "default": "200", "description": "The HTTP codes that a healthy target application server must use when responding to a health check, such as 200, 202 or 200-399.", "type": "string", "pattern": "^[1-5][0-9]{2}(-[1-5][0-9]{2})?$" } }, "additionalProperties": false, "required": [ "SubnetIds" ] }, "AutoScalingGroup": { "description": "Specifications for the ASG.", "type": "object", "properties": { "AmiId": { "description": "ID of the AMI for the Auto Scaling group to use when creating new instances, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-z0-9]{8}$|^ami-[a-z0-9]{17}$" }, "CooldownInSeconds": { "description": "The number of seconds after a scaling activity is complete before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "DesiredCapacity": { "description": "The number of EC2 instances you want running in the group. This number must be greater than or equal to the MinInstances setting and less than or equal to the MaxInstances setting.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "EBSOptimized": { "description": "True to create EBS-optimized instances, false to not. EBS-optimization provides dedicated throughput to Amazon EBS and optimal EBS I/O performance.", "type": "boolean", "default": false }, "HealthCheckGracePeriodInSeconds": { "description": "The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "type": "integer", "minimum": 600, "maximum": 1800, "default": 1800 }, "HealthCheckType": { "description": "The service to use for the health checks. The ELB Health Check Type includes EC2 instance and system status checks. If ASGHealthCheckType = ELB, ensure that your ASGHealthCheckGracePeriod value is long enough so that your instances are not terminated due to load-balancer health checks failing, before your application has been deployed.", "default": "EC2", "type": "string", "enum": [ "EC2", "ELB" ] }, "IAMInstanceProfile": { "description": "The IAM instance profile for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available.", "type": "string", "default": "customer-mc-ec2-instance-profile" }, "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring.", "type": "boolean", "default": true }, "InstanceRootVolumeIops": { "description": "The IOPS to use for the root volume if io1 volume type is specified.", "type": "integer", "minimum": 0, "maximum": 20000, "default": 0 }, "InstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to /dev/xvda for Linux, and /dev/sda for Windows.", "type": "string" }, "InstanceRootVolumeSizeInGiB": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "integer", "minimum": 8, "maximum": 1024 }, "InstanceRootVolumeType": { "description": "Choose io1, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads; choose standard for HDD-backed volumes optimized for large streaming workloads.", "type": "string", "enum": [ "standard", "io1", "gp2", "gp3" ], "default": "standard" }, "InstanceType": { "description": "The instance type for the Auto Scaling group to use when creating new EC2 instances.", "type": "string", "default": "m4.large" }, "MaxInstances": { "description": "The maximum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "MinInstances": { "description": "The minimum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "ScaleMetricName": { "description": "The metric to use to in a scale-down event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ScaleDownPolicyCooldownInSeconds": { "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ScaleDownPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "type": "integer", "minimum": 2, "default": 4 }, "ScaleDownPolicyPeriod": { "description": "The time over which the specified ScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleDownPolicyScalingAdjustment": { "description": "The number of instances by which to scale down.", "type": "integer", "maximum": 0, "default": -1 }, "ScaleDownPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleDownMetricName.", "type": "string", "enum": [ "Average", "Maximum", "Minimum", "SampleCount", "Sum" ], "default": "Average" }, "ScaleDownPolicyThreshold": { "description": "The value against which the specified ScaleDownPolicyStatistic is compared.", "type": "number", "default": 35 }, "ScaleUpPolicyCooldownInSeconds": { "description": "The number of seconds after a scale-up activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ScaleUpPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleUpMetricName threshold.", "type": "integer", "minimum": 2, "default": 2 }, "ScaleUpPolicyPeriod": { "description": "The time over which the specified ScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleUpPolicyScalingAdjustment": { "description": "The number of instances by which to scale up.", "type": "integer", "minimum": 0, "default": 2 }, "ScaleUpPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleMetricName.", "type": "string", "enum": [ "Average", "Maximum", "Minimum", "SampleCount", "Sum" ], "default": "Average" }, "ScaleUpPolicyThreshold": { "description": "The value against which the specified ScaleUpPolicyStatistic is compared.", "type": "number", "default": 75 }, "SubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "UserData": { "description": "A comma-delimited list where each element is a line of script to be run on boot.", "type": "array", "items": { "type": "string" }, "minItems": 1, "default": [ "" ] } }, "additionalProperties": false, "required": [ "AmiId", "SubnetIds" ] } }, "additionalProperties": false, "required": [ "AutoScalingGroup", "ApplicationLoadBalancer", "Description", "Name", "TimeoutInMinutes", "VpcId" ] }

Schema for Change Type ct-0ah3gwb9seqk2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create CodeDeploy application", "description": "Use to create an AWS CodeDeploy application resource with the specified name.", "type": "object", "properties": { "Description": { "description": "The reason for the request.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sft6rv00000000000", "type": "string", "enum": [ "stm-sft6rv00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "CodeDeployApplicationName": { "description": "The name of an AWS CodeDeploy application.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" } }, "additionalProperties": false, "required": [ "CodeDeployApplicationName" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-0aqx5t0pgfzbg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Replace ELB Listener Certificate", "description": "Replace the certificate of an existing Elastic (Classic) Load Balancer (ELB) listener. Use the RemediateDrift parameter to have the automation try to remediate the stack drift, if drift is introduced in the CloudFormation stack that was used to create the load balancer.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-SetClassicLoadBalancerCertificate.", "type": "string", "enum": [ "AWSManagedServices-SetClassicLoadBalancerCertificate" ], "default": "AWSManagedServices-SetClassicLoadBalancerCertificate" }, "Region": { "description": "The AWS Region where the ELB listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "LoadBalancerName": { "description": "The name of the Classic Load Balancer.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{1,30}[a-zA-Z0-9]$" }, "minItems": 1, "maxItems": 1 }, "SSLCertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "LoadBalancerPort": { "description": "The listener port of the Classic Load Balancer.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{2,5}$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by replacing the certificate on the Load Balancer listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to setting certificate to the Load Balancer listener. Set to False to replace the certificate on the Load Balancer listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "LoadBalancerName", "SSLCertificateArn", "LoadBalancerPort", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "LoadBalancerName", "SSLCertificateArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ary07xiajwx4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Load Balancer (ELB)", "description": "Create an Elastic (\"Classic\") load balancer (ELB).", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name used in the Console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-3tdleig07sbhstgnf", "type": "string", "enum": [ "stm-3tdleig07sbhstgnf" ], "default": "stm-3tdleig07sbhstgnf" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "LoadBalancer": { "type": "object", "properties": { "Name": { "type": "string", "description": "A friendly name for the load balancer.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,31}$|^$" }, "Scheme": { "type": "string", "description": "True if the load balancer endpoint is public, false if it is private.", "enum": [ "true", "false" ], "default": "false" }, "SecurityGroups": { "type": "array", "description": "A list of security groups to associate with the load balancer.", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true }, "SubnetIds": { "type": "array", "description": "A list of subnet IDs that the Elastic Load Balancing creates load balancer nodes in. For an Internet-facing load balancer provide a public subnet ID, for an internal load balancer we recommend private subnet IDs.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "uniqueItems": true }, "AccessLogInterval": { "type": "string", "description": "The time interval, in minutes, to upload the load balancer access log to the specified S3 bucket. Defaults to 60 Minutes.", "enum": [ "5", "60" ], "default": "60" }, "ConnectionDrainingTimeout": { "type": "integer", "description": "The maximum time, in seconds, to keep the existing connections open before deregistering the instances.", "default": 60, "minimum": 1, "maximum": 3600 }, "IdleTimeout": { "type": "integer", "description": "The time, in seconds, that a connection to the load balancer can remain idle (no data is sent over the connection). After the specified time, the load balancer closes the connection.", "default": 60, "minimum": 1, "maximum": 3600 }, "CrossZone": { "type": "string", "description": "True to enable cross-zone load balancing (the load balancer nodes route traffic to the back-end instances across all Availability Zones), false to disable. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the healthy state after it was moved to unhealthy.", "pattern": "[1-9]{1}[0-9]{0,1}", "default": "2" }, "HealthCheckInterval": { "type": "string", "description": "How often, in seconds, that health checks are run on an individual load balancer node.", "pattern": "[1-9]{1}[0-9]{0,3}", "default": "10" }, "HealthCheckTarget": { "type": "string", "description": "The protocol, port, and path of the instance to check. The protocol can be TCP, HTTP, HTTPS, or SSL and valid ports are 1 through 65535. For TCP/SSL no path is required. For HTTP/HTTPS, you must include a ping path in the string. For example, HTTP:80/weather/us/wa/seattle.", "pattern": "(HTTP|HTTPS):[0-9]{1,5}[/][\\w./-]*|(SSL|TCP):[0-9]{1,5}", "default": "TCP:80" }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, during which no response means a failed health probe. This value must be less than the value for HealthCheckInterval.", "pattern": "[1-9]{1}[0-9]{0,3}", "default": "5" }, "HealthCheckUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the unhealthy state.", "pattern": "[1-9]{1}[0-9]{0,2}", "default": "10" }, "BackendInstances": { "type": "array", "description": "A list of EC2 instance IDs to associate with the load balancer, in the form of i-0123abcd or i-01234567890abcdef for a single instance, or i-0123abcd,i-12345abcd or i-01234567890abcdef,i-2345678901abcdefg for multiple instances. Leave blank to not associate individual EC2 instances with the load balancer. A load balancer can be associated with an autoscaling group by specifying the load balancer name in the ASGLoadBalancerNames property during creation or update of the autoscaling group.", "items": { "type": "string", "pattern": "^i-([0-9a-zA-Z]{8}|[0-9a-zA-Z]{17})$" }, "minItems": 0, "uniqueItems": true }, "LBCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session will last for the duration of the browser session.", "pattern": "^[0-9]+$|^$" }, "LBCookieStickinessPolicyName": { "type": "string", "description": "A name for the load balancer cookie stickiness policy. The name must be unique within the set of policies for this load balancer. To associate with a listener, specify the name under PolicyNames in the respective listener configuration.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "AppCookieName": { "type": "string", "description": "A name for the application cookie used for stickiness.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "AppCookiePolicyName": { "type": "string", "description": "A name for the application cookie stickiness policy. The name must be unique within the set of policies for this load balancer. To associate with a listener, specify the name under PolicyNames in the respective listener configuration.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" } }, "metadata": { "ui:order": [ "Name", "Scheme", "SecurityGroups", "SubnetIds", "BackendInstances", "IdleTimeout", "CrossZone", "AccessLogInterval", "ConnectionDrainingTimeout", "HealthCheckHealthyThreshold", "HealthCheckInterval", "HealthCheckTarget", "HealthCheckTimeout", "HealthCheckUnhealthyThreshold", "LBCookieExpirationPeriod", "LBCookieStickinessPolicyName", "AppCookieName", "AppCookiePolicyName" ] }, "required": [ "SecurityGroups", "SubnetIds" ], "additionalProperties": false }, "Listener1": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ], "default": "HTTP" }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ], "default": "HTTP" }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "required": [ "Port", "Protocol", "InstancePort" ], "additionalProperties": false }, "Listener2": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false }, "Listener3": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false }, "Listener4": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false }, "Listener5": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Tags", "LoadBalancer", "Listener1", "Listener2", "Listener3", "Listener4", "Listener5" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "LoadBalancer", "Listener1" ], "additionalProperties": false }

Schema for Change Type ct-0attesnjqy2cx

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS source endpoint", "description": "Use to create a Database Migration Service (DMS) source endpoint.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-pud4ghhkp7395n9bc.", "type": "string", "enum": [ "stm-pud4ghhkp7395n9bc" ], "default": "stm-pud4ghhkp7395n9bc" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "CertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) for the certificate to use with the source. This is required if SslMode = verify-ca or verify-full.", "pattern": "^$|^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:cert:[A-Z0-9]+$" }, "DatabaseName": { "type": "string", "description": "The name of the source database. Must not be blank if EngineName = azuredb, db2, oracle, postgres, sqlserver or sybase." }, "EndpointIdentifier": { "type": "string", "description": "A meaningful identifier for the source database endpoint. Must be unique for all endpoints owned by your AWS account in the current region. Must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$" }, "EngineName": { "type": "string", "description": "The type of engine this source endpoint is connected to. Some parameters become required depending on the specified EngineName.", "enum": [ "aurora", "azuredb", "db2", "mariadb", "mysql", "oracle", "postgres", "sqlserver", "sybase" ] }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. See AWS documentation for more information on the supported extra connection attributes for the EngineName you have selected." }, "KmsKeyId": { "type": "string", "description": "The AWS Key Management Service (AWS KMS) customer master key (CMK) ID to use for encrypting volumes associated with the replication instance. If not specified, the default CMK for Amazon DMS is used.", "pattern": "^$|^[\\w]{8}-[\\w]{4}-[\\w]{4}-[\\w]{4}-[\\w]{12}$" }, "Password": { "type": "string", "description": "The password to be used to log in to the source database.", "metadata": { "ams:sensitive": true } }, "Port": { "type": "integer", "description": "The port used by the source database.", "minimum": 1, "maximum": 65535 }, "ServerName": { "type": "string", "description": "The name of the server where the source database resides." }, "SslMode": { "type": "string", "description": "The SSL mode to use for the SSL connection.", "enum": [ "none", "require", "verify-ca", "verify-full" ], "default": "none" }, "Username": { "type": "string", "description": "The user name to be used to log in to the source database.", "metadata": { "ams:sensitive": true } } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ServerName", "Port", "DatabaseName", "Username", "Password", "SslMode", "CertificateArn", "KmsKeyId", "ExtraConnectionAttributes" ] }, "required": [ "EngineName", "ServerName", "Port", "Username", "Password" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-0bpxsrtu16igp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reboot RDS DB instance", "description": "Use to reboot an RDS DB instance.", "additionalProperties": false, "type": "object", "properties": { "DbInstanceIdentifier": { "pattern": "(?=[a-zA-Z0-9-]{1,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$", "description": "The identifier of the DB instance to reboot.", "type": "string" }, "ForceFailover": { "default": false, "description": "True to reboot with Multi-AZ failover, for Multi-AZ instances. Default is false.", "type": "boolean" } }, "required": [ "DbInstanceIdentifier" ] }

Schema for Change Type ct-0c38gftq56zj6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Private DNS Record", "description": "Create a new Route 53 DNS resource record sets and a new private hosted zone for a VPC, and configure traffic routing.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DomainName": { "description": "A domain name for the hosted zone. The name can contain only lowercase letters, numbers, hyphens (-), and a dot (.). For example, mycorp.com", "type": "string", "minLength": 2, "pattern": "^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,255}$" }, "VPCId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "DomainType": { "description": "Must be 'private'", "type": "string", "enum": [ "private" ], "default": "private" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "DomainName", "VPCId", "DomainType", "RecordSet" ] }, "required": [ "DomainName", "VPCId", "DomainType", "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0cupn1txog5tk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start Storage Gateway Restore Job", "description": "Start an AWS Backup service restore job to restore a Storage Gateway volume snapshot of the specified resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobStorageGatewayVolume.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobStorageGatewayVolume" ], "default": "AWSManagedServices-StartRestoreJobStorageGatewayVolume" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies a recovery point.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "minItems": 1, "maxItems": 1 }, "BackupVaultName": { "description": "The name of the target backup vault. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "minItems": 1, "maxItems": 1 }, "GatewayArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies a Storage Gateway.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "minItems": 1, "maxItems": 1 }, "TargetName": { "description": "The name of the Internet Small Computer Systems Interface(iSCSI) target. This is the name your iSCSI initiator uses to connect to your volume. The target name can contain lowercase letters, numbers, periods (.), and hyphens (-).", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9\\_\\-\\.]+$" }, "minItems": 1, "maxItems": 1 }, "GatewayType": { "description": "The Storage Gateway volume restore type. For data that is cached in the gateway and stored in S3, choose Cached. For on-premise data stored locally, choose Stored. If you choose Stored, you must also specify a DiskId.", "type": "array", "items": { "type": "string", "enum": [ "Cached", "Stored" ] }, "minItems": 1, "maxItems": 1 }, "DiskId": { "description": "The unique identifier for the gateway local disk that is configured as a stored volume. Find disk IDs for a gateway on the Storage Gateway console. Required when GatewayType = Stored. If specified, all data currently residing on this disk will be lost, and overwritten with the current data on the snapshot.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(|[a-z0-9\\_\\-\\.\\:]+)$" }, "minItems": 1, "maxItems": 1 }, "VolumeSize": { "description": "The size of the volume, in GiBs. If this value is specified, it must be greater than the snapshot size, to take affect. By default, the volume size is equal to the snapshot size.", "type": "array", "items": { "type": "string", "default": "0", "pattern": "^(0|[1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|1[0-5][0-9]{3}|16[0-2][0-9]{2}|163[0-7][0-9]|1638[0-4])$" }, "minItems": 1, "maxItems": 1 }, "IamRoleArn": { "description": "The ARN of the role that allows AWS Backup to perform the actions on your behalf. If no role is specified, the default IAM role, created by AMS during the account onboarding process, is used.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(|arn:aws:iam:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:role\\/[a-zA-Z0-9\\_\\-]+)$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyArn": { "description": "The Amazon Resource Name (ARN) for the AWS KMS key to encrypt the new Storage Gateway volume.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(|arn:aws:kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+)$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecoveryPointArn", "BackupVaultName", "GatewayArn", "TargetName", "GatewayType", "DiskId", "VolumeSize", "IamRoleArn", "KmsKeyArn" ] }, "required": [ "RecoveryPointArn", "BackupVaultName", "GatewayArn", "TargetName", "GatewayType" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0cyqd7laxyhlm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "CloudWatch LogGroup with optional subscription filter, log streams and metric filters.", "description": "Creates a CloudWatch LogGroup with optional subscription filter, up to 5 log streams and up to 5 metric filters.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-8ian3plt5a6jbv7jt", "type": "string", "enum": [ "stm-8ian3plt5a6jbv7jt" ], "default": "stm-8ian3plt5a6jbv7jt" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "LogGroupName": { "type": "string", "description": "A name for the log group. The name must be prefixed with the word 'customer'.", "pattern": "^customer[a-zA-Z0-9\\.\\-_/#]{1,504}$" }, "LogGroupRetentionInDays": { "type": "string", "description": "The number of days to retain the log events in the log group created. Leave blank to keep logs indefinitely.", "enum": [ "", "1", "3", "5", "7", "14", "30", "60", "90", "120", "150", "180", "365", "400", "545", "731", "1827", "3653" ], "default": "" }, "LogStream1Name": { "type": "string", "description": "A name for log stream 1. The name must be unique within the log group. If left blank log stream 1 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream2Name": { "type": "string", "description": "A name for log stream 2. The name must be unique within the log group. If left blank log stream 2 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream3Name": { "type": "string", "description": "A name for log stream 3. The name must be unique within the log group. If left blank log stream 3 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream4Name": { "type": "string", "description": "A name for log stream 4. The name must be unique within the log group. If left blank log stream 4 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream5Name": { "type": "string", "description": "A name for log stream 5. The name must be unique within the log group. If left blank log stream 5 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "SubscriptionFilterIAMroleARN": { "type": "string", "description": "An IAM role that grants CloudWatch Logs permission to put data into the destination. Applicable only if the destination is Kinesis stream or Kinesis Data Firehose delivery stream.", "pattern": "(arn:aws:iam::\\d{12}:role\\/[\\w+=,.@-]{1,64}|^$)", "default": "" }, "SubscriptionFilterPattern": { "type": "string", "description": "The filtering expressions that restrict what gets delivered to the destination AWS resource.", "pattern": "^.{1,1024}$|^$", "default": "" }, "SubscriptionDestinationARN": { "type": "string", "description": "The Amazon Resource Name (ARN) of the Kinesis stream, Kinesis Data Firehose delivery stream, or Lambda function, to use as the subscription feed destination.", "pattern": "^arn:aws:kinesis:[a-z0-9-]+:[0-9]{12}:stream/[a-zA-Z0-9-_\\.]{1,128}$|^arn:aws:firehose:[a-z0-9-]+:[0-9]{12}:deliverystream/[a-zA-Z0-9-_\\.]{1,64}$|^arn:aws:lambda:[a-z0-9-]+:[0-9]{12}:function:[a-zA-Z0-9-_]{1,140}$|^$", "default": "" }, "MetricFilter1Pattern": { "type": "string", "description": "The pattern for MetricFilter1 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter1DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter1Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter1 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter1Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter1. Namespaces are containers for metrics. If left blank MetricFilter1 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter1Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter1 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter2Pattern": { "type": "string", "description": "The pattern for MetricFilter2 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter2DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter2Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter2 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter2Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter2. Namespaces are containers for metrics. If left blank MetricFilter2 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter2Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter2 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter3Pattern": { "type": "string", "description": "The pattern for MetricFilter3 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter3DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter3Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter3 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter3Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter3. Namespaces are containers for metrics. If left blank MetricFilter3 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter3Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter3 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter4Pattern": { "type": "string", "description": "The pattern for MetricFilter4 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter4DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter4Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter4 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter4Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter4. Namespaces are containers for metrics. If left blank MetricFilter4 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter4Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter4 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter5Pattern": { "type": "string", "description": "The pattern for MetricFilter5 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter5DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter5Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter5 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter5Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter5. Namespaces are containers for metrics. If left blank MetricFilter5 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter5Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter5 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" } }, "metadata": { "ui:order": [ "LogGroupName", "LogGroupRetentionInDays", "LogStream1Name", "LogStream2Name", "LogStream3Name", "LogStream4Name", "LogStream5Name", "SubscriptionFilterIAMroleARN", "SubscriptionFilterPattern", "SubscriptionDestinationARN", "MetricFilter1Name", "MetricFilter1Namespace", "MetricFilter1Pattern", "MetricFilter1Value", "MetricFilter1DefaultValue", "MetricFilter2Name", "MetricFilter2Namespace", "MetricFilter2Pattern", "MetricFilter2Value", "MetricFilter2DefaultValue", "MetricFilter3Name", "MetricFilter3Namespace", "MetricFilter3Pattern", "MetricFilter3Value", "MetricFilter3DefaultValue", "MetricFilter4Name", "MetricFilter4Namespace", "MetricFilter4Pattern", "MetricFilter4Value", "MetricFilter4DefaultValue", "MetricFilter5Name", "MetricFilter5Namespace", "MetricFilter5Pattern", "MetricFilter5Value", "MetricFilter5DefaultValue" ] }, "required": [ "LogGroupName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-0el2j07llrxs7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Window", "description": "Create an AWS Systems Manager (SSM) patch window for patching to take place on instances with the specified PatchGroup. The patch window is an SSM resource that you can manage with the SSM console.", "properties": { "Cutoff": { "description": "The maximum number of hours before the end of the scheduled patch window for starting a new patching command. This helps ensure that patching commands complete before the patch window ends. A new patching command can only start execution within the patch window and before the specified Cutoff. After the Cutoff is reached, no new patching commands can be started.", "default": 0, "maximum": 23, "minimum": 0, "type": "integer" }, "Description": { "description": "A meaningful description for this patch window.", "maxLength": 500, "minLength": 1, "type": "string" }, "Duration": { "description": "The duration of the patch window in hours.", "maximum": 24, "minimum": 1, "type": "integer" }, "EndDate": { "description": "The date and time, in ISO-8601 extended format, for when the patch window is scheduled to become inactive (i.e.: 2019-10-23T19:45:00Z).", "type": "string" }, "MaxConcurrency": { "description": "The maximum number or rate (%) of instances allowed to patch in parallel.", "default": "33%", "maxLength": 7, "minLength": 1, "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$", "type": "string" }, "MaxErrors": { "description": "The maximum number or rate (%) of errors allowed before the Patching stops being scheduled.", "default": "100%", "maxLength": 7, "minLength": 1, "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$", "type": "string" }, "Name": { "description": "A friendly name for this patch window.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "NotificationEmails": { "description": "One or more email addresses to receive notifications about patching status.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true }, "PatchGroup": { "description": "The value of the \"Patch Group\" tag of an existing instance; for example 'App123-CustA-EnvTest'. Instances with the specified \"Patch Group\" tag values, are included in the patch window. If needed, you can create \"Patch Group\" tags using the console for the resource, but these tags are usually created at onboarding.", "type": "string", "minLength": 1, "maxLength": 256 }, "Schedule": { "description": "The schedule of the patch window in the form of a cron or rate expression; for example, cron(30 09 ? * * *) or rate(7 days).", "maxLength": 256, "minLength": 1, "type": "string" }, "ScheduleOffset": { "description": "The number of days to wait after the date and time specified by a cron expression before the maintenance window runs.", "default": 0, "maximum": 6, "minimum": 0, "type": "integer" }, "ScheduleTimeZone": { "description": "The time zone that the scheduled patch window executions are based on, in Internet Assigned Numbers Authority (IANA) format (i.e.: UTC, America/Los_Angeles).", "default": "UTC", "pattern": "^[a-zA-Z_]+(\\+|/)?[a-zA-Z0-9_-]*(\\+|/)?[a-zA-Z0-9_-]+$", "type": "string" }, "StartDate": { "description": "The date and time, in ISO-8601 extended format, after which the patch window becomes active (i.e.: 2019-10-23T19:45:00Z).", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "PatchGroup", "Schedule", "ScheduleOffset", "Duration", "MaxConcurrency", "MaxErrors", "Cutoff", "StartDate", "EndDate", "ScheduleTimeZone", "NotificationEmails" ] }, "required": [ "Cutoff", "Duration", "MaxConcurrency", "MaxErrors", "Name", "NotificationEmails", "PatchGroup", "Schedule", "ScheduleTimeZone" ], "type": "object" }

Schema for Change Type ct-0erkoad6uyvvg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Non-Root Volumes Monitoring", "description": "Enable monitoring on non-root volumes of an EC2 instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeployNonRootVolumeMonitoring.", "type": "string", "enum": [ "AWSManagedServices-DeployNonRootVolumeMonitoring" ], "default": "AWSManagedServices-DeployNonRootVolumeMonitoring" }, "Region": { "description": "The AWS Region where the EC2 instance, and volumes, are.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance, in the form i-12345678 or i-123456789012345ab.", "type": "array", "items": { "type": "string", "pattern": "^i-[0-9a-f]{8}$|^i-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId" ] }, "additionalProperties": false, "required": [ "InstanceId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ffvihqwjvqj1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Restore EC2 Volumes From Backup", "description": "Replace the instance volumes from an existing backup image of the instance. To restore from snapshot, use version 1.0 of this Change Type.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ReplaceInstanceVolumesFromSnapshotsWithContext.", "type": "string", "enum": [ "AWSManagedServices-ReplaceInstanceVolumesFromSnapshotsWithContext" ], "default": "AWSManagedServices-ReplaceInstanceVolumesFromSnapshotsWithContext" }, "Region": { "description": "The AWS Region in which the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The identifier of the EC2 instance to replace the volumes from the backup.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "minItems": 1, "maxItems": 1 }, "Backup": { "description": "The Amazon EC2 backup ARN, or AMI ID, custom or from backup, to use to restore the volumes, i.e. ami-0ecdf967356c809c7.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:ec2:[\\w]{2}-[a-z]+-[0-9]{1}::image/[A-Za-z0-9_-]+$|^ami-[a-z0-9]+$" }, "minItems": 1, "maxItems": 1 }, "KMSKeyId": { "description": "The KMS key identifier, or ARN, to encrypt all restored volumes on the EC2 instance.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$|^arn:aws:kms:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:key/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$|^$" }, "minItems": 1, "maxItems": 1 }, "SleepTime": { "description": "The sleep time (how long to wait) before attempting access validation after data restoration completes.", "type": "array", "items": { "type": "string", "pattern": "^PT([0-9]|[1-5][0-9]|60)M$", "default": "PT5M" }, "minItems": 1, "maxItems": 1 }, "ChangeHostname": { "description": "True to change the hostname after the restore operation, to a generated hostname. False to not change the hostname. Default is False.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "False" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "Backup", "KMSKeyId", "ChangeHostname", "SleepTime" ] }, "additionalProperties": false, "required": [ "InstanceId", "Backup" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0fpjlxa808sh2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update policy", "description": "Update an S3 bucket policy.", "type": "object", "properties": { "BucketName": { "description": "The name of the Amazon S3 bucket to which the policy applies.", "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "BucketPolicy": { "description": "Detailed information about the bucket permissions update, or a policy document to be attached to the bucket (paste the policy document into the value field). Details should include the type of access (for example Read, Write or Delete).", "type": "string", "maxLength": 20000 }, "PolicyAction": { "description": "Whether the given bucket policy needs to be appended to the existing bucket policy or to replace the bucket policy entirely. If you want to add a new statement block to the existing policy, choose 'Append'. If you want to replace the entire policy or update the policy in specific sections, provide the entire policy containing desired changes and choose 'Replace'.", "type": "string", "enum": [ "Append", "Replace" ] }, "Operation": { "description": "Must be Update policy.", "type": "string", "default": "Update policy", "enum": [ "Update policy" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "BucketPolicy", "PolicyAction", "Operation", "Priority" ] }, "required": [ "BucketName", "BucketPolicy", "PolicyAction", "Operation" ] }

Schema for Change Type ct-0fqo03yizfnw6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Cross Region Copy", "description": "Update an existing backup plan rule with copy actions like cross region destination vault, and storage retention settings.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ConfigureCrossRegionBackup.", "type": "string", "enum": [ "AWSManagedServices-ConfigureCrossRegionBackup" ], "default": "AWSManagedServices-ConfigureCrossRegionBackup" }, "Region": { "description": "The AWS Region in which the AWS Backup plan is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupPlanName": { "description": "The name of the existing Backup plan to be updated.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "RuleName": { "description": "The name of the existing rule in the specified backup plan to be updated.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "DestinationRegion": { "description": "The AWS Region where the destination backup vault is.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "maxItems": 1 }, "DestinationVaultName": { "description": "The destination backup vault for the copied backup. If the vault does not exist in the destination Region, it is created automatically.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$", "default": "ams-replication-vault" }, "maxItems": 1 }, "DestinationEncryptionKeyArn": { "description": "The destination server-side encryption key that is used to protect your backups. If the vault name does not exist and you do not provide a key ARN, a new key is created in the destination Region. For disaster recovery patterns, we recommend that you provide a key that belongs to a different account.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:aws:kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+)$", "default": "" }, "maxItems": 1 }, "DeleteAfterNumberOfDays": { "description": "The number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterNumberOfDays.", "type": "array", "items": { "type": "string", "pattern": "^(0|[1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[12][0-9]{4}|3[0-4][0-9]{3}|35[0-5][0-9]{2}|35600)$", "default": "0" }, "maxItems": 1 }, "MoveToColdStorageAfterNumberOfDays": { "description": "The number of days after creation that a recovery point is moved to cold storage.", "type": "array", "items": { "type": "string", "pattern": "^(0|[1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[12][0-9]{4}|3[0-4][0-9]{3}|35[0-5][0-9]{2}|35600)$", "default": "0" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupPlanName", "DeleteAfterNumberOfDays", "DestinationRegion", "DestinationVaultName", "DestinationEncryptionKeyArn", "MoveToColdStorageAfterNumberOfDays", "RuleName" ] }, "additionalProperties": false, "required": [ "BackupPlanName", "DestinationRegion", "RuleName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0g690ekkyfm79

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EFS From Backup", "description": "Create an AWS Elastic File System (EFS) stack from backup.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobEFS.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobEFS" ], "default": "AWSManagedServices-StartRestoreJobEFS" }, "Region": { "description": "The AWS Region in which the EFS snapshot is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9_\\/\\-]{2,50}$" }, "maxItems": 1 }, "EnableEncryption": { "description": "Flag to control, when restoring to a new filesystem, whether it is encrypted or not. If specified, the KmsKeyId must also be set. If not specified, the new filesystem will be created without encryption.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "false" }, "maxItems": 1 }, "ItemsToRestore": { "description": "The list containing up to five directories or files paths to be restored. Paths are case sensitive and cannot contain the following special characters: :, *, ?, \", <, > and `. If not specified, the entire filesystem will be restored.", "type": "array", "items": { "type": "string", "pattern": "^(/[^:*?\"<>`]*)$" }, "maxItems": 5 }, "KmsKeyId": { "description": "The Amazon Resource Name (ARN) for the AWS KMS key to be used to encrypt the new filesystem at rest.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:aws:kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+)$" }, "maxItems": 1 }, "PerformanceMode": { "description": "The performance mode, if restoring to a new filesystem. Use generalPurpose for most file systems. Use maxIO for applications where tens, hundreds, or thousands of EC2 instances are accessing the file system. If not specified, generalPurpose is used.", "type": "array", "items": { "type": "string", "enum": [ "generalPurpose", "maxIO" ], "default": "generalPurpose" }, "maxItems": 1 }, "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the recovery point to restore.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "RestoreToNewFileSystem": { "description": "Flag to control whether the restore process creates a new filesystem or restores it to a directory in the source filesystem. If not specified, it is restored to a new filesystem.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "true" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupVaultName", "EnableEncryption", "ItemsToRestore", "KmsKeyId", "PerformanceMode", "RecoveryPointArn", "RestoreToNewFileSystem" ] }, "additionalProperties": false, "required": [ "BackupVaultName", "RecoveryPointArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0h3p576mj4rqm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change Windows Hostname", "description": "Change the hostname of an EC2 Windows instance. Note that the instance will be rebooted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ChangeHostname.", "type": "string", "enum": [ "AWSManagedServices-ChangeHostname" ], "default": "AWSManagedServices-ChangeHostname" }, "Region": { "description": "The AWS Region where the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "Hostname": { "description": "The new hostname of the instance.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-]{1,63}$" }, "minItems": 1, "maxItems": 1 }, "Platform": { "description": "Must be windows. To change the hostname for a Linux instance, use CT ct-2781aqd6f6svs.", "type": "array", "items": { "type": "string", "default": "windows", "enum": [ "windows" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "Hostname", "Platform" ] }, "required": [ "InstanceId", "Hostname", "Platform" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0hahohe17csnc

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Encrypt Instance Volumes", "description": "Encrypt Elastic Block Store (EBS) volumes attached to an EC2 instance", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EncryptInstanceVolumes", "type": "string", "enum": [ "AWSManagedServices-EncryptInstanceVolumes" ], "default": "AWSManagedServices-EncryptInstanceVolumes" }, "Region": { "description": "The AWS Region where the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance to encrypt volumes for. The instance must support encryption of EBS volumes and not part of an Auto Scaling group.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}|i-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "VolumeIds": { "description": "The list of EBS volume IDs to encrypt. The volume IDs must be attached to the specified EC2 instance.", "type": "array", "items": { "type": "string", "pattern": "^vol-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 25, "uniqueItems": true }, "KMSKeyId": { "description": "The KMS key ID, or ARN, to encrypt all the new volumes.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:key/)?([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}|mrk-[a-z0-9]{32})$" }, "minItems": 1, "maxItems": 1 }, "DeleteStaleNonEncryptedSnapshotBackups": { "description": "True to delete existing snapshot backups of specified EBS volumes. False to not delete the existing snapshots.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "True" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "VolumeIds", "KMSKeyId", "DeleteStaleNonEncryptedSnapshotBackups" ] }, "additionalProperties": false, "required": [ "InstanceId", "VolumeIds", "KMSKeyId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0hi7z7tyikjf6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update SQS", "description": "Use to modify the properties of an existing Amazon Simple Queue Service instance.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the SQS queue, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "ID of the stack instance that contains the SQS queue, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "SQSDelaySeconds": { "description": "The time in seconds that the delivery of new messages in the queue will be delayed.", "type": "number", "minimum": 0, "maximum": 900, "default": 0 }, "SQSMaximumMessageSize": { "description": "The limit of how many bytes a message can contain before SQS rejects it.", "type": "number", "minimum": 1024, "maximum": 262144, "default": 262144 }, "SQSMessageRetentionPeriod": { "description": "The number of seconds SQS retains a message, from 60 (1 minute) to 1209600 (14 days).", "type": "number", "minimum": 60, "maximum": 1209600, "default": 345600 }, "SQSQueueName": { "description": "A name for the queue.", "type": "string", "pattern": "^[a-zA-Z0-9-_]{1,80}$", "minLength": 1, "maxLength": 80 }, "SQSReceiveMessageWaitTimeSeconds": { "description": "The number of seconds that the ReceiveMessage call waits for a message to arrive in the queue before returning a response.", "type": "number", "minimum": 0, "maximum": 20, "default": 0 }, "SQSVisibilityTimeout": { "description": "The number of seconds that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request.", "type": "number", "minimum": 0, "maximum": 43200 } } } }, "additionalProperties": false, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-0hu3q3957aghj

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Private ACM Certificate", "description": "Create a private AWS Certificate Manager (ACM) certificate with email or DNS validation. To create a public ACM certificate, use ct-3ll9hnadql9s1.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RequestACMCertificateV2", "type": "string", "enum": [ "AWSManagedServices-RequestACMCertificateV2" ], "default": "AWSManagedServices-RequestACMCertificateV2" }, "Region": { "description": "The AWS Region in which you want the ACM certificate, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DomainName": { "description": "The fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate.", "type": "string", "pattern": "^(?!://)(?=.{1,255}$)((.{1,63}\\.){1,127}(?![0-9]*$)[a-z0-9-]+\\.?)$" }, "CertificateType": { "description": "Confirm that you are creating a private ACM certificate. To create a public ACM certificate, use ct-3ll9hnadql9s1.", "type": "string", "enum": [ "Private" ], "default": "Private" }, "CertificateAuthorityArn": { "description": "The Amazon Resource Name (ARN) of the private certificate authority (CA) used to issue the certificate.", "type": "string", "pattern": "^arn:aws:.+$" }, "SubjectAlternativeNames": { "description": "Additional FQDNs to be included in the subject alternative name extension of the ACM certificate.", "type": "array", "items": { "type": "string", "pattern": "^(?!://)(?=.{1,255}$)((.{1,63}\\.){1,127}(?![0-9]*$)[a-z0-9-]+\\.?)$" }, "minItems": 1, "maxItems": 5 }, "Route53DNSValidation": { "description": "True for automatic ACM validation using your Route53 DNS, if the ACM and the domain are on the same account; false for no automatic validation. Default is false.", "type": "string", "enum": [ "True", "False" ], "default": "False" } }, "metadata": { "ui:order": [ "DomainName", "CertificateType", "CertificateAuthorityArn", "SubjectAlternativeNames", "Route53DNSValidation" ] }, "additionalProperties": false, "required": [ "DomainName", "CertificateAuthorityArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0idxb0xsg1ui6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete RDS Snapshots", "description": "Delete DB instance or cluster snapshots. This document only supports deletion of 'manual' and 'awsbackup' snapshot types. If the snapshot is being copied, the copy operation is terminated. The snapshot must be in available state to be deleted. If one or more snapshots cannot be deleted, automation fails. Up to 20 snapshots can be deleted in one execution.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteRDSSnapshotsV2.", "type": "string", "enum": [ "AWSManagedServices-DeleteRDSSnapshotsV2" ], "default": "AWSManagedServices-DeleteRDSSnapshotsV2" }, "Region": { "description": "The AWS Region where the DB snapshots are located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SnapshotNamesOrArns": { "description": "A list of up to 20 RDS snapshot names or ARN's to delete.", "type": "array", "items": { "type": "string", "pattern": "^(?!rds:).*$" }, "minItems": 1, "maxItems": 20 } }, "metadata": { "ui:order": [ "SnapshotNamesOrArns" ] }, "additionalProperties": false, "required": [ "SnapshotNamesOrArns" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ikpop8zqhkxg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update stack admin access", "description": "Update admin access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$|^SC-[0-9]{12}-pp-[a-zA-Z0-9]{13}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-0ixp4ch2tiu04

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create IAM instance profile", "description": "Use to create an instance profile.", "type": "object", "properties": { "InstanceProfileDescription": { "description": "The description of the instance profile.", "type": "string", "maxLength": 5000 }, "InstanceProfileName": { "description": "The name of the instance profile to create.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9_.=@,+-]{1,128}$" }, "RelatedIds": { "description": "(Optional) IDs of resources related to the change request.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 1000, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "required": [ "InstanceProfileDescription", "InstanceProfileName" ], "metadata": { "ui:order": [ "InstanceProfileDescription", "InstanceProfileName", "RelatedIds", "Priority" ] } }

Schema for Change Type ct-0jb01cofkhwk1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Override Stack Access Duration", "description": "Use to override maximum stack access time for all stacks in this account for single landing zone (SALZ) and for all stacks of the member accounts of an organization for multi-landing zone (MALZ). For multi-landing zone (MALZ), please raise a request for change (RFC) from shared-services account with this change type (CT) ID. Access can be overridden from a minimum of 1 hour to a maximum of 120 hours, default stack access is granted for 12 hours.", "type": "object", "properties": { "TimeRequestedInHours": { "description": "The amount of time, in hours, requested to override. Access can be overridden from a minimum of 1 hour to a maximum of 120 hours, default stack access is granted for 12 hours. Access is terminated after this time.", "type": "integer", "minimum": 1, "maximum": 120, "default": 1 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "TimeRequestedInHours", "Priority" ] }, "required": [ "TimeRequestedInHours" ], "additionalProperties": false }

Schema for Change Type ct-0k4b96aatyqgl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Bulk Update Resource Tags (Review Required)", "description": "Bulk add tags to existing, supported resources except those in AMS infrastructure stacks (stacks named mc-*). Tags simplify categorization, identification and targeting AWS resources. Use this with AWS Tag Editor when managing large numbers of tags (i.e. >50). For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use automated CT ct-3047c34zuvswh.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the tag operation.", "type": "string", "maxLength": 5000 }, "CsvS3Url": { "description": "The S3 bucket endpoint for the CSV file with the tag update details. The CSV file must be formatted to the correct format. Please see AMS tag documentation for the correct format of the CSV file.", "type": "string", "pattern": "^https?://[a-z0-9]([-.a-z0-9]+)[a-z0-9]\\.s3\\.((([a-z]{2}-[a-z]+-\\d{1}\\.)?))amazonaws\\.com/[\\S]*", "minLength": 1, "maxLength": 1536 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Description", "CsvS3Url", "Priority" ] }, "required": [ "Description", "CsvS3Url" ] }

Schema for Change Type ct-0kbey7hb00atp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (Windows)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for Windows OS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"CriticalUpdates\", \"DefinitionUpdates\", \"Drivers\", \"FeaturePacks\", \"SecurityUpdates\", \"ServicePacks\", \"Tools\", \"UpdateRollups\", \"Updates\", \"Upgrades\" and \"All\".", "items": { "enum": [ "CriticalUpdates", "DefinitionUpdates", "Drivers", "FeaturePacks", "SecurityUpdates", "ServicePacks", "Tools", "UpdateRollups", "Updates", "Upgrades", "All" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"Critical\", \"Important\", \"Low\", \"Moderate\", \"Unspecified\" and \"All\".", "items": { "enum": [ "Critical", "Important", "Low", "Moderate", "Unspecified", "All" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1, "pattern": "^(^KB[0-9]{1,7}$)|(^MS[0-9]{2}-[0-9]{3}$)" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "Windows", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "Windows" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "pattern": "^(^KB[0-9]{1,7}$)|(^MS[0-9]{2}-[0-9]{3}$)", "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-0loed9dzig1ze

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS Storage", "description": "Change the RDS instance storage type, capacity or IOPS through direct API calls. The RDS instance can be standalone or belong to a CloudFormation stack, in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-12w49boaiwtzp instead, or ct-361tlo1k7339x if the RDS instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSStorage.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSStorage" ], "default": "AWSManagedServices-UpdateRDSStorage" }, "Region": { "description": "The AWS Region of the account with the RDS database instance; for example, us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "AllocatedStorage": { "description": "The new amount of storage in gibibytes (GiB) to allocate for the DB instance.", "type": "array", "items": { "type": "string", "pattern": "^$|^\\d+$" }, "minItems": 0, "maxItems": 1 }, "StorageType": { "description": "The storage type to be associated with the DB instance.", "type": "array", "items": { "type": "string", "enum": [ "", "gp2", "gp3", "io1", "Magnetic" ], "default": "" } }, "Iops": { "description": "The new provisioned IOPS (I/O operations per second) value for the RDS instance. This parameter is only valid for io1 and gp3 storage type.", "type": "array", "items": { "type": "string", "pattern": "^$|^\\d+$", "default": "" } }, "ApplyImmediately": { "description": "True to apply the change immediately, false to schedule the change on next maintenance window. To discover your next maintenance window, check the details page for the instance in the RDS console.", "type": "string", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "AllocatedStorage", "StorageType", "Iops", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0lqruajvhwsbk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Authorize Egress Rule", "description": "Authorize the egress rule for the specified security group (SG). You must specify the configurations of the egress rule that you are authorizing. Note that this adds an egress rule to the specified SG but does not modify any existing egress rules.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AuthorizeSecurityGroupEgressRule", "type": "string", "enum": [ "AWSManagedServices-AuthorizeSecurityGroupEgressRule" ], "default": "AWSManagedServices-AuthorizeSecurityGroupEgressRule" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the egress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Destination": { "description": "An IP address, in the form 255.255.255.255, or an IP address range in CIDR notation, in the form 255.255.255.255/32, or the ID of another security group in the same region; or self to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$|^self$" }, "minItems": 1, "maxItems": 1 }, "Description": { "description": "A meaningful description of the egress rule.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,255}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination", "Description" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0ltm873rsebx9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update load balancer (ELB) stack", "description": "Modify the properties of an existing Amazon ELB Classic Load Balancer created using CT id ct-12amsdz909cfh, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the ELB that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the ELB.", "type": "object", "properties": { "ELBSubnetIds": { "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef. Changing this value during an update does not append to the existing subnets associated with the load balancer. Include all required subnets when modifying this value.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "ELBBackendInstances": { "description": "One or more EC2 instance IDs to associate with the load balancer, in the form of i-0123abcd or i-01234567890abcdef for a single instance, or i-0123abcd,i-12345abcd or i-01234567890abcdef,i-2345678901abcdefg for multiple instances. A load balancer can be associated with an autoscaling group by specifying the load balancer name in the ASGLoadBalancerNames property during creation or update of the autoscaling group. Changing this value during an update does not append to the existing instances associated with the load balancer. Include all required EC2 instances not part of an autoscaling group when modifying this value. To remove all EC2 instances not part of an autoscaling group during an update specify None.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}$|^i-[a-z0-9]{17}$|^[Nn]one$|^$" }, "minItems": 1, "uniqueItems": true }, "ELBCrossZone": { "description": "With cross-zone load balancing, your load balancer nodes route traffic to the back-end instances across all Availability Zones. True to enable, false to disable. The default is true.", "type": "boolean" }, "ELBCookieExpirationPeriod": { "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieExpirationPeriod2": { "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieStickinessPolicyName": { "description": "A name for the cookie stickiness policy. The name must be unique within the set of policies for this load balancer.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBCookieStickinessPolicyName2": { "description": "A name for the second cookie stickiness policy. The name must be unique within the set of policies for this load balancer.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBHealthCheckHealthyThreshold": { "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "type": "number", "minimum": 2, "maximum": 10 }, "ELBHealthCheckInterval": { "description": "The approximate interval, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300 }, "ELBHealthCheckTarget": { "description": "The protocol, port, and path of the instance to check. For example, HTTP:80/weather/us/wa/seattle. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535.", "type": "string", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][a-zA-Z0-9/_.-]*$|^(SSL|TCP):[0-9]{1,5}$" }, "ELBHealthCheckTimeout": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for ELBHealthCheckInterval.", "type": "number", "minimum": 2, "maximum": 60 }, "ELBHealthCheckUnhealthyThreshold": { "description": "The number of consecutive health check failures required to declare an EC2 instance unhealthy.", "type": "number", "minimum": 2, "maximum": 10 }, "ELBIdleTimeout": { "description": "The time, in seconds, that a connection to the load balancer can remain idle, which means no data is sent over the connection. After the specified time, the load balancer closes the connection.", "type": "number", "minimum": 1, "maximum": 3600 }, "ELBInstancePort": { "description": "The TCP port the listener uses to send traffic to the target instance. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstancePort2": { "description": "The TCP port the optional second listener uses to send traffic to the target instance. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstanceProtocol": { "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance). Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBInstanceProtocol2": { "description": "The protocol the second listener uses for routing traffic to back-end connections (load balancer to backend instance). Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerPort": { "description": "The port number for the load balancer to use when routing external incoming traffic. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerPort2": { "description": "The port number for the load balancer to use when routing external incoming traffic on the second listener. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerProtocol": { "description": "The transport protocol to use for routing front-end connections (client to load balancer). Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerProtocol2": { "description": "The transport protocol to use for routing front-end connections (client to load balancer) on the second listener. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBSSLCertificateId": { "description": "The Amazon Resource Name (ARN) of the SSL certificate to use, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. This must be specified if the HTTPS or SSL protocol is specified for ELBLoadBalancerProtocol. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" }, "ELBSSLCertificateId2": { "description": "The Amazon Resource Name (ARN) of the SSL certificate to use for the optional second listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. Required only if a second listener is used and ELBLoadBalancerProtocol2 is either HTTPS or SSL. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" } }, "metadata": { "ui:order": [ "ELBSubnetIds", "ELBBackendInstances", "ELBIdleTimeout", "ELBCrossZone", "ELBHealthCheckTarget", "ELBHealthCheckInterval", "ELBHealthCheckTimeout", "ELBHealthCheckHealthyThreshold", "ELBHealthCheckUnhealthyThreshold", "ELBCookieStickinessPolicyName", "ELBCookieExpirationPeriod", "ELBInstancePort", "ELBInstanceProtocol", "ELBLoadBalancerPort", "ELBLoadBalancerProtocol", "ELBSSLCertificateId", "ELBCookieExpirationPeriod2", "ELBCookieStickinessPolicyName2", "ELBInstancePort2", "ELBInstanceProtocol2", "ELBLoadBalancerPort2", "ELBLoadBalancerProtocol2", "ELBSSLCertificateId2" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "additionalProperties": false, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-0mss4i7neuj7f

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Security Policy", "description": "Update a security policy for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be UpdateSecurityPolicy.", "type": "string", "enum": [ "UpdateSecurityPolicy" ], "default": "UpdateSecurityPolicy" }, "Parameters": { "type": "object", "properties": { "SecurityPolicyName": { "description": "The name of the security policy. Must start with custom-sec-.", "type": "string", "pattern": "^custom-sec-[a-zA-Z0-9][a-zA-Z0-9-_]{0,51}$" }, "SourceAddressesToAdd": { "description": "A list of source addresses to add to the policy.", "type": "array", "items": { "type": "string", "pattern": "^([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)$" }, "minItems": 1, "maxItems": 50 }, "DestinationAddressesToAdd": { "description": "A list of destination addresses to add to the policy. Supply values for this parameter or for AllowListsToAdd, but not both.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)|((([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]))$" }, "minItems": 1, "maxItems": 50 }, "AllowListsToAdd": { "description": "A list of allowlists to add to the policy. Supply values for this parameter or for DestinationAddressesToAdd, but not both.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" }, "minItems": 1, "maxItems": 10 }, "ServicePortsToAdd": { "type": "object", "description": "A list of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) service ports to add.", "properties": { "TCPPortsToAdd": { "description": "A list of Transmission Control Protocol (TCP) service ports to add.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 }, "UDPPortsToAdd": { "description": "A list of User Datagram Protocol (UDP) service ports to add.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 } }, "metadata": { "ui:order": [ "TCPPortsToAdd", "UDPPortsToAdd" ] } }, "SourceAddressesToRemove": { "description": "A list of source addresses to remove from the policy.", "type": "array", "items": { "type": "string", "pattern": "^([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)$" }, "minItems": 1, "maxItems": 50 }, "DestinationAddressesToRemove": { "description": "A list of destination addresses to remove from the policy. Supply values for this parameter or for AllowListsToRemove, but not both.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)|((([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]))$" }, "minItems": 1, "maxItems": 50 }, "AllowListsToRemove": { "description": "A list of allowlists to remove from the policy. Supply values for this parameter or for DestinationAddressesToRemove, but not both.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" }, "minItems": 1, "maxItems": 10 }, "ServicePortsToRemove": { "type": "object", "description": "A list of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) service ports to remove.", "properties": { "TCPPortsToRemove": { "description": "A list of Transmission Control Protocol (TCP) service ports to remove.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 }, "UDPPortsToRemove": { "description": "A list of User Datagram Protocol (UDP) service ports to remove.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 } }, "metadata": { "ui:order": [ "TCPPortsToRemove", "UDPPortsToRemove" ] } }, "ActionType": { "description": "The type of action the security policy will perform on outbound traffic that matches the policy's rules.", "type": "string", "enum": [ "Allow", "Deny" ] }, "EnablePolicy": { "description": "True to enable the security policy, false to disable it.", "type": "boolean" } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityPolicyName", "SourceAddressesToAdd", "DestinationAddressesToAdd", "AllowListsToAdd", "ServicePortsToAdd", "SourceAddressesToRemove", "DestinationAddressesToRemove", "AllowListsToRemove", "ServicePortsToRemove", "ActionType", "EnablePolicy" ] }, "required": [ "SecurityPolicyName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RequestType", "Parameters" ] }, "required": [ "RequestType", "Parameters" ] }

Schema for Change Type ct-0o4zi9bzg74lp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Event Notification", "description": "Add an event notification to the specified S3 bucket through direct API calls. The S3 bucket can be standalone or belong to a CloudFormation stack. For buckets in CloudFormation stacks, be aware that stack drift might occur if the bucket was provisioned through CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddBucketEventNotification.", "type": "string", "enum": [ "AWSManagedServices-AddBucketEventNotification" ], "default": "AWSManagedServices-AddBucketEventNotification" }, "Region": { "description": "The AWS Region in which the source bucket is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BucketName": { "description": "The name of the bucket for which to add the notification configuration.", "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "EventName": { "description": "A unique identifier for the event notification configuration.", "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "Prefix": { "description": "The object key name prefix to which the filtering rule applies. If a value is specified, event notifications will be limited to objects with key starting with the specified characters.", "type": "string", "pattern": "^.{0,1024}$", "default": "" }, "Suffix": { "description": "The object key name suffix to which the filtering rule applies. If a value is specified, event notifications will be limited to objects with key ending with the specified characters.", "type": "string", "pattern": "^.{0,1024}$", "default": "" }, "EventTypes": { "description": "Specify the events for which you want to receive notifications. Enter '*' if you would like to enable notifications for all available event types or if selecting EventBridge as the destination. Refer to https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types for details on the values.", "type": "array", "items": { "enum": [ "s3:ObjectCreated:*", "s3:ObjectCreated:Put", "s3:ObjectCreated:Post", "s3:ObjectCreated:Copy", "s3:ObjectCreated:CompleteMultipartUpload", "s3:ObjectRemoved:*", "s3:ObjectRemoved:Delete", "s3:ObjectRemoved:DeleteMarkerCreated", "s3:ObjectRestore:*", "s3:ObjectRestore:Post", "s3:ObjectRestore:Completed", "s3:ObjectRestore:Delete", "s3:ReducedRedundancyLostObject", "s3:Replication:*", "s3:Replication:OperationFailedReplication", "s3:Replication:OperationMissedThreshold", "s3:Replication:OperationReplicatedAfterThreshold", "s3:Replication:OperationNotTracked", "s3:LifecycleExpiration:*", "s3:LifecycleExpiration:Delete", "s3:LifecycleExpiration:DeleteMarkerCreated", "s3:LifecycleTransition", "s3:IntelligentTiering", "s3:ObjectTagging:*", "s3:ObjectTagging:Put", "s3:ObjectTagging:Delete", "s3:ObjectAcl:Put", "*" ], "type": "string" }, "minItems": 1, "maxItems": 27 }, "DestinationARN": { "description": "The Amazon Resource Name (ARN) of the Amazon SQS queue, the Amazon SNS topic or the Lambda function to which Amazon S3 publishes a message when it detects events of the specified type. Input 'eventbridge' for using EventBridge as destination.", "type": "string", "pattern": "(^arn:(aws|aws-cn|aws-us-gov):(lambda|sns|sqs):\\w{2}-[a-z]+-\\d{1}:\\d{12}:((function:[a-zA-Z0-9-_]{1,64})|([a-zA-Z0-9-_.]{1,256}))|eventbridge)$" } }, "metadata": { "ui:order": [ "BucketName", "EventName", "EventTypes", "DestinationARN", "Prefix", "Suffix" ] }, "additionalProperties": false, "required": [ "BucketName", "EventName", "EventTypes", "DestinationARN" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0pgvtw5rpcsb6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS From Backup", "description": "Create an Amazon Relational Database Service (RDS) from a backup. When you restore a backup this way, the service-specific restore parameters are presented automatically.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC where the backup is stored, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-siqajx00000000000.", "type": "string", "enum": [ "stm-siqajx00000000000" ] }, "Name": { "description": "A name for the stack; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DBInstanceClass": { "description": "The compute and memory capacity for the DB instance. To inherit this value from the backup, use inherit.", "type": "string", "enum": [ "inherit", "db.m1.small", "db.m1.medium", "db.m1.large", "db.m1.xlarge", "db.m2.xlarge", "db.m2.2xlarge", "db.m2.4xlarge", "db.m3.medium", "db.m3.large", "db.m3.xlarge", "db.m3.2xlarge", "db.m4.large", "db.m4.xlarge", "db.m4.2xlarge", "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.t1.micro", "db.t2.micro", "db.t2.small", "db.t2.medium", "db.t2.large", "db.t2.xlarge", "db.t2.2xlarge" ], "default": "inherit" }, "DBInstanceIdentifier": { "description": "A name for the DB instance. If you specify a name, it is converted to lowercase. If you don't specify a name, a unique physical ID is generated and used for the DBInstanceIdentifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "default": "" }, "DBSnapshotIdentifier": { "description": "The name of the RDS DB backup to use, in the form awsbackup:job-00000000-0000-0000-0000-000000000000.", "type": "string" }, "DBSubnetIds": { "description": "Two or more subnet IDs for the DB instance, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "maxItems": 20, "uniqueItems": true } }, "metadata": { "ui:order": [ "DBInstanceClass", "DBInstanceIdentifier", "DBSnapshotIdentifier", "DBSubnetIds" ] }, "additionalProperties": false, "required": [ "DBSnapshotIdentifier", "DBSubnetIds" ] } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "Parameters" ] }

Schema for Change Type ct-0q0bic0ywqk6c

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete stack", "description": "Delete an existing stack and its resources from your account. The effects of deleting a resource vary. For details, see the appropriate AWS documentation for the resource. Note that termination protection on a resource in the stack causes the RFC to fail. To check for a resource's termination protection status, see the corresponding AWS console.", "type": "object", "properties": { "StackId": { "description": "The ID of the stack instance to delete, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of deleting the stack. This does not prolong the execution. If the delete is not completed in the specified time, the RFC is failed and you are notified that the delete is over time but continuing. The delete operation continues because delete operations cannot be rolled back. Set this timeout so you get notice of delete stack problems in a timely manner. Defaults to 60 if not provided.", "type": "number", "minimum": 0, "maximum": 720 } }, "additionalProperties": false, "required": [ "StackId" ] }

Schema for Change Type ct-0q43l40hxrzum

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Redshift cluster subnet group", "description": "Use to create a Redshift cluster subnet group.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-5rsvv3l4760usboci", "type": "string", "enum": [ "stm-5rsvv3l4760usboci" ], "default": "stm-5rsvv3l4760usboci" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "SubnetGroupDescription": { "type": "string", "description": "A description to help identify your cluster subnet group.", "minLength": 1, "maxLength": 255 }, "SubnetIds": { "type": "array", "minItems": 2, "uniqueItems": true, "description": "Two or more subnet IDs for the cluster subnet group, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" } } }, "metadata": { "ui:order": [ "SubnetGroupDescription", "SubnetIds" ] }, "required": [ "SubnetGroupDescription", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-0qbikxr9okwvy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create VPN Gateway", "description": "Create a virtual private network (VPN) gateway (the endpoint on the VPC side of your VPN connection), and associate it to an existing virtual private cloud (VPC) in your account.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-mcti3bha1vhon1sie", "type": "string", "enum": [ "stm-mcti3bha1vhon1sie" ], "default": "stm-mcti3bha1vhon1sie" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "VpcId": { "type": "string", "description": "The VPC ID to associate the VPN Gateway to.", "pattern": "^vpc-[0-9a-z]{17}|vpc-[0-9a-z]{8}$" }, "AmazonSideAsn": { "type": "integer", "description": "The private Autonomous System Number (ASN) for the Amazon side of a Border Gateway Protocol (BGP) session.", "default": 64512 }, "Name": { "type": "string", "description": "The tag Key name of the new VPN Gateway.", "pattern": "^[a-zA-Z0-9._-]+$", "minLength": 1, "maxLength": 255 } }, "metadata": { "ui:order": [ "VpcId", "AmazonSideAsn", "Name" ] }, "required": [ "VpcId" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0rmgrnr9w8mzh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove TGW Static Route", "description": "Remove the specified TGW static route from the specified transit gateway (TGW) route table. Use this multi-account landing zone (MALZ) change type only in a Networking account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveRouteFromTGWRouteTable.", "type": "string", "enum": [ "AWSManagedServices-RemoveRouteFromTGWRouteTable" ], "default": "AWSManagedServices-RemoveRouteFromTGWRouteTable" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "TransitGatewayRouteTableId": { "description": "The ID of the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1 }, "DestinationCidrBlock": { "description": "The IPV4 CIDR range used for destination matches.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2])){0,1}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayRouteTableId", "DestinationCidrBlock" ] }, "additionalProperties": false, "required": [ "TransitGatewayRouteTableId", "DestinationCidrBlock" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0tmpmp1wpgkr9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Detailed Monitoring", "description": "Update EC2 instances' detailed monitoring setting through direct API calls. The EC2 instances can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-38s4s4tm4ic4u instead, or ct-361tlo1k7339x if the EC2 instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateInstanceEnhancedMonitoring.", "type": "string", "enum": [ "AWSManagedServices-UpdateInstanceEnhancedMonitoring" ], "default": "AWSManagedServices-UpdateInstanceEnhancedMonitoring" }, "Region": { "description": "The AWS Region in which the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceIds": { "description": "A list of up to 50 EC2 instance IDs, in the form i-1234567890abcdef0 or i-b188560f.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "MonitoringValue": { "description": "Enabled to turn on detailed monitoring for your instances. Disabled to turn off detailed monitoring for your instances and set it to basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring. Detailed monitoring does incur charges. For more information, see AWS CloudWatch documentation.", "type": "array", "items": { "type": "string", "enum": [ "enabled", "disabled" ] } } }, "metadata": { "ui:order": [ "InstanceIds", "MonitoringValue" ] }, "additionalProperties": false, "required": [ "InstanceIds", "MonitoringValue" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0tpbr6lfa3zng

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove ALB Listener Certificate", "description": "Remove a certificate from the specified Application Load Balancer (ALB) listener. Use the RemediateStackDrift parameter for the automation to try to remediate drift, if it is introduced.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveCertificateFromElbv2Listener.", "type": "string", "enum": [ "AWSManagedServices-RemoveCertificateFromElbv2Listener" ], "default": "AWSManagedServices-RemoveCertificateFromElbv2Listener" }, "Region": { "description": "The AWS Region where the application load balancer listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ListenerArn": { "description": "The Amazon Resource Name (ARN) of the listener in the form arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/sample/1234567890abcdfe/1234567890abcdfe.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):elasticloadbalancing:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:listener/[a-z]{3}/[A-Za-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "CertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by removing the certificate from the Loadbalancer Listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to removing the certificate from the Loadbalancer Listener. Set to False to remove the certificate from the Loadbalancer Listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ListenerArn", "CertificateArn", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "CertificateArn", "ListenerArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ttx8eh3ice91

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete policy", "description": "Use to delete an S3 bucket policy.", "type": "object", "properties": { "BucketName": { "description": "S3 Bucket to delete the bucket policy from.", "type": "string", "pattern": "^[A-Za-z0-9][A-Za-z0-9\\-]{1,61}[A-Za-z0-9]$", "maxLength": 63 }, "Operation": { "description": "Must be Delete policy.", "type": "string", "default": "Delete policy", "enum": [ "Delete policy" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "Operation", "Priority" ] }, "required": [ "BucketName", "Operation" ] }

Schema for Change Type ct-0vdiy51oyrhhm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Offboard Application Account", "description": "Offboard the specified application account. Run this from the management account for the application account that you want offboarded. You must first confirm the offboarding request by submitting the Confirm offboarding CT (ct-2wlfo2jxj2rkj) from the application account. If you are offboarding a customer-managed account, then ct-2wlfo2jxj2rkj is not needed. After you successfully submit both CTs, AMS can't undo the offboarding, repurpose the account, or help you to remediate issues in the account.", "type": "object", "properties": { "RequestType": { "description": "Must be OffboardingExecution.", "type": "string", "enum": [ "OffboardingExecution" ], "default": "OffboardingExecution" }, "Parameters": { "type": "object", "properties": { "AccountId": { "description": "The unique identifier (ID) of the application account to offboard.", "type": "string", "pattern": "^[0-9]{12}$" }, "AccountEmail": { "description": "The email associated with the application account to offboard.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "Confirmation": { "description": "To offboard the provided application account, confirm the operation by specifying 'confirm' in the text input field.", "type": "string", "pattern": "confirm" }, "DeleteTransitGatewayAttachment": { "description": "Specify true to delete the attachment to the default Transit Gateway within core networking account. Set to false to retain the connectivity using Transit Gateway.", "type": "boolean" } }, "additionalProperties": false, "metadata": { "ui:order": [ "AccountId", "AccountEmail", "Confirmation", "DeleteTransitGatewayAttachment" ] }, "required": [ "AccountId", "AccountEmail", "Confirmation", "DeleteTransitGatewayAttachment" ] } }, "metadata": { "ui:order": [ "Parameters", "RequestType" ] }, "additionalProperties": false, "required": [ "Parameters", "RequestType" ] }

Schema for Change Type ct-0vevjppj9eta4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Encrypt EBS By Default", "description": "Set Amazon Elastic Block Store (EBS) to enforce the encryption. After you enable encryption by default, the EBS volumes that you create and snapshot copies are always encrypted, either using the KMS key configured as default for EBS encryption or the key that you specified when you created each volume.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EncryptEBSByDefault.", "type": "string", "enum": [ "AWSManagedServices-EncryptEBSByDefault" ], "default": "AWSManagedServices-EncryptEBSByDefault" }, "Region": { "description": "The AWS Region to enable EBS encryption by default in, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" } }, "metadata": { "ui:order": [ "DocumentName", "Region" ] }, "required": [ "DocumentName", "Region" ], "additionalProperties": false }

Schema for Change Type ct-0vzsr2nyraedl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Public DNS Record", "description": "Create a new Route 53 DNS resource record set and a new public hosted zone for a VPC, and configure traffic routing.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DomainName": { "description": "A domain name for the hosted zone. The name can contain only lowercase letters, numbers, hyphens (-), and a dot (.). For example, mycorp.com", "type": "string", "minLength": 2, "pattern": "^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,255}$" }, "DomainType": { "description": "Must be 'public'", "type": "string", "enum": [ "public" ], "default": "public" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "DomainName", "DomainType", "RecordSet" ] }, "required": [ "DomainName", "DomainType", "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0wglhholzo0uw

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Network Load Balancer", "description": "Update the properties of an existing Network Load Balancer.", "type": "object", "properties": { "VpcId": { "description": "The ID of the VPC where the Network Load Balancer is, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Network Load Balancer that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10" }, "HealthCheckIntervalSeconds": { "type": "string", "description": "The approximate interval, in seconds, between health checks.", "enum": [ "10", "30" ] }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests. This is only applicable if HealthCheckTargetProtocol = HTTP or HTTPS." }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "([0-9]{1,5})?" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS", "TCP" ] }, "CrossZoneEnabled": { "type": "string", "description": "True if cross-zone load balancing is enabled. False if it is not.", "enum": [ "true", "false" ] }, "SubnetIds": { "type": "array", "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef. Please note that if you update SubnetIds, the new value must contain all of the required SubnetIds for the NLB, the new ones and the ones used before.", "items": { "type": "string" } }, "ProxyProtocolV2": { "type": "string", "description": "True if proxy protocol version 2 is enabled. False if it is not.", "enum": [ "true", "false" ] }, "DeregistrationDelayTimeoutSeconds": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})" }, "Target1ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target1ID is outside the VPC. Leave blank if TargetType = instance." }, "Target2ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target2ID is outside the VPC. Leave blank if TargetType = instance." }, "Target3ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target3ID is outside the VPC. Leave blank if TargetType = instance." }, "Target4ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target4ID is outside the VPC. Leave blank if TargetType = instance." } }, "metadata": { "ui:order": [ "ProxyProtocolV2", "DeregistrationDelayTimeoutSeconds", "CrossZoneEnabled", "SubnetIds", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckIntervalSeconds", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0wspy4o646g9p

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add DSM Read-Only Login", "description": "Request a read-only login to the Trend Micro console for your account. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateEPSDSMReadOnlyUser.", "type": "string", "enum": [ "AWSManagedServices-CreateEPSDSMReadOnlyUser" ], "default": "AWSManagedServices-CreateEPSDSMReadOnlyUser" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "Parameters": { "type": "object", "properties": { "Username": { "description": "The username for the EPS user. The name can be up to 50 characters in length.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,50}$" }, "minItems": 1, "maxItems": 1 }, "FullName": { "description": "The full name for the EPS user. The name can be up to 50 characters in length.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,50}$" }, "minItems": 0, "maxItems": 1 }, "Description": { "description": "The description for the EPS user. The description can be up to 150 characters in length.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,150}$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "Username", "FullName", "Description" ] }, "additionalProperties": false, "required": [ "Username" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0x6dylrnfjgz5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Active Directory Trust", "description": "Create a one-way trust between On-Prem Domain and (AWS) Managed Active Directory. For multi-account landing zone (MALZ), use this change type in the shared services account. Before creating the trust, you need to make sure that the following prerequisites are met: 1. You must create the AD trust first on the On-Prem Domain and save the trust password in the Secrets Manager. 2. You must set up a Managed Active Directory (MAD) Security Group with an outbound rule that allows all traffic to On-Prem CIDR ranges.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateADTrust.", "type": "string", "enum": [ "AWSManagedServices-CreateADTrust" ], "default": "AWSManagedServices-CreateADTrust" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "DirectoryId": { "description": "The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.", "type": "string", "pattern": "^d-[0-9a-f]{10}$" }, "RemoteDomainName": { "description": "The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.", "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "SecretArn": { "description": "ARN of the secret where the AD trust password is stored. The secret must be stored as a string value not as a key/value pair. The secret name must be prefixed with customer-shared/; for example, customer-shared/trustpassword.", "type": "string", "pattern": "arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z]{2}-[a-z]+-[0-9]{1}:\\d{12}:secret:([cC][uU][sS][tT][oO][mM][eE][rR]-[sS][hH][aA][rR][eE][dD])[\\w/_+=.@-]{1,512}" }, "TrustType": { "description": "The trust relationship type.", "type": "string", "enum": [ "Forest", "External" ] }, "ConditionalForwarderIpAddresses": { "description": "A comma-delimited list of one or more IP addresses of the remote DNS server associated with RemoteDomainName.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(,(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))*$" } }, "metadata": { "ui:order": [ "DirectoryId", "RemoteDomainName", "SecretArn", "TrustType", "ConditionalForwarderIpAddresses" ] }, "additionalProperties": false, "required": [ "DirectoryId", "RemoteDomainName", "SecretArn", "TrustType", "ConditionalForwarderIpAddresses" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0xdawir96cy7k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update other", "description": "Use to request a manual update to a resource.", "type": "object", "properties": { "Comment": { "description": "The description of the change.", "type": "string", "maxLength": 5000 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "RelatedIds": { "description": "(Optional) IDs of resources related to the change request.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 1000, "uniqueItems": true } }, "additionalProperties": false, "required": [ "Comment" ], "metadata": { "ui:order": [ "Comment", "RelatedIds", "Priority" ] } }

Schema for Change Type ct-0xi6q7uwuwrqe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Cache (ElastiCache Memcached) stack", "description": "Use to create an Amazon ElastiCache cluster (one or more cache nodes) that uses the Memcached engine, and specify CloudWatch metrics and alarms for the cluster.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sfpo2o00000000000.", "type": "string", "enum": [ "stm-sfpo2o00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ElastiCacheAutoMinorVersionUpgrade": { "description": "True for minor engine upgrades to be applied automatically to the cache cluster during the specified ElastiCachePreferredMaintenanceWindow, false for the upgrades to not be applied automatically. Default is true.", "type": "boolean", "default": true }, "ElastiCacheAvailabilityZones": { "description": "One or more Availability Zones where cache nodes will be created.", "type": "array", "items": { "type": "string" }, "minItems": 1 }, "ElastiCacheClusterName": { "description": "A name for the cache cluster.", "type": "string", "minLength": 1, "maxLength": 20, "pattern": "^[a-zA-Z][a-zA-Z0-9-]{0,18}[a-zA-Z0-9]$|^[a-zA-Z]$" }, "ElastiCacheCPUThresholdAlarmOverride": { "description": "The optional value for the CPUUtilization metric maximum threshold to use instead of the default value for the instance type.", "type": "number", "default": 0, "minimum": 0, "maximum": 100 }, "ElastiCacheEngine": { "description": "Must be memcached.", "type": "string", "enum": [ "memcached" ] }, "ElastiCacheEngineVersion": { "description": "The version of the Memcached engine to be used for this cluster.", "type": "string" }, "ElastiCacheInstanceType": { "description": "The compute and memory capacity of nodes in the cache cluster.", "type": "string", "default": "cache.t3.micro" }, "ElastiCacheMultiAZ": { "description": "True for the nodes to be created in a single Availability Zone, false for them to be created across multiple Availability Zones in the cluster's region. Default is false.", "type": "boolean", "default": false }, "ElastiCacheNumberOfNodes": { "description": "The number of cache nodes that the Memcached cluster should have.", "type": "number", "default": 1, "minimum": 1, "maximum": 20 }, "ElastiCachePort": { "description": "The port number on which each of the cache nodes will accept connections.", "type": "number", "minimum": 0, "maximum": 65535, "default": 11211 }, "ElastiCachePreferredMaintenanceWindow": { "description": "The weekly time range (in UTC) during which system maintenance can occur. For example, you can specify: sun:02:00-sun:04:00.", "type": "string", "pattern": "^(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]-(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]$" }, "ElastiCacheSubnetGroup": { "description": "The name of the subnet group to associate with the cluster.", "type": "string", "minLength": 1, "maxLength": 255, "pattern": "^[a-z0-9-]{1,255}$" }, "ElastiCacheSubnetIds": { "description": "One or more subnet IDs for the cache cluster, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1 }, "SecurityGroups": { "description": "One or more VPC security groups to associate with the cluster, in the form sg-0123abcd or sg-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1 } }, "additionalProperties": false, "required": [ "ElastiCacheAvailabilityZones", "ElastiCacheClusterName", "ElastiCacheEngine", "ElastiCacheSubnetIds" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "Parameters", "TimeoutInMinutes" ] }

Schema for Change Type ct-0xqwmtn1hfh8u

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Resource Tags", "description": "Update tags on existing, tagged resources: Autoscaling, EC2, Elastic Load Balancing, RDS, S3 buckets and Redshift clusters. Additionally, CloudWatch LogGroups that do not belong to a CloudFormation stack are supported. AMS infrastructure stacks (stacks named mc-*) cannot have tags updated with this change type.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateTags.", "type": "string", "enum": [ "AWSManagedServices-UpdateTags" ], "default": "AWSManagedServices-UpdateTags" }, "Region": { "description": "The AWS Region where the tagged resources are, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "ResourceArns": { "description": "A list of up to 50 Amazon resource names (ARNs), or the resource IDs, of the resources with tags to be updated. Use resource ID only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. Use the full ARN for all other supported resource types.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:(autoscaling|ec2|elasticloadbalancing|logs|rds|s3|redshift):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):.*)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource, in the form {\"Key\":\"TagKey1\",\"Value\":\"TagValue1\"}. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "string", "pattern": "^\\{\\}$|^\\{\"Key\":\"((aws-migration-project-id)|(?![aA][mMwW][sS])[\\x00-\\x7F+]{1,128})\",\"Value\":\"[\\x00-\\x7F+]{0,255}\"\\}" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RemoveTags": { "description": "Up to fifty tag Keys to remove from the specified resource.", "type": "array", "items": { "type": "string", "pattern": "^((aws-migration-project-id)|(?![aA][mMwW][sS])[\\x00-\\x7F+]{1,128})$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "ResourceArns", "AddOrUpdateTags", "RemoveTags" ] }, "required": [ "ResourceArns" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "DocumentName", "Parameters" ] }

Schema for Change Type ct-0ywnhc8e5k9z5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Deploy AMS Resource Scheduler", "description": "Deploy the AMS Resource Scheduler solution in the account. The AMS Resource Scheduler lets you schedule automatic start and/or stop for Auto Scaling groups, EC2s, and RDS instances. Note that the Resource Scheduler deploys in an enabled state, by default; you can manage that with the AMS Resource Scheduler Disable and Enable change types.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAMSResourceSchedulerStack-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" ], "default": "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" }, "Region": { "description": "The AWS Region of the account for the AMS Resource Scheduler solution to be deployed, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SchedulingActive": { "description": "Yes to enable the Resource Scheduler. No to disable it. The default is Yes. Use Resource Scheduler enable (ct-2wrvu4kca9xky) and disable (ct-14v49adibs4db) change types to manage state.", "type": "array", "items": { "type": "string", "enum": [ "Yes", "No" ] }, "minItems": 1, "maxItems": 1 }, "ScheduledServices": { "description": "Comma-separated list of scheduled services. Use a combination of AutoScaling, EC2, and RDS.", "type": "array", "items": { "type": "string", "pattern": "^$|(^(ec2|rds|autoscaling)(,(ec2|rds|autoscaling)){0,2}$)" }, "minItems": 1, "maxItems": 1 }, "TagName": { "description": "The name of the tag key to use to associate the instance schedule schemas with service resources. Default is Schedule.", "type": "array", "items": { "type": "string", "pattern": "^$|^(?!(aws:|ams:))[a-zA-Z0-9+-=._:/@]{1,127}$" }, "minItems": 1, "maxItems": 1 }, "UseCMK": { "description": "Comma-separated list of Customer Managed Key (CMK) Amazon Resource Names (ARNs) in format arn:<partition>:kms:<region>:<account-id>:key/<key-id> to grant Resource Scheduler permission to. These are CMK that are used to encrypt EBS volumes on EC2 instances.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:(aws|aws-cn|aws-us-gov):kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:key/[a-z0-9\\-]+)$" }, "minItems": 1, "maxItems": 20 }, "UseLicenseManager": { "description": "Comma-separated list of AWS License Manager license ARNs to grant Resource Scheduler permission to. These are software or vendor licenses that EC2 instances are configured with.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:(aws|aws-cn|aws-us-gov):license-manager:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:license-configuration(/|:)lic-.*)$" }, "minItems": 1, "maxItems": 20 }, "DefaultTimezone": { "description": "The name of the timezone, in the form US/Pacific, to be used as the default timezone. The default is UTC.", "type": "array", "items": { "type": "string", "enum": [ "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Velho", "America/Puerto_Rico", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/Syowa", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Colombo", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Thimphu", "Asia/Tokyo", "Asia/Ulaanbaatar", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faroe", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/Perth", "Australia/Sydney", "Canada/Atlantic", "Canada/Central", "Canada/Eastern", "Canada/Mountain", "Canada/Newfoundland", "Canada/Pacific", "Europe/Amsterdam", "Europe/Andorra", "Europe/Athens", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "GMT", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Wake", "Pacific/Wallis", "US/Alaska", "US/Arizona", "US/Central", "US/Eastern", "US/Hawaii", "US/Mountain", "US/Pacific", "UTC" ] }, "minItems": 1, "maxItems": 1 }, "Action": { "description": "Must be Deploy.", "type": "array", "items": { "type": "string", "enum": [ "Deploy" ], "default": "Deploy" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SchedulingActive", "ScheduledServices", "TagName", "DefaultTimezone", "UseCMK", "UseLicenseManager", "Action" ] }, "required": [ "Action" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0zko7t3rk2efb

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Resource Tags (Review Required)", "description": "Add tags to, update tags on, or remove tags from, existing, supported, resources except those in AMS infrastructure stacks (stacks named mc-*). Tags simplify categorization, identification and targeting AWS resources. Use BulkUpdate if you have >50 tags to manage. For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use automated CT ct-0xqwmtn1hfh8u.", "type": "object", "properties": { "Resources": { "description": "Parameters for up to fifty resources for tag management.", "type": "array", "items": { "type": "object", "properties": { "ResourceArn": { "description": "The ARN or the resource ID of the resource to be tagged. Resource ID is allowed only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. All other resource types must be provided with the full ARN.", "type": "string", "pattern": "^arn:aws:(|[a-z][a-z0-9-]+):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):([^,\\s]+)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to add to, or update for, the specified resources. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RemoveTags": { "description": "Up to fifty tag Keys to remove from the specified resource.", "type": "array", "items": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "ResourceArn", "AddOrUpdateTags", "RemoveTags" ] }, "required": [ "ResourceArn" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Resources", "Priority" ] }, "required": [ "Resources" ] }

Schema for Change Type ct-1078jhyxq32dp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove Service Principal Name", "description": "Remove the Service Principal Name (SPN) associated with a specified hostname or host alias in Microsoft Active Directory. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-RemoveADComputerSPN-Admin", "type": "string", "enum": [ "AWSManagedServices-RemoveADComputerSPN-Admin" ], "default": "AWSManagedServices-RemoveADComputerSPN-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Hostname": { "description": "The hostname of the computer tagged with the SPN.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "ServiceType": { "description": "The type of service, such as MSSQLSvc, HTTP, TERMSRV, HOST, WSMAN, RestrictedKrbHost.", "type": "array", "items": { "type": "string", "enum": [ "MSSQLSvc", "HTTP", "TERMSRV", "HOST", "WSMAN", "RestrictedKrbHost" ], "default": "HOST" }, "minItems": 1, "maxItems": 1 }, "AliasName": { "description": "The alias associated with the host.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" } }, "GroupManagedServiceAccountName": { "description": "The group Managed Service Account (gMSA) name used to run the specified ServiceType.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" } }, "Port": { "description": "The port the service utilizes; for example, 1433.", "type": "array", "items": { "type": "string", "pattern": "^\\$?()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$" } } }, "metadata": { "ui:order": [ "Hostname", "ServiceType", "AliasName", "GroupManagedServiceAccountName", "Port" ] }, "additionalProperties": false, "required": [ "Hostname", "ServiceType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-111fhplhx9axe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Revoke Egress Rule", "description": "Revoke the egress rule for the specified security group (SG). You must specify the configurations of the egress rule that you are revoking. Note that, once revoked, the egress rule is permanently deleted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RevokeSecurityGroupEgressRule", "type": "string", "enum": [ "AWSManagedServices-RevokeSecurityGroupEgressRule" ], "default": "AWSManagedServices-RevokeSecurityGroupEgressRule" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the egress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Destination": { "description": "An IP address, in the form 255.255.255.255, or an IP address range in CIDR notation, in the form 255.255.255.255/32, or the ID of another security group in the same region; or self to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$|^self$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-111r1yayblnw4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Load Balancer", "description": "Create an AWS Application Load Balancer (ALB), with additional listeners.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The ID of the VPC where you want the ALB, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-sd7uv500000000000", "type": "string", "enum": [ "stm-sd7uv500000000000" ], "default": "stm-sd7uv500000000000" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 360 }, "LoadBalancer": { "type": "object", "properties": { "Name": { "type": "string", "description": "A friendly name for the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with \"internal-\". If you don't specify a name a unique physical ID is generated for the load balancer.", "pattern": "^(?!internal-)(?!-)([0-9a-zA-Z\\-]{0,32})[^\\-]$|^$" }, "SecurityGroups": { "description": "A list of security groups to associate with the load balancer.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "uniqueItems": true }, "SubnetIds": { "description": "A list of subnet IDs that the Elastic Load Balancing creates load balancer nodes in. You must specify subnets from at least two Availability Zones. For an internet-facing load balancer provide a public subnet ID, for an internal load balancer we recommend private subnet IDs.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "uniqueItems": true }, "Public": { "type": "string", "description": "True if the load balancer endpoint is public, false if it is private.", "enum": [ "true", "false" ], "default": "false" }, "DeletionProtection": { "type": "string", "description": "True to enable deletion protection, false to not. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "IdleTimeout": { "type": "string", "description": "How long the load balancer front-end connection (client to load balancer) can be idle (not receiving data) before the connection is automatically closed.", "pattern": "^([1-9][0-9]{0,2}|[1-3][0-9]{3}|4000)$", "default": "60" } }, "metadata": { "ui:order": [ "Name", "Public", "SecurityGroups", "SubnetIds", "IdleTimeout", "DeletionProtection" ] }, "required": [ "SecurityGroups", "SubnetIds" ], "additionalProperties": false }, "Listener1": { "type": "object", "properties": { "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. For details on default AWS security policies, see AWS documentation for ALBs.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] } }, "metadata": { "ui:order": [ "Port", "Protocol", "SSLCertificateArn", "SSLPolicy" ] }, "required": [ "Port", "Protocol" ], "additionalProperties": false }, "Listener2": { "type": "object", "properties": { "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "pattern": "^$|^(HTTP|HTTPS)$" }, "SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. See AWS documentation for ALBs for details on default AWS security policies.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] } }, "metadata": { "ui:order": [ "Port", "Protocol", "SSLCertificateArn", "SSLPolicy" ] }, "additionalProperties": false }, "TargetGroup": { "type": "object", "properties": { "Name": { "type": "string", "description": "An optional friendly name for the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with \"internal-\". If you don't specify a name a unique physical ID is generated for the target group.", "pattern": "^(?!internal-)(?!-)([0-9a-zA-Z\\-]{0,32})[^\\-]$|^$", "default": "" }, "HealthCheckInterval": { "type": "string", "description": "The approximate amount of time, in seconds, between health checks of an individual target. The range is 5 to 300 seconds.", "pattern": "^([5-9]|[1-8][0-9]|9[0-9]|[12][0-9]{2}|300)$", "default": "10" }, "HealthCheckPath": { "type": "string", "description": "The ping path destination where Elastic Load Balancing sends health check requests.", "default": "/", "pattern": "^(/?[a-z0-9\\-._~%!$&'()*+,;=@]+(/[a-z0-9\\-._~%!$&'()*+,;=:@]+)*/?|/){1,1024}$" }, "HealthCheckPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which is the port on which each target receives traffic from the load balancer.", "pattern": "^$|^([0-9]{1,5})$" }, "HealthCheckProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "^(60|[1-5]{1}[0-9]{1}|[2-9]{1})$" }, "HealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the Healthy state.", "pattern": "^([2-9]{1}|10)$", "default": "2" }, "UnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the Unhealthy state.", "pattern": "^([2-9]{1}|10)$", "default": "10" }, "ValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^(([2-4]{1}[0-9]{2}($|-|,))+)$", "default": "200" }, "TargetPort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "TargetProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. Valid value ranges from 0 to 3600. The default value is 300 seconds.", "pattern": "^(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})$", "default": "300" }, "SlowStartDuration": { "type": "string", "description": "The time period, in the range 30-900 seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic", "pattern": "^([3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0)$|^$" }, "CookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "^([1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800)$|^$" }, "TargetType": { "type": "string", "description": "The type of target that you must specify when registering targets with this target group.", "enum": [ "instance", "ip" ], "default": "instance" } }, "metadata": { "ui:order": [ "Name", "TargetType", "TargetPort", "TargetProtocol", "HealthCheckInterval", "HealthCheckPath", "HealthCheckPort", "HealthCheckProtocol", "HealthCheckTimeout", "HealthyThreshold", "UnhealthyThreshold", "ValidHTTPCode", "DeregistrationDelayTimeout", "SlowStartDuration", "CookieExpirationPeriod" ] }, "additionalProperties": false }, "HealthyHostsAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 5.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "5" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the HealthyHostCount metric. Valid values are any multiple of 60 (including 60). The default value is 60 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "60" }, "Threshold": { "type": "string", "description": "The minimum number of healthy instances associated to the load balancer within an evaluation period for the alarm to trigger. 0 means at least 1 healthy instance required for not alarming.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false }, "HTTPCodeELB5XXCountAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 3.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "3" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the HTTPCode_ELB_5XX_Count metric. Valid values are any multiple of 60 (including 60). The default value is 300 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "300" }, "Threshold": { "type": "string", "description": "The number of HTTP 5XX server error codes that originate from the load balancer that must be exceedeed within an evaluation period for the alarm to trigger.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false }, "TargetConnectionErrorsAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 3.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "3" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the TargetConnectionErrorCount metric. Valid values are any multiple of 60 (including 60). The default value is 300 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "300" }, "Threshold": { "type": "string", "description": "The number of unsuccessful connections between the load balancer and the Target Group that must be exceedeed within an evaluation period for the alarm to trigger.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false }, "RejectedConnectionCountAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 5.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "5" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the RejectedConnectionCount metric. Valid values are any multiple of 60 (including 60). The default value is 60 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "60" }, "Threshold": { "type": "string", "description": "The number of rejected connections (due to reaching service limits) that originate from the load balancer that must be exceedeed within an evaluation period for the alarm to trigger.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Tags", "LoadBalancer", "Listener1", "Listener2", "TargetGroup", "HealthyHostsAlarm", "HTTPCodeELB5XXCountAlarm", "TargetConnectionErrorsAlarm", "RejectedConnectionCountAlarm" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "LoadBalancer", "Listener1" ], "additionalProperties": false }

Schema for Change Type ct-117rmp64d5mvb

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 Instance Profile", "description": "Create an IAM instance profile to use with EC2 instances. Each ARN specified in the parameters creates a part of the IAM policy. Use the Preview option to see what the completed, generated, policy looks like before it is created and implemented.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateIAMRole-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleCreateIAMRole-Admin" ], "default": "AWSManagedServices-HandleCreateIAMRole-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ServicePrincipal": { "description": "Must be ec2.amazonaws.com. This establishes the trust relationship with the EC2 service for this role.", "type": "string", "enum": [ "ec2.amazonaws.com" ], "default": "ec2.amazonaws.com" }, "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "(?![aA][mMwW][sS]|customer-mc|managementhost|ms-)[a-zA-Z0-9_+=,.@-]{1,64}$" }, "RolePath": { "description": "A path for the IAM role, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$" }, "Preview": { "description": "Yes to preview the IAM role policy created with the specified parameter values, without creating the role; No to not preview it but to create and implement the role. The preview is provided as a JSON in the execution output. In order to implement the policy after preview, create a copy of the RFC and set the Preview parameter to No, then submit.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "S3ReadAccess": { "description": "A list of Amazon resource names (ARNs) of S3 buckets. Scopes down the policy for S3 read access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|(^$)" }, "maxItems": 50 }, "S3WriteAccess": { "description": "A list of S3 bucket ARNs. Scopes down the policy for S3 write access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|^[*]$|(^$)" }, "maxItems": 50 }, "KMSReadAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for KMS read access to the given KMS keys only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.+)$|^$" }, "maxItems": 50 }, "KMSCryptographicOperationAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for cryptographic operation access to the given ARNs only.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "maxItems": 50 }, "SSMReadAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM read access to the given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "SSMWriteAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM write access to given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "CloudWatchLogsReadAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for read access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "CloudWatchLogsWriteAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for write access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmReadAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for read access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmWriteAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for write access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchMetricsReadAccess": { "description": "For read access to metrics, use an asterisk ( * ). Scopes down the policy for read access to all CloudWatch metrics.", "type": "array", "items": { "type": "string", "pattern": "^[*]$|^$" }, "maxItems": 50 }, "CloudWatchMetricsWriteAccess": { "description": "A list of CloudWatch metric namespaces. Scopes down the policy for write access to given CoudWatch metric namespaces only.", "type": "array", "items": { "type": "string", "pattern": "(.*?)|^$" }, "maxItems": 50 }, "SecretsManagerReadAccess": { "description": "A list of Secrets Manager secret ARNs. Scopes down the policy for read access to given secrets only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:.+)$|^$" }, "maxItems": 50 }, "SNSReadAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SNSWriteAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "SQSReadAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SQSWriteAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "DynamoDBResourceReadAccess": { "description": "A list of DynamoDB resource ARNs. Scopes down the policy for DynamoDB read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "DynamoDBDataReadWriteAccess": { "description": "A list of DynamoDB table ARNs. Scopes down the policy for DynamoDB data read and write access to given tables only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:table/.+)$|^$" }, "maxItems": 50 }, "STSAssumeRole": { "description": "A list of IAM role ARNs. Scopes down the policy for STS assume role to given IAM roles only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):iam::[0-9]{12}:role/.+)$|^$" }, "maxItems": 50 }, "AdditionalPolicy": { "description": "An additional policy document as a JSON that is less permissive than the AMS baseline policy. For details on AMS baseline policy see AMS documentation.", "type": "string", "pattern": "^[\\s\\S]*$", "maxLength": 10240 } }, "metadata": { "ui:order": [ "ServicePrincipal", "RoleName", "RolePath", "Preview", "S3ReadAccess", "S3WriteAccess", "KMSReadAccess", "KMSCryptographicOperationAccess", "SSMReadAccess", "SSMWriteAccess", "CloudWatchLogsReadAccess", "CloudWatchLogsWriteAccess", "CloudWatchAlarmReadAccess", "CloudWatchAlarmWriteAccess", "CloudWatchMetricsReadAccess", "CloudWatchMetricsWriteAccess", "SecretsManagerReadAccess", "SNSReadAccess", "SNSWriteAccess", "SQSReadAccess", "SQSWriteAccess", "DynamoDBResourceReadAccess", "DynamoDBDataReadWriteAccess", "STSAssumeRole", "AdditionalPolicy" ] }, "required": [ "ServicePrincipal", "RoleName", "Preview" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-128svy9nn2yj8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change S3 Bucket Encryption Setting", "description": "Enable or update S3 bucket encryption setting through direct API calls. The S3 bucket can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-1gi93jhvj28eg instead, or ct-361tlo1k7339x if the S3 bucket was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateBucketEncryption.", "type": "string", "enum": [ "AWSManagedServices-UpdateBucketEncryption" ], "default": "AWSManagedServices-UpdateBucketEncryption" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BucketName": { "description": "The name of the bucket for which to update the encryption setting.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "minItems": 1, "maxItems": 1 }, "ServerSideEncryption": { "description": "Default encryption for an S3 bucket using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).", "type": "string", "enum": [ "S3ManagedKeys", "KmsManagedKeys" ] }, "KMSKeyId": { "description": "The AWS KMS master key ID used for the ServerSideEncryption KMS encryption. Applicable only if ServerSideEncryption = KmsManagedKeys.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?mrk-[a-f0-9]{33}$|^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:)?alias/.{1,}$|^$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "BucketName", "ServerSideEncryption", "KMSKeyId" ] }, "additionalProperties": false, "required": [ "BucketName", "ServerSideEncryption" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-12amsdz909cfh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create load balancer (ELB) stack", "description": "Use to create an Amazon ELB Classic Load Balancer. Use alternate change types to create an Application Load Balancer (ct-111r1yayblnw4) or Network Load Balancer (ct-2qldv4h9osmau).", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sdhopv30000000000.", "type": "string", "enum": [ "stm-sdhopv30000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ELBBackendInstances": { "default": [ "" ], "description": "One or more EC2 instance IDs to associate with the load balancer, in the form of i-0123abcd or i-01234567890abcdef for a single instance, or i-0123abcd,i-12345abcd or i-01234567890abcdef,i-2345678901abcdefg for multiple instances. Leave blank to not associate individual EC2 instances with the load balancer. A load balancer can be associated with an autoscaling group by specifying the load balancer name in the ASGLoadBalancerNames property during creation or update of the autoscaling group.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}$|^i-[a-z0-9]{17}$|^$" }, "uniqueItems": true }, "ELBCrossZone": { "description": "With cross-zone load balancing, your load balancer nodes route traffic to the back-end instances across all Availability Zones. True to enable, false to disable. The default is true.", "type": "boolean", "default": true }, "ELBCookieExpirationPeriod": { "default": "", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieExpirationPeriod2": { "default": "", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieStickinessPolicyName": { "default": "", "description": "A name for the cookie stickiness policy. The name must be unique within the set of policies for this load balancer. Leave blank to skip creation of a policy.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBCookieStickinessPolicyName2": { "default": "", "description": "A name for the second cookie stickiness policy. The name must be unique within the set of policies for this load balancer. Leave blank to skip creation of a second policy.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBSubnetIds": { "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "ELBHealthCheckHealthyThreshold": { "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 10 }, "ELBHealthCheckInterval": { "description": "The approximate interval, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300, "default": 30 }, "ELBHealthCheckTarget": { "description": "The protocol, port, and path of the instance to check. For example, HTTP:80/weather/us/wa/seattle. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535.", "type": "string", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][a-zA-Z0-9/_.-]*$|^(SSL|TCP):[0-9]{1,5}$" }, "ELBHealthCheckTimeout": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for ELBHealthCheckInterval.", "type": "number", "minimum": 2, "maximum": 60, "default": 5 }, "ELBHealthCheckUnhealthyThreshold": { "description": "The number of consecutive health check failures required to declare an EC2 instance unhealthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 2 }, "ELBIdleTimeout": { "description": "The time, in seconds, that a connection to the load balancer can remain idle, which means no data is sent over the connection. After the specified time, the load balancer closes the connection.", "type": "number", "minimum": 1, "maximum": 3600, "default": 60 }, "ELBInstancePort": { "default": "80", "description": "The TCP port the listener uses to send traffic to the target instance.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstancePort2": { "default": "80", "description": "The TCP port the optional second listener uses to send traffic to the target instance.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstanceProtocol": { "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBInstanceProtocol2": { "description": "The protocol the second listener uses for routing traffic to back-end connections (load balancer to backend instance).", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerName": { "description": "A friendly name for the load balancer.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,31}$|^$" }, "ELBLoadBalancerPort": { "default": "80", "description": "The port number for the load balancer to use when routing external incoming traffic.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerPort2": { "default": "81", "description": "The port number for the load balancer to use when routing external incoming traffic on the second listener.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerProtocol": { "default": "HTTP", "description": "The transport protocol to use for routing front-end connections (client to load balancer).", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerProtocol2": { "description": "The transport protocol to use for routing front-end connections (client to load balancer) on the second listener. Leave blank to skip creation of an additional listener.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBScheme": { "description": "True if the load balancer endpoint is public, false if it is not. Default is false. Set to true if you choose a public subnet for the load balancer.", "type": "boolean", "default": false }, "ELBSSLCertificateId": { "default": "", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. This must be specified if the HTTPS or SSL protocol is specified for ELBLoadBalancerProtocol.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" }, "ELBSSLCertificateId2": { "default": "", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use for the optional second listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. Leave blank if a second listener is not being created or if the second listener does not use the HTTPS or SSL for ELBLoadBalancerProtocol2.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" } }, "metadata": { "ui:order": [ "ELBSubnetIds", "ELBLoadBalancerName", "ELBScheme", "ELBBackendInstances", "ELBIdleTimeout", "ELBCrossZone", "ELBHealthCheckTarget", "ELBHealthCheckInterval", "ELBHealthCheckTimeout", "ELBHealthCheckHealthyThreshold", "ELBHealthCheckUnhealthyThreshold", "ELBCookieStickinessPolicyName", "ELBCookieExpirationPeriod", "ELBInstancePort", "ELBInstanceProtocol", "ELBLoadBalancerPort", "ELBLoadBalancerProtocol", "ELBSSLCertificateId", "ELBCookieExpirationPeriod2", "ELBCookieStickinessPolicyName2", "ELBInstancePort2", "ELBInstanceProtocol2", "ELBLoadBalancerPort2", "ELBLoadBalancerProtocol2", "ELBSSLCertificateId2" ] }, "required": [ "ELBSubnetIds", "ELBLoadBalancerPort", "ELBLoadBalancerProtocol", "ELBInstancePort" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-12lyw7otiyr6f

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Associate Security Group", "description": "Associate security groups with an AWS resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AttachSecurityGroupsV2.", "type": "string", "enum": [ "AWSManagedServices-AttachSecurityGroupsV2" ], "default": "AWSManagedServices-AttachSecurityGroupsV2" }, "Region": { "description": "The AWS Region in which the security groups are located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ResourceType": { "description": "The type of resource to associate the security group or groups to. Supported resource types are EC2Instance, ElasticNetworkInterface, AutoScalingGroup, AutoScalingGroupCurrentInstancesOnly, ElasticLoadBalancer, ApplicationLoadBalancer, RDSDBInstance, RDSDBCluster, ElasticacheCluster, RedshiftCluster, ElasticFileSystem. Important Note: For AutoScalingGroupCurrentInstancesOnly, security groups are only attached to individual instances currently part of the ASG. LaunchTemplate or LaunchConfiguration are not updated. Please make sure to update LaunchTemplate / LaunchConfiguration before updating security groups to AutoScalingGroup Instances.", "type": "string", "enum": [ "EC2Instance", "ElasticNetworkInterface", "AutoScalingGroup", "AutoScalingGroupCurrentInstancesOnly", "ElasticLoadBalancer", "ApplicationLoadBalancer", "RDSDBInstance", "RDSDBCluster", "ElasticacheCluster", "RedshiftCluster", "ElasticFileSystem" ] }, "ResourceId": { "description": "The resource identifier to associate the security groups to, per specified ResourceType. For EC2Iinstance use the instance ID, for ElasticNetworkInterface use the network interface ID, for AutoScalingGroup and AutoScalingGroupCurrentInstancesOnly use the Auto Scaling group name, for ElasticLoadBalancer use the load balancer name; for ApplicationLoadBalancer use the load balancer ARN or the load balancer name; for RDSDBInstance use the DB instance ID; for RDSDBCluster use the DB cluster ID, for ElasticacheCluster use the cache cluster ID, for RedshiftCluster use the cluster ID, for ElasticFileSystem use file system Id.", "type": "string", "pattern": "^.+$" }, "SecurityGroupIds": { "description": "A list of security group IDs to associate to the specified ResourceId.", "type": "array", "items": { "type": "string", "pattern": "^sg-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "OverwriteSecurityGroups": { "description": "True to overwrite the existing security groups of the resource with the specified SecurityGroupIds, false to not overwrite the existing list. Default is false and existing security groups are retained. IMPORTANT: If true, any access allowed by existing security groups is removed and only the new security groups are in effect.", "type": "string", "default": "false", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "ResourceType", "ResourceId", "SecurityGroupIds", "OverwriteSecurityGroups" ] }, "additionalProperties": false, "required": [ "ResourceType", "ResourceId", "SecurityGroupIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-12w49boaiwtzp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS database stack", "description": "Modify the properties of an Amazon Relational Database Service (RDS) DB instance created using ct-2z60dyvto9g6c, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the RDS DB instance, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the RDS DB instance that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the RDS DB instance.", "type": "object", "properties": { "RDSAllocatedStorage": { "description": "The size of the database in gigabytes (GB). The acceptable limits for this value relate to the engine and storage type that you specify. For details, see AWS documentation on DB instance storage.", "type": "number", "minimum": 20, "maximum": 32768 }, "RDSAllowMajorVersionUpgrade": { "description": "True to allow updates to the DB instance's major version.", "type": "boolean" }, "RDSAutoMinorVersionUpgrade": { "description": "True to apply minor engine upgrades automatically to the DB instance during the maintenance window.", "type": "boolean" }, "RDSBackupRetentionPeriod": { "description": "The number of days to retain automatic DB snapshots. Setting this to a positive number enables backups. Setting this to 0 disables automated backups.", "type": "number", "minimum": 0, "maximum": 35 }, "RDSDBParameterGroupName": { "description": "The name of an existing DB parameter group. If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot.", "type": "string" }, "RDSDeletionProtection": { "description": "True to disable DB instance deletion.", "type": "boolean" }, "RDSDomain": { "description": "The Active Directory directory ID to create the instance in. This is applicable only for Microsoft SQL Server DB engines only.", "type": "string", "pattern": "^$|^d-[0-9a-f]{10}$" }, "RDSDomainIAMRoleName": { "description": "The name of an IAM role that Amazon RDS uses when calling the AWS Directory Service APIs. This is applicable only for Microsoft SQL Server DB engines only.", "type": "string", "pattern": "^$|^customer[\\w-]+$" }, "RDSEngineVersion": { "description": "The version number of the database engine to use. Changing this parameter results in DB instance restart.", "type": "string" }, "RDSInstanceType": { "description": "The compute and memory capacity for the DB instance.", "type": "string" }, "RDSIOPS": { "description": "The provisioned IOPS for RDS storage. Must be a multiple between 3 and 10 of the storage amount for the DB instance. Must also be an integer multiple of 1000. For example, if the size of your DB instance is 500 GB, then your IOPS value can be 2000, 3000, 4000, or 5000.", "type": "number" }, "RDSMasterUserPassword": { "description": "The password that you will use with the configured user name to log in to your DB instance. Must contain from 8 to 30 printable ASCII characters (excluding backslash, double quotes, and at sign).", "type": "string", "pattern": "^[!#-.0-?A-~]{8,30}$", "metadata": { "ams:sensitive": true } }, "RDSMultiAZ": { "description": "True to have a standby replica of your DB instance created in another Availability Zone for failover support, false to not have a standby replica.", "type": "boolean" }, "RDSPerformanceInsights": { "type": "string", "description": "True to enable Performance Insights for the DB instance, false to not. Amazon RDS Performance Insights is a database performance tuning and monitoring feature that helps you assess the load on your database.", "enum": [ "true", "false" ] }, "RDSPerformanceInsightsKMSKey": { "type": "string", "description": "The Amazon resource name (ARN) of the KMS master key to use to encrypt Performance Insights data. Specify default to use the default RDS KMS Key.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "RDSPerformanceInsightsRetentionPeriod": { "type": "string", "description": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).", "enum": [ "7", "731" ] }, "RDSOptionGroupName": { "description": "The option group that this DB instance is associated with.", "type": "string" }, "RDSPreferredBackupWindow": { "description": "The daily time range during which automated backups are created, if RDSBackupRetentionPeriod is set to a positive number. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the RDSPreferredMaintenanceWindow setting, and must be at least 30 minutes.", "type": "string", "pattern": "^$|^[0-9]{2}:[0-9]{2}-[0-9]{2}:[0-9]{2}$" }, "RDSPreferredMaintenanceWindow": { "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh:mm-ddd:hh:mm (24-hour format).", "type": "string", "pattern": "^$|^[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$" }, "RDSStorageType": { "description": "Storage type for the RDS DB instance. If you specify io1, you must also include a value for the RDSIOPS parameter.", "type": "string", "enum": [ "standard", "gp2", "io1", "gp3" ] } }, "metadata": { "ui:order": [ "RDSEngineVersion", "RDSInstanceType", "RDSStorageType", "RDSAllocatedStorage", "RDSIOPS", "RDSMasterUserPassword", "RDSMultiAZ", "RDSPerformanceInsights", "RDSPerformanceInsightsKMSKey", "RDSPerformanceInsightsRetentionPeriod", "RDSDomain", "RDSDomainIAMRoleName", "RDSDBParameterGroupName", "RDSOptionGroupName", "RDSBackupRetentionPeriod", "RDSPreferredBackupWindow", "RDSAutoMinorVersionUpgrade", "RDSAllowMajorVersionUpgrade", "RDSPreferredMaintenanceWindow", "RDSDeletionProtection" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-13lk0noacn6ua

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disassociate Security Group", "description": "Disassociate a security group from up to 50 AWS resources.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DisassociateSecurityGroupV2.", "type": "string", "enum": [ "AWSManagedServices-DisassociateSecurityGroupV2" ], "default": "AWSManagedServices-DisassociateSecurityGroupV2" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "A security group ID to be disassociated from AWS resources. Provide at least one of EC2 instance IDs, Elastic network interface IDs, Auto scaling group names, Elastic load balancer names, Application load balancer names, RDS DB instance identifiers, RDS DB cluster identifiers, Elasticache cluster identifiers, Redshift cluster identifiers, Elastic Filesystem identifiers to disassociate the security group from.", "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "EC2InstanceIds": { "description": "A list of up to 50 EC2 instance IDs to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}$|^i-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticNetworkInterfaceIds": { "description": "A list of up to 50 elastic network interface IDs to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^eni-[a-z0-9]{8}$|^eni-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "AutoScalingGroupNames": { "description": "A list of up to 50 Auto scaling group names to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-)).{1,255}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticLoadBalancerNames": { "description": "A list of up to 50 elastic load balancer names to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z0-9][a-zA-Z0-9-]{1,30}[a-zA-Z0-9]$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ApplicationLoadBalancerNames": { "description": "A list of up to 50 application load balancer names to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z0-9][a-zA-Z0-9-]{1,30}[a-zA-Z0-9]$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RDSDBInstanceIdentifiers": { "description": "A list of up to 50 RDS DB instance identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z][a-zA-Z0-9-]{1,62}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RDSDBClusterIdentifiers": { "description": "A list of up to 50 RDS DB cluster identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z][a-zA-Z0-9-]{1,62}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticacheClusterIdentifiers": { "description": "A list of up to 50 Elasticache cluster identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RedshiftClusterIdentifiers": { "description": "A list of up to 50 Redshift cluster identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticFileSystemIds": { "description": "A list of up to 50 Elastic file system identifiers to disassociate the SecurityGroupId from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "SecurityGroupId", "EC2InstanceIds", "ElasticNetworkInterfaceIds", "AutoScalingGroupNames", "ElasticLoadBalancerNames", "ApplicationLoadBalancerNames", "RDSDBInstanceIdentifiers", "RDSDBClusterIdentifiers", "ElasticacheClusterIdentifiers", "RedshiftClusterIdentifiers", "ElasticFileSystemIds" ] }, "additionalProperties": false, "required": [ "SecurityGroupId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-13swbwdxg106z

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Instance Type", "description": "Change the DB instance type through direct API calls. The RDS instance can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-12w49boaiwtzp instead, or ct-361tlo1k7339x if the RDS instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSInstanceType.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSInstanceType" ], "default": "AWSManagedServices-UpdateRDSInstanceType" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "DBInstanceClass": { "description": "The new compute and memory capacity of the DB instance, for example db.m4.large.", "type": "array", "items": { "type": "string", "pattern": "^db.[a-z0-9]+.[a-z0-9]+$" }, "minItems": 1, "maxItems": 1 }, "ApplyImmediately": { "description": "True to apply the change immediately, false to schedule the change on next maintenance window. To discover your next maintenance window, check the details page for the instance in the RDS console.", "type": "string", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "DBInstanceClass", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "DBInstanceClass", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-13xvbj5pqg253

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Accept Directory Sharing Request", "description": "Accept a directory sharing request sent from the directory owner account. This is run in the directory consumer account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-AcceptSharedDirectory.", "type": "string", "enum": [ "AWSManagedServices-AcceptSharedDirectory" ], "default": "AWSManagedServices-AcceptSharedDirectory" }, "Region": { "description": "The AWS Region where the directory is located, in the form of us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SharedDirectoryId": { "description": "Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.", "type": "array", "items": { "type": "string", "pattern": "^d-[0-9a-f]{10}$" }, "maxItems": 1 }, "OwnerAccountId": { "description": "Identifier for the directory owner account that is sharing the directory.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "SharedDirectoryId", "OwnerAccountId" ] }, "additionalProperties": false, "required": [ "SharedDirectoryId", "OwnerAccountId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-14027q0sjyt1h

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 stack", "description": "Use to create an Amazon Elastic Compute Cloud (EC2) instance.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The VPC identifier (ID), in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource. Set a Name tag to give the instance a name in the EC2 console.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 360 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "InstanceAmiId": { "description": "The AMI to use to create the EC2 instance, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instance, false to use only basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring. Detailed monitoring does incur charges. For more information, see AWS CloudWatch documentation.", "type": "boolean", "default": false }, "InstanceEBSOptimized": { "description": "True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization.", "type": "boolean", "default": false }, "InstanceProfile": { "description": "An IAM instance profile defined in your account for the EC2 instance. The default is an AWS-provided role.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9_.=@,+-]{1,128}$", "default": "customer-mc-ec2-instance-profile" }, "InstanceRootVolumeIops": { "description": "The Iops to use for the root volume if volume type is io1, io2 or gp3. If InstanceRootVolumeType is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "type": "number", "minimum": 100, "maximum": 64000, "default": 100 }, "InstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to /dev/xvda for Linux, and /dev/sda for Windows.", "type": "string" }, "InstanceRootVolumeSize": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "number", "minimum": 20, "maximum": 16000 }, "InstanceRootVolumeType": { "description": "Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "type": "string", "enum": [ "standard", "io1", "io2", "gp2", "gp3" ], "default": "gp3" }, "InstancePrivateStaticIp": { "description": "The static IP address that the instance can support.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" }, "SecurityGroupIds": { "description": "IDs of the existing security groups to associate with the instance, in the form sg-0123abcd or sg-01234567890abcdef. If nothing is specified, the default AMS security groups will be applied.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "InstanceSubnetId": { "description": "The subnet that you want to launch the instance into, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "InstanceType": { "description": "The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization.", "type": "string", "default": "t2.large" }, "InstanceUserData": { "description": "A newline-delimited string where each line is part of the script to be run on boot.", "type": "string", "maxLength": 4096, "default": "" }, "EnforceIMDSV2": { "description": "Set to 'false' for the instance to be launched with IMDSv1 only. Default value is 'true'. See EC2/IMDS document for more details.", "type": "string", "enum": [ "true", "false" ], "default": "true" } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceAmiId", "InstanceSubnetId", "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceRootVolumeIops", "InstanceRootVolumeName", "InstanceRootVolumeSize", "InstanceRootVolumeType", "InstancePrivateStaticIp", "InstanceType", "InstanceUserData", "SecurityGroupIds", "EnforceIMDSV2" ] }, "required": [ "InstanceAmiId", "InstanceSubnetId", "EnforceIMDSV2" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-1404e21baa2ox

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Approve ChangeSet and update CloudFormation stack", "description": "Approve and execute an existing ChangeSet to update a CloudFormation stack. This ChangeType is used primarily to approve and apply changes requested using the \"Update CloudFormation stack\" CT that would cause removal or replacement of resources, but can also be used to execute any existing ChangeSet to update CloudFormation stacks.", "type": "object", "properties": { "VpcId": { "description": "Identifier of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "Identifier for the existing CloudFormation-based stack to be updated.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "ChangeSetName": { "description": "Name of the ChangeSet to execute against the stack. If the stack update was requested using the \"Update CloudFormation stack\" CT, the ChangeSet name can be found in the failure reason of that RFC. You can also find the ChangeSet name from the ChangeSet ID which can be obtained from CloudFormation console, the ChangeSet ID has the format of arn:${Partition}:cloudformation:${Region}:${Account}:changeSet/${ChangeSetName}/${Id}.", "type": "string", "pattern": "^[a-zA-Z][-a-zA-Z0-9]*$", "maxLength": 128 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This does not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 1080, "default": 360 } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "ChangeSetName", "TimeoutInMinutes" ] }, "required": [ "VpcId", "StackId", "ChangeSetName", "TimeoutInMinutes" ] }

Schema for Change Type ct-14v49adibs4db

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disable AMS Resource Scheduler", "description": "Disable AMS Resource Scheduler in the account. This will prevent resources from being scheduled for automatic start or stop actions even if they are configured for such actions.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAMSResourceSchedulerStack-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" ], "default": "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SchedulingActive": { "description": "Specify the value: No. This explicitly requests that the Resource Scheduler be disabled. Default is No.", "type": "array", "items": { "type": "string", "enum": [ "No" ], "default": "No" }, "maxItems": 1, "minItems": 1 }, "Action": { "type": "string", "description": "(Required) The Action to be performed.", "enum": [ "Update" ], "default": "Update" } }, "metadata": { "ui:order": [ "SchedulingActive", "Action" ] }, "required": [ "SchedulingActive", "Action" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-14yjom3kvpinu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create ALB or NLB Listener", "description": "Create a listener for an Application Load Balancer (ALB) or Network Load Balancer (NLB). A listener is a process that checks for connection requests, the rules that you define for a listener determine how the load balancer routes requests to its registered targets.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-12345678 or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "minItems": 0, "maxItems": 40, "uniqueItems": true, "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] } }, "StackTemplateId": { "description": "Must be stm-u5n0r6aacdvdwthhm.", "type": "string", "enum": [ "stm-u5n0r6aacdvdwthhm" ] }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "LoadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the load balancer to associate with the listener, in the form arn:aws:elasticloadbalancing:region:account-id:loadbalancer/load-balancer-type/load-balancer-name/load-balancer-id.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:loadbalancer/(net|app)/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "CertificateArn": { "type": "string", "description": "The ARN of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)", "default": "" }, "DefaultActionTargetGroupArn": { "type": "string", "description": "The ARN of the target group to which Elastic Load Balancing routes the traffic, in the form arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:targetgroup/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). For ALB, the supported protocols are HTTP and HTTPS. For NLB, the supported protocols are TCP, TLS, UDP, TCP_UDP.", "enum": [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP" ] }, "ALBSslPolicy": { "type": "string", "description": "The ALB security policy that defines the ciphers and protocols that the load balancer supports. Only applicable if Protocol = HTTPS.", "enum": [ "", "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ], "default": "ELBSecurityPolicy-TLS13-1-2-2021-06" }, "NLBSslPolicy": { "description": "The NLB security policy that defines the ciphers and protocols that the load balancer supports. Only applicable if Protocol = TLS.", "type": "string", "enum": [ "", "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ], "default": "ELBSecurityPolicy-TLS13-1-2-2021-06" }, "AlpnPolicy": { "description": "The name of the Application-Layer Protocol Negotiation (ALPN) policy that includes the protocol negotiation within the exchange of hello messages.", "type": "string", "enum": [ "", "HTTP1Only", "HTTP2Only", "HTTP2Optional", "HTTP2Preferred", "None" ], "default": "" } }, "metadata": { "ui:order": [ "LoadBalancerArn", "DefaultActionTargetGroupArn", "Port", "Protocol", "CertificateArn", "ALBSslPolicy", "NLBSslPolicy", "AlpnPolicy" ] }, "required": [ "LoadBalancerArn", "DefaultActionTargetGroupArn", "Port", "Protocol" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-15mazjj88xc69

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Resize EC2 Instance", "description": "Resize an existing EC2 instance in your account. The state of the instance can be either 'running' or 'stopped'. If 'running', the instance is stopped during the resize operation and returned to the initial state after the resizing is complete. Before resizing the instance, ensure that the instance's root volume is not an instance store volume. We highly recommended rigorous load and performance testing before, and after, making instance type changes, and that you also consider the pricing changes that result when instances are resized. Please be aware that this change may result in CloudFormation drift for any stacks that have this resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ChangeInstanceType.", "type": "string", "enum": [ "AWSManagedServices-ChangeInstanceType" ], "default": "AWSManagedServices-ChangeInstanceType" }, "Region": { "description": "The AWS Region where the instance is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the instance to resize, in the form i-12345678901234567 or i-12345678.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "InstanceType": { "description": "The instance type to resize to; for example, t3.xlarge or m4.xlarge. Ensure that the instance type you select has the same underlying hypervisor, either xen or nitro, as the instance type that you are resizing. Choosing an instance type with a different underlying hypervisor is disallowed.", "type": "array", "items": { "type": "string", "pattern": "^[a-z-0-9]+\\.[a-z0-9]+$" }, "minItems": 1, "maxItems": 1 }, "CreateAMIBeforeResize": { "description": "True to create an EC2 instance AMI as a backup before resizing the instance, false to not.", "type": "array", "items": { "type": "boolean", "default": false }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "InstanceId", "InstanceType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-16pknsfa8lul7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create StackSets Stack", "description": "Create AWS CloudFormation (CFN) StackSets stacks and deploy the stack instances. Use the CloudFormation StackSets feature to create stacks across multiple accounts.", "type": "object", "properties": { "CloudFormationTemplate": { "description": "The CFN template that you configured to create resources. Copy the JSON and paste it into this field. You must provide a value for CloudFormationTemplate or for the CloudFormationTemplate parameter. Or, provide the CFN template content as an attachment in the correspondence after you create the RFC.", "type": "string", "minLength": 1, "pattern": "^(?![\\s]*https?)[\\S\\s]*$", "maxLength": 20000 }, "CloudFormationTemplateS3Endpoint": { "description": "The S3 bucket endpoint for the CloudFormation template that you want to use. The bucket must be in the same account as the endpoint, or have a presigned URL. You must provide a value for CloudFormationTemplate or for the CloudFormationTemplate parameter. Or, provide the CFN template content as an attachment in the correspondence after you create the RFC.", "type": "string", "minLength": 1, "pattern": "^[\\s]*https?://[\\S]*[\\s]*$|^[\\s]*$", "maxLength": 2047 }, "Parameters": { "description": "Add up to sixty parameters (parameter name/value pairs) to supply alternate values for parameters in your customized CloudFormation template. By providing the parameters this way, you can reuse your CloudFormation template with different parameter values when needed and can update any parameter value with the CFN Update stack set (review required) change type (ct-1v9g9n30woc8h).", "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string", "pattern": "[A-Za-z0-9]+$" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "Description": { "description": "Meaningful information about the StackSets stack you are creating.", "type": "string", "minLength": 1, "maxLength": 1024 }, "Name": { "description": "A meaningful name for the StackSets stack. The name must start with an alphabetic character and can contain only alphanumeric characters (case-sensitive) and hyphens.", "type": "string", "minLength": 1, "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "maxLength": 128 }, "OuId": { "description": "The ID of the AWS organizational unit for the stack instances being deployed. If you add a parent OU as a target, StackSets also adds any child OU as targets. To deploy the StackSets stack instances in all OUs, use 'all'.", "type": "array", "items": { "type": "string", "pattern": "^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32}|all)$" }, "minItems": 1, "uniqueItems": true }, "Region": { "description": "The AWS Region to deploy the resources, in the form of us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the StackSets stack.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,128}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "CloudFormationTemplate", "CloudFormationTemplateS3Endpoint", "Parameters", "Region", "OuId", "Tags", "Priority" ] }, "required": [ "Name", "Description", "Region", "OuId" ] }

Schema for Change Type ct-16xg8qguovg2w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create and attach up to five EBS volumes to an instance.", "description": "Creates up to five EBS volumes, and attaches them to an existing EC2 instance that you specify. Does not create a root volume.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-hrnfpt7l0qqumcelt", "type": "string", "enum": [ "stm-hrnfpt7l0qqumcelt" ], "default": "stm-hrnfpt7l0qqumcelt" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 45 }, "Parameters": { "type": "object", "properties": { "AvailabilityZone": { "type": "string", "description": "The Availability Zone (AZ) to create the volume in. Must match the AZ of the instance ID in order to attach successfully.", "pattern": "^[a-z]{2}-[a-z]{4,10}-[1-9]{1}[a-z]$" }, "InstanceId": { "type": "string", "description": "The instance that the created EBS volumes will be attached to.", "pattern": "^i-[0-9a-f]{8}$|^i-[0-9a-f]{17}$" }, "Volume1Iops": { "type": "string", "description": "The Iops to use for Volume1 if Volume1Type is io1, io2 or gp3. If Volume1Type is not io1, io2 or gp3, any value provided here is ignored. If Volume1Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume1KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume1. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume1.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume1Name": { "type": "string", "description": "The device name for Volume1 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume1.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$" }, "Volume1Size": { "type": "string", "description": "The size for Volume1 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume1Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume1. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume1Throughput": { "type": "string", "description": "The Throughput to use for Volume1 if Volume1Type is gp3. If Volume1Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume2Iops": { "type": "string", "description": "The Iops to use for Volume2 if Volume2Type is io1, io2 or gp3. If Volume2Type is not io1, io2 or gp3, any value provided here is ignored. If Volume2Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume2KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume2. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume2.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume2Name": { "type": "string", "description": "The device name for Volume2 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume2. Leave blank to skip creation of Volume2.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume2Size": { "type": "string", "description": "The size for Volume2 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume2Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume2. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume2Throughput": { "type": "string", "description": "The Throughput to use for Volume2 if Volume2Type is gp3. If Volume2Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume3Iops": { "type": "string", "description": "The Iops to use for Volume3 if Volume3Type is io1, io2 or gp3. If Volume3Type is not io1, io2 or gp3, any value provided here is ignored. If Volume3Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume3KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume3. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume3.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume3Name": { "type": "string", "description": "The device name for Volume3 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume3. Leave blank to skip creation of Volume3.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume3Size": { "type": "string", "description": "The size for Volume3 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume3Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume3. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume3Throughput": { "type": "string", "description": "The Throughput to use for Volume3 if Volume3Type is gp3. If Volume3Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume4Iops": { "type": "string", "description": "The Iops to use for Volume4 if Volume4Type is io1, io2 or gp3. If Volume4Type is not io1, io2 or gp3, any value provided here is ignored. If Volume4Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume4KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume4. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume4.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume4Name": { "type": "string", "description": "The device name for Volume4 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume4. Leave blank to skip creation of Volume4.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume4Size": { "type": "string", "description": "The size for Volume4 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume4Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume4. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume4Throughput": { "type": "string", "description": "The Throughput to use for Volume4 if Volume4Type is gp3. If Volume4Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume5Iops": { "type": "string", "description": "The Iops to use for Volume5 if Volume5Type is io1, io2 or gp3. If Volume5Type is not io1, io2 or gp3, any value provided here is ignored. If Volume5Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume5KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume5. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume5.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume5Name": { "type": "string", "description": "The device name for Volume5 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume5. Leave blank to skip creation of Volume5.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume5Size": { "type": "string", "description": "The size for Volume5 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume5Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume5. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume5Throughput": { "type": "string", "description": "The Throughput to use for Volume5 if Volume5Type is gp3. If Volume5Type is not gp3, any value provided here is ignored. Default is 125. The Throughput should be between 125 and 1000.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" } }, "metadata": { "ui:order": [ "InstanceId", "AvailabilityZone", "Volume1Name", "Volume1Size", "Volume1Type", "Volume1Iops", "Volume1Throughput", "Volume1KmsKeyId", "Volume1Snapshot", "Volume2Name", "Volume2Size", "Volume2Type", "Volume2Iops", "Volume2Throughput", "Volume2KmsKeyId", "Volume2Snapshot", "Volume3Name", "Volume3Size", "Volume3Type", "Volume3Iops", "Volume3Throughput", "Volume3KmsKeyId", "Volume3Snapshot", "Volume4Name", "Volume4Size", "Volume4Type", "Volume4Iops", "Volume4Throughput", "Volume4KmsKeyId", "Volume4Snapshot", "Volume5Name", "Volume5Size", "Volume5Type", "Volume5Iops", "Volume5Throughput", "Volume5KmsKeyId", "Volume5Snapshot" ] }, "required": [ "InstanceId", "AvailabilityZone", "Volume1Name", "Volume1Size" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1706xvvk6j9hf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Automated IAM Provisioning", "description": "Enable Automated IAM provisioning with read-write permissions in the account used to submit this CT. Once enabled, a new role 'AWSManagedServicesIAMProvisionAdminRole' is created in that account. Additionally, you can use three related change types (ct-1n9gfnog5x7fl, ct-1e0xmuy1diafq, ct-17cj84y7632o6) to create, update, or delete IAM roles and policies using Automated IAM provisioning with read-write permissions, which employs an automated review process with a predefined set of rules for IAM and AMS. Before using, we recommend a good familiarity with IAM rules. To confirm that an account has Automated IAM provisioning enabled, look for the IAM role 'AWSManagedServicesIAMProvisionAdminRole' in the IAM console for that account.", "type": "object", "properties": { "SAMLIdentityProviderArns": { "description": "Comma-separated list of the SAML identity provider (IdP) ARNs to assume the Automated IAM provisioning role. You must set at least one provider, using either this parameter or IamEntityArns.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:saml-provider\\/[\\w._+=,@-]{1,128}$" }, "uniqueItems": true }, "IamEntityArns": { "description": "Comma-separated list of ARNs of the IAM entities to assume the Automated IAM provisioning role. You must set at least one IAM principal, using either this parameter or SAMLIdentityProviderArns.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:role\\/[\\w+=,.@-]{1,64}$" }, "uniqueItems": true }, "CustomerCustomDenyActionsList1": { "description": "Comma-separated list of actions to be denied in IAM roles created by the Automated IAM provisioning role.", "type": "string", "pattern": "^[a-z0-9-]+:[A-Za-z0-9*-]+(?:,[a-z0-9-]+:[A-Za-z0-9*-]+)*$", "maxLength": 4096 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "default": "High", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "SAMLIdentityProviderArns", "IamEntityArns", "CustomerCustomDenyActionsList1", "Priority" ] } }

Schema for Change Type ct-17cj84y7632o6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Entity or Policy (read-write permissions)", "description": "Delete Identity and Access Management (IAM) role or policy created with change type ct-1n9gfnog5x7fl.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAutomatedIAMProvisioningDelete-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAutomatedIAMProvisioningDelete-Admin" ], "default": "AWSManagedServices-HandleAutomatedIAMProvisioningDelete-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "RoleName": { "description": "A list of up to five IAM role names to delete.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$" }, "minItems": 0, "maxItems": 5, "uniqueItems": true }, "ManagedPolicyName": { "description": "A list of up to five IAM customer managed policy names to delete.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,128}$" }, "minItems": 0, "maxItems": 5, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "ManagedPolicyName" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-17vnu10suy631

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Cache (ElastiCache Redis) stack", "description": "Use to create an Amazon ElastiCache cluster (one or more cache nodes) that uses the Redis engine.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sfpo2o00000000000.", "type": "string", "enum": [ "stm-sfpo2o00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ElastiCacheAutoMinorVersionUpgrade": { "description": "True for minor engine upgrades to be applied automatically to the cache cluster during the specified ElastiCachePreferredMaintenanceWindow, false for the upgrades to not be applied automatically. Default is true.", "type": "boolean", "default": true }, "ElastiCacheBackupSnapshotRetentionLimit": { "description": "The number of days for which Redis retains automatic snapshots before deleting them.", "type": "number", "default": 7, "minimum": 0, "maximum": 30 }, "ElastiCacheClusterName": { "description": "A name for the cache cluster.", "type": "string", "minLength": 1, "maxLength": 20, "pattern": "^[a-zA-Z][a-zA-Z0-9-]{0,18}[a-zA-Z0-9]$|^[a-zA-Z]$" }, "ElastiCacheCPUThresholdAlarmOverride": { "description": "The value for CPUUtilization metric maximum threshold if the automatically derived one from the instance type needs to be overridden.", "type": "number", "default": 0, "minimum": 0, "maximum": 100 }, "ElastiCacheEnableBackup": { "description": "True to enable periodic backups for the cache cluster, false to not. Default is false.", "type": "boolean", "default": false }, "ElastiCacheEngine": { "description": "Must be redis.", "type": "string", "enum": [ "redis" ] }, "ElastiCacheEngineVersion": { "description": "The version of the Redis cache engine to be used for the cluster.", "type": "string" }, "ElastiCacheInstanceType": { "description": "The compute and memory capacity of nodes in the Redis cache cluster.", "type": "string", "default": "cache.t3.micro" }, "ElastiCachePort": { "description": "The port number on which each of the cache nodes will accept connections.", "type": "number", "minimum": 0, "maximum": 65535, "default": 6379 }, "ElastiCachePreferredBackupWindow": { "description": "The daily time range (in UTC) during which Redis will begin taking a daily snapshot of your node group. For example, you can specify 05:00-09:00.", "type": "string", "default": "22:00-23:00", "pattern": "^(?:[0-1][0-9]|2[0-3]):[0-5][0-9]-(?:[0-1][0-9]|2[0-3]):[0-5][0-9]$" }, "ElastiCachePreferredMaintenanceWindow": { "description": "The weekly time range (in UTC) during which system maintenance can occur. For example, you can specify: sun:02:00-sun:04:00.", "type": "string", "pattern": "^(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]-(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]$" }, "ElastiCacheSnapshotArns": { "description": "The ARN of the snapshot file that you want to use to seed a new Redis cache cluster.", "type": "string", "minLength": 16, "pattern": "^arn:aws:s3:" }, "ElastiCacheSnapshotName": { "description": "The name of a snapshot from which to restore data into the new Redis cache cluster.", "type": "string" }, "ElastiCacheSubnetGroup": { "description": "The subnet group name that you want to associate with the cluster.", "type": "string", "minLength": 1, "maxLength": 255, "pattern": "^[a-z0-9-]{1,255}$" }, "ElastiCacheSubnetIds": { "description": "One or more subnet IDs for the cache cluster, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1 }, "SecurityGroups": { "description": "One or more VPC security groups that you want to associate with the cluster, in the form sg-0123abcd or sg-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1 } }, "additionalProperties": false, "required": [ "ElastiCacheClusterName", "ElastiCacheEngine", "ElastiCacheSubnetIds" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "Parameters", "TimeoutInMinutes" ] }

Schema for Change Type ct-17w6f6kzf6w51

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS DB subnet group", "description": "Create a Relational Database Service (RDS) database (DB) subnet group to be used with a specified RDS DB.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-iutsfv5ci7suupr86", "type": "string", "enum": [ "stm-iutsfv5ci7suupr86" ], "default": "stm-iutsfv5ci7suupr86" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "DBSubnetGroupName": { "type": "string", "description": "The name of your DB subnet group. Must contain 1 to 255 alphanumeric characters including period, underscore, and hyphen; and must be unique per account per region. Cannot be named \"default.\"", "pattern": "^(?!default$)[a-zA-Z0-9._-]{1,255}$" }, "DBSubnetGroupDescription": { "type": "string", "description": "A description to help identify your DB subnet group. If blank the subnet group name is used.", "default": "" }, "SubnetIds": { "type": "array", "minItems": 2, "uniqueItems": true, "description": "Two or more subnet IDs to include in the DB subnet group, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" } } }, "metadata": { "ui:order": [ "DBSubnetGroupName", "DBSubnetGroupDescription", "SubnetIds" ] }, "required": [ "DBSubnetGroupName", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1895yr1p87noq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop Backup Job", "description": "Stop an AWS Backup service running, or scheduled, backup job.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopBackupJob.", "type": "string", "enum": [ "AWSManagedServices-StopBackupJob" ], "default": "AWSManagedServices-StopBackupJob" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupJobId": { "description": "The ID of the AWS Backup target job.", "type": "array", "items": { "type": "string", "pattern": "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}){1}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupJobId" ] }, "additionalProperties": false, "required": [ "BackupJobId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-18fzkt86jmw1s

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (Amazon Linux 2)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for Amazon Linux 2 OS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"All\", \"Bugfix\", \"Enhancement\", \"Newpackage\", \"Recommended\" and \"Security\".", "items": { "enum": [ "All", "Bugfix", "Enhancement", "Newpackage", "Recommended", "Security" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"All\", \"Critical\", \"Important\", \"Low\" and \"Medium\".", "items": { "enum": [ "All", "Critical", "Important", "Low", "Medium" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1 }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "Amazon Linux 2", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "Amazon Linux 2" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-18r16ldqil6w9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Security Groups", "description": "Delete up to 20 security groups. Note: Only security groups with no dependencies are deleted and security groups with dependencies are not deleted. This change type does not require a review and can be used instead of the manual, review required, change type (ct-3cp96z7r065e4).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteSecurityGroups.", "type": "string", "enum": [ "AWSManagedServices-DeleteSecurityGroups" ], "default": "AWSManagedServices-DeleteSecurityGroups" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SecurityGroupIds": { "description": "A list of up to 20 security group IDs to be deleted.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 20, "uniqueItems": true }, "ForceDelete": { "description": "True to delete the security groups with only Auto Scaling launch template or launch configuration dependencies, or false if not. Default is false, and only security groups with no dependencies are deleted. Note: Auto Scaling Group or EC2 instances using Launch Templates or Launch Configurations with deleted security groups cannot be launched.", "type": "array", "items": { "type": "string", "default": "false", "enum": [ "true", "false" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupIds", "ForceDelete" ] }, "additionalProperties": false, "required": [ "SecurityGroupIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1962s5oczal9z

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Instance or Session Counts", "description": "Update the number of RDP and SSH Bastion instances. Optionally update the session count of RDP Bastions.", "type": "object", "properties": { "BastionType": { "description": "The bastion type to update, this determines which parameters are applicable. RDP Bastion type applies to all of the parameters. SSH Bastion type applies to only the ASGMaxCount, ASGMinCount, ASGDesiredCount parameters.", "type": "string", "enum": [ "RDP Bastion", "SSH Bastion" ] }, "RDPBastionDesiredMaximumSessions": { "description": "RDP bastion desired maximum number of sessions.", "type": "integer" }, "RDPBastionDesiredMinimumSessions": { "description": "RDP bastion desired minimum number of sessions.", "type": "integer" }, "ASGMaxCount": { "description": "The maximum number of bastion instances to run in the bastion ASG.", "type": "integer" }, "ASGMinCount": { "description": "The minimum number of bastion instances to run in the bastion ASG.", "type": "integer" }, "ASGDesiredCount": { "description": "The preferred number of bastion instances to run in the bastion ASG.", "minimum": 1, "type": "integer" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "BastionType", "RDPBastionDesiredMaximumSessions", "RDPBastionDesiredMinimumSessions", "ASGMaxCount", "ASGMinCount", "ASGDesiredCount", "Priority" ] }, "additionalProperties": false, "required": [ "BastionType" ] }

Schema for Change Type ct-1976sir132k22

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Resource Scheduler Period", "description": "Add a new period to use with AMS Resource Scheduler. Periods are used in schedules to precisely define when a resource should run.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddOrUpdatePeriod.", "type": "string", "enum": [ "AWSManagedServices-AddOrUpdatePeriod" ], "default": "AWSManagedServices-AddOrUpdatePeriod" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Action": { "description": "Specify the value: add. This explicitly requests that the Resource Scheduler period be added. The option cannot be left blank; it must be add.", "type": "array", "items": { "type": "string", "enum": [ "add" ], "default": "add" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "A meaningful name for the period. The name must be unique for this account.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/])^[A-Za-z0-9-_, +=.:#/]{1,64}$" }, "maxItems": 1, "minItems": 1 }, "Description": { "description": "A meaningful description for the period.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,1000}$|^$" }, "maxItems": 1, "minItems": 1 }, "BeginTime": { "description": "The time, in HH:MM format, a resource starts under this period.", "type": "array", "items": { "type": "string", "pattern": "^((?:[01]\\d|2[0-3]):[0-5]\\d)$|^$" }, "maxItems": 1, "minItems": 1 }, "EndTime": { "description": "The time, in HH:MM format, a resource stops under this period.", "type": "array", "items": { "type": "string", "pattern": "^((?:[01]\\d|2[0-3]):[0-5]\\d)$|^$" }, "maxItems": 1, "minItems": 1 }, "Months": { "description": "Enter a comma-delimited list of months (e.g. jan, feb), a hyphenated range of months (e.g. jan-dec), or every n-th month (e.g. jan/3 for every 3rd month starting from jan) during which the resource runs. Abbreviated month names (e.g. jan, feb, march) and numbers (1, 2, 12) are supported.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,-/]*)$|^$" }, "maxItems": 1, "minItems": 1 }, "MonthDays": { "description": "Enter a comma-delimited list of days of the month (e.g. 1, 5, 15), a hyphenated range of days (e.g. 1-15), every n-th day of the month (e.g 1/7 for every 7th day starting on the 1st) or every n-th day day of the month in a range ( e.g. 1-15/2 for every other day from 1st to the 15th), the last day of the month (specify L), or the nearest weekday to a specific date (specify W e.g. 15W) during which the resource runs.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,-/]*)$|^$" }, "maxItems": 1, "minItems": 1 }, "WeekDays": { "description": "Enter a comma-delimited list of days of the week (e.g. Mon, Wed, Fri), a range of days of the week (e.g. Mon-Thu), or n-th occurrence of a weekday in the month (e.g Mon#1 or 0#1 for first Monday of the month) during which the resource runs. Enter a day and L ro run a resource on the last occurrence of that weekday in the month (e.g. friL or 4L to run on the last Friday of the month). Abbreviated week day names (e.g. Sun, Mon, Thu), and numbers (0, 1, 3), are supported.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,#-/]*)$|^$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "Action", "Name", "Description", "BeginTime", "EndTime", "Months", "MonthDays", "WeekDays" ] }, "required": [ "Action", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-199h35t7uz6jl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Grant Stack Read-Only access", "description": "Request Read-Only access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-19f40lfm5umy8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Gather Log4j Information", "description": "Generates a report identifying Log4j2 occurrences on the specified EC2 instances. This is a best-effort report and some occurrences may go undetected from the report.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-GatherLog4jInformation.", "type": "string", "enum": [ "AWSManagedServices-GatherLog4jInformation" ], "default": "AWSManagedServices-GatherLog4jInformation" }, "Region": { "description": "The AWS Region in which the EC2 instances are located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "S3Bucket": { "description": "The name of the S3 bucket to upload the results to, in the form s3://bucket-name.", "type": "array", "items": { "type": "string", "pattern": "^s3://.+$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "S3Bucket" ] }, "additionalProperties": false }, "TargetParameterName": { "description": "Must be InstanceId.", "type": "string", "enum": [ "InstanceId" ], "default": "InstanceId" }, "Targets": { "type": "array", "items": { "type": "object", "properties": { "Key": { "description": "The criteria for targeting resources. To target all instances in the AWS Region, use AWS::EC2::Instance. To target specific instances, use ParameterValues and specify instance IDs for the Values. Default is AWS::EC2::Instance.", "type": "string", "enum": [ "AWS::EC2::Instance", "ParameterValues" ], "default": "AWS::EC2::Instance" }, "Values": { "description": "Values for specified criteria. For Key=AWS::EC2::Instance, use asterisk (*). For Key=ParameterValues, enter up to fifty instance IDs. Default is asterisk (*).", "type": "array", "items": { "type": "string", "pattern": "^i-[0-9a-f]{8}$|^i-[0-9a-f]{17}|\\*", "default": "*" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Values" ] }, "required": [ "Key", "Values" ] }, "minItems": 1, "maxItems": 1 }, "MaxConcurrency": { "description": "The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 50.", "type": "string", "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$", "default": "50" }, "MaxErrors": { "description": "The number of errors that are allowed before the system stops running the task on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. The default value is 100%.", "type": "string", "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[0-9]%|100%)$", "default": "100%" } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters", "TargetParameterName", "Targets", "MaxConcurrency", "MaxErrors" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters", "TargetParameterName", "Targets", "MaxConcurrency", "MaxErrors" ] }

Schema for Change Type ct-19fdy7np55xiu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy RDS DB Cluster Snapshot", "description": "Create a copy of an Amazon Relational Database Service (Amazon RDS) DB Cluster snapshot. If you are copying a snapshot shared from another AWS account, it must be located in the same AWS Region as the specified DocumentName.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyDBClusterSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CopyDBClusterSnapshot" ], "default": "AWSManagedServices-CopyDBClusterSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "Parameters": { "type": "object", "properties": { "SourceDBClusterSnapshotARN": { "description": "The Amazon Resource Name (ARN) of the DB Cluster snapshot to be copied.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:[a-z0-9-]+:[0-9]{12}:cluster-snapshot:[a-zA-Z][a-zA-Z0-9-:]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "TargetDBClusterSnapshotIdentifier": { "description": "The target DB cluster snapshot identifier.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "An AWS Key Management Service (KMS) key to encrypt the DB snapshot with, either the KMS key ARN or the KMS key identifier. Leave blank if the source snapshot is unencrypted.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|mrk-[0-9a-f]{32}$)|^$" }, "minItems": 0, "maxItems": 1 }, "SourceRegion": { "description": "The AWS Region where the source snapshot is located. Leave blank if the source snapshot is located in the same AWS Region as the specified DocumentName.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceDBClusterSnapshotARN", "TargetDBClusterSnapshotIdentifier", "KmsKeyId", "SourceRegion" ] }, "additionalProperties": false, "required": [ "SourceDBClusterSnapshotARN", "TargetDBClusterSnapshotIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1a1zzgi2nb83d

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Application Load Balancer", "description": "Update the properties of an existing AWS Application Load Balancer (ALB) that was created by version 3.0 CT: ct-111r1yayblnw4.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Application Load Balancer that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "LoadBalancerSecurityGroups": { "description": "A list of security groups to associate with the load balancer. Please note that changing this value during an update does not append to the existing security groups associated with the load balancer. Include all required security groups when modifying this value.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "uniqueItems": true }, "LoadBalancerSubnetIds": { "description": "A list of subnet IDs to replace the currently used subnets. If you update the LoadBalancerSubnetIds, specify subnets from at least two Availability Zones. For an internet-facing load balancer provide public subnet IDs, for an internal load balancer we recommend private subnet IDs.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "uniqueItems": true }, "LoadBalancerDeletionProtection": { "type": "string", "description": "True to enable deletion protection, false to not. Default is false.", "enum": [ "true", "false" ] }, "LoadBalancerIdleTimeout": { "type": "string", "description": "How long the load balancer front-end connection (client to load balancer) can be idle (not receiving data) before the connection is automatically closed.", "pattern": "^([1-9][0-9]{0,2}|[1-3][0-9]{3}|4000)$" }, "Listener1Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Listener1Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "enum": [ "HTTP", "HTTPS" ] }, "Listener1SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "Listener1SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. See AWS documentation for ALBs for details on default AWS security policies.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] }, "Listener2Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Listener2Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "pattern": "^$|^(HTTP|HTTPS)$" }, "Listener2SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "Listener2SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. See AWS documentation for ALBs for details on default AWS security policies.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] }, "TargetGroupHealthCheckInterval": { "type": "string", "description": "The approximate amount of time, in seconds, between health checks of an individual target. The range is 5 to 300 seconds.", "pattern": "^([5-9]|[1-8][0-9]|9[0-9]|[12][0-9]{2}|300)$" }, "TargetGroupHealthCheckPath": { "type": "string", "description": "The ping path destination where Elastic Load Balancing sends health check requests.", "pattern": "^(/?[a-z0-9\\-._~%!$&'()*+,;=@]+(/[a-z0-9\\-._~%!$&'()*+,;=:@]+)*/?|/){1,1024}$" }, "TargetGroupHealthCheckPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which is the port on which each target receives traffic from the load balancer.", "pattern": "^$|^([0-9]{1,5})$" }, "TargetGroupHealthCheckProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ] }, "TargetGroupHealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "^(60|[1-5]{1}[0-9]{1}|[2-9]{1})$" }, "TargetGroupHealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the Healthy state.", "pattern": "^([2-9]{1}|10)$" }, "TargetGroupUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the Unhealthy state.", "pattern": "^([2-9]{1}|10)$" }, "TargetGroupValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^(([2-4]{1}[0-9]{2}($|-|,))+)$" }, "TargetGroupDeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. Valid value ranges from 0 to 3600.", "pattern": "^(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})$" }, "TargetGroupSlowStartDuration": { "type": "string", "description": "The time period, in the range 30-900 seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic", "pattern": "^([3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0)$|^$" }, "TargetGroupCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "^([1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800)$|^$" } }, "metadata": { "ui:order": [ "LoadBalancerSecurityGroups", "LoadBalancerSubnetIds", "LoadBalancerDeletionProtection", "LoadBalancerIdleTimeout", "Listener1Port", "Listener1Protocol", "Listener1SSLCertificateArn", "Listener1SSLPolicy", "Listener2Port", "Listener2Protocol", "Listener2SSLCertificateArn", "Listener2SSLPolicy", "TargetGroupHealthCheckInterval", "TargetGroupHealthCheckPath", "TargetGroupHealthCheckPort", "TargetGroupHealthCheckProtocol", "TargetGroupHealthCheckTimeout", "TargetGroupHealthyThreshold", "TargetGroupUnhealthyThreshold", "TargetGroupValidHTTPCode", "TargetGroupDeregistrationDelayTimeout", "TargetGroupSlowStartDuration", "TargetGroupCookieExpirationPeriod" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1a68ck03fn98r

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create S3 bucket", "description": "Create an Amazon S3 bucket for cloud storage.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-s2b72beb200000000.", "type": "string", "enum": [ "stm-s2b72beb200000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name that is used in the Console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "BucketName": { "description": "A name for the S3 bucket. The S3 bucket name must contain only lowercase letters, numbers, periods (.), and hyphens (-). The name must be unique across all existing bucket names in Amazon S3.", "type": "string", "pattern": "^(?!ams|aws|mc|cf-templates)[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "ServerSideEncryption": { "description": "Default encryption for a bucket using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). Use None to disable default encryption. Default is KmsManagedKeys.", "type": "string", "enum": [ "None", "S3ManagedKeys", "KmsManagedKeys" ] }, "KMSKeyId": { "description": "The AWS KMS master key ID used for the ServerSideEncryption KMS encryption. Applicable only if ServerSideEncryption = KmsManagedKeys. Leave blank to use the default encryption key.", "type": "string", "pattern": "^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/mrk-[a-z0-9]{32}$|^$" }, "Versioning": { "description": "The status of versioning for this S3 bucket, either Enabled (versioning of stored objects is enabled) or Suspended (versioning is not enabled). Default is Suspended.", "type": "string", "enum": [ "Enabled", "Suspended" ] }, "IAMPrincipalsRequiringReadObjectAccess": { "description": "List the Identity and Access Management (IAM), or CloudFront Origin Access Identity (OAI), or both, Amazon Resource Names (ARNs) that require read access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole, arn:aws:iam::123456789012:user/myuser and/or arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EH1HDMB1FH2TC.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$|^arn:aws:iam::cloudfront:user\\/CloudFront Origin Access Identity E[A-Z0-9]{11,13}$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringWriteObjectAccess": { "description": "List the IAM ARNs that require write access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringReadObjectAccess": { "description": "List of AWS services that require read access to the S3 bucket; for example, logs.us-east-1.amazonaws.com.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringWriteObjectAccess": { "description": "List of AWS services that require write access to the S3 bucket; for example, logs.us-east-1.amazonaws.com.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$" }, "minItems": 1, "uniqueItems": true }, "EnforceSecureTransport": { "description": "True to enforce HTTPS for object operations, false to not.", "type": "boolean", "default": true }, "AccessAllowedIpRanges": { "description": "List of source IP ranges allowed to access the S3 bucket. Leave blank to not have IP-based restrictions.", "type": "array", "items": { "type": "string" }, "minItems": 0, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "Versioning", "ServerSideEncryption", "KMSKeyId", "EnforceSecureTransport", "IAMPrincipalsRequiringReadObjectAccess", "IAMPrincipalsRequiringWriteObjectAccess", "ServicesRequiringReadObjectAccess", "ServicesRequiringWriteObjectAccess", "AccessAllowedIpRanges" ] }, "required": [ "BucketName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-1aqsjf86w6vxg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 Stack With Additional Volumes", "description": "Create an Amazon Elastic Compute Cloud (EC2) instance with up to five additional volumes.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-nn8v8ffhcal611bmp.", "type": "string", "enum": [ "stm-nn8v8ffhcal611bmp" ], "default": "stm-nn8v8ffhcal611bmp" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "InstanceAmiId": { "type": "string", "description": "The AMI to use to create the EC2 instance, in the form ami-0123abcd or ami-01234567890abcdef.", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "InstanceCoreCount": { "type": "integer", "description": "The number of CPU cores for the instance. If you set this, you need to specify a value for InstanceThreadsPerCore.", "minimum": 0, "maximum": 224, "default": 0 }, "InstanceThreadsPerCore": { "type": "integer", "description": "The number of threads per CPU core. If you set this, you need to specify a value for InstanceCoreCount.", "minimum": 0, "maximum": 2, "default": 0 }, "InstanceDetailedMonitoring": { "type": "string", "description": "True to turn on detailed monitoring for your instances. False to turn off detailed monitoring for your instances and set it to basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring. Detailed monitoring does incur charges. For more information, see AWS CloudWatch documentation.", "enum": [ "true", "false" ] }, "InstanceEBSOptimized": { "type": "string", "description": "True for the instance to be optimized for Amazon Elastic Block Store (EBS) I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization.", "enum": [ "true", "false" ] }, "InstanceProfile": { "type": "string", "description": "An IAM instance profile name defined in your account. The default is customer-mc-ec2-instance-profile.", "pattern": "^[a-zA-Z0-9_.=@,+-]{1,128}$" }, "InstanceRootVolumeIops": { "type": "integer", "description": "The IOPS to use for the root volume, if InstanceRootVolumeType = io1, io2 or gp3. If InstanceRootVolumeType is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "InstanceRootVolumeName": { "type": "string", "description": "The device name of the root volume for the instance; for example, /dev/xvda or /dev/sda1. Specify this, and InstanceRootVolumeSize and InstanceRootVolumeType, to make changes to any or all of these parameters. Leave blank for the values for those three parameters to be drawn from the InstanceAmiId. Specifying an InstanceRootVolumeName that does not match that setting in the InstanceAmiId may result in instance launch failures or making changes to the wrong volume. Note that setting a value prohibits updating the value with the EC2 instance stack Update (with additional volumes) ct (ct-1o1x2itfd6rk8) later.", "enum": [ "", "/dev/sda1", "/dev/xvda" ] }, "InstanceRootVolumeSize": { "type": "integer", "description": "The size, in GiB, of the root volume for the instance. To change this from the value set in the InstanceAmiId, you must also specify InstanceRootVolumeName. If no value is provided for InstanceRootVolumeName, any value provided here is ignored.", "minimum": 8, "maximum": 16384 }, "InstanceRootVolumeType": { "type": "string", "description": "The instance type of the root volume for the instance. To change this from the value set in the InstanceAmiId, you must also specify InstanceRootVolumeName. If no value is provided for InstanceRootVolumeName, any value provided here is ignored. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3" ] }, "RootVolumeKmsKeyId": { "description": "The ID, or ARN, of the KMS master key to be used to encrypt the root volume. Specify default to use the default EBS KMS Key. Leave blank to not encrypt the root volume. Note that, if a value is set, the InstanceRootVolumeName must also be specified for KMS encryption settings on the root volume to take effect.", "type": "string", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "InstancePrivateStaticIp": { "type": "string", "description": "The static IP address for the instance." }, "InstanceSecondaryPrivateIpAddressCount": { "type": "integer", "description": "The number of secondary private IP addresses that EC2 automatically assigns to the primary network interface. The number of secondary IP addresses that can be assigned is dependent on the type of instance used.", "minimum": 0 }, "InstanceSubnetId": { "type": "string", "description": "The subnet that you want to launch the instance into, in the form subnet-0123abcd or subnet-01234567890abcdef.", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "InstanceTerminationProtection": { "type": "string", "description": "True to prevent the instance from being terminated through the API, false to allow it. Default is false. Termination protection must be disabled with an update (ct-1o1x2itfd6rk8) before deleting the stack or performing an update where instance replacement is required, otherwise failures occur.", "enum": [ "true", "false" ] }, "InstanceType": { "type": "string", "description": "The EC2 instance type. Choose an InstanceType that supports EBS optimization if InstanceEBSOptimized = true.", "default": "t3.large" }, "CreditSpecification": { "description": "The credit option for CPU Usage. This is only supported with t2, t3, and t3a, instance types. If your instance is unlikely to require CPU bursting, choose standard, but note that, once all the CPU credits for that instance are used up, it will be throttled. For better burst handling, and to not allow throttling, choose unlimited, but note that additional charges may apply when additional credits are used.", "type": "string", "enum": [ "unlimited", "standard" ], "default": "unlimited" }, "EnforceIMDSV2": { "description": "True for the instance to be launched with IMDSv2 enforced. Default value is True. If you set this to True, make sure your applications are compatible with IMDSv2. See EC2/IMDS document for more details.", "type": "string", "enum": [ "true", "false" ], "default": "true" }, "InstanceUserData": { "type": "string", "description": "A newline-delimited string where each line is part of a script to be run on boot." }, "Volume1Iops": { "type": "integer", "description": "The IOPS to use for the Volume1 volume, if Volume1Type = io1, io2 or gp3. If Volume1Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume1Throughput": { "type": "integer", "description": "The Throughput to use for the Volume1 volume, if Volume1Type = gp3. If Volume1Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume1KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume1. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume1.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume1Name": { "type": "string", "description": "The device name for Volume1 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume1. Leave blank to skip creation of Volume1.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume1Size": { "type": "integer", "description": "The size of Volume1 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume1Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume1.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume2Iops": { "type": "integer", "description": "The IOPS to use for the Volume2 volume, if Volume2Type = io1, io2 or gp3. If Volume2Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume2Throughput": { "type": "integer", "description": "The Throughput to use for the Volume2 volume, if Volume2Type = gp3. If Volume2Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume2KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume2. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume2.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume2Name": { "type": "string", "description": "The device name for Volume2 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume2. Leave blank to skip creation of Volume2.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume2Size": { "type": "integer", "description": "The size of Volume2 in GiB. Defaults to 1 GiB", "minimum": 1, "maximum": 16384 }, "Volume2Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume2.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume3Iops": { "type": "integer", "description": "The IOPS to use for the Volume3 volume, if Volume3Type = io1, io2 or gp3. If Volume3Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume3Throughput": { "type": "integer", "description": "The Throughput to use for the Volume3 volume, if Volume3Type = gp3. If Volume3Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume3KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume3. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume3.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume3Name": { "type": "string", "description": "The device name for Volume3 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume3. Leave blank to skip creation of Volume3.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume3Size": { "type": "integer", "description": "The size of Volume3 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume3Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume3.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume4Iops": { "type": "integer", "description": "The IOPS to use for the Volume4 volume, if Volume4Type = io1, io2 or gp3. If Volume4Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume4Throughput": { "type": "integer", "description": "The Throughput to use for the Volume4 volume, if Volume4Type = gp3. If Volume3Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume4KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume4. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume4.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume4Name": { "type": "string", "description": "The device name for Volume4 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume4. Leave blank to skip creation of Volume4.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume4Size": { "type": "integer", "description": "The size of Volume4 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume4Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume4.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume5Iops": { "type": "integer", "description": "The IOPS to use for the Volume5 volume, if Volume5Type = io1, io2 or gp3. If Volume5Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume5Throughput": { "type": "integer", "description": "The Throughput to use for the Volume5 volume, if Volume5Type = gp3. If Volume5Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume5KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume5. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume5.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume5Name": { "type": "string", "description": "The device name for Volume5 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume5. Leave blank to skip creation of Volume5.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume5Size": { "type": "integer", "description": "The size of Volume5 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume5Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume5.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] } }, "metadata": { "ui:order": [ "InstanceAmiId", "InstanceSubnetId", "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceCoreCount", "InstanceThreadsPerCore", "InstanceRootVolumeIops", "InstanceRootVolumeName", "InstanceRootVolumeSize", "InstanceRootVolumeType", "RootVolumeKmsKeyId", "InstancePrivateStaticIp", "InstanceSecondaryPrivateIpAddressCount", "InstanceType", "CreditSpecification", "InstanceUserData", "InstanceTerminationProtection", "EnforceIMDSV2", "Volume1Name", "Volume1Size", "Volume1Type", "Volume1KmsKeyId", "Volume1Iops", "Volume1Throughput", "Volume1Snapshot", "Volume2Name", "Volume2Size", "Volume2Type", "Volume2KmsKeyId", "Volume2Iops", "Volume2Throughput", "Volume2Snapshot", "Volume3Name", "Volume3Size", "Volume3Type", "Volume3KmsKeyId", "Volume3Iops", "Volume3Throughput", "Volume3Snapshot", "Volume4Name", "Volume4Size", "Volume4Type", "Volume4KmsKeyId", "Volume4Iops", "Volume4Throughput", "Volume4Snapshot", "Volume5Name", "Volume5Size", "Volume5Type", "Volume5KmsKeyId", "Volume5Iops", "Volume5Throughput", "Volume5Snapshot" ] }, "required": [ "InstanceAmiId", "InstanceSubnetId" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1ax768xtu8c9q

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Manage Lifecycle Configuration", "description": "Add a new lifecycle configuration, or replace an existing one for an Amazon S3 bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-PutBucketLifecycleConfiguration.", "type": "string", "enum": [ "AWSManagedServices-PutBucketLifecycleConfiguration" ], "default": "AWSManagedServices-PutBucketLifecycleConfiguration" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BucketName": { "description": "The name of the S3 bucket for the lifecycle configuration.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "minItems": 1, "maxItems": 1 }, "LifecycleConfiguration": { "description": "The lifecycle configuration in JSON format.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"Rules\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 }, "ReplaceExisting": { "description": "True to replace the existing lifecycle configuration, False to append the new configuration to the existing value. Default is False.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "Verification": { "description": "A lifecycle policy can be used to delete all objects in a bucket. To prevent accidental deletion, please ensure you have entered the correct bucket name and the correct lifecycle policy configuration. Enter the value \"confirm\" in this parameter once you have verified this.", "type": "array", "items": { "type": "string", "enum": [ "confirm" ] }, "minItems": 1, "maxItems": 1 }, "MinimumNumberOfDaysBeforeExpiration": { "description": "The minimum number of days before a rule in the lifecycle configuration can expire an object. The value must be greater than one.", "type": "array", "items": { "type": "integer", "minimum": 2, "maximum": 7300 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "BucketName", "LifecycleConfiguration", "ReplaceExisting", "Verification", "MinimumNumberOfDaysBeforeExpiration" ] }, "required": [ "BucketName", "LifecycleConfiguration", "Verification", "MinimumNumberOfDaysBeforeExpiration" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1ay83wy4vxa3k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update AWS Backup Plan", "description": "Update an existing backup plan. Please note that any changes that you make to a backup plan have no effect on existing backups created by the backup plan. The changes apply only to backups that are created in the future.", "type": "object", "properties": { "BackupPlanName": { "description": "The name of the backup plan to be updated.", "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-.]{1,50}$" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "minLength": 1, "maxLength": 127 }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "minLength": 1, "maxLength": 255 }, "WindowsVSS": { "type": "string", "description": "Enabled to use the Windows Volume Shadow Copy Service (VSS) backup option in AWS Backup. Disabled to create a regular backup. Default is disabled. If the application has VSS writer registered with Windows VSS, then AWS Backup creates a snapshot that will be consistent for that application. To learn more, see AWS Backup documentation \"Creating Windows VSS backups.\"", "enum": [ "disabled", "enabled" ], "default": "disabled" }, "BackupRuleName": { "description": "The name of the existing rule in the specified backup plan to be updated.", "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "BackupRuleVault": { "type": "string", "description": "The name of the AWS Backup vault to be used in the AWS Backup plan rule.", "pattern": "^[a-zA-Z0-9\\-\\_]{2,50}$", "default": "ams-custom-backups" }, "BackupRuleCompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000 }, "BackupRuleScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRuleDeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never expires.", "minimum": 0, "maximum": 35600 }, "BackupRuleMoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600 }, "BackupRuleStartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000 }, "BackupRuleRecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for the backup rule.", "minLength": 1, "maxLength": 127 }, "BackupRuleRecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRuleRecoveryPointTagKey.", "minLength": 1, "maxLength": 255 }, "BackupRuleEnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. With continuous backups, you can restore your AWS Backup-supported resource by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). You can do this during the PITR(Point-In-Time Recovery) restore process, where the AWS Backup console displays a Restore time section.", "enum": [ "true", "false" ] }, "BackupRuleCopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRuleCAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule copy actions: The number of days after creation before the recovery point is moved to cold storage, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600 }, "BackupRuleCopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule copy actions: The number of days after creation that a recovery point is deleted, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never expires.", "minimum": 0, "maximum": 35600 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "WindowsVSS", "BackupRuleName", "BackupRuleVault", "BackupRuleCompletionWindowMinutes", "BackupRuleScheduleExpression", "BackupRuleDeleteAfterDays", "BackupRuleMoveToColdStorageAfterDays", "BackupRuleStartWindowMinutes", "BackupRuleRecoveryPointTagKey", "BackupRuleRecoveryPointTagValue", "BackupRuleEnableContinuousBackup", "BackupRuleCopyActionsDestVaultArn", "BackupRuleCAMoveToColdStorageAfterDays", "BackupRuleCopyActionsDeleteAfterDays", "Priority" ] }, "additionalProperties": false, "required": [ "BackupPlanName", "BackupRuleName", "BackupRuleVault" ] }

Schema for Change Type ct-1b8fudnqq7m8r

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete GuardDuty IPSet", "description": "Use to delete an Amazon GuardDuty IPSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "DetectorId": { "description": "The detector ID that specifies the GuardDuty service whose IPSet you want to delete.", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "IpSetId": { "description": "The unique ID that specifies the IPSet that you want to delete.", "type": "string", "minLength": 1 }, "Region": { "description": "Region to use in the form of us-east-1.", "type": "string", "minLength": 1 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "IpSetId", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "IpSetId", "Region" ] }

Schema for Change Type ct-1c0jrxd3su5oe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy RDS DB Snapshot", "description": "Create a KMS key encrypted copy of an Amazon Relational Database Service (Amazon RDS) DB snapshot. If you are copying a snapshot shared from another AWS account, it must be located in the same region in which the document is executed.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyDbSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CopyDbSnapshot" ], "default": "AWSManagedServices-CopyDbSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "Parameters": { "type": "object", "properties": { "SourceDbSnapshotArn": { "description": "The Amazon Resource Name (ARN) of the DB snapshot to be copied.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:rds:[a-z0-9-]+:[0-9]{12}:snapshot:[a-zA-Z][a-zA-Z0-9-:]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "TargetDbSnapshotIdentifier": { "description": "An identifier for the target DB snapshot.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "An AWS Key Management Service (KMS) key to encrypt the DB snapshot with. The KMS key is the KMS Key ARN or the KMS key identifier.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" }, "minItems": 1, "maxItems": 1 }, "SourceRegion": { "description": "The AWS Region where the source snapshot is located. Leave blank if the source snapshot is located in the same region in which the document is executed.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "minItems": 0, "maxItems": 1 }, "OptionGroupName": { "description": "The name of an option group to associate with the copy of the snapshot. Specify this option if you are copying a snapshot from one AWS Region to another, and your DB instance uses a nondefault option group. If copying across AWS Regions, and your source DB instance uses Transparent Data Encryption for Oracle or Microsoft SQL Server, you must specify this option. For more information, see Option Group Considerations in the Amazon RDS User Guide.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-]{0,255}$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceDbSnapshotArn", "TargetDbSnapshotIdentifier", "KmsKeyId", "SourceRegion", "OptionGroupName" ] }, "additionalProperties": false, "required": [ "SourceDbSnapshotArn", "TargetDbSnapshotIdentifier", "KmsKeyId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1d2fml15b9eth

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS replication task.", "description": "Use to create a Database Migration Service (DMS) replication task.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-eos7uq0usnmeggdet", "type": "string", "enum": [ "stm-eos7uq0usnmeggdet" ], "default": "stm-eos7uq0usnmeggdet" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "CdcStartTime": { "type": "string", "description": "When the DMS starts change data capture (CDC), in epoch time (milliseconds). For example, for CDC to start on Thursday August 9, 20018 1:02:49 AM (UTC), enter 1533776569. Must not be a future time and not all source endpoints support CDC start time.", "pattern": "^$|^[0-9]*$", "default": "" }, "MigrationType": { "type": "string", "description": "The migration type or method. To migrate existing data use full-load, to migrate existing data and replicate ongoing changes use full-load-and-cdc, to replicate data changes only use cdc.", "enum": [ "full-load", "full-load-and-cdc", "cdc" ] }, "ReplicationInstanceArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the DMS replication instance, in the form arn:aws:dms:REGION:ACCOUNTID:rep:ABAICDVER4V47TYTAA3U3SE7YM.", "pattern": "^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:rep:[a-zA-Z0-9]+$" }, "ReplicationTaskIdentifier": { "type": "string", "description": "An identifier for the task. Use to give the task a name or label.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "ReplicationTaskSettings": { "type": "string", "description": "A JSON document defining settings for the task. For example, task metadata settings, logging settings etc. For large inputs, we recommend removing extra whitespaces.", "default": "", "maxLength": 4096 }, "SourceEndpointArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the DMS source endpoint for the task to use, in the form arn:aws:dms:REGION:ACCOUNTID:endpoint:ABAICDMTD4V47TYTAA3U3SE7YM.", "pattern": "^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:endpoint:[A-Z0-9]+$" }, "TableMappings": { "type": "string", "description": "A JSON document to set rules for schema mapping, the mapping method, transformation and filters." }, "TargetEndpointArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the DMS target endpoint for the task to use, in the form arn:aws:dms:REGION:ACCOUNTID:endpoint:XYAICDMTD4V47TYTAA3U3SE7YM.", "pattern": "^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:endpoint:[A-Z0-9]+$" } }, "metadata": { "ui:order": [ "ReplicationTaskIdentifier", "MigrationType", "SourceEndpointArn", "TargetEndpointArn", "ReplicationInstanceArn", "TableMappings", "ReplicationTaskSettings", "CdcStartTime" ] }, "required": [ "MigrationType", "ReplicationInstanceArn", "SourceEndpointArn", "TableMappings", "TargetEndpointArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1d55pi44ff21u

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Private DNS Record Sets", "description": "Update an existing Route 53 DNS Hosted Zone with the supplied resource record set.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the Stack.", "type": "object", "properties": { "HostedZoneId": { "description": "The HostedZoneId that is to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^[a-zA-Z][a-zA-Z0-9]{1,32}$" }, "StackId": { "description": "The StackId that is required to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^stack-[a-z0-9]{17}$" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "HostedZoneId", "StackId", "RecordSet" ] }, "required": [ "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1d84keiri1jhg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create KMS key", "description": "Request a KMS key with a predefined key policy.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name used in the Console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-enf1j068fhg34vugt", "type": "string", "enum": [ "stm-enf1j068fhg34vugt" ], "default": "stm-enf1j068fhg34vugt" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "Alias": { "type": "string", "description": "An alias for the customer master key (CMK). The alias must not begin with \"aws/\".", "pattern": "^$|(?!aws/)^[a-zA-Z0-9:/_-]+$" }, "EnableKeyRotation": { "type": "string", "description": "True for automatic rotation of the key material for the specified CMK, false for no automatic rotation. Default is true.", "enum": [ "true", "false" ] }, "Description": { "type": "string", "description": "A description for the CMK.", "maxLength": 8192, "minLength": 1 }, "PendingWindow": { "type": "integer", "description": "The number of days in the waiting period before AWS KMS deletes the CMK. Default is 30.", "minimum": 7, "maximum": 30 }, "IAMPrincipalsRequiringDecryptPermissions": { "type": "array", "description": "List of IAM ARNs that require permission to decrypt using the CMK; for example arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser.", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[\\w+=,.@-]{1,64}$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringEncryptPermissions": { "type": "array", "description": "List of IAM ARNs that require permission to encrypt using the CMK; for example arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser.", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[\\w+=,.@-]{1,64}$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringGrantsPermissions": { "type": "array", "description": "List of IAM ARNs, or account IDs, allowed to use this CMK for key grants; for example arn:aws:iam::123456789012:role/myrole or 123456789012.", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[\\w+=,.@-]{1,64}$|^\\d{12}$" }, "minItems": 1, "uniqueItems": true }, "LimitGrantsToAWSResources": { "type": "string", "description": "True to allow only AWS services that are integrated with AWS KMS to perform the grant operation on the user's behalf, false to allow any principal provided in IAMPrincipalsRequiringGrantsPermissions. Default is false.", "enum": [ "true", "false" ] }, "EnforceEncryptionContextKeys": { "type": "string", "description": "True to enforce use of encryption context keys in cryptographic operations, false to not. To define the encryption context keys, use AllowedEncryptionContextKeys. Default is false.", "enum": [ "true", "false" ] }, "AllowedEncryptionContextKeys": { "type": "array", "description": "List of encryption context keys that must be present in requests for cryptographic operations. If supplied, all cryptographic operations must have one of the context keys from this list.", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "AllowServiceRolesAccessKMSKeys": { "type": "array", "description": "Provide KMS key access to AWS services, by providing the endpoint in the form, ec2.us-east-1.amazonaws.com. Then the specified AWS service can use the CMK with limited permissions (list and create grants; describe, encrypt, decrypt, and reencrypt key; and generate data key).", "items": { "type": "string", "pattern": "^([a-zA-Z0-9-.]+\\.)+amazonaws\\.com$" }, "minItems": 1, "uniqueItems": true } }, "metadata": { "ui:order": [ "Alias", "Description", "EnableKeyRotation", "PendingWindow", "IAMPrincipalsRequiringDecryptPermissions", "IAMPrincipalsRequiringEncryptPermissions", "IAMPrincipalsRequiringGrantsPermissions", "LimitGrantsToAWSResources", "EnforceEncryptionContextKeys", "AllowedEncryptionContextKeys", "AllowServiceRolesAccessKMSKeys" ] }, "required": [ "Description" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1dmlg9g1l91h6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Grant Stack Admin access", "description": "Request admin access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$|^SC-[0-9]{12}-pp-[a-zA-Z0-9]{13}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-1e0xmuy1diafq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Entity or Policy (read-write permissions)", "description": "Update Identity and Access Management (IAM) role or policy with read-write permissions. You must have enabled this feature with change type ct-1706xvvk6j9hf before submitting this request. Automated IAM provisioning with read-write permissions runs over 200 validations to help ensure successful outcomes.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAutomatedIAMProvisioningUpdate-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAutomatedIAMProvisioningUpdate-Admin" ], "default": "AWSManagedServices-HandleAutomatedIAMProvisioningUpdate-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ValidateOnly": { "description": "Yes to validate the IAM role or policy updated with the specified parameter values, without updating the entity or policy; No to validate and update the entity or policy. The validation result is provided as a JSON in the execution output. In order to implement after validation, create a copy of the RFC and set the ValidateOnly parameter to No, then submit.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "ValidateOnly" ] }, "required": [ "ValidateOnly" ] }, "RoleDetails": { "type": "object", "properties": { "Roles": { "description": "Update a role.", "type": "array", "items": { "type": "object", "properties": { "RoleName": { "description": "A name of the IAM role to update. The name can be up to 64 characters in length, and is limited to characters a-z, A-Z, 0-9, hyphen and underscore", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,64}$" }, "Description": { "description": "A meaningful description for the role.", "type": "string", "minLength": 0, "maxLength": 5200, "default": "" }, "AssumeRolePolicyDocument": { "description": "A JSON policy document, defining which entities can assume the role, you are updating the current policy document associated to the role with. Paste the contents into the input. Content provided replaces existing content.", "type": "string", "minLength": 2, "maxLength": 131072 }, "ManagedPolicyArns": { "description": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. Both AWS managed policies and customer managed policies are allowed. You must include the list of managed policy ARNs currently attached to the role that you wish to keep attached. Value provided replaces existing list of ARNs attached to the role.", "type": "array", "items": { "type": "string", "pattern": "^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$|^arn:[\\w+=/,.@-]+:iam::aws:policy(/[\\w+=/,.@-]+)?$" }, "minItems": 0, "maxItems": 20 }, "MaxSessionDuration": { "description": "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 4 hours. The MaxSessionDuration time begins with the assumption of the role.", "type": "string", "default": "3600", "pattern": "^(360\\d|36[1-9]\\d|3[7-9]\\d{2}|[4-9]\\d{3}|1[0-3]\\d{3}|14[0-3]\\d{2}|14400)$" }, "PermissionsBoundary": { "description": "The ARN of the policy used to set as the permissions boundary for the role. A permissions boundary uses a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. ARN provided replaces current permission boundary ARN set in the role.", "type": "string", "default": "", "pattern": "^$|^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "Description", "AssumeRolePolicyDocument", "ManagedPolicyArns", "MaxSessionDuration", "PermissionsBoundary" ] }, "required": [ "RoleName" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Roles" ] } }, "ManagedPolicyDetails": { "type": "object", "properties": { "Policies": { "description": "Update a customer managed policy.", "type": "array", "items": { "type": "object", "properties": { "ManagedPolicyName": { "description": "The name of the IAM policy to update. The name can be up to 128 characters in length, and is limited to characters a-z, A-Z, 0-9, hyphen and underscore", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,128}$" }, "PolicyDocument": { "description": "The JSON policy document that you want to use as the content for the new policy. Paste the content into the input field. Content provided replaces existing content in the policy.", "type": "string", "minLength": 2, "maxLength": 131072 } }, "additionalProperties": false, "metadata": { "ui:order": [ "ManagedPolicyName", "PolicyDocument" ] }, "required": [ "ManagedPolicyName" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Policies" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters", "RoleDetails", "ManagedPolicyDetails" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1e1xtak34nx76

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create other", "description": "Use to request manual creation of a resource.", "type": "object", "properties": { "Comment": { "description": "The description of the change.", "type": "string", "maxLength": 5000 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "RelatedIds": { "description": "(Optional) IDs of resources related to the change request.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 1000, "uniqueItems": true } }, "additionalProperties": false, "required": [ "Comment" ], "metadata": { "ui:order": [ "Comment", "RelatedIds", "Priority" ] } }

Schema for Change Type ct-1eft8s6vdhz0w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update DNS Record Permission", "description": "Grant permissions to the computer object to update DNS records after failover. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateDNSRecordsPermission-Admin.", "type": "string", "enum": [ "AWSManagedServices-UpdateDNSRecordsPermission-Admin" ], "default": "AWSManagedServices-UpdateDNSRecordsPermission-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecordNames": { "description": "A list of comma separated DNS record names.", "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9-_,]{1,1000}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecordNames" ] }, "additionalProperties": false, "required": [ "RecordNames" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1eiczxw8ihc18

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share AMI", "description": "Use to share an AMI with another AMS account.", "additionalProperties": false, "type": "object", "properties": { "TargetAwsAccountId": { "pattern": "^[0-9]{12}$", "description": "ID of the AWS account the AMI will be shared with, in the form 123456789012. The account must already be onboarded to AMS.", "type": "string" }, "AmiId": { "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$", "description": "ID of the AMI to share, in the form ami-12345678 or ami-123456789012345ab.", "type": "string" } }, "required": [ "AmiId", "TargetAwsAccountId" ] }

Schema for Change Type ct-1erytvmumckoa

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Resource Tags (Review Required)", "description": "Delete tags from existing, supported resources except those in AMS infrastructure stacks (stacks named mc-*). For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use automated CT ct-2zebb2czoxpjd.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the tag operation.", "type": "string", "maxLength": 5000 }, "Resources": { "description": "Parameters for up to fifty resources that you want to remove tags from.", "type": "array", "items": { "type": "object", "properties": { "ResourceArn": { "description": "The ARN or the resource ID of the resource to be tagged. Resource ID is allowed only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. All other resource types must be provided with the full ARN.", "type": "string", "pattern": "^arn:aws:(|[a-z][a-z0-9-]+):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):([^,\\s]+)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "RemoveTags": { "description": "Up to fifty tag keys to remove from the resource.", "type": "array", "items": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "ResourceArn", "RemoveTags" ] }, "required": [ "ResourceArn", "RemoveTags" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Description", "Resources", "Priority" ] }, "required": [ "Description", "Resources" ] }

Schema for Change Type ct-1ezarc5xph3tq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Rotate RDS DB Certificate", "description": "Rotate the DB certificate on an Amazon Relational Database Service (RDS) database (DB) instance. Update any client applications that use SSL/TLS and the server certificate to connect, to use the new CA certificate beforehand. Not doing this will cause an interruption of connectivity between your applications and your database.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RotateDbCertificate.", "type": "string", "enum": [ "AWSManagedServices-RotateDbCertificate" ], "default": "AWSManagedServices-RotateDbCertificate" }, "Region": { "description": "The AWS Region in which the RDS DB is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "RDS DB instance identifier, in the form dbinstance-1.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{1,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 }, "CertificateIdentifier": { "description": "Choose from rds-ca-rsa2048-g1, rds-ca-rsa4096-g1, or rds-ca-ecc384-g1 to rotate with the latest certificate. Make sure that the certificate applies to the database engine. If you have issues with your client-side trust store after updating to the latest certificate, then re-submit this RFC and choose rds-ca-2019 to revert. After you correct your client-side trust store with the new CA certificate, update to the desired certificate again. Note that this workaround is only available until August 22, 2024, when the rds-ca-2019 certificate expires.", "type": "array", "items": { "enum": [ "rds-ca-2019", "rds-ca-rsa2048-g1", "rds-ca-rsa4096-g1", "rds-ca-ecc384-g1" ], "type": "string", "default": "rds-ca-2019" }, "minItems": 1, "maxItems": 1 }, "ApplyImmediately": { "description": "True to apply the certificate change immediately. False to schedule the change for the next maintenance window. Note that choosing True causes the instance to reboot. If applicable, make sure that you have updated your client-side trust store beforehand.", "type": "array", "items": { "enum": [ "True", "False" ], "type": "string", "default": "False" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "CertificateIdentifier", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "CertificateIdentifier", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1f9hi4bephqa9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable TGW Propagation", "description": "Enable the Transit Gateway (TGW) attachment to propagate routes to the TGW route table. For multi-account landing zone (MALZ), use this change type in the Network account only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EnableTGWRouteTablePropagation.", "type": "string", "enum": [ "AWSManagedServices-EnableTGWRouteTablePropagation" ], "default": "AWSManagedServices-EnableTGWRouteTablePropagation" }, "Region": { "description": "The AWS Region where the TGW attachment and TGW route table are located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "TransitGatewayAttachmentId": { "description": "The TGW attachment ID, in the form tgw-attach-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^tgw-attach-[a-z0-9]{17}$" }, "maxItems": 1, "minItems": 1 }, "TransitGatewayRouteTableId": { "description": "The TGW route table ID, in the form tgw-rtb-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] }, "additionalProperties": false, "required": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1fzddqrr20c2i

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update MaxSessionDuration", "description": "Update the MaxSessionDuration property of an AWS Identity and Access Management (IAM) role. This setting determines the maximum duration that can be requested using the DurationSeconds parameter when assuming an IAM role.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateIAMRoleMaxSessionDuration.", "type": "string", "enum": [ "AWSManagedServices-UpdateIAMRoleMaxSessionDuration" ], "default": "AWSManagedServices-UpdateIAMRoleMaxSessionDuration" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RoleName": { "description": "The name of the IAM role to modify.", "type": "array", "items": { "type": "string", "pattern": "^(?!(aws-ams-|aws-sentinel-|ams_ssm_|customer_ssm_))[\\w+=,.@-]+" }, "minItems": 1, "maxItems": 1 }, "MaxSessionDuration": { "description": "The new maximum session duration (in seconds) to set for the role. The duration can range from 3600 seconds to 14400 seconds.", "type": "array", "items": { "type": "integer", "minimum": 3600, "maximum": 14400 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RoleName", "MaxSessionDuration" ] }, "required": [ "RoleName", "MaxSessionDuration" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1g6x4ev0hnvfn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Describe Resource Scheduler Periods", "description": "Describe existing periods used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DescribeScheduleOrPeriods.", "type": "string", "enum": [ "AWSManagedServices-DescribeScheduleOrPeriods" ], "default": "AWSManagedServices-DescribeScheduleOrPeriods" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ConfigurationType": { "description": "Specify the value: periods. This explicitly requests that the Resource Scheduler existing periods be described. The option cannot be left blank; it must be periods.", "type": "array", "items": { "type": "string", "enum": [ "periods" ], "default": "periods" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "ConfigurationType" ] }, "required": [ "ConfigurationType" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1gi93jhvj28eg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update S3 Bucket", "description": "Modify the properties of an S3 bucket created using change type ID ct-1a68ck03fn98r, version 4.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef. This identifies the AWS Region where the S3 bucket is.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the S3 bucket that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the S3 bucket.", "type": "object", "properties": { "ServerSideEncryption": { "description": "Default encryption for an S3 bucket using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). Use None to disable default encryption.", "type": "string", "enum": [ "None", "S3ManagedKeys", "KmsManagedKeys" ] }, "KMSKeyId": { "description": "The AWS KMS master key ID used for the ServerSideEncryption KMS encryption. Applicable only if ServerSideEncryption = KmsManagedKeys.", "type": "string", "pattern": "^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/mrk-[a-z0-9]{32}$|^$" }, "Versioning": { "description": "The status of versioning for this S3 bucket, either Enabled (versioning of stored objects is enabled) or Suspended (versioning is not enabled).", "type": "string", "enum": [ "Enabled", "Suspended" ] }, "IAMPrincipalsRequiringReadObjectAccess": { "description": "List the Identity and Access Management (IAM), or CloudFront Origin Access Identity (OAI), or both, Amazon Resource Names (ARNs) that require read access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole, arn:aws:iam::123456789012:user/myuser and/or arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EH1HDMB1FH2TC. The list of ARNs provided here replaces the existing list in the policy, it does not append to the existing list. To remove all ARNs during an update specify None.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$|^arn:aws:iam::cloudfront:user\\/CloudFront Origin Access Identity E[A-Z0-9]{11,13}$|^None$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringWriteObjectAccess": { "description": "List the IAM ARNs that require write access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser. The list of ARNs provided here replaces the existing list in the policy, it does not append to the existing list. To remove all ARNs during an update, specify None.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$|^None$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringReadObjectAccess": { "description": "List of AWS services that require read access to the S3 bucket; for example, logs.us-east-1.amazonaws.com. The list of services provided here replaces the existing list in the policy, it does not append to the existing list. To remove all AWS services during an update, specify None.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$|^None$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringWriteObjectAccess": { "description": "List of AWS services that require write access to the S3 bucket; for example, logs.us-east-1.amazonaws.com. The list of services provided here replaces the existing list in the policy, it does not append to the existing list. To remove all AWS services during an update, specify None.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$|^None$" }, "minItems": 1, "uniqueItems": true }, "EnforceSecureTransport": { "description": "True to enforce HTTPS for object operations. If false, both HTTP and HTTPS traffic is allowed.", "type": "boolean" }, "AccessAllowedIpRanges": { "description": "List of source IP ranges allowed to access the S3 bucket. Leave blank to not have IP-based restrictions. The list of IP ranges provided here replaces the existing list in the policy, it does not append to the existing list. To remove all source IP ranges during an update, specify None.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Versioning", "ServerSideEncryption", "KMSKeyId", "EnforceSecureTransport", "IAMPrincipalsRequiringReadObjectAccess", "IAMPrincipalsRequiringWriteObjectAccess", "ServicesRequiringReadObjectAccess", "ServicesRequiringWriteObjectAccess", "AccessAllowedIpRanges" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-1h1tuxn2oxrtf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DynamoDB From Backup", "description": "Create an Amazon DynamoDB stack from backup.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobDynamoDB.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobDynamoDB" ], "default": "AWSManagedServices-StartRestoreJobDynamoDB" }, "Region": { "description": "The AWS Region in which the DynamoDB table is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the recovery point to restore.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "TargetTableName": { "description": "The name of the new table to which the backup must be restored. The target table name is case sensitive and must contain from 3 to 255 alphanumeric characters, hyphens, underscores or dots.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-\\.]{3,255}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupVaultName", "RecoveryPointArn", "TargetTableName" ] }, "additionalProperties": false, "required": [ "BackupVaultName", "RecoveryPointArn", "TargetTableName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1h5xgl9cr4bzy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start stack", "description": "Use to start all stopped EC2 instances in the specified stack.", "type": "object", "properties": { "StackId": { "description": "ID of the stack to start, in the form stack-a1b2c3d4e5f67890e. All stopped EC2 instances in the stack will be started.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" } }, "additionalProperties": false, "required": [ "StackId" ] }

Schema for Change Type ct-1hzofpphabs3i

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Public DNS Record Sets", "description": "Update an existing Route 53 DNS Hosted Zone with the supplied resource record set.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the Stack.", "type": "object", "properties": { "HostedZoneId": { "description": "The HostedZoneId that is to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^[a-zA-Z][a-zA-Z0-9]{1,32}$" }, "StackId": { "description": "The StackId that is required to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^stack-[a-z0-9]{17}$" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "HostedZoneId", "StackId", "RecordSet" ] }, "required": [ "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1i20abktsm05v

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add AD Group To AD Group", "description": "Add an Active Directory (AD) group in the trusted domain to an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddADGroupToADGroup-Admin.", "type": "string", "enum": [ "AWSManagedServices-AddADGroupToADGroup-Admin" ], "default": "AWSManagedServices-AddADGroupToADGroup-Admin" }, "Region": { "description": "The AWS Region where the AMS managed AD is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "NestedGroupName": { "description": "The name of the group in the trusted AD to be added to a group in the AMS managed AD.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "GroupName": { "description": "The name of the AD group that the nested group is added to. The group must exist in AMS managed AD and must belong to the CustomerGroups OU. The group scope must be DomainLocal.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "TrustedDomainFQDN": { "description": "The fully qualified domain name (FQDN) of your domain.", "type": "array", "items": { "type": "string", "pattern": "(?![aA][0-9]{12}.[aA][mM][aA][zZ][oO][nN][aA][wW][sS].[cC][oO][mM])^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "NestedGroupName", "GroupName", "TrustedDomainFQDN" ] }, "required": [ "NestedGroupName", "GroupName", "TrustedDomainFQDN" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1icghmq38rnsn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete AD DNS Conditional Forwarder", "description": "Delete AD DNS conditional forwarder for a remote domain. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteADDNSConditionalForwarder-Admin.", "type": "string", "enum": [ "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin" ], "default": "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RemoteDomainName": { "description": "The fully qualified domain name (FQDN) of the remote domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RemoteDomainName" ] }, "additionalProperties": false, "required": [ "RemoteDomainName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1icrtx8ydvdwe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove DNS Record", "description": "Remove the specified DNS resource record name, either an A or CNAME, or pointer record (PTR), from the specified DNS zone. By default, only the static record is removed per specified RecordName for A or CNAME records. Use the RecordData parameter to remove duplicates if there are multiple records with the same Host Name (RecordType A), either dynamic or static. For a PTR record type, all the static and dynamic records will be removed. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-RemoveDNSRecord-Admin", "type": "string", "enum": [ "AWSManagedServices-RemoveDNSRecord-Admin" ], "default": "AWSManagedServices-RemoveDNSRecord-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecordName": { "description": "The name of the DNS record (A or CNAME). If it is a pointer record (PTR), provide the IPv4 address.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\-]{1,63}$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" }, "minItems": 1, "maxItems": 1 }, "RecordType": { "description": "The resource record type (A, CNAME, or PTR).", "type": "array", "items": { "type": "string", "enum": [ "A", "CNAME", "PTR" ] }, "minItems": 1, "maxItems": 1 }, "RecordData": { "description": "The IPv4 address. Use this parameter when there are multiple records with the same hostname.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$", "default": "" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecordName", "RecordType", "RecordData" ] }, "additionalProperties": false, "required": [ "RecordName", "RecordType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1j3503fres5a5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account VPC", "description": "Create a VPC with up to 10 private subnets and up to 5 optional public subnets per availability zone (AZ) for two or three AZ's.", "type": "object", "properties": { "VpcName": { "description": "A meaningful name for the VPC. Must be unique within this application account.", "type": "string" }, "Parameters": { "type": "object", "properties": { "NumberOfAZs": { "description": "The number of availability zones (AZs) that the VPC supports. Options are 2 or 3.", "type": "number", "minimum": 2, "maximum": 3 }, "VPCCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) for the VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "RouteType": { "description": "The AWS Transit Gateway application route table connection type. For this VPC to accept connections from other VPCs, use routable. For it to not accept those connections, use isolated. The default is routable.", "type": "string", "enum": [ "isolated", "routable" ], "default": "routable" }, "TransitGatewayApplicationRouteTableName": { "description": "The existing AWS Transit Gateway route table for this application account VPC. The default is defaultAppRouteDomain. To create a new application route table, use the Create Application Route Table change type.", "type": "string", "default": "defaultAppRouteDomain" }, "PublicSubnetAZ1CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ2CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ3CIDR": { "description": "The CIDR for the optional first public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ1CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ2CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ3CIDR": { "description": "The CIDR for the optional second public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ1CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ2CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ3CIDR": { "description": "The CIDR for the optional third public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ1CIDR": { "description": "The CIDR for the first private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ2CIDR": { "description": "The CIDR for the first private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ3CIDR": { "description": "The CIDR for the first private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ1CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ2CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ3CIDR": { "description": "The CIDR for the optional second private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ1CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ2CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ3CIDR": { "description": "The CIDR for the optional third private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ1CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ2CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ3CIDR": { "description": "The CIDR for the optional sixth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ1CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ2CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ3CIDR": { "description": "The CIDR for the optional seventh private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ1CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ2CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ3CIDR": { "description": "The CIDR for the optional eighth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ1CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ2CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ3CIDR": { "description": "The CIDR for the optional ninth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ1CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ2CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ3CIDR": { "description": "The CIDR for the optional tenth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" } }, "metadata": { "ui:order": [ "VPCCIDR", "NumberOfAZs", "RouteType", "TransitGatewayApplicationRouteTableName", "PublicSubnetAZ1CIDR", "PublicSubnetAZ2CIDR", "PublicSubnetAZ3CIDR", "PublicSubnet2AZ1CIDR", "PublicSubnet2AZ2CIDR", "PublicSubnet2AZ3CIDR", "PublicSubnet3AZ1CIDR", "PublicSubnet3AZ2CIDR", "PublicSubnet3AZ3CIDR", "PublicSubnet4AZ1CIDR", "PublicSubnet4AZ2CIDR", "PublicSubnet4AZ3CIDR", "PublicSubnet5AZ1CIDR", "PublicSubnet5AZ2CIDR", "PublicSubnet5AZ3CIDR", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "PrivateSubnet1AZ3CIDR", "PrivateSubnet2AZ1CIDR", "PrivateSubnet2AZ2CIDR", "PrivateSubnet2AZ3CIDR", "PrivateSubnet3AZ1CIDR", "PrivateSubnet3AZ2CIDR", "PrivateSubnet3AZ3CIDR", "PrivateSubnet4AZ1CIDR", "PrivateSubnet4AZ2CIDR", "PrivateSubnet4AZ3CIDR", "PrivateSubnet5AZ1CIDR", "PrivateSubnet5AZ2CIDR", "PrivateSubnet5AZ3CIDR", "PrivateSubnet6AZ1CIDR", "PrivateSubnet6AZ2CIDR", "PrivateSubnet6AZ3CIDR", "PrivateSubnet7AZ1CIDR", "PrivateSubnet7AZ2CIDR", "PrivateSubnet7AZ3CIDR", "PrivateSubnet8AZ1CIDR", "PrivateSubnet8AZ2CIDR", "PrivateSubnet8AZ3CIDR", "PrivateSubnet9AZ1CIDR", "PrivateSubnet9AZ2CIDR", "PrivateSubnet9AZ3CIDR", "PrivateSubnet10AZ1CIDR", "PrivateSubnet10AZ2CIDR", "PrivateSubnet10AZ3CIDR" ] }, "additionalProperties": false, "required": [ "VPCCIDR", "NumberOfAZs", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR" ] } }, "metadata": { "ui:order": [ "VpcName", "Parameters" ] }, "additionalProperties": false, "required": [ "VpcName", "Parameters" ] }

Schema for Change Type ct-1k3oui719dcju

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Lambda Execution Role", "description": "Create an Lambda execution role to use with Lambda Function. Each ARN specified in the parameters creates a part of the IAM policy. Use the Preview option to see what the completed, generated, policy looks like before it is created and implemented.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateIAMRole-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleCreateIAMRole-Admin" ], "default": "AWSManagedServices-HandleCreateIAMRole-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ServicePrincipal": { "description": "Must be lambda.amazonaws.com. This establishes the trust relationship with the Lambda service for this role.", "type": "string", "enum": [ "lambda.amazonaws.com" ], "default": "lambda.amazonaws.com" }, "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^(?![aA][mMwW][sS]|customer-mc|managementhost|ms-)[a-zA-Z0-9_+=,.@-]{1,64}$" }, "RolePath": { "description": "A path for the IAM role, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$" }, "Preview": { "description": "Yes to preview the IAM role policy created with the specified parameter values, without creating the role; No to not preview it but to create and implement the role. The preview is provided as a JSON in the execution output. In order to implement the policy after preview, create a copy of the RFC and set the Preview parameter to No, then submit.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "LambdaFunctionArns": { "description": "A list of Amazon resource names (ARNs) of Lambda functions. Scopes down the policy for read/write access to default CloudWatch log groups for Lambda functions.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):lambda:[a-z0-9-]+:[0-9]{12}:function:.+)$|^$" }, "minItems": 1, "maxItems": 50 }, "VPCAccess": { "description": "Yes to connect your function to the account VPC to access private resources while the function is running. No to not connect your function to the account VPC. For details, see the AWS documentation on configuring a Lambda function.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "S3ReadAccess": { "description": "A list of Amazon resource names (ARNs) of S3 buckets. Scopes down the policy for S3 read access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|(^$)" }, "maxItems": 50 }, "S3WriteAccess": { "description": "A list of S3 bucket ARNs. Scopes down the policy for S3 write access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|^[*]$|(^$)" }, "maxItems": 50 }, "KMSReadAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for KMS read access to the given KMS keys only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.+)$|^$" }, "maxItems": 50 }, "KMSCryptographicOperationAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for cryptographic operation access to the given ARNs only.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "maxItems": 50 }, "SSMReadAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM read access to the given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "SSMWriteAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM write access to given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "CloudWatchLogsReadAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for read access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "CloudWatchLogsWriteAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for write access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmReadAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for read access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmWriteAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for write access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchMetricsReadAccess": { "description": "For read access to metrics, use an asterisk ( * ). Scopes down the policy for read access to all CloudWatch metrics.", "type": "array", "items": { "type": "string", "pattern": "^[*]$|^$" }, "maxItems": 50 }, "CloudWatchMetricsWriteAccess": { "description": "A list of CloudWatch metric namespaces. Scopes down the policy for write access to given CoudWatch metric namespaces only.", "type": "array", "items": { "type": "string", "pattern": "(.*?)|^$" }, "maxItems": 50 }, "SecretsManagerReadAccess": { "description": "A list of Secrets Manager secret ARNs. Scopes down the policy for read access to given secrets only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:.+)$|^$" }, "maxItems": 50 }, "SNSReadAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SNSWriteAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "SQSReadAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SQSWriteAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "DynamoDBResourceReadAccess": { "description": "A list of DynamoDB resource ARNs. Scopes down the policy for DynamoDB read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "DynamoDBDataReadWriteAccess": { "description": "A list of DynamoDB table ARNs. Scopes down the policy for DynamoDB data read and write access to given tables only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:table/.+)$|^$" }, "maxItems": 50 }, "LambdaReadAccess": { "description": "A list of Lambda function arns. Scopes down the policy for read access to given Lambda functions only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):lambda:[a-z0-9-]+:[0-9]{12}:function:.+)$|^$" }, "maxItems": 50 }, "LambdaInvokeAccess": { "description": "A list of Lambda function arns. Scopes down the policy for invoke access to given Lambda functions only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):lambda:[a-z0-9-]+:[0-9]{12}:function:.+)$|^$" }, "maxItems": 50 }, "EventsReadAccess": { "description": "A list of EventBridge event bus, rule arns or both. Scopes down the policy for read access to given EventBridge event bus, rule arns or both.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):events:[a-z0-9-]+:[0-9]{12}:(event-bus|rule)/.+)$|^$" }, "maxItems": 50 }, "EventsWriteAccess": { "description": "A list of EventBridge event bus, rule arns or both. Scopes down the policy for write access to given EventBridge event bus, rule arns or both.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):events:[a-z0-9-]+:[0-9]{12}:(event-bus|rule)/.+)$|^$" }, "maxItems": 50 }, "STSAssumeRole": { "description": "A list of IAM role ARNs. Scopes down the policy for STS assume role to given IAM roles only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):iam::[0-9]{12}:role/.+)$|^$" }, "maxItems": 50 }, "AdditionalPolicy": { "description": "An additional policy document, as a JSON that is less permissive than the AMS baseline policy. For details on AMS baseline policy see AMS documentation.", "type": "string", "pattern": "^[\\s\\S]*$", "maxLength": 10240 } }, "metadata": { "ui:order": [ "ServicePrincipal", "RoleName", "RolePath", "Preview", "LambdaFunctionArns", "VPCAccess", "S3ReadAccess", "S3WriteAccess", "KMSReadAccess", "KMSCryptographicOperationAccess", "SSMReadAccess", "SSMWriteAccess", "CloudWatchLogsReadAccess", "CloudWatchLogsWriteAccess", "CloudWatchAlarmReadAccess", "CloudWatchAlarmWriteAccess", "CloudWatchMetricsReadAccess", "CloudWatchMetricsWriteAccess", "SecretsManagerReadAccess", "SNSReadAccess", "SNSWriteAccess", "SQSReadAccess", "SQSWriteAccess", "DynamoDBResourceReadAccess", "DynamoDBDataReadWriteAccess", "LambdaReadAccess", "LambdaInvokeAccess", "EventsReadAccess", "EventsWriteAccess", "STSAssumeRole", "AdditionalPolicy" ] }, "required": [ "ServicePrincipal", "RoleName", "LambdaFunctionArns", "Preview", "VPCAccess" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1ksyoxreh35tu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Custom OUs", "description": "Create multiple custom AWS organizational units (OU) under the following paths, \"customer-managed\", \"applications:managed\", \"applications:tools\" and \"applications:development\".", "type": "object", "properties": { "CustomOUPaths": { "description": "The OU path to create. For example: customer-managed:ActiveDirectory or applications:managed:SAP. There is a maximum of five nested OUs starting from the first OU, and you can only create 10 OUs per RFC. For information on creating an OU path, please refer to AWS documentation.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 10, "uniqueItems": true } }, "metadata": { "ui:order": [ "CustomOUPaths" ] }, "additionalProperties": false, "required": [ "CustomOUPaths" ] }

Schema for Change Type ct-1malj7snzxrkr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create an Amazon Redshift cluster", "description": "Create an Amazon Redshift cluster that is a fully managed data warehouse that consists of a set of compute nodes.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-n8kpln6rtg1eiq83b", "type": "string", "enum": [ "stm-n8kpln6rtg1eiq83b" ], "default": "stm-n8kpln6rtg1eiq83b" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "ClusterIdentifier": { "type": "string", "description": "A unique identifier for the cluster.", "pattern": "^$|^[a-z]+(-?[a-z0-9]+)+$", "default": "", "minLength": 0, "maxLength": 63 }, "ClusterType": { "type": "string", "description": "The type of cluster. On a single-node cluster, the node is shared for leader and compute functionality. On a multi-node cluster, the leader node is separate from the compute nodes.", "enum": [ "single-node", "multi-node" ], "default": "multi-node" }, "IamRoles": { "type": "string", "description": "A comma delimited list of up to 10 AWS Identity and Access Management (IAM) roles that the cluster can use to access other AWS services. Supply the IAM roles by their Amazon Resource Name (ARN), in the form arn:aws:iam::000000000000:role/customer_redshift_role. The role name must be prefixed with \"customer\". Leave blank to not attach any roles to the cluster.", "pattern": "^(arn:aws:iam::[0-9]{12}:role/customer[\\w-]+)(,arn:aws:iam::[0-9]{12}:role/customer[\\w-]+){0,9}$|^$", "default": "" }, "ParameterGroupName": { "type": "string", "description": "The name of an existing Amazon Redshift parameter group.", "default": "" }, "NumberOfNodes": { "type": "string", "description": "The number of compute nodes in the cluster. Only applicable if ClusterType = multi-mode.", "pattern": "^([2-9]|[1-8][0-9]|9[0-9]|100)$|^$", "default": "2" }, "NodeType": { "type": "string", "description": "The type of an Amazon Redshift cluster node. The node type determines the CPU, RAM, storage capacity, and storage drive type for each node.", "enum": [ "ds2.xlarge", "ds2.8xlarge", "dc2.large", "dc2.8xlarge", "dc1.large", "dc1.8xlarge", "ra3.4xlarge", "ra3.16xlarge" ], "default": "dc2.large" }, "ClusterSubnetGroup": { "type": "string", "description": "The name of an existing Amazon Redshift subnet group.", "pattern": "^[a-zA-Z0-9._-]{1,255}$" }, "DatabaseName": { "type": "string", "description": "The name of the first database to be created when the cluster is created.", "pattern": "^[a-zA-Z0-9]{1,64}$" }, "MasterUsername": { "type": "string", "description": "The name that you use with the configured MasterUserPassword to log in to an Amazon Redshift cluster. Must begin with a letter and contain from 1 to 128 alphanumeric characters.", "pattern": "^[a-zA-Z][a-zA-Z0-9]{0,127}$" }, "MasterUserPassword": { "type": "string", "description": "The password that you use with the configured MasterUsername to log in to an Amazon Redshift cluster. Must contain from 8 to 64 printable ASCII characters including at least one uppercase letter, one lowercase letter, and one decimal digit. It cannot contain backslash, forwardslash, single or double quotes, at sign, or whitespace.", "pattern": "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[^ \"@'/\\\\]{8,64}$", "maxLength": 64, "minLength": 8, "metadata": { "ams:sensitive": true } }, "AllowVersionUpgrade": { "type": "string", "description": "True to apply upgrades to the engine that is running on the cluster, during the maintenance window; false to not.", "enum": [ "true", "false" ], "default": "false" }, "SecurityGroups": { "type": "array", "description": "The identifiers of the security groups to control traffic to and from the Redshift cluster.", "items": { "type": "string", "pattern": "^sg-(?=.*[a-z])(?=.*[0-9])(?:.{8}|.{17})$|^$", "default": "" }, "uniqueItems": true }, "DatabasePortNumber": { "type": "integer", "description": "The port number on which the cluster accepts incoming connections.", "default": 5439, "minimum": 1150, "maximum": 65535 }, "AutomatedSnapshotRetentionPeriod": { "type": "integer", "description": "The number of days that automated snapshots are retained. The default is to retain 7 days of snapshots, and the maximum value is 35 days. To disable automated snapshot, use 0.", "default": 7, "minimum": 0, "maximum": 35 }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range (in UTC) during which automated cluster maintenance can occur. The format of the time range is ddd:hh24:mi-ddd:hh24:mi. Leave blank to allow Amazon Redshift to choose the suitable maintenance window.", "pattern": "^[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$|^$", "default": "" }, "KmsKeyId": { "type": "string", "description": "The ID of the AWS Key Management Service (AWS KMS) key that you want to use to encrypt data in the cluster. Leave blank to not encrypt data.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" } }, "metadata": { "ui:order": [ "ClusterIdentifier", "DatabaseName", "DatabasePortNumber", "MasterUsername", "MasterUserPassword", "NodeType", "ClusterType", "NumberOfNodes", "ParameterGroupName", "ClusterSubnetGroup", "SecurityGroups", "AllowVersionUpgrade", "AutomatedSnapshotRetentionPeriod", "PreferredMaintenanceWindow", "IamRoles", "KmsKeyId" ] }, "required": [ "ClusterSubnetGroup", "DatabaseName", "MasterUsername", "MasterUserPassword" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1n323w7eu27u9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Pause Redshift Cluster", "description": "Pause an Amazon Redshift cluster. If a recent snapshot is not available, a temporary manual snapshot is created with a retention period of one day. This snapshot is deleted towards the end of execution for both success and failure scenarios. It is safe for AMS to delete this snapshot as pausing the cluster creates an automated snapshot by default.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-PauseRedshiftCluster.", "type": "string", "enum": [ "AWSManagedServices-PauseRedshiftCluster" ], "default": "AWSManagedServices-PauseRedshiftCluster" }, "Region": { "description": "The AWS Region in which the Amazon Redshift cluster is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ClusterIdentifier": { "description": "The Amazon Redshift cluster identifier. For example, myred-cluster-1.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "minLength": 1, "maxLength": 63 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ClusterIdentifier" ] }, "additionalProperties": false, "required": [ "ClusterIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1n9gfnog5x7fl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Entity or Policy (read-write permissions)", "description": "Create Identity and Access Management (IAM) role or policy with read-write permissions. You must have enabled this feature with change type ct-1706xvvk6j9hf before submitting this request. Automated IAM provisioning with read-write permissions runs over 200 validations to help ensure successful outcomes.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAutomatedIAMProvisioningCreate-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAutomatedIAMProvisioningCreate-Admin" ], "default": "AWSManagedServices-HandleAutomatedIAMProvisioningCreate-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ValidateOnly": { "description": "Yes to only validate the IAM entity or policy with the specified parameter values, without creating the entity or policy; No to validate and create the entity or policy. The validation result is provided as a JSON in the execution output. In order to implement after validation, create a copy of the RFC and set the ValidateOnly parameter to No, then submit.", "type": "string", "enum": [ "Yes", "No" ], "default": "No" } }, "additionalProperties": false, "metadata": { "ui:order": [ "ValidateOnly" ] }, "required": [ "ValidateOnly" ] }, "RoleDetails": { "type": "object", "properties": { "Roles": { "description": "Add a role.", "type": "array", "items": { "type": "object", "properties": { "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, hyphen and underscore.", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,64}$" }, "Description": { "description": "A meaningful description for the role.", "type": "string", "minLength": 0, "maxLength": 5200, "default": "" }, "AssumeRolePolicyDocument": { "description": "A JSON policy document that you want to associate with the role, defining which entities can assume the role. This is known as the Assume role policy. Paste the contents into the input.", "type": "string", "minLength": 2, "maxLength": 131072 }, "ManagedPolicyArns": { "description": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. Both AWS managed policies and customer managed policies are allowed. If you create a managed policy in this RFC and wish to attach to this role then list the policy here in the form arn:aws:iam::AccountId:policy/NameOfYourPolicy.", "type": "array", "items": { "type": "string", "pattern": "^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$|^arn:[\\w+=/,.@-]+:iam::aws:policy(/[\\w+=/,.@-]+)?$" }, "minItems": 0, "maxItems": 20 }, "Path": { "description": "A path for the IAM role, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$|^$", "minLength": 0, "maxLength": 512 }, "MaxSessionDuration": { "description": "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 4 hours. The MaxSessionDuration time begins with the assumption of the role.", "type": "string", "default": "3600", "pattern": "^(360\\d|36[1-9]\\d|3[7-9]\\d{2}|[4-9]\\d{3}|1[0-3]\\d{3}|14[0-3]\\d{2}|14400)$" }, "PermissionsBoundary": { "description": "The ARN of the policy used to set the permissions boundary for the role. A permissions boundary uses a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity.", "type": "string", "default": "", "pattern": "^$|^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$" }, "InstanceProfile": { "description": "Yes to create an instance profile and associate the role with it. No to not create an instance profile.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "Description", "AssumeRolePolicyDocument", "ManagedPolicyArns", "Path", "MaxSessionDuration", "PermissionsBoundary", "InstanceProfile" ] }, "required": [ "RoleName", "AssumeRolePolicyDocument" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Roles" ] } }, "ManagedPolicyDetails": { "type": "object", "properties": { "Policies": { "description": "Add a customer managed policy. To attach a policy to a role created in this RFC, provide the policy in ARN format (arn:aws:iam::AccountId:policy/NameOfYourPolicy) in the ManagedPolicyArns field of the role. Alternatively, use ct-1e0xmuy1diafq to update the role and attach the policy.", "type": "array", "items": { "type": "object", "properties": { "ManagedPolicyName": { "description": "A name for the IAM policy. The name can be up to 122 characters in length, and is limited to use characters a-z, A-Z, 0-9, hyphen and underscore.", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,122}$" }, "Description": { "description": "A meaningful description for the policy.", "type": "string", "minLength": 0, "maxLength": 5200, "default": "" }, "Path": { "description": "A path for the policy, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$|^$", "minLength": 0, "maxLength": 512 }, "PolicyDocument": { "description": "The JSON policy document that you want to use as the content for the new policy. Paste the content into the input field.", "type": "string", "minLength": 2, "maxLength": 131072 } }, "additionalProperties": false, "metadata": { "ui:order": [ "ManagedPolicyName", "Description", "Path", "PolicyDocument" ] }, "required": [ "ManagedPolicyName", "PolicyDocument" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Policies" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters", "RoleDetails", "ManagedPolicyDetails" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1o1x2itfd6rk8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update EC2 stack (with additional volumes)", "description": "Use to modify the properties of an EC2 instance created using CT id ct-1aqsjf86w6vxg, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the EC2 Instance, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the EC2 instance with additional volumes that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the EC2 instance with additional volumes.", "type": "object", "properties": { "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instance, false to use only basic monitoring.", "type": "boolean" }, "InstanceEBSOptimized": { "description": "True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization. Updates will stop and start Amazon EBS-backed instances.", "type": "boolean" }, "InstanceProfile": { "description": "An IAM instance profile name defined in your account for the EC2 instance.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^customer[\\w-]{1,120}$" }, "InstanceSecondaryPrivateIpAddressCount": { "description": "The number of secondary private IP addresses that EC2 automatically assigns to the primary network interface. The number of secondary IP addresses that can be assigned is dependent on the type of instance used.", "type": "integer", "minimum": 0 }, "InstanceTerminationProtection": { "description": "True to prevent the instance from being terminated through the API, false to allow it. Termination protection must be disabled before deleting the stack or performing an update where instance replacement is required, otherwise failures will occur.", "type": "boolean" }, "InstanceType": { "description": "The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization. Changing the instance type will result in instance stop and start.", "type": "string" }, "InstanceUserData": { "description": "A newline-delimited string where each line is part of the script to be run on boot. Changing the UserData will result in instance stop and start. Note: Existing instances do not pick up changes in UserData automatically, in order for the instance to execute modified UserData you must perform additional changes by logging in to the instance.", "type": "string", "maxLength": 4096 }, "Volume1Iops": { "type": "integer", "description": "The Iops to use for Volume1 if Volume1Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume1KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume1. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume1. Updates are not supported. Use only if Volume1 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume1Name": { "type": "string", "description": "The device name for Volume1 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume1. Leave blank to skip creation of Volume1. Updates are not supported. Use only if Volume1 is a new volume." }, "Volume1Size": { "type": "integer", "description": "The size of Volume1 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume1Snapshot": { "type": "string", "description": "Snapshot ID for Volume1. Updates are not supported. Use only if Volume1 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume2Iops": { "type": "integer", "description": "The Iops to use for Volume2 if Volume2Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume2KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume2. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume2. Updates are not supported. Use only if Volume2 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume2Name": { "type": "string", "description": "The device name for Volume2 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume2. Leave blank to skip creation of Volume2. Updates are not supported. Use only if Volume2 is a new volume." }, "Volume2Size": { "type": "integer", "description": "The size of Volume2 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume2Snapshot": { "type": "string", "description": "Snapshot ID for Volume2. Updates are not supported. Use only if Volume2 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume3Iops": { "type": "integer", "description": "The Iops to use for Volume3 if Volume3Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume3KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume3. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume3. Updates are not supported. Use only if Volume3 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume3Name": { "type": "string", "description": "The device name for Volume3 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume3. Leave blank to skip creation of Volume3. Updates are not supported. Use only if Volume3 is a new volume." }, "Volume3Size": { "type": "integer", "description": "The size of Volume3 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume3Snapshot": { "type": "string", "description": "Snapshot ID for Volume3. Updates are not supported. Use only if Volume3 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume4Iops": { "type": "integer", "description": "The Iops to use for Volume4 if Volume4Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume4KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume4. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume4. Updates are not supported. Use only if Volume4 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume4Name": { "type": "string", "description": "The device name for Volume4 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume4. Leave blank to skip creation of Volume4. Updates are not supported. Use only if Volume4 is a new volume." }, "Volume4Size": { "type": "integer", "description": "The size of Volume4 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume4Snapshot": { "type": "string", "description": "Snapshot ID for Volume4. Updates are not supported. Use only if Volume4 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume5Iops": { "type": "integer", "description": "The Iops to use for Volume5 if Volume5Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume5KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume5. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume5. Updates are not supported. Use only if Volume5 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume5Name": { "type": "string", "description": "The device name for Volume5 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume5. Leave blank to skip creation of Volume5. Updates are not supported. Use only if Volume5 is a new volume." }, "Volume5Size": { "type": "integer", "description": "The size of Volume5 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume5Snapshot": { "type": "string", "description": "Snapshot ID for Volume5. Updates are not supported. Use only if Volume5 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceType", "InstanceUserData", "InstanceSecondaryPrivateIpAddressCount", "InstanceTerminationProtection", "Volume1Name", "Volume1Size", "Volume1Type", "Volume1KmsKeyId", "Volume1Iops", "Volume1Snapshot", "Volume2Name", "Volume2Size", "Volume2Type", "Volume2KmsKeyId", "Volume2Iops", "Volume2Snapshot", "Volume3Name", "Volume3Size", "Volume3Type", "Volume3KmsKeyId", "Volume3Iops", "Volume3Snapshot", "Volume4Name", "Volume4Size", "Volume4Type", "Volume4KmsKeyId", "Volume4Iops", "Volume4Snapshot", "Volume5Name", "Volume5Size", "Volume5Type", "Volume5KmsKeyId", "Volume5Iops", "Volume5Snapshot" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-1opjmhuddw194

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Developer Mode", "description": "Enable Developer Mode for an existing application account. Note that, in Developer mode, you are responsible for monitoring infrastructure resources that are provisioned outside of the AMS change management process.", "type": "object", "properties": { "ApplicationAccountId": { "description": "The account ID of the application account to have Developer mode enabled.", "type": "string", "pattern": "^[0-9]{12}$" } }, "metadata": { "ui:order": [ "ApplicationAccountId" ] }, "additionalProperties": false, "required": [ "ApplicationAccountId" ] }

Schema for Change Type ct-1oxx2g2d7hc90

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Security Group (review required)", "description": "Create a security group, and optionally associate it with AWS resources.", "type": "object", "properties": { "VpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the security group. The name can be up to 255 characters in length, and is limited to these characters a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*. The name cannot start with \"sg-\", and must be unique within the VPC.", "type": "string", "minLength": 1, "maxLength": 255 }, "Description": { "description": "Meaningful information about the security group. The description can be up to 255 characters in length, and is limited to these characters a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*.", "type": "string", "minLength": 1, "maxLength": 255 }, "AssociatedResources": { "description": "AWS resources to associate the security group to. For example, EC2 instance IDs, RDS DB instance IDs, Load Balancer names, DSM replication instance names, EFS mount target IDs, ElastiCache cluster IDs.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 64 }, "minItems": 0, "maxItems": 10, "uniqueItems": true }, "InboundRules": { "description": "Inbound rules for the security group. No inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. For a port range of all ports, specify -1.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Source": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To use this security group, specify self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "minLength": 1, "maxLength": 64 }, "Description": { "description": "A meaningful description of the inbound rule.", "type": "string", "minLength": 0, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Source", "Description" ] }, "required": [ "Protocol", "PortRange", "Source" ] }, "minItems": 0, "maxItems": 50 }, "OutboundRules": { "description": "Outbound rules for the security group. No outbound traffic originating from your instance is allowed until you add outbound rules.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. For a port range of all ports, specify -1.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Destination": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To use this security group, specify self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "minLength": 1, "maxLength": 64 }, "Description": { "description": "A meaningful description of the outbound rule.", "type": "string", "minLength": 0, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Destination", "Description" ] }, "required": [ "Protocol", "PortRange", "Destination" ] }, "minItems": 0, "maxItems": 50 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the security group.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "Name", "Description", "AssociatedResources", "InboundRules", "OutboundRules", "Priority", "Tags" ] }, "required": [ "VpcId", "Name", "Description" ] }

Schema for Change Type ct-1pvlhug439gl2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Associate Private IP Addresses", "description": "Associate one or more secondary private IP addresses to the specified network interface.", "type": "object", "properties": { "NetworkInterfaceId": { "description": "The ID of the network interface, in the form eni-0123456789abcdef0.", "type": "string", "pattern": "^eni-[a-f0-9]{17}" }, "PrivateIpAddresses": { "description": "The IP addresses to be associated as a secondary private IP addresses to the network interface, for example, '10.0.0.82', '10.0.0.83'.", "type": "array", "items": { "type": "string", "pattern": "^(10(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){3}|((172\\.(1[6-9]|2[0-9]|3[01]))|192\\.168)(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){2})$" }, "minItems": 1, "maxItems": 50 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "NetworkInterfaceId", "PrivateIpAddresses", "Priority" ] }, "required": [ "NetworkInterfaceId", "PrivateIpAddresses" ], "additionalProperties": false }

Schema for Change Type ct-1pybwg08h8qsz

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disable malware scans", "description": "Use to disable periodic malware full system scan feature in all EC2 instances deployed in a single VPC.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to disable periodic malware scans on, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "VpcId", "Priority" ] }, "additionalProperties": false, "required": [ "VpcId" ] }

Schema for Change Type ct-1q8q56cmwqj9m

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete an ACM Certificate", "description": "Delete an AWS Certificate Manager (ACM) certificate that is currently not in use and not managed by AMS.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteACMCertificate.", "type": "string", "enum": [ "AWSManagedServices-DeleteACMCertificate" ], "default": "AWSManagedServices-DeleteACMCertificate" }, "Region": { "description": "The AWS Region of the ACM certificate, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "CertificateARN": { "description": "The Amazon Resource Name (ARN) of the certificate to delete.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "maxItems": 1 } }, "additionalProperties": false, "required": [ "CertificateARN" ], "metadata": { "ui:order": [ "CertificateARN" ] } } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1r19m51jeijlk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create target group for ALB", "description": "Use to create a target group for an Application Load Balancer.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-9c1t8maqho0os5k22", "type": "string", "enum": [ "stm-9c1t8maqho0os5k22" ], "default": "stm-9c1t8maqho0os5k22" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "ApplicationLoadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the application load balancer in the form arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id. This is used to create CloudWatch alarms that trigger if the Target Group contains no healthy instances.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:loadbalancer/app/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$", "default": "" }, "HealthCheckUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health check failure required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$", "default": "" }, "HealthCheckInterval": { "type": "integer", "description": "The approximate interval, in seconds, between health checks. The supported values are 5 seconds to 300 seconds.", "default": 30, "minimum": 5, "maximum": 300 }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "60|[1-5]{1}[0-9]{1}|[2-9]{1}|^$", "default": "" }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests.", "default": "/" }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]|traffic-port|", "default": "" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "ValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^$|([2-4]{1}[0-9]{2}($|-|,))+", "default": "200" }, "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "80" }, "Name": { "type": "string", "description": "A name for the target group. This name must be unique per account, per region.", "pattern": "[0-9a-zA-Z\\-]{0,32}", "default": "" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})", "default": "300" }, "SlowStartDuration": { "type": "string", "description": "The time period, in seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic.", "pattern": "[3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0|", "default": "" }, "StickinessCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "[1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800|", "default": "" }, "TargetType": { "type": "string", "description": "The registration type of the targets; determines how you specify the TargetGroup targets. If you choose instance, you specify the targets by instance ID. If you choose ip, you specify the targets by IP address. After you create a target group, you cannot change its target type.", "enum": [ "instance", "ip" ], "default": "instance" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target1ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target2ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target3ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target4ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target5ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target5Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target5AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target5ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target6ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target6Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target6AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target6ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target7ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target7Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target7AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target7ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target8ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target8Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target8AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target8ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" } }, "metadata": { "ui:order": [ "Name", "InstancePort", "InstanceProtocol", "ApplicationLoadBalancerArn", "DeregistrationDelayTimeout", "SlowStartDuration", "StickinessCookieExpirationPeriod", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckUnhealthyThreshold", "HealthCheckInterval", "HealthCheckTimeout", "ValidHTTPCode", "TargetType", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone", "Target5ID", "Target5Port", "Target5AvailabilityZone", "Target6ID", "Target6Port", "Target6AvailabilityZone", "Target7ID", "Target7Port", "Target7AvailabilityZone", "Target8ID", "Target8Port", "Target8AvailabilityZone" ] }, "additionalProperties": false, "required": [ "InstancePort", "InstanceProtocol", "ApplicationLoadBalancerArn" ] } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1r1vbr8ahr156

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Recovery Points", "description": "Delete one or more recovery points (snapshots) from the specified vault. Use this change type to delete recovery points that were manually created, and recovery points that were created through a backup plan, and that are older than 30 days. The deletion of recovery points cannot be rolled back.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteRecoveryPoints.", "type": "string", "enum": [ "AWSManagedServices-DeleteRecoveryPoints" ], "default": "AWSManagedServices-DeleteRecoveryPoints" }, "Region": { "description": "The AWS Region in which the AWS Backup recovery point is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of the AWS Backup vault that contains the recovery point to delete.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "minItems": 1, "maxItems": 1 }, "RecoveryPointArns": { "description": "A list of up to 50 recovery points to delete.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 50, "minItems": 1, "uniqueItems": true } }, "metadata": { "ui:order": [ "BackupVaultName", "RecoveryPointArns" ] }, "additionalProperties": false, "required": [ "BackupVaultName", "RecoveryPointArns" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1taxucdyi84iy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Security Policy", "description": "Delete a security policy for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be DeleteSecurityPolicy.", "type": "string", "enum": [ "DeleteSecurityPolicy" ], "default": "DeleteSecurityPolicy" }, "Parameters": { "type": "object", "properties": { "SecurityPolicyName": { "description": "The name of the security policy. Must start with custom-sec-.", "type": "string", "pattern": "^custom-sec-[a-zA-Z0-9][a-zA-Z0-9-_]{0,51}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityPolicyName" ] }, "required": [ "SecurityPolicyName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RequestType", "Parameters" ] }, "required": [ "RequestType", "Parameters" ] }

Schema for Change Type ct-1urj94c3hdfu5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account Route Table", "description": "Create a custom AWS Transit Gateway (TGW) route table for the application accounts in the networking account. By default, the route table does not connect to the on-premise network, but contains preset routes. To request connections to the on-premise network, submit a Management|Other|Other|Update change type.", "type": "object", "properties": { "TransitGatewayApplicationRouteTableName": { "description": "A meaningful name for the TGW route table.", "type": "string" }, "AddPresetStaticRoutes": { "description": "True to create a route table with the default route (0.0.0.0/0) to the outbound (egress) VPC, and a route to the perimeter (DMZ) VPC and the shared services VPC. False to create an empty route domain with no routes. Default is true.", "type": "boolean", "default": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "TransitGatewayApplicationRouteTableName", "AddPresetStaticRoutes", "Priority" ] }, "additionalProperties": false, "required": [ "TransitGatewayApplicationRouteTableName" ] }

Schema for Change Type ct-1v9g9n30woc8h

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update StackSets Stack", "description": "Update an existing AWS CloudFormation (CFN) StackSets stack to deploy, or to update, the instances of the stack.", "type": "object", "properties": { "CloudFormationTemplate": { "description": "The CFN template that you configured to update the stack set. Copy the JSON and paste it into this field. You must provide a value for CloudFormationTemplate or for the CloudFormationTemplate parameter. Or, provide the CFN template content as an attachment in the correspondence after you create the RFC.", "type": "string", "minLength": 1, "pattern": "^(?![\\s]*https?)[\\S\\s]*$", "maxLength": 20000 }, "CloudFormationTemplateS3Endpoint": { "description": "The S3 bucket endpoint for the CloudFormation template that you want to use. The bucket must be in the same account as the endpoint, or have a presigned URL. You must provide a value for CloudFormationTemplate or for the CloudFormationTemplate parameter. Or, provide the CFN template content as an attachment in the correspondence after you create the RFC.", "type": "string", "minLength": 1, "pattern": "^[\\s]*https?://[\\S]*[\\s]*$|^[\\s]*$", "maxLength": 2047 }, "Parameters": { "description": "Add up to sixty parameters (parameter name/value pairs) to supply alternate values for parameters in your customized CloudFormation template. By providing the parameters this way, you can reuse your CloudFormation template with different parameter values when needed and can update any parameter value with the CFN Update stack set (review required) change type (ct-1v9g9n30woc8h).", "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string", "pattern": "[A-Za-z0-9]+$" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "Description": { "description": "Description of the StackSets stack to be updated", "type": "string", "minLength": 1, "maxLength": 1024 }, "Name": { "description": "Name of the StackSets stack to be updated.", "type": "string", "minLength": 1, "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "maxLength": 128 }, "OuId": { "description": "The ID of the AWS organizational unit for the stack instances being deployed. If you add a parent OU as a target, StackSets also adds any child OU as targets. To deploy the StackSets stack instances in all OUs, use 'all'", "type": "array", "items": { "type": "string", "pattern": "^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32}|all)$" }, "minItems": 1, "uniqueItems": true }, "Region": { "description": "The AWS Region of the resources you're updating in the form of us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the StackSets stack.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,128}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "CloudFormationTemplate", "CloudFormationTemplateS3Endpoint", "Parameters", "Region", "OuId", "Tags", "Priority" ] }, "required": [ "Name", "Region", "OuId" ] }

Schema for Change Type ct-1vbv99ko7bsrq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SQS", "description": "Use to create an Amazon Simple Queue Service instance for messages to be shared by system components.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-s1ejpr80000000000.", "type": "string", "enum": [ "stm-s1ejpr80000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "SQSDelaySeconds": { "description": "The time in seconds that the delivery of all messages in the queue will be delayed.", "type": "number", "minimum": 0, "maximum": 900, "default": 0 }, "SQSMaximumMessageSize": { "description": "The limit of how many bytes a message can contain before SQS rejects it.", "type": "number", "minimum": 1024, "maximum": 262144, "default": 262144 }, "SQSMessageRetentionPeriod": { "description": "The number of seconds SQS retains a message, from 60 (1 minute) to 1209600 (14 days).", "type": "number", "minimum": 60, "maximum": 1209600, "default": 345600 }, "SQSQueueName": { "description": "A name for the queue, case sensitive.", "type": "string", "pattern": "^[a-zA-Z0-9-_]{1,80}$", "minLength": 1, "maxLength": 80 }, "SQSReceiveMessageWaitTimeSeconds": { "description": "The number of seconds that the ReceiveMessage call waits for a message to arrive in the queue before returning a response. If the number of messages in the queue is extremely small, you might not receive any messages in a particular ReceiveMessage response; in that case you should repeat the request.", "type": "number", "minimum": 0, "maximum": 20, "default": 0 }, "SQSVisibilityTimeout": { "description": "The number of seconds that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request.", "type": "number", "minimum": 0, "maximum": 43200 } }, "additionalProperties": false, "required": [ "SQSQueueName" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-1vd3y4ygbqmfk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop DMS Replication Task", "description": "Stop a Database Migration Service (DMS) replication task. The specified task must be in the running state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopDmsTask.", "type": "string", "enum": [ "AWSManagedServices-StopDmsTask" ], "default": "AWSManagedServices-StopDmsTask" }, "Region": { "description": "The AWS Region where the DMS Replication Task was created, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ReplicationTaskArn": { "description": "The DMS replication task Amazon resource name (ARN).", "type": "array", "items": { "type": "string", "pattern": "arn:aws:dms:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:task:[A-Za-z0-9-]+$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "ReplicationTaskArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1vjbacfr4ufdv

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Revoke Ingress Rule", "description": "Revoke the ingress rule for the specified security group (SG). You must specify the configurations of the ingress rule that you are revoking. Note that, once revoked, the ingress rule is permanently deleted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RevokeSecurityGroupIngressRuleV3.", "type": "string", "enum": [ "AWSManagedServices-RevokeSecurityGroupIngressRuleV3" ], "default": "AWSManagedServices-RevokeSecurityGroupIngressRuleV3" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the ingress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Source": { "description": "An IP address range in CIDR notation, in the form 255.255.255.255/32; or the ID of another security group in the same Region; or self, to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8,17}$|^self$|^pl-\\w+|^[0-9]{12}\\/sg-[0-9a-f]{8,17}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Source" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Source" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1vq0f289r36ay

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Move Account To OU", "description": "Move an account under an AWS organizational unit (OU) to a different OU.", "type": "object", "properties": { "AccountId": { "description": "The unique identifier (ID) of the account that you want to move.", "type": "string", "pattern": "^[0-9]{12}$" }, "TargetOUPath": { "description": "The path of the target OU that you want to move the account to. The path starts with either \"customer-managed\" or \"applications\". For example, \"applications:development\" and \"customer-managed:active\" are valid.", "type": "string", "pattern": "^([A-Za-z0-9-]+:[A-Za-z0-9-]+)+$|^[A-Za-z0-9-]+$" } }, "metadata": { "ui:order": [ "AccountId", "TargetOUPath" ] }, "additionalProperties": false, "required": [ "AccountId", "TargetOUPath" ] }

Schema for Change Type ct-1w8z66n899dct

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Self-Provisioned AWS Service", "description": "Add a specific, allowed, AWS service to your AMS account. This CT validates prerequisites in the account and deploys a service with the default parameters. Not all Self-service provisioning services are supported, the ServiceName parameter for this CT lists the ones that are. For each service that you add, AMS creates a new role so you use the service without AMS management under the AMS Shared Responsibility model. Compliance is a shared responsibility and your AMS compliance status does not automatically apply to services or applications that you add in this way. Some AWS services do not have compliance certifications. For more information, see the AWS Services in Scope of AWS Assurance Program page. On that page, unless specifically excluded, features of each of the services are considered in scope of the assurance programs, and are reviewed and tested as part of our assessment when you submit this CT.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateSSPSResources-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleCreateSSPSResources-Admin" ], "default": "AWSManagedServices-HandleCreateSSPSResources-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ServiceName": { "description": "The name of the AWS service.", "type": "string", "enum": [ "AWS App Mesh", "AWS AppSync", "AWS Batch", "AWS Certificate Manager (ACM)", "AWS Private Certificate Authority (PCA)", "AWS CloudHSM", "AWS CodeBuild", "AWS CodeCommit", "AWS CodeDeploy", "AWS Device Farm", "AWS Elemental MediaStore", "AWS Elemental MediaTailor", "AWS Global Accelerator", "AWS Glue", "AWS License Manager", "AWS Migration Hub", "AWS Outposts", "AWS Resilience Hub", "AWS Security Hub", "AWS Service Catalog AppRegistry", "AWS Shield", "AWS Step Functions", "AWS Systems Manager Automation", "AWS Systems Manager Parameter Store", "AWS Transfer for SFTP", "AWS Transit Gateway", "AWS WAF - Web Application Firewall", "AWS X-Ray", "Amazon API Gateway", "Amazon Athena", "Amazon CloudSearch", "Amazon CloudWatch Synthetics", "Amazon Cognito", "Amazon DevOps Guru", "Amazon Directory Services - ADConnector Only", "Amazon DocumentDB (with MongoDB compatibility)", "Amazon DynamoDB", "Amazon ECR", "Amazon ECS on AWS Fargate", "Amazon EventBridge", "Amazon FSx", "Amazon FSx OnTap", "Amazon Forecast", "Amazon Inspector", "Amazon Kendra", "Amazon Kinesis Data Streams", "Amazon Kinesis Video Streams", "Amazon Lex", "Amazon Managed Service for Prometheus", "Amazon Managed Streaming for Apache Kafka", "Amazon MQ", "Amazon Pinpoint", "Amazon QLDB", "Amazon QuickSight", "Amazon SageMaker", "Amazon Simple Email Service", "Amazon Simple Workflow Service", "Amazon WorkDocs", "EC2 Image Builder" ] }, "IAMRole": { "description": "An existing IAM console-access role name, or the Amazon resource name (ARN) of the role, to add the permissions to manage the AWS self-service provisioning service (SSPS). If left blank, a new role is created with the necessary permissions.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/[A-Za-z0-9_-]+$|^[A-Za-z0-9_-]+$|^$" }, "SAMLProviders": { "description": "A single SAML provider name or a comma-separated list of SAML providers to use with the role.", "type": "string", "pattern": "^[\\w+=,.@-]{0,256}$|^$" } }, "metadata": { "ui:order": [ "ServiceName", "IAMRole", "SAMLProviders" ] }, "additionalProperties": false, "required": [ "ServiceName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1wle0ai4en6km

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Modify EBS Volumes", "description": "Modify EBS Volumes that are not attached to an EC2 instance in an Auto Scaling group. If you resize the volume, then you may need to extend the OS file system on the volume to use any newly allocated space. If a drift is introduced in the CloudFormation stack that was used to create the volume, then the automation can try to remediate the stack drift for stacks that are not created using CloudFormation ingest change type (ct-36cn2avfrrj9v).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ModifyEBSVolumes.", "type": "string", "enum": [ "AWSManagedServices-ModifyEBSVolumes" ], "default": "AWSManagedServices-ModifyEBSVolumes" }, "Region": { "description": "The AWS Region where the EBS Volumes are located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "VolumeIds": { "description": "A list of up to 50 EBS volume IDs, in the form vol-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^vol-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "CreateSnapshot": { "description": "True to create a snapshot before modifying the volume, False to not. Default is True.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "VolumeType": { "description": "The desired volume type. If left unspecified, the existing type is retained. Valid values are io1, io2, gp2, gp3, sc1, st1 and standard.", "type": "array", "items": { "type": "string", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] }, "minItems": 1, "maxItems": 1 }, "VolumeSize": { "description": "The desired size of the volume, in GiB. The target volume size must be greater than or equal to the existing size of the volume. If left unspecified, the existing size is retained.", "type": "array", "items": { "type": "string", "pattern": "^([1-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6])$" }, "minItems": 1, "maxItems": 1 }, "Iops": { "description": "The requested number of I/O operations per second (IOPS). This parameter is only valid for io1, io2 and gp3 volumes. If left unspecified, the existing value is retained, unless the VolumeType is modified to one that supports different values. We highly recommend that you specify the desired Iops value when changing the VolumeType.", "type": "array", "items": { "type": "string", "pattern": "^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "minItems": 1, "maxItems": 1 }, "Throughput": { "description": "The throughput to provision for a volume, with a maximum of 1000 MiB/s. This parameter is valid only for gp3 volumes. If left unspecified, a minimum value is assigned or the existing value is retained.", "type": "array", "items": { "type": "string", "pattern": "^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by volume modification. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to the volume modification. Set to False to modify a volume in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "VolumeIds", "CreateSnapshot", "VolumeType", "VolumeSize", "Iops", "Throughput", "RemediateStackDrift" ] }, "required": [ "VolumeIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1x66wvkjw2zp5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update target group for NLB", "description": "Use to update properties of an existing Target Group for a Network Load Balancer.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Target Group (for NLB) that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$" }, "HealthCheckInterval": { "type": "integer", "description": "The approximate interval, in seconds, between health checks. Supported values are 10 or 30 seconds. Cannot change if the target protocol is TCP" }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS." }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]|traffic-port|" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS", "TCP" ] }, "ProxyProtocolV2": { "type": "string", "description": "True if proxy protocol version 2 is enabled. False if it is not.", "enum": [ "true", "false" ] }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target1ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target1ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target1ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target2ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target2ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target2ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target3ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target3ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target3ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|$" }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target4ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target4ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target4ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target5ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target5Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target5AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target5ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target5ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target5ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target6ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target6Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target6AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target6ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target6ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target6ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target7ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target7Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target7AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target7ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target7ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target7ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|$" }, "Target8ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target8Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target8AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target8ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target8ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target8ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" } }, "metadata": { "ui:order": [ "DeregistrationDelayTimeout", "ProxyProtocolV2", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckInterval", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone", "Target5ID", "Target5Port", "Target5AvailabilityZone", "Target6ID", "Target6Port", "Target6AvailabilityZone", "Target7ID", "Target7Port", "Target7AvailabilityZone", "Target8ID", "Target8Port", "Target8AvailabilityZone" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1yq7hhqse71yg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start DMS Replication Task", "description": "Start a new Database Migration Service (DMS) replication task, or a task in a stopped or failed state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartDmsTask.", "type": "string", "enum": [ "AWSManagedServices-StartDmsTask" ], "default": "AWSManagedServices-StartDmsTask" }, "Region": { "description": "The AWS Region where the DMS replication task was created, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ReplicationTaskArn": { "description": "The DMS replication task Amazon resource name (ARN).", "type": "array", "items": { "type": "string", "pattern": "arn:aws:dms:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:task:[A-Za-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "StartReplicationTaskType": { "description": "The type of DMS replication task. To start a new task, use start-replication. To restart a stopped task or failed task from the CDC position where the task stopped, use resume-processing. To restart a stopped or failed task of type full-load or full-load-and-cdc, use reload-target.", "type": "array", "items": { "enum": [ "start-replication", "resume-processing", "reload-target" ], "type": "string", "default": "start-replication" }, "minItems": 1, "maxItems": 1 }, "CdcStartPosition": { "description": "When to start the change data capture (CDC) operation. Use a timestamp in the format (yyyy-mm-ddThh:mm:ss), a log sequence number, or a checkpoint (either source database-engine specific, or AWS DMS-specific).", "type": "array", "items": { "type": "string", "pattern": "^$|^\\d{1,4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$|^checkpoint:\\w{1}\\d{1}\\#\\d{2}\\#[a-z]+-[a-z]+-[a-z]+.[0-9]+:[0-9]+:[-0-9]+:[0-9]+:[0-9]+:[a-z]+-[a-z]+-[a-z]+.[0-9]+:[0-9]+\\#\\d{1}\\#\\d{1}\\#\\*\\#\\d{1}\\#\\d{2}$|^[a-z]+-[a-z]+-[a-z]+.[0-9]+:[0-9]+$" }, "minItems": 1, "maxItems": 1 }, "CdcStopPosition": { "description": "The timestamp in the format (server_time:yyyy-mm-ddThh:mm:ss) to stop the change data capture (CDC) operation.", "type": "array", "items": { "type": "string", "pattern": "^$|^server_time:\\d{1,4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$|^commit_time:[\\s]?\\d{1,4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}[\\s]?$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "ReplicationTaskArn", "StartReplicationTaskType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1yqy4frl5s8y8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete StackSets Stack", "description": "Delete AWS CloudFormation (CFN) StackSets-created stacks and instances.", "type": "object", "properties": { "Name": { "description": "Name of the StackSets stack to be deleted.", "type": "string", "minLength": 1, "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "maxLength": 128 }, "Region": { "description": "The AWS Region to delete the resources, in the form of us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Region", "Priority" ] }, "required": [ "Name" ] }

Schema for Change Type ct-1zdasmc2ewzrs

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account With VPC", "description": "Create a managed AWS landing zone application account and a VPC with up to 10 private subnets and up to 5 optional public subnets per availability zone (AZ) for two or three AZ's. Optionally, also create an AWS Backup plan with up to four different rules. Managed AWS landing zone core accounts must already be onboarded to AWS Managed Services (AMS).", "type": "object", "properties": { "AccountName": { "description": "A name for the new application account. Max length 50 characters. The underscore (_) is not allowed.", "type": "string", "pattern": "^[a-zA-Z0-9]{1}[a-zA-Z0-9.-]{0,49}$" }, "AccountEmail": { "description": "The email address for the new application account. The email must be unique per application account.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "ApplicationOUName": { "description": "The name of an existing organizational unit (OU) for this application account, in the form of <application ou name>:<child ou name>. The default value is applications:managed.", "type": "string", "default": "applications:managed" }, "SupportLevel": { "description": "The account's AMS support level, Premium or Plus.", "type": "string", "enum": [ "plus", "premium" ] }, "VpcName": { "description": "A meaningful name for the application account VPC. Must be unique within this application account.", "type": "string" }, "NumberOfAZs": { "description": "The number of availability zones (AZs) that the VPC supports. Options are 2 or 3.", "type": "number", "minimum": 2, "maximum": 3 }, "VpcCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) for the VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "RouteType": { "description": "The AWS Transit Gateway application route table connection type. For this VPC to accept connections from other VPCs, use routable. For it to not accept those connections, use isolated. The default is routable.", "type": "string", "enum": [ "isolated", "routable" ], "default": "routable" }, "TransitGatewayApplicationRouteTableName": { "description": "The existing AWS Transit Gateway route table for this application account VPC. The default is defaultAppRouteDomain. To create a new application route table, use the Create Application Route Table change type.", "type": "string", "default": "defaultAppRouteDomain" }, "PublicSubnetAZ1CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ2CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ3CIDR": { "description": "The CIDR for the optional first public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ1CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ2CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ3CIDR": { "description": "The CIDR for the optional second public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ1CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ2CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ3CIDR": { "description": "The CIDR for the optional third public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ1CIDR": { "description": "The CIDR for the first private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ2CIDR": { "description": "The CIDR for the first private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ3CIDR": { "description": "The CIDR for the first private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ1CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ2CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ3CIDR": { "description": "The CIDR for the optional second private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ1CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ2CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ3CIDR": { "description": "The CIDR for the optional third private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ1CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ2CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ3CIDR": { "description": "The CIDR for the optional sixth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ1CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ2CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ3CIDR": { "description": "The CIDR for the optional seventh private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ1CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ2CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ3CIDR": { "description": "The CIDR for the optional eighth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ1CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ2CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ3CIDR": { "description": "The CIDR for the optional ninth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ1CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ2CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ3CIDR": { "description": "The CIDR for the optional tenth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "DirectAlertsEmail": { "description": "Email address to receive specifically tagged resource-based alerts, and the onboarding process will create your SNS subscription. If not specified, then you can subscribe later using the DirectCustomerAlerts change type (ct-t-3rcl9u1k017wu).", "type": "string", "pattern": "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$" }, "SamlMetadataDocumentURL": { "description": "The URL that points to the Security Assertion Markup Language(SAML) metadata document that is used to enable federated access to the application account. Typically, a pre-signed URL for an Amazon S3 object.", "type": "string", "pattern": "^https://.+$|^$|s3://.+$" }, "BackupPlanName": { "type": "string", "description": "A meaningful name for the AWS Backup plan, which is a policy expression that defines when and how you want to back up your AWS resources.", "default": "default-backup-plan" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "Backup" }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "True" }, "BackupRule1ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$", "default": "cron(0 2 ? * * )" }, "BackupRule1DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 7 }, "BackupRule1MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule2DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule3DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that monthly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the monthly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule4DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "PatchOrchestratorFirstTagKey": { "description": "The first tag-key to use for creating your \"Patch Group\" tag values. For example, AppId. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorSecondTagKey": { "description": "The second tag-key to use for creating your \"Patch Group\" tag values. For example, Environment. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorThirdTagKey": { "description": "The third tag-key to use for creating your \"Patch Group\" tag values. For example, Group. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorDefaultMaintenanceWindowCutoff": { "description": "The number of hours before the end of the Default Maintenance Window in which no new patching commands are started. This interval exists to allow enough time for patching to complete before the window ends.", "minimum": 0, "maximum": 23, "type": "integer" }, "PatchOrchestratorDefaultMaintenanceWindowDuration": { "description": "The duration of the maintenance window in hours.", "minimum": 1, "maximum": 24, "type": "integer" }, "PatchOrchestratorDefaultMaintenanceWindowSchedule": { "description": "The schedule of the maintenance window in the form of a cron or rate expression. For example cron(0 18 * * ? *) would create a window at 18:00 every day, and rate(7 days) would create a window every seven days.", "minLength": 1, "maxLength": 256, "pattern": "^cron\\([0-9a-zA-Z\\ ?*#-,\\/]+\\)$|^rate\\([0-9a-zA-Z\\ ]+\\)$", "type": "string" }, "PatchOrchestratorDefaultMaintenanceWindowTimeZone": { "description": "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.", "pattern": "^[a-zA-Z_]+(\\+|/)?[a-zA-Z0-9_-]*(\\+|/)?[a-zA-Z0-9_-]+$", "type": "string" }, "PatchOrchestratorDefaultPatchBackupRetentionInDays": { "description": "The number of days the backup taken before patching will remain available.", "minimum": 1, "maximum": 90, "type": "integer" }, "PatchOrchestratorNotificationEmails": { "description": "One or more email addresses to receive notifications about default patching status. Use group distribution lists instead of individual emails.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$" }, "minItems": 1, "maxItems": 5, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "AccountName", "AccountEmail", "ApplicationOUName", "SupportLevel", "DirectAlertsEmail", "SamlMetadataDocumentURL", "VpcName", "VpcCIDR", "NumberOfAZs", "RouteType", "TransitGatewayApplicationRouteTableName", "PublicSubnetAZ1CIDR", "PublicSubnetAZ2CIDR", "PublicSubnetAZ3CIDR", "PublicSubnet2AZ1CIDR", "PublicSubnet2AZ2CIDR", "PublicSubnet2AZ3CIDR", "PublicSubnet3AZ1CIDR", "PublicSubnet3AZ2CIDR", "PublicSubnet3AZ3CIDR", "PublicSubnet4AZ1CIDR", "PublicSubnet4AZ2CIDR", "PublicSubnet4AZ3CIDR", "PublicSubnet5AZ1CIDR", "PublicSubnet5AZ2CIDR", "PublicSubnet5AZ3CIDR", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "PrivateSubnet1AZ3CIDR", "PrivateSubnet2AZ1CIDR", "PrivateSubnet2AZ2CIDR", "PrivateSubnet2AZ3CIDR", "PrivateSubnet3AZ1CIDR", "PrivateSubnet3AZ2CIDR", "PrivateSubnet3AZ3CIDR", "PrivateSubnet4AZ1CIDR", "PrivateSubnet4AZ2CIDR", "PrivateSubnet4AZ3CIDR", "PrivateSubnet5AZ1CIDR", "PrivateSubnet5AZ2CIDR", "PrivateSubnet5AZ3CIDR", "PrivateSubnet6AZ1CIDR", "PrivateSubnet6AZ2CIDR", "PrivateSubnet6AZ3CIDR", "PrivateSubnet7AZ1CIDR", "PrivateSubnet7AZ2CIDR", "PrivateSubnet7AZ3CIDR", "PrivateSubnet8AZ1CIDR", "PrivateSubnet8AZ2CIDR", "PrivateSubnet8AZ3CIDR", "PrivateSubnet9AZ1CIDR", "PrivateSubnet9AZ2CIDR", "PrivateSubnet9AZ3CIDR", "PrivateSubnet10AZ1CIDR", "PrivateSubnet10AZ2CIDR", "PrivateSubnet10AZ3CIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression", "BackupRule1DeleteAfterDays", "BackupRule1MoveToColdStorageAfterDays", "BackupRule2ScheduleExpression", "BackupRule2DeleteAfterDays", "BackupRule2MoveToColdStorageAfterDays", "BackupRule3ScheduleExpression", "BackupRule3DeleteAfterDays", "BackupRule3MoveToColdStorageAfterDays", "BackupRule4ScheduleExpression", "BackupRule4DeleteAfterDays", "BackupRule4MoveToColdStorageAfterDays", "PatchOrchestratorFirstTagKey", "PatchOrchestratorSecondTagKey", "PatchOrchestratorThirdTagKey", "PatchOrchestratorDefaultMaintenanceWindowCutoff", "PatchOrchestratorDefaultMaintenanceWindowDuration", "PatchOrchestratorDefaultMaintenanceWindowSchedule", "PatchOrchestratorDefaultMaintenanceWindowTimeZone", "PatchOrchestratorDefaultPatchBackupRetentionInDays", "PatchOrchestratorNotificationEmails" ] }, "additionalProperties": false, "required": [ "AccountName", "AccountEmail", "SupportLevel", "VpcName", "VpcCIDR", "NumberOfAZs", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression" ] }

Schema for Change Type ct-2019s9y3nfml4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove AD User From AD Group", "description": "Remove an Active Directory (AD) user from an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveADUserFromGroup-Admin.", "type": "string", "enum": [ "AWSManagedServices-RemoveADUserFromGroup-Admin" ], "default": "AWSManagedServices-RemoveADUserFromGroup-Admin" }, "Region": { "description": "The AWS Region where the AMS managed AD is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "UserName": { "description": "The name of the AD user.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|\\@]{2,19}[^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|\\@\\.]$" }, "maxItems": 1, "minItems": 1 }, "GroupName": { "description": "The name of the AD group to remove the user from.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "DomainFQDN": { "description": "The fully qualified domain name (FQDN) where the user exists, this can be the AMS managed or trusted domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "UserName", "GroupName", "DomainFQDN" ] }, "required": [ "UserName", "GroupName", "DomainFQDN" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2052miu12d8fn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS MasterUserPassword", "description": "Update the MasterUserPassword property of an Amazon Relational Database Service (RDS) database instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateInstanceMasterUserPasswordV2.", "type": "string", "enum": [ "AWSManagedServices-UpdateInstanceMasterUserPasswordV2" ], "default": "AWSManagedServices-UpdateInstanceMasterUserPasswordV2" }, "Region": { "description": "The AWS Region of the account with the RDS database instance; for example, us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "string", "pattern": "^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$" }, "SecretName": { "description": "The name of the Secrets Manager secret that stores the new RDS master user password, You must specify either this property, or \"SSMParameter\", but not both.", "type": "string", "pattern": "^$|^[a-zA-Z0-9\\_\\.\\-\\/\\=\\@]{0,255}$", "default": "" }, "SecretKey": { "description": "The \"Key\" in the Secrets Manager secret that stores the new RDS master user password, required only if SecretName is provided.", "type": "string", "pattern": "^$|^[a-zA-Z0-9\\_\\.\\-\\/\\=\\@]{0,255}$", "default": "" }, "SSMParameter": { "description": "The name of the SSM Parameter Store parameter that stores new RDS master user password. You must specify either this property, or \"SecretName\", but not both.", "type": "string", "pattern": "^$|^[a-zA-Z0-9\\_\\.\\-\\/]{0,255}$", "default": "" } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "SecretName", "SecretKey", "SSMParameter" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-20san5sgtwd9e

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS Instance From Snapshot", "description": "Create an Amazon Relational Database Service (RDS) DB instance from an RDS snapshot.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-siqajx20000000000.", "type": "string", "enum": [ "stm-siqajx20000000000" ] }, "Name": { "description": "A name for the stack; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 720 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DBInstanceClass": { "description": "The compute and memory capacity for the DB instance. To inherit this value from the snapshot, use inherit.", "type": "string", "pattern": "^inherit$|^db\\.[a-z0-9]+\\.[a-z0-9]+$", "default": "inherit" }, "DBInstanceIdentifier": { "description": "A name for the DB instance. If you specify a name, it is converted to lowercase. If you don't specify a name, a unique physical ID is generated and used for the DBInstanceIdentifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "default": "" }, "DBSnapshotIdentifier": { "description": "The name of the RDS DB snapshot to use to create the DB instance.", "type": "string" }, "DBDomain": { "description": "The directory ID of the Active Directory to create the instance in. To use DBDomain, you must provide an eligible SQL Server, Oracle, or Postgres engine in the DBEngine field.", "type": "string", "pattern": "^$|^d-[0-9a-f]{10}$" }, "DBDomainIAMRoleName": { "description": "The name of an IAM role that Amazon RDS uses when calling the AWS Directory Service APIs.", "type": "string", "pattern": "^$|^customer[\\w-]+$" }, "DBEngine": { "description": "The name of the database engine for the DB instance. Must be compatible with the engine of the source. If not specified, it will default to the same engine as the source. Not every database engine is available for every AWS region.", "type": "string" }, "DBOptionGroupName": { "description": "The option group that this DB instance is associated with. If none is provided, the default option group is associated. An option group can specify features, called options, that are available for a particular Amazon RDS DB instance.", "type": "string" }, "DBParameterGroupName": { "description": "The name of an existing DB parameter group. If none is provided, the default parameter group is associated. A DB parameter group acts as a container for engine configuration values that are applied to one or more DB instances.", "type": "string" }, "DBSubnetIds": { "description": "Two or more subnet IDs for the DB instance, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "maxItems": 20, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "DBInstanceClass", "DBInstanceIdentifier", "DBSnapshotIdentifier", "DBDomain", "DBDomainIAMRoleName", "DBEngine", "DBOptionGroupName", "DBParameterGroupName", "DBSubnetIds" ] }, "required": [ "DBSnapshotIdentifier", "DBSubnetIds" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-211l2gxvsrrhy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Detailed Monitoring", "description": "Enable detailed monitoring for the specified EC2 instance. Detailed monitoring incurs a charge. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring.", "type": "object", "properties": { "InstanceIds": { "description": "A list of up to 20 EC2 instance IDs, in the form i-1234567890abcdef0 or i-b188560f.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 20, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceIds", "Priority" ] }, "required": [ "InstanceIds" ] }

Schema for Change Type ct-220bdb8blaixf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create policy", "description": "Create an S3 bucket policy. The existing bucket policy (if any) is replaced with the new policy.", "type": "object", "properties": { "BucketName": { "description": "The name of the Amazon S3 bucket to which the policy applies.", "type": "string", "pattern": "^[A-Za-z0-9][A-Za-z0-9\\-]{1,61}[A-Za-z0-9]$", "maxLength": 63 }, "BucketPolicy": { "description": "Detailed information about the bucket permissions, or a policy document to be attached to the bucket (paste the policy document into the value field). Details should include the type of access (for example Read, Write, or Delete). If it is a valid policy document, it replaces the existing bucket policy. If you want to append a new statement or modify an existing statement on the bucket policy, paste in the complete bucket policy with the new or modified statements.", "type": "string", "maxLength": 20000 }, "Operation": { "description": "Must be Create policy.", "type": "string", "default": "Create policy", "enum": [ "Create policy" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "BucketPolicy", "Operation", "Priority" ] }, "required": [ "BucketName", "BucketPolicy", "Operation" ] }

Schema for Change Type ct-22cbvc1yujhec

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reset Service-Specific Credentials", "description": "Reset the password for the specified service-specific credential.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ResetServiceSpecificCredentials.", "type": "string", "enum": [ "AWSManagedServices-ResetServiceSpecificCredentials" ], "default": "AWSManagedServices-ResetServiceSpecificCredentials" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Username": { "description": "The name of the IAM user associated with the service-specific credential.", "type": "array", "items": { "type": "string", "pattern": "^[\\w+=,.@-]+" }, "minItems": 1, "maxItems": 1 }, "ServiceSpecificCredentialId": { "description": "The unique identifier for the service-specific credential.", "type": "array", "items": { "type": "string", "pattern": "^[\\w]+" }, "minItems": 1, "maxItems": 1 }, "SecretArn": { "description": "The ARN of the Secrets Manager secret that stores the credentials currently.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9-@.+=_/]{1,512}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Username", "ServiceSpecificCredentialId", "SecretArn" ] }, "required": [ "Username", "ServiceSpecificCredentialId", "SecretArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-24pi85mjtza8k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add AD User To AD Group", "description": "Add an Active Directory (AD) user to an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddADUserToGroup-Admin.", "type": "string", "enum": [ "AWSManagedServices-AddADUserToGroup-Admin" ], "default": "AWSManagedServices-AddADUserToGroup-Admin" }, "Region": { "description": "The AWS Region where the AMS managed AD is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "UserName": { "description": "The name of the AD user, do not include the domain name.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|\\@]{2,19}[^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|\\@\\.]$" }, "maxItems": 1, "minItems": 1 }, "GroupName": { "description": "The name of the AD group to which the user is added. The group must exist in AMS managed AD and must belong to the CustomerGroups OU. The group scope must be DomainLocal.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "DomainFQDN": { "description": "The fully qualified domain name (FQDN) where the user exists, this can be the AMS managed or trusted domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "UserName", "GroupName", "DomainFQDN" ] }, "required": [ "UserName", "GroupName", "DomainFQDN" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-257p9zjk14ija

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Migrate Instance to AMS Stack", "description": "Migrate a running non-AMS instance into an AMS stack, in a given AMS-managed VPC and subnet. Must be an instance that was configured through a cloud migration service. Tags that exist on the instance to be migrated will be applied to the resources created in addition to tags requested in the RFC. Number of total tags between the instance to be migrated and the resources created cannot exceed fifty. Set a Name tag to give the EC2 instance, and AMI, names in the EC2 console. Please note that your RFC will be rejected if a tag on the instance to be migrated has the same key as a tag supplied in the RFC.", "type": "object", "properties": { "InstanceId": { "description": "ID of a running instance to migrate, in the form i-0123abcd or i-01234567890abcdef.", "type": "string", "pattern": "^i-[a-zA-Z0-9]{8}$|^i-[a-zA-Z0-9]{17}$" }, "TargetVpcId": { "description": "ID of the existing AMS VPC to deploy the migrated stack into, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "TargetSubnetId": { "description": "ID of the existing AMS subnet to deploy the migrated stack into, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "TargetSecurityGroupIds": { "description": "IDs of the existing security groups to associate with the migrated stack, in the form sg-0123abcd or sg-01234567890abcdef. If nothing is specified, the default AMS security groups will be applied.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "TargetInstanceType": { "description": "The type of EC2 instance to deploy from the migrated instance.", "type": "string", "default": "t2.large" }, "ApplyInstanceValidation": { "description": "True to run AMS pre-migration validation checks on the instance. False to not run the checks. Default is true.", "type": "boolean", "default": true }, "KmsKeyId": { "description": "KMS key to automatically encrypt the resulting AMI with. Use any format specified in the AWS EC2 CopyImage API documentation.", "type": "string", "metadata": { "ams:sensitive": true } }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "EnforceIMDSV2": { "description": "Set to 'false' for the instance to be launched with IMDSv1 only. Default value is 'true'. See EC2/IMDS document for more details.", "type": "string", "enum": [ "true", "false" ], "default": "true" }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resources created (AMI and EC2 instance). Set a Name tag to give the EC2 instance, and AMI, names in the EC2 console.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "InstanceId", "TargetVpcId", "TargetSubnetId", "TargetSecurityGroupIds", "TargetInstanceType", "ApplyInstanceValidation", "KmsKeyId", "Name", "Description", "EnforceIMDSV2", "Tags" ] }, "additionalProperties": false, "required": [ "InstanceId", "TargetVpcId", "TargetSubnetId", "Name", "Description", "EnforceIMDSV2" ] }

Schema for Change Type ct-25v6r7t8gvkq5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create GuardDuty ThreatIntelSet", "description": "Use to create an Amazon GuardDuty ThreatIntelSet instance, which is a list of known malicious IP addresses that have been blacklisted for communication with your AWS environment.", "type": "object", "properties": { "Activate": { "description": "Specified whether the ThreatIntelSet is active or not.", "type": "boolean", "default": true }, "DetectorId": { "description": "The detector ID that specifies the GuardDuty service to which you want to add a ThreatIntelSet. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "Format": { "default": "TXT", "description": "The format of the file that contains the ThreatIntelSet.", "enum": [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ], "type": "string" }, "Name": { "description": "The friendly name to identify the ThreatIntelSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this ThreatIntelSet.", "minLength": 1, "type": "string" }, "ThreatIntelSet": { "description": "The URI of the file that contains the ThreatIntelSet.", "minLength": 1, "type": "string" }, "Region": { "description": "The region containing the GuardDuty detector to use; in the form of us-east-1.", "minLength": 1, "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "Name", "ThreatIntelSet", "Format", "Activate", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "Name", "ThreatIntelSet", "Region" ] }

Schema for Change Type ct-26vhhlj9jmlpf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Deregister AMIs", "description": "Deregister one or multiple Amazon Machine Images (AMI)s and optionally delete all associated snapshots. Once deregistered the AMI or AMIs can't be used for launching new instances.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-BulkDeleteOrDeregisterAMI.", "type": "string", "enum": [ "AWSManagedServices-BulkDeleteOrDeregisterAMI" ], "default": "AWSManagedServices-BulkDeleteOrDeregisterAMI" }, "Region": { "description": "The AWS Region where the AMI or AMIs are located, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "ImageIds": { "description": "A comma-delimited list of up to 50 Amazon Machine Image IDs, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^ami-[a-f0-9]{8,17}$" }, "minItems": 1, "maxItems": 50 }, "DeleteSnapshots": { "description": "True (lower case) to delete all associated snapshots, false to not. The deletion of snapshots cannot be rolled back. Default is false.", "type": "array", "items": { "type": "boolean", "default": false }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ImageIds", "DeleteSnapshots" ] }, "required": [ "ImageIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "DocumentName", "Parameters" ] }

Schema for Change Type ct-2781aqd6f6svs

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change Linux Hostname", "description": "Change the hostname of an EC2 Linux instance. If no hostname is provided, then the hostname is randomized.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ChangeHostname.", "type": "string", "enum": [ "AWSManagedServices-ChangeHostname" ], "default": "AWSManagedServices-ChangeHostname" }, "Region": { "description": "The AWS Region where the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance, in the form i-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "Hostname": { "description": "A new hostname for the instance.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-]{1,63}$" }, "minItems": 1, "maxItems": 1 }, "Platform": { "description": "Must be linux. To change the hostname for a Windows instance, use CT ct-0h3p576mj4rqm.", "type": "array", "items": { "type": "string", "default": "linux", "enum": [ "linux" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "Hostname", "Platform" ] }, "required": [ "InstanceId", "Platform" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-27apldkhqr0ol

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create a DMS replication instance", "description": "Create a Database Migration Service (DMS) replication instance on an Amazon EC2 instance in an AMS VPC. Use the replication instance to perform your database migration. The replication instance provides high availability and failover support using a Multi-AZ deployment when you select the Multi-AZ option.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "minItems": 0, "maxItems": 40, "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-3n1j5hdrmiiiuqk6v", "type": "string", "enum": [ "stm-3n1j5hdrmiiiuqk6v" ], "default": "stm-3n1j5hdrmiiiuqk6v" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "AllocatedStorage": { "type": "integer", "description": "The amount of storage, in gigabytes, to be initially allocated for the replication instance.", "default": 50, "minimum": 5, "maximum": 6144 }, "AutoMinorVersionUpgrade": { "type": "string", "description": "True if the replication instance should have automatic minor engine upgrade during the maintenance window. False if it should not.", "enum": [ "true", "false" ], "default": "true" }, "AvailabilityZone": { "type": "string", "description": "The availability zone for the replication instance. Only applicable if MultiAZ = false.", "default": "" }, "EngineVersion": { "type": "string", "description": "The engine version number of the replication instance, in the form 2.4.3.", "pattern": "[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}|^$", "default": "" }, "KmsKeyId": { "type": "string", "description": "The KMS key identifier that will be used to encrypt the content on the replication instance.", "pattern": "^$|^[\\w]{8}-[\\w]{4}-[\\w]{4}-[\\w]{4}-[\\w]{12}$", "default": "" }, "MultiAZ": { "type": "string", "description": "True if the replication instance is a Multi-AZ deployment. False if it is not.", "enum": [ "true", "false" ], "default": "false" }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Must be in the format ddd:hh24:mi-ddd:hh24:mi, and must be at least 30 minutes.", "pattern": "([a-zA-Z]{3}:[0-2]{1}[0-9]{1}:[0-6]{1}[0-9]{1}-[a-zA-Z]{3}:[0-2]{1}[0-9]{1}:[0-6]{1}[0-9]{1}|)", "default": "" }, "InstanceClass": { "type": "string", "description": "The Amazon EC2 instance class for the replication instance to use to perform your database migration, in the form dms.t2.micro. AWS DMS currently supports the T2, C4, and R4 Amazon EC2 instance classes for replication instances.", "pattern": "dms.[0-9a-z]{2,4}.[0-9a-z]{2,10}", "default": "dms.t2.micro" }, "Identifier": { "type": "string", "description": "The identifier for the replication instance. Given a unique ID if none is provided.", "pattern": "([a-z][a-z0-9]*(-[a-z0-9]+)*|)", "default": "" }, "ReplicationSubnetGroupIdentifier": { "type": "string", "description": "The subnet group identifier to associate with the replication instance.", "pattern": "[0-9a-zA-Z\\-]{1,255}" }, "SecurityGroupIds": { "type": "array", "description": "The identifiers of the security groups to control traffic to and from the replication instance. If your source database is in a VPC, select the VPC security group that provides access to the DB instance where the database resides.", "items": { "type": "string" } } }, "metadata": { "ui:order": [ "Identifier", "InstanceClass", "AllocatedStorage", "EngineVersion", "AutoMinorVersionUpgrade", "ReplicationSubnetGroupIdentifier", "SecurityGroupIds", "AvailabilityZone", "MultiAZ", "KmsKeyId", "PreferredMaintenanceWindow" ] }, "required": [ "InstanceClass", "ReplicationSubnetGroupIdentifier", "SecurityGroupIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-27jjy5wnrfef2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS Maintenance Window", "type": "object", "description": "Update an existing RDS maintenance window, which is a weekly time range (in UTC) during which system maintenance can occur. Changing an RDS maintenance window doesn't result in an outage. If moving this window to the current time, there must be at least 30 minutes between the current time and the end of the current window to ensure pending changes are applied.", "properties": { "DBIdentifierArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the RDS DB instance or cluster.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{12}:(db|cluster):[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh24:mi-ddd:hh24:mi (Sun:05:00-Sun:05:30), in Universal Coordinated Time (UTC) and must be at least 30 minutes. If you don't specify PreferredMaintenanceWindow, then Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.", "pattern": "[a-zA-Z]{3}:[0-9]{2}:[0-9]{2}-[a-zA-Z]{3}:[0-9]{2}:[0-9]{2}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DBIdentifierArn", "PreferredMaintenanceWindow", "Priority" ] }, "required": [ "DBIdentifierArn", "PreferredMaintenanceWindow" ] }

Schema for Change Type ct-27tuth19k52b4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update IAM Resource", "description": "Update Identity and Access Management (IAM) user, role, or policy.", "type": "object", "properties": { "UseCase": { "description": "Provide a detailed use case for the IAM user, role, or policy change.", "type": "string", "minLength": 1, "maxLength": 1000 }, "IAM User": { "description": "Update IAM user.", "type": "array", "items": { "type": "object", "properties": { "UserName": { "description": "The name of the IAM user to modify. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$", "minLength": 1, "maxLength": 64 }, "UserPermissions": { "description": "Detailed information about the user permissions, or a policy document to be attached to the user (paste the policy document into the value field). Details should include the type of access (for example Read, Write or Delete).", "type": "string", "minLength": 1, "maxLength": 5000 }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the IAM User.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "UserName", "UserPermissions", "Tags" ] }, "required": [ "UserName", "UserPermissions" ] }, "minItems": 0, "maxItems": 1 }, "IAM Role": { "description": "Update IAM role.", "type": "array", "items": { "type": "object", "properties": { "RoleName": { "description": "The name of the IAM role to modify. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$", "minLength": 1, "maxLength": 64 }, "TrustPolicy": { "description": "Detailed information about trust relationship, or an assume role policy document to be attached to the role (paste the policy document into the value field).", "type": "string", "minLength": 1, "maxLength": 5000 }, "RolePermissions": { "description": "Detailed information about role permissions, or a policy document to be attached to the role (paste the policy document into the value field). Details should include the type of access (for example Read, Write or Delete).", "type": "string", "minLength": 1, "maxLength": 5000 }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the IAM role.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "TrustPolicy", "RolePermissions", "Tags" ] }, "required": [ "RoleName" ] }, "minItems": 0, "maxItems": 1 }, "IAM Policy": { "description": "Update IAM policy.", "type": "array", "items": { "type": "object", "properties": { "PolicyName": { "description": "The name of the IAM policy to modify. The name can be up to 128 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,128}$", "minLength": 1, "maxLength": 64 }, "PolicyDocument": { "description": "Detailed information about policy permissions update, or a policy document (paste the policy document into the value field).", "type": "string", "minLength": 1, "maxLength": 20480 }, "RelatedResources": { "description": "IAM users or roles to which the policy applies.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 64 }, "minItems": 0, "maxItems": 10, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "PolicyName", "PolicyDocument", "RelatedResources" ] }, "required": [ "PolicyName" ] }, "minItems": 0, "maxItems": 10, "uniqueItems": true }, "Operation": { "description": "Must be Update.", "type": "string", "default": "Update", "enum": [ "Update" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "UseCase", "IAM User", "IAM Role", "IAM Policy", "Operation", "Priority" ] }, "required": [ "UseCase", "Operation" ] }

Schema for Change Type ct-281dpwh9tqnan

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Security Policy", "description": "Create a security policy for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be CreateSecurityPolicy.", "type": "string", "enum": [ "CreateSecurityPolicy" ], "default": "CreateSecurityPolicy" }, "Parameters": { "type": "object", "properties": { "SecurityPolicyName": { "description": "A meaningful name for the security policy. Must start with custom-sec-.", "type": "string", "pattern": "^custom-sec-[a-zA-Z0-9][a-zA-Z0-9-_]{0,51}$" }, "SourceAddresses": { "description": "A list of source addresses. If no value is provided, the security policy will match against any source address.", "type": "array", "items": { "type": "string", "pattern": "^([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)$" }, "minItems": 1, "maxItems": 50 }, "DestinationAddresses": { "description": "A list of destination addresses. Supply values for this parameter or for AllowLists, but not both.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)|((([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]))$" }, "minItems": 1, "maxItems": 50 }, "AllowLists": { "description": "A list of allowlists to associate with this security policy. Supply values for this parameter or for DestinationAddresses, but not both.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" }, "minItems": 1, "maxItems": 10 }, "ServicePorts": { "type": "object", "description": "A list of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) service ports. If no value is provided, the security policy matches against any service port.", "properties": { "tcp": { "description": "A list of Transmission Control Protocol (TCP) service ports. If no value is provided for TCP or UDP, the security policy matches against any service port.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 }, "udp": { "description": "A list of User Datagram Protocol (UDP) service ports. If no value is provided for TCP or UDP, the security policy matches against any service port.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 } }, "metadata": { "ui:order": [ "tcp", "udp" ] } }, "ActionType": { "description": "The type of action the security policy will perform on outbound traffic that matches the policy's rules.", "type": "string", "enum": [ "Allow", "Deny" ], "default": "Allow" }, "EnablePolicy": { "description": "True to enable the security policy upon creation, false to not enable it (the policy must be explicitly enabled instead). Default is true.", "type": "boolean", "default": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityPolicyName", "SourceAddresses", "DestinationAddresses", "AllowLists", "ServicePorts", "ActionType", "EnablePolicy" ] }, "required": [ "SecurityPolicyName", "ActionType", "EnablePolicy" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RequestType", "Parameters" ] }, "required": [ "RequestType", "Parameters" ] }

Schema for Change Type ct-281et7bs9ep4s

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create an Amazon OpenSearch Service Domain", "description": "Create an Amazon OpenSearch Service domain. An OpenSearch domain encapsulates OpenSearch engine instances that process OpenSearch requests. Amazon OpenSearch Service supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-szccoe02000000000.", "type": "string", "enum": [ "stm-szccoe02000000000" ], "default": "stm-szccoe02000000000" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "DomainName": { "type": "string", "description": "A name for the OpenSearch Service domain. Domain names must start with a lowercase letter and must be between 3 and 28 characters. Valid characters are a-z (lowercase only), 0-9, and û (hyphen).", "pattern": "^[a-z][a-z0-9-]{3,28}$" }, "EngineVersion": { "type": "string", "description": "The version of the OpenSearch Service to use.", "enum": [ "OpenSearch_2.3", "OpenSearch_1.3", "OpenSearch_1.2", "OpenSearch_1.1", "OpenSearch_1.0", "Elasticsearch_7.10", "Elasticsearch_7.9", "Elasticsearch_7.8", "Elasticsearch_7.7", "Elasticsearch_7.4", "Elasticsearch_7.1", "Elasticsearch_6.8", "Elasticsearch_6.7", "Elasticsearch_6.5", "Elasticsearch_6.4", "Elasticsearch_6.3", "Elasticsearch_6.2", "Elasticsearch_6.0", "Elasticsearch_5.6", "Elasticsearch_5.5", "Elasticsearch_5.3", "Elasticsearch_5.1", "Elasticsearch_2.3", "Elasticsearch_1.5" ], "default": "OpenSearch_2.3" }, "DedicatedMasterCount": { "type": "string", "description": "The number of instances to use for the master node. To disable the dedicated master node, use 0.", "enum": [ "0", "3", "5" ], "default": "3" }, "DedicatedMasterType": { "type": "string", "description": "The instance type that hosts the dedicated master node. If DedicatedMasterCount > 0 this value must be specified. Otherwise the value here is ignored.", "enum": [ "c4.2xlarge.search", "c4.4xlarge.search", "c4.8xlarge.search", "c4.large.search", "c4.xlarge.search", "c5.18xlarge.search", "c5.2xlarge.search", "c5.4xlarge.search", "c5.9xlarge.search", "c5.large.search", "c5.xlarge.search", "c6g.12xlarge.search", "c6g.2xlarge.search", "c6g.4xlarge.search", "c6g.8xlarge.search", "c6g.large.search", "c6g.xlarge.search", "i2.2xlarge.search", "i2.xlarge.search", "i3.16xlarge.search", "i3.2xlarge.search", "i3.4xlarge.search", "i3.8xlarge.search", "i3.large.search", "i3.xlarge.search", "m3.2xlarge.search", "m3.large.search", "m3.medium.search", "m3.xlarge.search", "m4.10xlarge.search", "m4.2xlarge.search", "m4.4xlarge.search", "m4.large.search", "m4.xlarge.search", "m5.12xlarge.search", "m5.2xlarge.search", "m5.4xlarge.search", "m5.large.search", "m5.xlarge.search", "r3.2xlarge.search", "r3.4xlarge.search", "r3.8xlarge.search", "r3.large.search", "r3.xlarge.search", "r4.16xlarge.search", "r4.2xlarge.search", "r4.4xlarge.search", "r4.8xlarge.search", "r4.large.search", "r4.xlarge.search", "r5.12xlarge.search", "r5.2xlarge.search", "r5.4xlarge.search", "r5.large.search", "r5.xlarge.search", "r6g.12xlarge.search", "r6g.2xlarge.search", "r6g.4xlarge.search", "r6g.8xlarge.search", "r6g.large.search", "r6g.xlarge.search", "r6gd.12xlarge.search", "r6gd.16xlarge.search", "r6gd.2xlarge.search", "r6gd.4xlarge.search", "r6gd.8xlarge.search", "r6gd.large.search", "r6gd.xlarge.search", "t2.medium.search", "t2.small.search", "t3.medium.search", "t3.small.search" ], "default": "r6g.large.search" }, "InstanceType": { "type": "string", "description": "The instance type to use for data nodes in the domain. Must be a supported instance type for the selected OpenSearch Service domain version.", "enum": [ "c4.2xlarge.search", "c4.4xlarge.search", "c4.8xlarge.search", "c4.large.search", "c4.xlarge.search", "c5.18xlarge.search", "c5.2xlarge.search", "c5.4xlarge.search", "c5.9xlarge.search", "c5.large.search", "c5.xlarge.search", "c6g.12xlarge.search", "c6g.2xlarge.search", "c6g.4xlarge.search", "c6g.8xlarge.search", "c6g.large.search", "c6g.xlarge.search", "i2.2xlarge.search", "i2.xlarge.search", "i3.16xlarge.search", "i3.2xlarge.search", "i3.4xlarge.search", "i3.8xlarge.search", "i3.large.search", "i3.xlarge.search", "m3.2xlarge.search", "m3.large.search", "m3.medium.search", "m3.xlarge.search", "m4.10xlarge.search", "m4.2xlarge.search", "m4.4xlarge.search", "m4.large.search", "m4.xlarge.search", "m5.12xlarge.search", "m5.2xlarge.search", "m5.4xlarge.search", "m5.large.search", "m5.xlarge.search", "r3.2xlarge.search", "r3.4xlarge.search", "r3.8xlarge.search", "r3.large.search", "r3.xlarge.search", "r4.16xlarge.search", "r4.2xlarge.search", "r4.4xlarge.search", "r4.8xlarge.search", "r4.large.search", "r4.xlarge.search", "r5.12xlarge.search", "r5.2xlarge.search", "r5.4xlarge.search", "r5.large.search", "r5.xlarge.search", "r6g.12xlarge.search", "r6g.2xlarge.search", "r6g.4xlarge.search", "r6g.8xlarge.search", "r6g.large.search", "r6g.xlarge.search", "r6gd.12xlarge.search", "r6gd.16xlarge.search", "r6gd.2xlarge.search", "r6gd.4xlarge.search", "r6gd.8xlarge.search", "r6gd.large.search", "r6gd.xlarge.search", "t2.medium.search", "t2.small.search", "t3.medium.search", "t3.small.search" ], "default": "r6g.large.search" }, "InstanceCount": { "type": "integer", "description": "The number of data nodes (instances) to use in the OpenSearch Service domain. If ZoneAwarenessEnabled=true then InstanceCount must be an even number.", "default": 2, "minimum": 1, "maximum": 80 }, "ZoneAwarenessEnabled": { "type": "string", "description": "True to enable zone awareness for the OpenSearch Service domain; false to not. Default is false. When you enable zone awareness, the OpenSearch Service allocates the nodes and replica index shards that belong to a cluster across two Availability Zones (AZs) in the same Region to prevent data loss and minimize downtime in the event of node or data center failure.", "enum": [ "true", "false" ], "default": "false" }, "CognitoEnabled": { "description": "True to enable Amazon Cognito authentication for OpenSearch Dashboards; false to not. Default is false.", "type": "string", "enum": [ "true", "false" ], "default": "false" }, "AdvancedSecurityOptionsEnabled": { "description": "True to enable fine-grained access control; false to not. Default is false. For true, also set NodeToNodeEncryption=true and EncryptionKey.", "type": "string", "enum": [ "true", "false" ], "default": "false" }, "InternalUserDatabaseEnabled": { "description": "True to enable the internal user database; false to not.", "type": "string", "enum": [ "true", "false" ], "default": "false" }, "MasterUserARN": { "description": "The Amazon Resource Name (ARN) for the master user. Only specify if InternalUserDatabaseEnabled=false in AdvancedSecurityOptions.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:(role|user)/[A-Za-z0-9_-]+$|^$", "default": "" }, "MasterUserName": { "description": "The username for the master user. Only specify if InternalUserDatabaseEnabled=true in AdvancedSecurityOptions.", "type": "string", "pattern": "[a-zA-Z][a-zA-Z0-9]{1,16}|^$", "default": "" }, "MasterUserPassword": { "description": "The password for the master user. The master password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character. Only specify if InternalUserDatabaseEnabled=true in AdvancedSecurityOptions.", "type": "string", "pattern": "^(?=.{8,}$)(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\\W).*$|^$", "default": "", "metadata": { "ams:sensitive": true } }, "CognitoIAMRole": { "description": "The AmazonESCognitoAccess role that allows the OpenSearch Service to configure your user pool and identity pool.", "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.+)$|^$", "default": "" }, "CognitoUserPoolId": { "description": "The Amazon Cognito user pool ID that you want the OpenSearch Service to use for OpenSearch Dashboards authentication.", "type": "string", "pattern": "^[A-Za-z0-9\\-\\=\\@\\,\\.]{1,128}$|^$", "default": "" }, "CognitoIdentityPoolId": { "description": "The Amazon Cognito identity pool ID that you want the OpenSearch Service to use for OpenSearch Dashboards authentication.", "type": "string", "pattern": "^[A-Za-z0-9\\-\\=\\@\\,\\.]{1,128}$|^$", "default": "" }, "NodeToNodeEncryption": { "description": "True to enable node-to-node encryption on OpenSearch Service domains; false to not. Default is true.", "type": "string", "enum": [ "true", "false" ], "default": "true" }, "EBSIops": { "type": "string", "description": "The IOPS for EBS volume. Only applies if EBSVolumeType=io1 or EBSVolumeType=gp3. The minimum value is 1000. The maximum value is 16000.", "pattern": "^$|^[1-9][0-9]{3}$|^1[0-5][0-9]{3}$|^16000$", "default": "" }, "EBSThroughput": { "type": "string", "description": "The throughput for EBS volume. Only applies if EBSVolumeType=gp3. The minimum value is 125. The maximum value is 1000.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$", "default": "" }, "EBSVolumeSize": { "type": "integer", "description": "The size, in GB, of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the specified EBSVolumeType and the instance type to which it is attached. For details, see AWS documentation for EBS volume size limits.", "default": 10, "minimum": 10, "maximum": 1500 }, "EBSVolumeType": { "type": "string", "description": "The storage type for the data node. Storage type does not apply for dedicated master nodes.", "enum": [ "standard", "gp3", "gp2", "io1" ], "default": "gp3" }, "EncryptionKey": { "type": "string", "description": "The ID or ARN of the KMS master key to use to encrypt data at rest.", "pattern": "^$|^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "default": "" }, "CustomEndpoint": { "description": "The fully qualified URL for your custom endpoint.", "type": "string", "default": "" }, "CustomEndpointCertificateArn": { "description": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate.", "type": "string", "pattern": "^$|^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$", "default": "" }, "TLSSecurityPolicy": { "description": "The minimum transport layer security (TLS) version required for traffic to the domain. Valid values are TLS 1.0 or 1.2 (default)", "type": "string", "enum": [ "Policy-Min-TLS-1-0-2019-07", "Policy-Min-TLS-1-2-2019-07" ], "default": "Policy-Min-TLS-1-2-2019-07" }, "AutomatedSnapshotStartHour": { "type": "string", "description": "The hour in UTC during which the service takes an automated daily snapshot of the indices in the OpenSearch Service domain. For example, if you specify 0, the OpenSearch Service takes an automated snapshot everyday between midnight and 1 am. You can specify a value between 0 and 23.", "pattern": "^$|^([0-9]|1[0-9]|2[0-3])$", "default": "" }, "SecurityGroups": { "type": "array", "description": "Comma-separated list of security group (SG) identifiers. These control access to the OpenSearch Service domain. Leave blank to add the default private-only security group from the AMS VPC.", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 0, "uniqueItems": true }, "SubnetIds": { "type": "array", "description": "A list of subnet IDs, in the form of subnet-0123abcd or subnet-01234567890abcdef, to associate with the VPC endpoints for the domain. If ZoneAwarenessEnabled=true, provide two subnet IDs, one per zone. Otherwise, provide only one.", "items": { "type": "string", "pattern": "^subnet-[a-f0-9]{8}$|^subnet-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "AllowExplicitIndex": { "type": "string", "description": "True to allow explicit references to indices inside the body of HTTP requests; false to not allow. Setting this property to false prevents users from bypassing access control for sub-resources. Default=true.", "enum": [ "true", "false" ], "default": "true" }, "IndicesFieldDataCacheSize": { "type": "string", "description": "The percentage of Java heap space that is allocated to field data. By default, this setting is unbounded.", "pattern": "^$|^([0-9]|[1-9][0-9]|100)$", "default": "" }, "MaxClauseCount": { "type": "string", "description": "The maximum number of allowed boolean clauses in a query. By default, this setting is 1024.", "pattern": "^$|^[1-9][0-9]*$", "default": "" }, "ESApplicationLogs": { "description": "The CloudWatch log group to publish the OpenSearch Service domain error logs.", "type": "string", "pattern": "^$|^arn:(aws|aws-cn|aws-us-gov):logs:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:log-group:[\\.\\-_/#A-Za-z0-9]{1,512}(:\\*)?$", "default": "" }, "SearchSlowLogs": { "description": "The CloudWatch log group to publish the OpenSearch Service domain search slow log.", "type": "string", "pattern": "^$|^arn:(aws|aws-cn|aws-us-gov):logs:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:log-group:[\\.\\-_/#A-Za-z0-9]{1,512}(:\\*)?$", "default": "" }, "IndexSlowLogs": { "description": "The CloudWatch log group to publish the OpenSearch Service domain index slow log.", "type": "string", "pattern": "^$|^arn:(aws|aws-cn|aws-us-gov):logs:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:log-group:[\\.\\-_/#A-Za-z0-9]{1,512}(:\\*)?$", "default": "" }, "AuditLogs": { "description": "The CloudWatch log group to publish the OpenSearch Service domain audit logs.", "type": "string", "pattern": "^$|^arn:(aws|aws-cn|aws-us-gov):logs:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:log-group:[\\.\\-_/#A-Za-z0-9]{1,512}(:\\*)?$", "default": "" } }, "metadata": { "ui:order": [ "DomainName", "EngineVersion", "DedicatedMasterCount", "DedicatedMasterType", "InstanceCount", "InstanceType", "EBSIops", "EBSThroughput", "EBSVolumeSize", "EBSVolumeType", "CognitoEnabled", "CognitoIAMRole", "CognitoUserPoolId", "CognitoIdentityPoolId", "CustomEndpoint", "CustomEndpointCertificateArn", "TLSSecurityPolicy", "ESApplicationLogs", "SearchSlowLogs", "IndexSlowLogs", "AuditLogs", "NodeToNodeEncryption", "SecurityGroups", "SubnetIds", "AdvancedSecurityOptionsEnabled", "InternalUserDatabaseEnabled", "MasterUserARN", "MasterUserName", "MasterUserPassword", "ZoneAwarenessEnabled", "EncryptionKey", "AutomatedSnapshotStartHour", "AllowExplicitIndex", "IndicesFieldDataCacheSize", "MaxClauseCount" ] }, "required": [ "DomainName", "EngineVersion", "DedicatedMasterCount", "DedicatedMasterType", "InstanceType", "InstanceCount", "EBSVolumeSize", "EBSVolumeType", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2aaaqid7asjy6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update DeleteOnTermination", "description": "Update the EBS volume DeleteOnTermination property of the specified EC2 instance devices.", "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance, in the form i-1234567890abcdef0.", "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "DeviceNames": { "description": "The device name or names, where the volume is attached; for example, /dev/sdf or xvdg.", "type": "array", "items": { "type": "string", "pattern": "^(/dev/sd[a-z][1-15]{0,1})|xvd[a-z]$|/dev/xvd[a-z]$|^$" }, "minItems": 1, "maxItems": 17, "uniqueItems": true }, "DeleteOnTermination": { "description": "True to delete the volume when the instance is terminated, False to not delete it when the instance is terminated. Default is False.", "type": "string", "default": "False", "enum": [ "True", "False" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceId", "DeviceNames", "DeleteOnTermination", "Priority" ] }, "required": [ "InstanceId", "DeviceNames", "DeleteOnTermination" ] }

Schema for Change Type ct-2b9q8339bj2sa

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Allow List URLs", "description": "Add allow list URLs for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be AddURLs.", "type": "string", "enum": [ "AddURLs" ], "default": "AddURLs" }, "Parameters": { "type": "object", "properties": { "URLs": { "description": "URLs to add to the allow list. URLs must end with a forward slash i.e '*.amazon.com/'.", "type": "array", "items": { "type": "string", "pattern": "^((\\*|([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]\\/)$" }, "minItems": 1, "maxItems": 50 }, "AllowListName": { "description": "The name of the allow list.", "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "URLs", "AllowListName" ] }, "required": [ "URLs", "AllowListName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Parameters", "RequestType" ] }, "required": [ "Parameters", "RequestType" ] }

Schema for Change Type ct-2bxelbn765ive

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Resource Scheduler Schedule", "description": "Add a new schedule to be used in AMS Resource Scheduler. Schedules employ defined periods to determine when the specified resource should run.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddOrUpdateSchedule.", "type": "string", "enum": [ "AWSManagedServices-AddOrUpdateSchedule" ], "default": "AWSManagedServices-AddOrUpdateSchedule" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Action": { "description": "Specify the value: add. This explicitly requests that the Resource Scheduler schedule be added. The option cannot be left blank; it must be add.", "type": "array", "items": { "type": "string", "enum": [ "add" ], "default": "add" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "A meaningful name for the schedule. The name must be unique for this account.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,64}$" }, "maxItems": 1, "minItems": 1 }, "Description": { "description": "A meaningful description for the schedule.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,1000}$|^$" }, "maxItems": 1, "minItems": 1 }, "Hibernate": { "description": "True to hibernate (suspend-to-disk) EC2 instances that are enabled for hibernation and meet hibernation requirements, false to not. Check the EC2 console to find out if your instances are enabled for hibernation. Default is false.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "Enforced": { "description": "True to enforce the schedule, false to not. When this field is set to true, the Resource Scheduler will stop a running resource if it is manually started outside of the running period, and it will start a resource if it is stopped manually during the running period. Default is false.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "OverrideStatus": { "description": "Override the current schedule action. If set to running, the instance will be started but not stopped until it is manually stopped. Similarly when set to stopped, the instance will be stopped but not started automatically until manually started. There is no default. If left unspecified this setting is not used.", "type": "array", "items": { "type": "string", "enum": [ "running", "stopped" ] }, "maxItems": 1, "minItems": 1 }, "Periods": { "description": "A comma-separated list of one or more period names in this schedule. The name, or names, must match the existing defined periods.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,2000}$" }, "maxItems": 1, "minItems": 1 }, "RetainRunning": { "description": "True to prevent the Resource Scheduler from stopping a resource at the end of a period if the instance was manually started before the beginning of the period. False to not. Default is false.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "StopNewInstances": { "description": "True to stop a resource the first time it is tagged if it is running outside of the running period. False to not stop the resource. Default is true.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "SSMMaintenanceWindow": { "description": "Comma-separated name or names of one, or more, existing AWS Systems Manager maintenance windows, to use as the period. First, ensure that the UseMaintenanceWindow parameter is set to true. Create a maintenance window with the Deployment | Patching | SSM patch window | Create change type (ct-0el2j07llrxs7).", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, ]$)^[A-Za-z0-9-_, ]{1,4096}$|^$" }, "maxItems": 1, "minItems": 1 }, "TimeZone": { "description": "The name of the time zone, in the form US/Pacific, the schedule uses. If no time zone is specified then the time zone DefaultTimezone set when the Resource Scheduler was deployed is used.", "type": "array", "items": { "type": "string", "enum": [ "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Velho", "America/Puerto_Rico", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/Syowa", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Colombo", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Thimphu", "Asia/Tokyo", "Asia/Ulaanbaatar", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faroe", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/Perth", "Australia/Sydney", "Canada/Atlantic", "Canada/Central", "Canada/Eastern", "Canada/Mountain", "Canada/Newfoundland", "Canada/Pacific", "Europe/Amsterdam", "Europe/Andorra", "Europe/Athens", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "GMT", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Wake", "Pacific/Wallis", "US/Alaska", "US/Arizona", "US/Central", "US/Eastern", "US/Hawaii", "US/Mountain", "US/Pacific", "UTC" ] }, "maxItems": 1, "minItems": 1 }, "UseMaintenanceWindow": { "description": "True to add an Amazon RDS maintenance window as a period to an Amazon RDS instance schedule, or to add an AWS Systems Manager (SSM) maintenance window as a period to an Amazon EC2 instance schedule. An RDS maintenance window is automatically created by RDS. An SSM maintenance window you create with the Deployment | Patching | SSM maintenance window | Create (ct-0el2j07llrxs7) change type. False to not add either maintenance window, but to use the start and stop settings of the period.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "UseMetrics": { "description": "Enable CloudWatch metrics for this schedule. This field overrides the default settings defined when the Resource Scheduler was deployed.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "Action", "Name", "Description", "Hibernate", "Enforced", "OverrideStatus", "Periods", "RetainRunning", "StopNewInstances", "SSMMaintenanceWindow", "TimeZone", "UseMaintenanceWindow", "UseMetrics" ] }, "required": [ "Action", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2c7ve50jost1v

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update AMS Resource Scheduler", "description": "Update the AMS Resource Scheduler solution in the account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAMSResourceSchedulerStack-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" ], "default": "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SchedulingActive": { "description": "Yes to enable the Resource Scheduler. No to disable it. The default is existing state. You can also use Resource Scheduler enable (ct-2wrvu4kca9xky) and disable (ct-14v49adibs4db) change types to manage its state.", "type": "array", "items": { "type": "string", "default": "", "enum": [ "Yes", "No", "" ] }, "minItems": 1, "maxItems": 1 }, "ScheduledServices": { "description": "Comma-separated list of scheduled services. Use a combination of AutoScaling, EC2, and RDS.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^$|(^(ec2|rds|autoscaling)(,(ec2|rds|autoscaling)){0,2}$)" }, "minItems": 1, "maxItems": 1 }, "TagName": { "description": "The name of the tag key to use to associate the instance schedule schemas with service resources. Default is Schedule.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^$|^(?!(aws:|ams:))[a-zA-Z0-9+-=._:/@]{1,127}$" }, "minItems": 1, "maxItems": 1 }, "UseCMK": { "description": "Comma-separated list of Customer Managed Key (CMK) Amazon Resource Names (ARNs) in format arn:<partition>:kms:<region>:<account-id>:key/<key-id> to grant Resource Scheduler permission to. These are CMK that are used to encrypt EBS volumes on EC2 instances.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:(aws|aws-cn|aws-us-gov):kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:key/[a-z0-9\\-]+)$" }, "minItems": 1, "maxItems": 20 }, "UseLicenseManager": { "description": "Comma-separated list of AWS License Manager license ARNs to grant Resource Scheduler permission to. These are software or vendor licenses that EC2 instances are configured with.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:(aws|aws-cn|aws-us-gov):license-manager:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:license-configuration(/|:)lic-.*)$" }, "minItems": 1, "maxItems": 20 }, "DefaultTimezone": { "description": "The name of the Time Zone, in the form US/Pacific, to be used as default timezone applied. Default is UTC.", "type": "array", "items": { "type": "string", "default": "", "enum": [ "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Velho", "America/Puerto_Rico", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/Syowa", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Colombo", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Thimphu", "Asia/Tokyo", "Asia/Ulaanbaatar", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faroe", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/Perth", "Australia/Sydney", "Canada/Atlantic", "Canada/Central", "Canada/Eastern", "Canada/Mountain", "Canada/Newfoundland", "Canada/Pacific", "Europe/Amsterdam", "Europe/Andorra", "Europe/Athens", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "GMT", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Wake", "Pacific/Wallis", "US/Alaska", "US/Arizona", "US/Central", "US/Eastern", "US/Hawaii", "US/Mountain", "US/Pacific", "UTC", "" ] }, "minItems": 1, "maxItems": 1 }, "Action": { "description": "Must be Update.", "type": "array", "items": { "type": "string", "enum": [ "Update" ], "default": "Update" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SchedulingActive", "ScheduledServices", "TagName", "DefaultTimezone", "UseCMK", "UseLicenseManager", "Action" ] }, "required": [ "Action" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2d55p1d7z6w3d

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Detach EBS Volume", "description": "Detach an EBS volume from an EC2 instance. This change type provides an option that attempts to remediate drift in the CloudFormation stack where the volume is being detached, but that option, RemediateStackDrift, does not work on volumes created using the CloudFormation ingest change type (ct-36cn2avfrrj9v).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DetachEBSVolume.", "type": "string", "enum": [ "AWSManagedServices-DetachEBSVolume" ], "default": "AWSManagedServices-DetachEBSVolume" }, "Region": { "description": "The AWS Region where the EBS Volume is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "VolumeId": { "description": "The ID of the EBS volume, in the form vol-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^vol-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by volume modification. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to the volume modification. Set to False to modify a volume in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "VolumeId", "RemediateStackDrift" ] }, "required": [ "VolumeId" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2dphvdy1krpj6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS Aurora stack", "description": "Modify the properties of an existing AWS Relational Database Service (RDS) Aurora stack created using CT ID ct-2jvzjwunghrhy, version 1.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the RDS Aurora cluster you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "AutoMinorVersionUpgrade": { "type": "string", "description": "True if the RDS instance should have automatic minor version upgrade, false if it should not.", "enum": [ "true", "false" ] }, "BackupRetentionPeriod": { "type": "integer", "description": "The number of days for which automatic database (DB) snapshots are retained. Range is 1 - 35.", "minimum": 1, "maximum": 35 }, "EngineVersion": { "type": "string", "description": "The version number of the database engine to use. Not every database version is available for every AWS region.", "pattern": "^\\d.\\d.\\d{2}[a-z]$|^5.\\d.mysql_aurora.\\d.\\d{2}.\\d$|^8.\\d.mysql_aurora.\\d.\\d{2}.\\d$|^(\\d{2}.\\d{0,2})$|^$" }, "InstanceType": { "type": "string", "description": "The instance type to use, this determines the compute and memory capacity for the DB instance. Not every instance type is available for every database engine.", "enum": [ "db.serverless", "db.t2.small", "db.t2.medium", "db.t3.micro", "db.t3.small", "db.t3.medium", "db.t3.large", "db.t3.xlarge", "db.t3.2xlarge", "db.t4g.medium", "db.t4g.large", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.r5.large", "db.r5.xlarge", "db.r5.2xlarge", "db.r5.4xlarge", "db.r5.8xlarge", "db.r5.12xlarge", "db.r5.16xlarge", "db.r5.24xlarge", "db.r6g.large", "db.r6g.xlarge", "db.r6g.2xlarge", "db.r6g.4xlarge", "db.r6g.8xlarge", "db.r6g.12xlarge", "db.r6g.16xlarge", "db.x2g.large", "db.x2g.xlarge", "db.x2g.2xlarge", "db.x2g.4xlarge", "db.x2g.8xlarge", "db.x2g.12xlarge", "db.x2g.16xlarge" ] }, "MasterUserPassword": { "type": "string", "description": "The password that you use with the configured MasterUsername to log in to your DB instance. Must contain from 8 to 41 printable ASCII characters (excluding backslash, double quotes, and at sign).", "pattern": "^$|(?!@/\")[a-zA-Z0-9]{8,41}$", "maxLength": 41, "minLength": 8, "metadata": { "ams:sensitive": true } }, "MultiAZ": { "type": "string", "description": "True to have a secondary replica of your DB instance created in another Availability Zone for failover support, false to not have a standby.", "enum": [ "true", "false" ] }, "PerformanceInsights": { "type": "string", "description": "True to enable Performance Insights for the DB instance, false to not. Performance Insights is only available on engine type aurora and aurora-postgresql.", "enum": [ "true", "false" ] }, "PerformanceInsightsKMSKey": { "type": "string", "description": "ARN of the KMS master key to use to encrypt Performance Insights data.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "PerformanceInsightsRetentionPeriod": { "type": "string", "description": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).", "enum": [ "7", "731" ] }, "Port": { "type": "string", "description": "The port number on which the database accepts connections. Valid range is: 1150-65535.", "pattern": "^(0|11[5-8][0-9]|119[0-9]|1[2-9][0-9]{2}|[2-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$" }, "PreferredBackupWindow": { "type": "string", "description": "The daily time range during which automated backups are created. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the PreferredMaintenanceWindow setting, and must be at least 30 minutes.", "pattern": "^[0-9]{2}:[0-9]{2}-[0-9]{2}:[0-9]{2}$" }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh:mm-ddd:hh:mm (24-hour format), in Universal Coordinated Time (UTC) and must be at least 30 minutes. If you don't specify PreferredMaintenanceWindow, then Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.", "pattern": "^$|[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$" }, "ServerlessScalingMaxCapacity": { "description": "The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless cluster. The largest value that you can use is 128.0. Only applies to db.serverless InstanceType.", "type": "number", "minimum": 1, "maximum": 128 }, "ServerlessScalingMinCapacity": { "description": "The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless cluster. The smallest value that you can use is 0.5. Only applies to db.serverless InstanceType.", "type": "number", "minimum": 0.5, "maximum": 128 } }, "metadata": { "ui:order": [ "EngineVersion", "InstanceType", "MultiAZ", "MasterUserPassword", "Port", "AutoMinorVersionUpgrade", "PerformanceInsights", "PerformanceInsightsKMSKey", "PerformanceInsightsRetentionPeriod", "BackupRetentionPeriod", "PreferredBackupWindow", "PreferredMaintenanceWindow", "ServerlessScalingMaxCapacity", "ServerlessScalingMinCapacity" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2edc3sd1sqmrb

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Deploy CodeDeploy Application", "description": "Deploy a revision of an existing AWS CodeDeploy application, which are source files CodeDeploy will deploy to your instances or scripts CodeDeploy will run on your instances.", "type": "object", "properties": { "Description": { "description": "The reason for the request.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "Identifier of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360 }, "Parameters": { "description": "Specifications for the deployment.", "type": "object", "properties": { "CodeDeployApplicationName": { "description": "The name of the AWS CodeDeploy application.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "CodeDeployDeploymentConfigName": { "description": "The configuration for deployment operations: as many instances as possible at once, half of the instances at a time, or only one instance at a time.", "type": "string", "enum": [ "CodeDeployDefault.AllAtOnce", "CodeDeployDefault.HalfAtATime", "CodeDeployDefault.OneAtATime" ], "default": "CodeDeployDefault.OneAtATime" }, "CodeDeployDeploymentGroupName": { "description": "The name of the deployment group.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "CodeDeployIgnoreApplicationStopFailures": { "description": "True to ignore the failure of an ApplicationStop lifecycle event and continue to the BeforeInstall event; false to stop the deployment if the ApplicationStop event fails. Default is false.", "type": "boolean", "default": false }, "CodeDeployRevision": { "description": "The type and location of the revision to deploy.", "type": "object", "properties": { "RevisionType": { "type": "string", "enum": [ "S3" ] }, "S3Location": { "type": "object", "properties": { "S3Bucket": { "description": "The name of the Amazon S3 bucket where the application revision is stored.", "type": "string" }, "S3BundleType": { "description": "The file type of the application revision.", "type": "string", "enum": [ "tar", "tgz", "zip" ] }, "S3ETag": { "description": "The ETag of the Amazon S3 object that represents the bundled artifacts for the application revision.", "type": "string" }, "S3Key": { "description": "The name of the Amazon S3 object that represents the bundled artifacts for the application revision (e.g. my_app.zip or path/to/my_app.zip).", "type": "string" }, "S3Version": { "description": "A specific version of the Amazon S3 object that represents the bundled artifacts for the application revision.", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "S3Bucket", "S3BundleType", "S3Key", "S3ETag", "S3Version" ] }, "required": [ "S3Bucket", "S3BundleType", "S3Key" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RevisionType", "S3Location" ] }, "required": [ "RevisionType", "S3Location" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "CodeDeployApplicationName", "CodeDeployDeploymentConfigName", "CodeDeployDeploymentGroupName", "CodeDeployIgnoreApplicationStopFailures", "CodeDeployRevision" ] }, "required": [ "CodeDeployApplicationName", "CodeDeployDeploymentGroupName", "CodeDeployRevision" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-2eof6j3mlcwhf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Service-Linked Role", "description": "Create an IAM service-linked role linked to an AWS service that you specify.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateServiceLinkedRole-Admin.", "type": "string", "enum": [ "AWSManagedServices-CreateServiceLinkedRole-Admin" ], "default": "AWSManagedServices-CreateServiceLinkedRole-Admin" }, "Region": { "description": "The AWS Region of the account, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AWSServiceName": { "description": "The service principal, in the form <service-principal-name>.amazonaws.com. This value becomes the Principal element in the policy for the role. To verify that an AWS service supports IAM service-linked roles, see: AWS services that work with IAM. For a list of service principal names, see GitHub Gist: List of AWS Service Principals. Example: EC2 Auto Scaling service principal is autoscaling.amazonaws.com.", "type": "array", "items": { "type": "string", "pattern": "^[a-z-.\\d]{2,}.amazonaws.com$" }, "minItems": 1, "maxItems": 1 }, "CustomSuffix": { "description": "A string that you provide, which is combined with the service-provided prefix to form the complete role name. Note: Some services do not support the CustomSuffix parameter. If you provide an optional suffix and the operation fails, try the operation again without the suffix.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^[\\w+=,.@-]{1,64}$|^$" }, "minItems": 1, "maxItems": 1 }, "Description": { "description": "A meaningful description for the role.", "type": "array", "items": { "type": "string", "default": "", "pattern": ".*" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "AWSServiceName", "CustomSuffix", "Description" ] }, "required": [ "AWSServiceName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2epp05svrlwod

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create KMS Key (review required)", "description": "Request a KMS key by describing key permissions or submitting a key policy document.", "type": "object", "properties": { "KeyDescription": { "description": "A meaningful description of the KMS key; for example, a description that indicates that the KMS key is appropriate for a task. The default value is an empty string (no description). Note that the description appears in the details for the key in the KMS console. Do not include confidential or sensitive information as this field may appear in plain text in CloudTrail logs and other output.", "type": "string", "maxLength": 5000 }, "AliasName": { "description": "An alias name for the KMS key. The alias name must be unique in the AWS account and region, can be up to 256 characters in length, and is limited to use characters a-z, A-Z, 0-9, and /_-", "type": "string", "pattern": "^[a-zA-Z0-9/_-]{1,256}$" }, "KeyRotation": { "description": "True if the KMS key should be rotated, false if it should not. Default is true.", "type": "boolean", "default": true }, "KeyPermissions": { "description": "Detailed information about the key permissions, or a key policy document to be attached to the key (paste the policy document into the value field).", "type": "string", "maxLength": 5000 }, "MultiRegion": { "description": "True to create multi-region key, false to create single-region key. Default value is false.", "type": "boolean", "default": false }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "Operation": { "description": "Must be Create.", "type": "string", "default": "Create", "enum": [ "Create" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "KeyDescription", "AliasName", "KeyRotation", "KeyPermissions", "MultiRegion", "Tags", "Operation", "Priority" ] }, "required": [ "KeyDescription", "KeyPermissions", "Operation" ] }

Schema for Change Type ct-2fqmbyud166z9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update AD DNS Conditional Forwarder", "description": "Update AD DNS conditional forwarder for a remote domain. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateADDNSConditionalForwarder-Admin.", "type": "string", "enum": [ "AWSManagedServices-UpdateADDNSConditionalForwarder-Admin" ], "default": "AWSManagedServices-UpdateADDNSConditionalForwarder-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RemoteDomainName": { "description": "The fully qualified domain name (FQDN) of the remote domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "minItems": 1, "maxItems": 1 }, "IPAddresses": { "description": "A list of private IP addresses of the remote DNS servers associated with the conditional forwarder.", "type": "array", "items": { "type": "string", "pattern": "^(10\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3}))$|^(192\\.168\\.(\\d{1,3})\\.(\\d{1,3}))$|^(172\\.(1[6-9]|2[0-9]|3[0-1])\\.[0-9]{1,3}\\.[0-9]{1,3})$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true } }, "metadata": { "ui:order": [ "RemoteDomainName", "IPAddresses" ] }, "additionalProperties": false, "required": [ "RemoteDomainName", "IPAddresses" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2fzh1wckpl7f5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Allow List", "description": "Delete an allow list file for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be DeleteAllowList.", "type": "string", "enum": [ "DeleteAllowList" ], "default": "DeleteAllowList" }, "Parameters": { "type": "object", "properties": { "AllowListName": { "description": "The name of the allow list to delete.", "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "AllowListName" ] }, "required": [ "AllowListName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Parameters", "RequestType" ] }, "required": [ "Parameters", "RequestType" ] }

Schema for Change Type ct-2gd0u847qd9d2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create CodeDeploy deployment group", "description": "Use to create an AWS CodeDeploy application deployment group, an entity that describes what instances to deploy a given application to.", "type": "object", "properties": { "Description": { "description": "The reason for the request.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sp9lrk00000000000", "type": "string", "enum": [ "stm-sp9lrk00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "CodeDeployApplicationName": { "description": "The name of an AWS CodeDeploy application.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "CodeDeployAutoScalingGroups": { "description": "The Auto Scaling groups to be updated by AWS CodeDeploy when new instances are created. Note: Do not associate an Auto Scaling group with more than one deployment group.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 255, "pattern": "^[a-zA-Z0-9._+=,@-]{1,255}$" }, "minItems": 1, "maxItems": 10 }, "CodeDeployDeploymentConfigName": { "description": "The configuration for deployment operations: as many instances as possible at once, half of the instances at a time, or only one instance at a time.", "type": "string", "enum": [ "CodeDeployDefault.AllAtOnce", "CodeDeployDefault.HalfAtATime", "CodeDeployDefault.OneAtATime" ], "default": "CodeDeployDefault.OneAtATime" }, "CodeDeployDeploymentGroupName": { "description": "A name for the deployment group.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "CodeDeployServiceRoleArn": { "description": "The Amazon Resource Name (ARN) of an existing CodeDeploy service role that grants permission to make calls to AWS services on your behalf, in the form arn:aws:iam::ACCOUNT_ID:role/aws-codedeploy-role.", "type": "string" } }, "additionalProperties": false, "required": [ "CodeDeployApplicationName", "CodeDeployAutoScalingGroups", "CodeDeployDeploymentGroupName", "CodeDeployServiceRoleArn" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-2ha68tpd7nr3y

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account CIDRs", "description": "Create an additional VPC CIDR, or subnets, or both, for an existing application account VPC. Add up to five public and twenty private subnet tiers to the additional CIDR, or to existing CIDRs under the VPC. A subnet tier is a set of subnets provisioned in two or three Availability Zones (AZ).", "type": "object", "properties": { "VPCId": { "description": "The ID of the VPC to add additional CIDRs or subnets to.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "VPCCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) range to be added to the existing application account VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "RouteType": { "description": "The AWS Transit Gateway application route table connection type. For this VPC extension to accept connections from other VPCs, use routable. For it to not accept those connections, use isolated. The default is routable.", "type": "string", "enum": [ "isolated", "routable" ], "default": "routable" }, "PrivateRouteTableAZ1ID": { "description": "The route table ID for the private subnets in AZ1.", "type": "string", "pattern": "^rtb-([a-z0-9]{8}|[a-z0-9]{17})|^$" }, "PrivateRouteTableAZ2ID": { "description": "The route table ID for the private subnets in AZ2.", "type": "string", "pattern": "^rtb-([a-z0-9]{8}|[a-z0-9]{17})|^$" }, "PrivateRouteTableAZ3ID": { "description": "The route table ID for the private subnets in AZ3.", "type": "string", "pattern": "^rtb-([a-z0-9]{8}|[a-z0-9]{17})|^$" }, "PublicRouteTableAZ1ID": { "description": "The route table ID for the public subnets in AZ1.", "type": "string", "pattern": "^rtb-([a-z0-9]{8}|[a-z0-9]{17})|^$" }, "PublicRouteTableAZ2ID": { "description": "The route table ID for the public subnets in AZ2.", "type": "string", "pattern": "^rtb-([a-z0-9]{8}|[a-z0-9]{17})|^$" }, "PublicRouteTableAZ3ID": { "description": "The route table ID for the public subnets in AZ3.", "type": "string", "pattern": "^rtb-([a-z0-9]{8}|[a-z0-9]{17})|^$" }, "PublicSubnet1AZ1CIDR": { "description": "The CIDR for the first public subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet1AZ2CIDR": { "description": "The CIDR for the first public subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet1AZ3CIDR": { "description": "The CIDR for the first public subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet2AZ1CIDR": { "description": "The CIDR for the second public subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet2AZ2CIDR": { "description": "The CIDR for the second public subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet2AZ3CIDR": { "description": "The CIDR for the second public subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet3AZ1CIDR": { "description": "The CIDR for the third public subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet3AZ2CIDR": { "description": "The CIDR for the third public subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet3AZ3CIDR": { "description": "The CIDR for the third public subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet4AZ1CIDR": { "description": "The CIDR for the fourth public subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet4AZ2CIDR": { "description": "The CIDR for the fourth public subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet4AZ3CIDR": { "description": "The CIDR for the fourth public subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet5AZ1CIDR": { "description": "The CIDR for the fifth public subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet5AZ2CIDR": { "description": "The CIDR for the fifth public subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PublicSubnet5AZ3CIDR": { "description": "The CIDR for the fifth public subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet1AZ1CIDR": { "description": "The CIDR for the first private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet1AZ2CIDR": { "description": "The CIDR for the first private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet1AZ3CIDR": { "description": "The CIDR for the first private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet2AZ1CIDR": { "description": "The CIDR for the second private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet2AZ2CIDR": { "description": "The CIDR for the second private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet2AZ3CIDR": { "description": "The CIDR for the second private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet3AZ1CIDR": { "description": "The CIDR for the third private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet3AZ2CIDR": { "description": "The CIDR for the third private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet3AZ3CIDR": { "description": "The CIDR for the third private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet4AZ1CIDR": { "description": "The CIDR for the fourth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet4AZ2CIDR": { "description": "The CIDR for the fourth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet4AZ3CIDR": { "description": "The CIDR for the fourth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet5AZ1CIDR": { "description": "The CIDR for the fifth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet5AZ2CIDR": { "description": "The CIDR for the fifth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet5AZ3CIDR": { "description": "The CIDR for the fifth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet6AZ1CIDR": { "description": "The CIDR for the sixth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet6AZ2CIDR": { "description": "The CIDR for the sixth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet6AZ3CIDR": { "description": "The CIDR for the sixth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet7AZ1CIDR": { "description": "The CIDR for the seventh private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet7AZ2CIDR": { "description": "The CIDR for the seventh private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet7AZ3CIDR": { "description": "The CIDR for the seventh private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet8AZ1CIDR": { "description": "The CIDR for the eighth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet8AZ2CIDR": { "description": "The CIDR for the eighth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet8AZ3CIDR": { "description": "The CIDR for the eighth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet9AZ1CIDR": { "description": "The CIDR for the ninth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet9AZ2CIDR": { "description": "The CIDR for the ninth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet9AZ3CIDR": { "description": "The CIDR for the ninth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet10AZ1CIDR": { "description": "The CIDR for the tenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet10AZ2CIDR": { "description": "The CIDR for the tenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet10AZ3CIDR": { "description": "The CIDR for the tenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet11AZ1CIDR": { "description": "The CIDR for the eleventh private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet11AZ2CIDR": { "description": "The CIDR for the eleventh private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet11AZ3CIDR": { "description": "The CIDR for the eleventh private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet12AZ1CIDR": { "description": "The CIDR for the twelfth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet12AZ2CIDR": { "description": "The CIDR for the twelfth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet12AZ3CIDR": { "description": "The CIDR for the twelfth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet13AZ1CIDR": { "description": "The CIDR for the thirteenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet13AZ2CIDR": { "description": "The CIDR for the thirteenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet13AZ3CIDR": { "description": "The CIDR for the thirteenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet14AZ1CIDR": { "description": "The CIDR for the fourteenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet14AZ2CIDR": { "description": "The CIDR for the fourteenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet14AZ3CIDR": { "description": "The CIDR for the fourteenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet15AZ1CIDR": { "description": "The CIDR for the fifteenth private subnet tier in AZ31.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet15AZ2CIDR": { "description": "The CIDR for the fifteenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet15AZ3CIDR": { "description": "The CIDR for the fifteenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet16AZ1CIDR": { "description": "The CIDR for the sixteenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet16AZ2CIDR": { "description": "The CIDR for the sixteenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet16AZ3CIDR": { "description": "The CIDR for the sixteenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet17AZ1CIDR": { "description": "The CIDR for the seventeenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet17AZ2CIDR": { "description": "The CIDR for the seventeenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet17AZ3CIDR": { "description": "The CIDR for the seventeenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet18AZ1CIDR": { "description": "The CIDR for the eighteenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet18AZ2CIDR": { "description": "The CIDR for the eighteenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet18AZ3CIDR": { "description": "The CIDR for the eighteenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet19AZ1CIDR": { "description": "The CIDR for the ninteenth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet19AZ2CIDR": { "description": "The CIDR for the ninteenth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet19AZ3CIDR": { "description": "The CIDR for the ninteenth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet20AZ1CIDR": { "description": "The CIDR for the twentieth private subnet tier in AZ1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet20AZ2CIDR": { "description": "The CIDR for the twentieth private subnet tier in AZ2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" }, "PrivateSubnet20AZ3CIDR": { "description": "The CIDR for the twentieth private subnet tier in AZ3. Use only if three AZs are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$|^$" } }, "metadata": { "ui:order": [ "VPCCIDR", "RouteType", "PrivateRouteTableAZ1ID", "PrivateRouteTableAZ2ID", "PrivateRouteTableAZ3ID", "PublicRouteTableAZ1ID", "PublicRouteTableAZ2ID", "PublicRouteTableAZ3ID", "PublicSubnet1AZ1CIDR", "PublicSubnet1AZ2CIDR", "PublicSubnet1AZ3CIDR", "PublicSubnet2AZ1CIDR", "PublicSubnet2AZ2CIDR", "PublicSubnet2AZ3CIDR", "PublicSubnet3AZ1CIDR", "PublicSubnet3AZ2CIDR", "PublicSubnet3AZ3CIDR", "PublicSubnet4AZ1CIDR", "PublicSubnet4AZ2CIDR", "PublicSubnet4AZ3CIDR", "PublicSubnet5AZ1CIDR", "PublicSubnet5AZ2CIDR", "PublicSubnet5AZ3CIDR", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "PrivateSubnet1AZ3CIDR", "PrivateSubnet2AZ1CIDR", "PrivateSubnet2AZ2CIDR", "PrivateSubnet2AZ3CIDR", "PrivateSubnet3AZ1CIDR", "PrivateSubnet3AZ2CIDR", "PrivateSubnet3AZ3CIDR", "PrivateSubnet4AZ1CIDR", "PrivateSubnet4AZ2CIDR", "PrivateSubnet4AZ3CIDR", "PrivateSubnet5AZ1CIDR", "PrivateSubnet5AZ2CIDR", "PrivateSubnet5AZ3CIDR", "PrivateSubnet6AZ1CIDR", "PrivateSubnet6AZ2CIDR", "PrivateSubnet6AZ3CIDR", "PrivateSubnet7AZ1CIDR", "PrivateSubnet7AZ2CIDR", "PrivateSubnet7AZ3CIDR", "PrivateSubnet8AZ1CIDR", "PrivateSubnet8AZ2CIDR", "PrivateSubnet8AZ3CIDR", "PrivateSubnet9AZ1CIDR", "PrivateSubnet9AZ2CIDR", "PrivateSubnet9AZ3CIDR", "PrivateSubnet10AZ1CIDR", "PrivateSubnet10AZ2CIDR", "PrivateSubnet10AZ3CIDR", "PrivateSubnet11AZ1CIDR", "PrivateSubnet11AZ2CIDR", "PrivateSubnet11AZ3CIDR", "PrivateSubnet12AZ1CIDR", "PrivateSubnet12AZ2CIDR", "PrivateSubnet12AZ3CIDR", "PrivateSubnet13AZ1CIDR", "PrivateSubnet13AZ2CIDR", "PrivateSubnet13AZ3CIDR", "PrivateSubnet14AZ1CIDR", "PrivateSubnet14AZ2CIDR", "PrivateSubnet14AZ3CIDR", "PrivateSubnet15AZ1CIDR", "PrivateSubnet15AZ2CIDR", "PrivateSubnet15AZ3CIDR", "PrivateSubnet16AZ1CIDR", "PrivateSubnet16AZ2CIDR", "PrivateSubnet16AZ3CIDR", "PrivateSubnet17AZ1CIDR", "PrivateSubnet17AZ2CIDR", "PrivateSubnet17AZ3CIDR", "PrivateSubnet18AZ1CIDR", "PrivateSubnet18AZ2CIDR", "PrivateSubnet18AZ3CIDR", "PrivateSubnet19AZ1CIDR", "PrivateSubnet19AZ2CIDR", "PrivateSubnet19AZ3CIDR", "PrivateSubnet20AZ1CIDR", "PrivateSubnet20AZ2CIDR", "PrivateSubnet20AZ3CIDR" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VPCId", "Parameters" ] }, "additionalProperties": false, "required": [ "VPCId", "Parameters" ] }

Schema for Change Type ct-2hh93eyzmwbkd

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change S3 Bucket Versioning Setting", "description": "Change S3 bucket versioning setting through direct API calls. The S3 bucket can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-1gi93jhvj28eg instead, or ct-361tlo1k7339x if the S3 bucket was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateBucketVersioning.", "type": "string", "enum": [ "AWSManagedServices-UpdateBucketVersioning" ], "default": "AWSManagedServices-UpdateBucketVersioning" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BucketName": { "description": "The name of the bucket to update.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "minItems": 1, "maxItems": 1 }, "Versioning": { "description": "Enabled to maintain bucket versioning, Suspended to disable bucket versioning. Use S3 Versioning to keep multiple versions of an object in one bucket.", "type": "string", "enum": [ "Enabled", "Suspended" ] } }, "metadata": { "ui:order": [ "BucketName", "Versioning" ] }, "additionalProperties": false, "required": [ "BucketName", "Versioning" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2hhqzgxvkcig8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Access Key", "description": "Create a new AWS secret access key and corresponding AWS access key ID for the specified user.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateIAMAccessKeyV2.", "type": "string", "enum": [ "AWSManagedServices-CreateIAMAccessKeyV2" ], "default": "AWSManagedServices-CreateIAMAccessKeyV2" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "UserARN": { "description": "The ARN of the IAM user that the new key will belong to.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:user/[\\w+=,.@-]+$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "UserARN" ] }, "required": [ "UserARN" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2hhud2lx01tq7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start Backup Job", "description": "Start an AWS Backup service backup job to create a one-time snapshot of the specified resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartBackupJob.", "type": "string", "enum": [ "AWSManagedServices-StartBackupJob" ], "default": "AWSManagedServices-StartBackupJob" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of the target backup vault. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens. If a name is not specified, the name ams-manual-backups is used.", "type": "array", "items": { "type": "string", "default": "ams-manual-backups", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "CompleteWindowMinutes": { "description": "The amount of time AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "type": "array", "items": { "type": "string", "pattern": "^(1[2-8][0-9]|19[0-9]|[2-9][0-9]{2}|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[1-8][0-9]{7}|9[0-8][0-9]{6}|99[0-8][0-9]{5}|999[0-8][0-9]{4}|9999[0-8][0-9]{3}|99999[0-8][0-9]{2}|999999[0-8][0-9]|9999999[0-9]|[1-8][0-9]{8}|9[0-8][0-9]{7}|99[0-8][0-9]{6}|999[0-8][0-9]{5}|9999[0-8][0-9]{4}|99999[0-8][0-9]{3}|999999[0-8][0-9]{2}|9999999[0-8][0-9]|99999999[0-9]|1[0-9]{9}|20[0-9]{8}|21[0-3][0-9]{7}|214[0-6][0-9]{6}|2147[0-3][0-9]{5}|21474[0-7][0-9]{4}|214748[0-2][0-9]{3}|2147483[0-5][0-9]{2}|21474836[0-3][0-9]|214748364[0-7])$" }, "maxItems": 1 }, "DeleteAfterDays": { "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "type": "array", "items": { "type": "string", "pattern": "^([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[12][0-9]{4}|3[0-4][0-9]{3}|35[0-5][0-9]{2}|35600)$" }, "maxItems": 1 }, "ResourceArn": { "description": "The Amazon Resource Name (ARN) of the AWS resource to backup.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "StartWindowMinutes": { "description": "The amount of time in minutes before beginning a backup. The minimum value is 60. If a value is not specified, the backup starts immediately.", "type": "array", "items": { "type": "string", "pattern": "^([6-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[1-8][0-9]{7}|9[0-8][0-9]{6}|99[0-8][0-9]{5}|999[0-8][0-9]{4}|9999[0-8][0-9]{3}|99999[0-8][0-9]{2}|999999[0-8][0-9]|9999999[0-9]|[1-8][0-9]{8}|9[0-8][0-9]{7}|99[0-8][0-9]{6}|999[0-8][0-9]{5}|9999[0-8][0-9]{4}|99999[0-8][0-9]{3}|999999[0-8][0-9]{2}|9999999[0-8][0-9]|99999999[0-9]|1[0-9]{9}|20[0-9]{8}|21[0-3][0-9]{7}|214[0-6][0-9]{6}|2147[0-3][0-9]{5}|21474[0-7][0-9]{4}|214748[0-2][0-9]{3}|2147483[0-5][0-9]{2}|21474836[0-3][0-9]|214748364[0-7])$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupVaultName", "CompleteWindowMinutes", "DeleteAfterDays", "ResourceArn", "StartWindowMinutes" ] }, "additionalProperties": false, "required": [ "ResourceArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2hxcllf1b4ey0

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS source endpoint for MongoDB", "description": "Use to create a Database Migration Service (DMS) source endpoint for MongoDB.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-pud4ghhkp7395n9bc.", "type": "string", "enum": [ "stm-pud4ghhkp7395n9bc" ], "default": "stm-pud4ghhkp7395n9bc" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "CertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) for the certificate to use with the source. This is required if SslMode = verify-full.", "pattern": "^$|^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:cert:[A-Z0-9]+$" }, "DatabaseName": { "type": "string", "description": "The name of the source database." }, "EndpointIdentifier": { "type": "string", "description": "A meaningful identifier for the source database endpoint. Must be unique for all endpoints owned by your AWS account in the current region. Must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "EngineName": { "type": "string", "description": "Must be mongodb.", "enum": [ "mongodb" ] }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. See AWS documentation for more information on the supported extra connection attributes for MongoDb." }, "Password": { "type": "string", "description": "The password to be used to log in to the source database. Leave blank if MongoDbAuthType = no.", "metadata": { "ams:sensitive": true } }, "Port": { "type": "integer", "description": "The port used by the source database.", "minimum": 1, "maximum": 65535 }, "ServerName": { "type": "string", "description": "The name of the server where the source database resides." }, "SslMode": { "type": "string", "description": "The SSL mode to use for the SSL connection.", "enum": [ "none", "require", "verify-full" ], "default": "none" }, "Username": { "type": "string", "description": "The user name to be used to log in to the source database. Leave blank if MongoDbAuthType = no.", "metadata": { "ams:sensitive": true } }, "MongoDbAuthMechanism": { "type": "string", "description": "The authentication mechanism used to access the MongoDB source endpoint. Do not use if MongoDbAuthType = no.", "enum": [ "default", "mongodb_cr", "scram_sha_1" ], "default": "default" }, "MongoDbAuthSource": { "type": "string", "description": "The MongoDB database name. Do not use if MongoDbAuthType = no.", "default": "admin" }, "MongoDbAuthType": { "type": "string", "description": "The authentication type or mode used to access the MongoDB source endpoint.", "enum": [ "no", "password" ], "default": "no" }, "MongoDbDocsToInvestigate": { "type": "string", "description": "The number of documents to preview to determine the document organization. Use if MongoDbMetadataMode = one. Must be a positive value greater than 0.", "pattern": "^[1-9]{1}$|^[1-9]{1}[0-9]+$", "default": "1000" }, "MongoDbExtractDocId": { "type": "string", "description": "True to extract the MongoDB document ID as a separate column; false to not. Use if MongoDbMetadataMode = none.", "enum": [ "true", "false" ], "default": "false" }, "MongoDbMetadataMode": { "type": "string", "description": "The mode used for MongoDB metadata. For document mode use none, for table mode use one.", "enum": [ "none", "one" ], "default": "none" } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ServerName", "Port", "DatabaseName", "Username", "Password", "SslMode", "CertificateArn", "ExtraConnectionAttributes", "MongoDbAuthType", "MongoDbAuthMechanism", "MongoDbAuthSource", "MongoDbMetadataMode", "MongoDbDocsToInvestigate", "MongoDbExtractDocId" ] }, "required": [ "EngineName", "ServerName", "Port", "DatabaseName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2hyozbpa0sx0m

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create AWS Backup Plan", "description": "Create an AWS Backup plan, a policy expression that defines when and how you want to back up your AWS resources.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the backup plan to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "This parameter is deprecated and will be removed in the future. AMS generates a unique, random, name for the resource and that becomes the StackName in the AMS console.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackTemplateId": { "description": "Must be stm-sc68a620000000000", "type": "string", "enum": [ "stm-sc68a620000000000" ], "default": "stm-sc68a620000000000" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for the execution of the change. This does not prolong execution, but the RFC fails if the change is not completed within the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "BackupPlanName": { "type": "string", "description": "A meaningful name for the AWS Backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.", "pattern": "^[a-zA-Z0-9\\_\\-.]{1,50}$" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue." }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue." }, "WindowsVSS": { "type": "string", "description": "Enabled to use the Windows Volume Shadow Copy Service (VSS) backup option in AWS Backup. Disabled to create a regular backup. Default is disabled.", "enum": [ "disabled", "enabled" ], "default": "disabled" }, "BackupRule1Name": { "type": "string", "description": "A meaningful name for the AWS Backup plan rule #1.", "default": "BackupRule1" }, "BackupRule1Vault": { "type": "string", "description": "The name of the AWS Backup Vault to be used in the AWS Backup plan rule #1.", "default": "ams-custom-backups" }, "BackupRule1CompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000, "default": 1400 }, "BackupRule1ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule1DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule1MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule1StartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000, "default": 180 }, "BackupRule1RecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for backup rule #1.", "default": "" }, "BackupRule1RecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRule1RecoveryPointTagKey.", "default": "" }, "BackupRule1EnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "BackupRule1CopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule #1: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "default": "", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRule1CAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule #1 copy actions: The number of days after creation before the recovery point is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule1CopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule #1 copy actions: The number of days after creation that a recovery point is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2Name": { "type": "string", "description": "A meaningful name for the AWS Backup plan rule #2.", "default": "" }, "BackupRule2Vault": { "type": "string", "description": "The name of the AWS Backup Vault to be used in the AWS Backup plan rule #2.", "default": "ams-custom-backups" }, "BackupRule2CompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000, "default": 1400 }, "BackupRule2ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule2DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2StartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000, "default": 180 }, "BackupRule2RecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for backup rule #2." }, "BackupRule2RecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRule2RecoveryPointTagKey." }, "BackupRule2EnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "BackupRule2CopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule #2: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "default": "", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRule2CAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule #2 copy actions: The number of days after creation before the recovery point is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2CopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule #2 copy actions: The number of days after creation that a recovery point is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3Name": { "type": "string", "description": "A meaningful name for the AWS Backup plan rule #3.", "default": "" }, "BackupRule3Vault": { "type": "string", "description": "The name of the AWS Backup Vault to be used in the AWS Backup plan rule #3.", "default": "ams-custom-backups" }, "BackupRule3CompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000, "default": 1400 }, "BackupRule3ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule3DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3StartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000, "default": 180 }, "BackupRule3RecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for backup rule #3." }, "BackupRule3RecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRule3RecoveryPointTagKey." }, "BackupRule3EnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "BackupRule3CopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule #3: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "default": "", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRule3CAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule #3 copy actions: The number of days after creation before the recovery point is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3CopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule #3 copy actions: The number of days after creation that a recovery point is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4Name": { "type": "string", "description": "A meaningful name for the AWS Backup plan rule #4.", "default": "" }, "BackupRule4Vault": { "type": "string", "description": "The name of the AWS Backup Vault to be used in the AWS Backup plan rule #4.", "default": "ams-custom-backups" }, "BackupRule4CompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000, "default": 1400 }, "BackupRule4ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule4DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4StartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000, "default": 180 }, "BackupRule4RecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for backup rule #4." }, "BackupRule4RecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRule4RecoveryPointTagKey." }, "BackupRule4EnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "BackupRule4CopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule #4: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "default": "", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRule4CAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule #4 copy actions: The number of days after creation before the recovery point is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4CopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule #4 copy actions: The number of days after creation that a recovery point is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule5Name": { "type": "string", "description": "A meaningful name for the AWS Backup plan rule #5.", "default": "" }, "BackupRule5Vault": { "type": "string", "description": "The name of the AWS Backup Vault to be used in the AWS Backup plan rule #5.", "default": "ams-custom-backups" }, "BackupRule5CompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000, "default": 1400 }, "BackupRule5ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule5DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule5MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule5StartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000, "default": 180 }, "BackupRule5RecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for backup rule #5." }, "BackupRule5RecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRule5RecoveryPointTagKey." }, "BackupRule5EnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "BackupRule5CopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule #5: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "default": "", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRule5CAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule #5 copy actions: The number of days after creation before the recovery point is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule5CopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule #5 copy actions: The number of days after creation that a recovery point is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule6Name": { "type": "string", "description": "A meaningful name for the AWS Backup plan rule #6.", "default": "" }, "BackupRule6Vault": { "type": "string", "description": "The name of the AWS Backup Vault to be used in the AWS Backup plan rule #6.", "default": "ams-custom-backups" }, "BackupRule6CompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000, "default": 1400 }, "BackupRule6ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule6DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule6MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule6StartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000, "default": 180 }, "BackupRule6RecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for backup rule #6." }, "BackupRule6RecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRule6RecoveryPointTagKey." }, "BackupRule6EnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "BackupRule6CopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule #6: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "default": "", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRule6CAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule #6 copy actions: The number of days after creation before the recovery point is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule6CopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule #6 copy actions: The number of days after creation that a recovery point is deleted. Valid values are between 1 and 35600. If a value is not specified, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 } }, "metadata": { "ui:order": [ "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "WindowsVSS", "BackupRule1Name", "BackupRule1Vault", "BackupRule1CompletionWindowMinutes", "BackupRule1ScheduleExpression", "BackupRule1DeleteAfterDays", "BackupRule1MoveToColdStorageAfterDays", "BackupRule1StartWindowMinutes", "BackupRule1RecoveryPointTagKey", "BackupRule1RecoveryPointTagValue", "BackupRule1EnableContinuousBackup", "BackupRule1CopyActionsDestVaultArn", "BackupRule1CAMoveToColdStorageAfterDays", "BackupRule1CopyActionsDeleteAfterDays", "BackupRule2Name", "BackupRule2Vault", "BackupRule2CompletionWindowMinutes", "BackupRule2ScheduleExpression", "BackupRule2DeleteAfterDays", "BackupRule2MoveToColdStorageAfterDays", "BackupRule2StartWindowMinutes", "BackupRule2RecoveryPointTagKey", "BackupRule2RecoveryPointTagValue", "BackupRule2EnableContinuousBackup", "BackupRule2CopyActionsDestVaultArn", "BackupRule2CAMoveToColdStorageAfterDays", "BackupRule2CopyActionsDeleteAfterDays", "BackupRule3Name", "BackupRule3Vault", "BackupRule3CompletionWindowMinutes", "BackupRule3ScheduleExpression", "BackupRule3DeleteAfterDays", "BackupRule3MoveToColdStorageAfterDays", "BackupRule3StartWindowMinutes", "BackupRule3RecoveryPointTagKey", "BackupRule3RecoveryPointTagValue", "BackupRule3EnableContinuousBackup", "BackupRule3CopyActionsDestVaultArn", "BackupRule3CAMoveToColdStorageAfterDays", "BackupRule3CopyActionsDeleteAfterDays", "BackupRule4Name", "BackupRule4Vault", "BackupRule4CompletionWindowMinutes", "BackupRule4ScheduleExpression", "BackupRule4DeleteAfterDays", "BackupRule4MoveToColdStorageAfterDays", "BackupRule4StartWindowMinutes", "BackupRule4RecoveryPointTagKey", "BackupRule4RecoveryPointTagValue", "BackupRule4EnableContinuousBackup", "BackupRule4CopyActionsDestVaultArn", "BackupRule4CAMoveToColdStorageAfterDays", "BackupRule4CopyActionsDeleteAfterDays", "BackupRule5Name", "BackupRule5Vault", "BackupRule5CompletionWindowMinutes", "BackupRule5ScheduleExpression", "BackupRule5DeleteAfterDays", "BackupRule5MoveToColdStorageAfterDays", "BackupRule5StartWindowMinutes", "BackupRule5RecoveryPointTagKey", "BackupRule5RecoveryPointTagValue", "BackupRule5EnableContinuousBackup", "BackupRule5CopyActionsDestVaultArn", "BackupRule5CAMoveToColdStorageAfterDays", "BackupRule5CopyActionsDeleteAfterDays", "BackupRule6Name", "BackupRule6Vault", "BackupRule6CompletionWindowMinutes", "BackupRule6ScheduleExpression", "BackupRule6DeleteAfterDays", "BackupRule6MoveToColdStorageAfterDays", "BackupRule6StartWindowMinutes", "BackupRule6RecoveryPointTagKey", "BackupRule6RecoveryPointTagValue", "BackupRule6EnableContinuousBackup", "BackupRule6CopyActionsDestVaultArn", "BackupRule6CAMoveToColdStorageAfterDays", "BackupRule6CopyActionsDeleteAfterDays" ] }, "required": [ "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1Name", "BackupRule1Vault", "BackupRule1ScheduleExpression" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "VpcId", "Description", "Parameters", "TimeoutInMinutes", "StackTemplateId" ] }, "required": [ "Name", "VpcId", "Description", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2j7q1hgf26x5c

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Tools Account With VPC", "description": "Create a managed AWS landing zone tools account and a VPC with a private subnet, an isolated private subnet, and a public subnet. Optionally, also create an AWS Backup plan with up to four different rules. Managed AWS landing zone core accounts must already be onboarded to AWS Managed Services (AMS).", "type": "object", "properties": { "AccountName": { "description": "A name for the new tools account. Maximum length 50 characters. The underscore ( _ ) is not allowed.", "type": "string", "pattern": "^[a-zA-Z0-9]{1}[a-zA-Z0-9.-]{0,49}$" }, "Parameters": { "type": "object", "properties": { "AccountEmail": { "description": "The email address for the new tools account. The email must be unique per account, since it will be used, with your password, to sign in as root user to your account. This email address is not used for communication.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "ApplicationOUName": { "description": "The name of an existing organizational unit (OU) for this tools account, in the form of <application ou name>:<child ou name>. The default value is applications:tools.", "type": "string", "default": "applications:tools" }, "SupportLevel": { "description": "The account's AMS support level, Premium or Plus.", "type": "string", "enum": [ "plus", "premium" ] }, "VpcName": { "description": "A meaningful name for the tools account VPC. Must be unique within this tools account.", "type": "string" }, "VpcCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) for the VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "TransitGatewayApplicationRouteTableName": { "description": "The existing AWS Transit Gateway route table for this tools account VPC. The default is defaultAppRouteDomain. To create a new application route table, use the Create Application Route Table change type (ct-1urj94c3hdfu5).", "type": "string", "default": "defaultAppRouteDomain" }, "PrivateSubnetIsolatedCIDR": { "description": "The CIDR range to create the isolated private subnet. There is no communication back to on premises network from this subnet.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnetCIDR": { "description": "The CIDR range to create the private subnet.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetCIDR": { "description": "The CIDR for the public subnet", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "DirectAlertsEmail": { "description": "The email address to receive certain resource-based alerts; note the onboarding process will create your SNS subscription. If not specified, then you can subscribe later using the Subscribe to DirectCustomerAlerts change type (ct-3rcl9u1k017wu).", "type": "string", "pattern": "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$" }, "SamlMetadataDocumentURL": { "description": "The URL that points to the Security Assertion Markup Language(SAML) metadata document that is used to enable federated access to the tools account. Typically, a pre-signed URL for an Amazon S3 object.", "type": "string", "pattern": "^https://.+$|^$" }, "BackupPlanName": { "type": "string", "description": "A meaningful name for the AWS Backup plan, which is a policy expression that defines when and how you want to back up your AWS resources.", "default": "default-backup-plan" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "Backup" }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "True" }, "BackupRule1ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? *) sets a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$", "default": "cron(0 2 ? * * )" }, "BackupRule1DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backups are deleted. Valid values are between 1 and 35600. If the value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 7 }, "BackupRule1MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that daily backup are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? *) sets a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule2DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? *) sets a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule3DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that monthly backups are deleted. Valid values are between 1 and 35600. If the value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the monthly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule4DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 } }, "metadata": { "ui:order": [ "AccountEmail", "ApplicationOUName", "SupportLevel", "DirectAlertsEmail", "SamlMetadataDocumentURL", "VpcName", "VpcCIDR", "TransitGatewayApplicationRouteTableName", "PrivateSubnetIsolatedCIDR", "PrivateSubnetCIDR", "PublicSubnetCIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression", "BackupRule1DeleteAfterDays", "BackupRule1MoveToColdStorageAfterDays", "BackupRule2ScheduleExpression", "BackupRule2DeleteAfterDays", "BackupRule2MoveToColdStorageAfterDays", "BackupRule3ScheduleExpression", "BackupRule3DeleteAfterDays", "BackupRule3MoveToColdStorageAfterDays", "BackupRule4ScheduleExpression", "BackupRule4DeleteAfterDays", "BackupRule4MoveToColdStorageAfterDays" ] }, "additionalProperties": false, "required": [ "AccountEmail", "SupportLevel", "VpcName", "VpcCIDR", "PrivateSubnetIsolatedCIDR", "PrivateSubnetCIDR", "PublicSubnetCIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression" ] } }, "metadata": { "ui:order": [ "AccountName", "Parameters" ] }, "additionalProperties": false, "required": [ "AccountName", "Parameters" ] }

Schema for Change Type ct-2jndrh7uit8uf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Deploy AMS Patterns", "description": "Deploy an AMS pattern to the current account. Patterns provide tools, architectures, and step-by-step guidance for implementing the methodologies for the migration strategy. Multi-account landing zone accounts can also specify OrganizationalUnit to deploy the pattern to all the accounts in that OU.", "type": "object", "properties": { "PatternName": { "description": "The name of the AMS pattern to be deployed. Please reach out to your AMS Cloud Architect for more details about each pattern before deploying.", "type": "string", "enum": [ "amsAviatrixSALZ", "amsAzureADFederationUser", "amsCheckAndEnableLDAPSignAndSeal", "amsCheckAndRepairSecureChannel", "amsCICDwithAwsCodeSuite", "amsCISHardening", "amscloudcustodianpipeline", "amsCloudWatchAlarmScheduler", "amsCloudWatchLogGroupsPeriodicRetention", "amsCloudwatchLogsRetention", "amsControlTowerAccountNotify", "amsCrossAccountSnapshotCopier", "amsCrowdStrikeAgentManagement", "amsCUDOS", "amsCWAlarmforDirectConnect", "amsCWCustomMetrics", "amsCWLogsAgentManagement", "amsCWLogsAggregationToSplunk", "amsCyberArkIntegration", "amsDataSyncMonitor", "amsDCMasking", "amsDeleteNATGateways", "amsDetectAndRemediateVpnAlarms", "amsDiskUsageAutomation", "amsDotNetPatchesExclusion", "amsDR", "amsDSMlogsToS3snsLambdaStreaming", "amsEBSSnapshotDeletion", "amsEbsVolumeSnapshotTagger", "amsEnhancedLinuxAccessManagement", "amsEOSInstanceChecker", "amsEPSEventSNSNotification", "amsEventsToSplunk", "amsGuardDutySnsIntegration", "amsImdsv1ToImdsv2DashboardMonitoringAccount", "amsImdsv1ToImdsv2DashboardPerAccount", "amsImdsv1ToImdsv2DashboardSourceAccounts", "amsImdsv1ToImdsv2Remediation", "amsIMDSv2Enforcer", "amsInfrastructureCICD", "amsModifyAlarmSNS", "amsOrphanedEBSVolumesCleanup", "amsPrismaCloud", "amsProwler", "amsPublicENIAudit", "amsQualysAgentManagement", "amsQuotaMonitor", "amsQuotaMonitorNoOUSALZ", "amsQuotaMonitorLogging", "amsQuotaMonitorSqSpoke", "amsQuotaMonitorTaSpoke", "amsRDPBastionPreWarm", "amsRDPBastionTools", "amsRdsCustomMonitoring", "amsRdsMSSQLMonitoring", "amsRDSSecretsRotation", "amsRFCSlackNotifications", "amsS3ReplicationCustomObjectKeys", "amsSnowflakeIntegration", "amsSpecificChangeTypeRFCNotification", "amsTagChecker", "amsUpdateR53onBastionRotation", "AWS_SSO_Running_on_AMS_MAD_Account" ] }, "PatternParameters": { "description": "Add parameters (parameter name/value pairs) required for deploying AMS Pattern.", "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "OrganizationalUnitIds": { "description": "Organizational Unit Ids in which the patterns will be deployed to. Use this for deploying a pattern as a StackSet stack in a multi-account landing zone (MALZ) Management account. For single-account landing zone (SALZ) application account, ignore this parameter.", "type": "array", "items": { "type": "string", "pattern": "ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$" }, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "PatternName", "PatternParameters", "OrganizationalUnitIds", "Priority" ] }, "required": [ "PatternName" ] }

Schema for Change Type ct-2jvzjwunghrhy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create a RDS Aurora stack allowing either MultiAZ or Single Instance", "description": "Create an AWS Relational Database Service (RDS) Aurora stack using either multi-availability zone (MultiAZ) or a single instance.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-j24cifrdi0untnsn6", "type": "string", "enum": [ "stm-j24cifrdi0untnsn6" ], "default": "stm-j24cifrdi0untnsn6" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "AutoMinorVersionUpgrade": { "type": "string", "description": "True if the RDS instance should have automatic minor version upgrade, false if it should not. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "BackupRetentionPeriod": { "type": "integer", "description": "The number of days for which automatic database (DB) snapshots are retained. Range is 1 - 35.", "default": 7, "minimum": 1, "maximum": 35 }, "ClusterName": { "type": "string", "description": "Optional identifier for the DB Cluster that is created with your instance. If you do not provide one, a default identifier based on the instance identifier is used. The cluster identifier is used in determining the cluster's connection endpoint.", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "default": "" }, "DBEngine": { "type": "string", "description": "The name of the engine for the Aurora database. For a MySQL 5.6 compatible database, use 'aurora', for a MySQL 5.7 compatible database, use 'aurora-mysql', for a PostgreSQL compatible database, use 'aurora-postgresql'. Not every database engine is available for every AWS region. For a list of available engines, use the DescribeDBEngineVersions AWS API action.", "enum": [ "aurora", "aurora-mysql", "aurora-postgresql" ], "default": "aurora" }, "DBName": { "type": "string", "description": "A name for the database. The meaning of this parameter differs according to the database engine you use.", "pattern": "^[a-zA-Z0-9]{1,64}$", "maxLength": 64, "minLength": 1 }, "DBClusterParameterGroupName": { "description": "The name of an existing DB cluster parameter group. The parameter group must be compatible with the DBEngine and the EngineVersion.", "type": "string", "pattern": "^(?!.*--.*)(?!.*-$)[a-zA-Z][a-zA-Z0-9-.]{0,254}$" }, "DBSubnetGroupName": { "type": "string", "description": "The name of an existing DB subnet group provisioned with the \"RDS database stack | Create DB subnet group\" change type.", "pattern": "^[a-zA-Z0-9._-]{1,255}$" }, "EngineVersion": { "type": "string", "description": "The version number of the database engine to use. Not every database version is available for every AWS region.", "pattern": "^\\d.\\d.\\d{2}[a-z]$|^5.\\d.mysql_aurora.\\d.\\d{2}.\\d$|^8.\\d.mysql_aurora.\\d.\\d{2}.\\d$|^(\\d{2}.\\d{0,2})$|^$", "default": "" }, "InstanceType": { "type": "string", "description": "The instance type to use, this determines the compute and memory capacity for the DB instance. Not every instance type is available for every database engine.", "enum": [ "db.serverless", "db.t2.small", "db.t2.medium", "db.t3.micro", "db.t3.small", "db.t3.medium", "db.t3.large", "db.t3.xlarge", "db.t3.2xlarge", "db.t4g.medium", "db.t4g.large", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.r5.large", "db.r5.xlarge", "db.r5.2xlarge", "db.r5.4xlarge", "db.r5.8xlarge", "db.r5.12xlarge", "db.r5.16xlarge", "db.r5.24xlarge", "db.r6g.large", "db.r6g.xlarge", "db.r6g.2xlarge", "db.r6g.4xlarge", "db.r6g.8xlarge", "db.r6g.12xlarge", "db.r6g.16xlarge", "db.x2g.large", "db.x2g.xlarge", "db.x2g.2xlarge", "db.x2g.4xlarge", "db.x2g.8xlarge", "db.x2g.12xlarge", "db.x2g.16xlarge" ], "default": "db.r4.large" }, "MasterUsername": { "type": "string", "description": "The name that you use with the configured MasterUserPassword to log in to your DB instance. Must begin with a letter and contain from 1 to 16 alphanumeric characters.", "pattern": "^[a-zA-Z][a-zA-Z0-9]{1,15}$", "maxLength": 16, "minLength": 1 }, "MasterUserPassword": { "type": "string", "description": "The password that you use with the configured MasterUsername to log in to your DB instance. Must contain from 8 to 41 printable ASCII characters (excluding backslash, double quotes, and at sign).", "pattern": "^$|(?!@/\")[a-zA-Z0-9]{8,41}$", "maxLength": 41, "minLength": 8, "metadata": { "ams:sensitive": true } }, "MultiAZ": { "type": "string", "description": "True to have a secondary replica of your DB instance created in another Availability Zone for failover support, false to not have a standby. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "PerformanceInsights": { "type": "string", "description": "True to enable Performance Insights for the DB instance, false to not. Performance Insights is only available on engine type aurora and aurora-postgresql.", "enum": [ "true", "false" ], "default": "true" }, "PerformanceInsightsKMSKey": { "type": "string", "description": "ARN of the KMS master key to use to encrypt Performance Insights data. Specify default to use the default RDS KMS Key.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" }, "PerformanceInsightsRetentionPeriod": { "type": "string", "description": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).", "enum": [ "7", "731" ], "default": "7" }, "Port": { "type": "string", "description": "The port for the instance. Valid range is: 1150-65535. Specifying 0 assigns the default based on the selected DBEngine (aurora=3306, aurora-mysql=3306, aurora-postgresql=5432).", "pattern": "^(0|11[5-8][0-9]|119[0-9]|1[2-9][0-9]{2}|[2-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", "default": "0" }, "PreferredBackupWindow": { "type": "string", "description": "The daily time range during which automated backups are created. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the PreferredMaintenanceWindow setting, and must be at least 30 minutes.", "pattern": "^[0-9]{2}:[0-9]{2}-[0-9]{2}:[0-9]{2}$", "default": "22:00-23:00" }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh:mm-ddd:hh:mm (24-hour format), in Universal Coordinated Time (UTC) and must be at least 30 minutes. If you don't specify PreferredMaintenanceWindow, then Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.", "pattern": "^$|[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$", "default": "" }, "ServerlessScalingMaxCapacity": { "description": "The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless cluster. The largest value that you can use is 128.0. Only applies to db.serverless InstanceType.", "type": "number", "minimum": 1, "maximum": 128, "default": 1 }, "ServerlessScalingMinCapacity": { "description": "The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless cluster. The smallest value that you can use is 0.5. Only applies to db.serverless InstanceType.", "type": "number", "minimum": 0.5, "maximum": 128, "default": 0.5 }, "StorageEncryptionKey": { "type": "string", "description": "ARN of the KMS master key to use to encrypt the database. Specify default to use the default RDS KMS Key. Leave blank to not encrypt the database.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" } }, "metadata": { "ui:order": [ "DBEngine", "EngineVersion", "InstanceType", "MultiAZ", "DBName", "ClusterName", "DBClusterParameterGroupName", "DBSubnetGroupName", "MasterUsername", "MasterUserPassword", "Port", "StorageEncryptionKey", "AutoMinorVersionUpgrade", "PerformanceInsights", "PerformanceInsightsKMSKey", "PerformanceInsightsRetentionPeriod", "BackupRetentionPeriod", "PreferredBackupWindow", "PreferredMaintenanceWindow", "ServerlessScalingMaxCapacity", "ServerlessScalingMinCapacity" ] }, "required": [ "DBEngine", "EngineVersion", "DBName", "DBSubnetGroupName", "MasterUsername", "MasterUserPassword" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2lt0jeydeumpe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable KMS CMK Auto Rotation", "description": "Enable automatic key rotation for an AWS Key Management Service (KMS) customer master key (CMK).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EnableKMSKeyRotation.", "type": "string", "enum": [ "AWSManagedServices-EnableKMSKeyRotation" ], "default": "AWSManagedServices-EnableKMSKeyRotation" }, "Region": { "description": "The AWS Region in which the KMS Key is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "KeyId": { "description": "The ID of the KMS key to enable rotation for. This can be either the key ID or the key ARN.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "KeyId" ] }, "additionalProperties": false, "required": [ "KeyId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2mf36chtp1ejh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove Allow List URLs", "description": "Remove URLs from an allow list file for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be RemoveURLs.", "type": "string", "enum": [ "RemoveURLs" ], "default": "RemoveURLs" }, "Parameters": { "type": "object", "properties": { "URLs": { "description": "The URLs to remove from the allow list. URLs must end with a forward slash i.e '*.amazon.com/'.", "type": "array", "items": { "type": "string", "pattern": "^((\\*|([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]\\/)$" }, "minItems": 1, "maxItems": 50 }, "AllowListName": { "description": "The name of the allow list.", "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "URLs", "AllowListName" ] }, "required": [ "URLs", "AllowListName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Parameters", "RequestType" ] }, "required": [ "Parameters", "RequestType" ] }

Schema for Change Type ct-2murl5xzbxoxf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add DNS CNAME Record", "description": "Create a new DNS CNAME record in AWS Managed Microsoft Active Directory (AD). CNAME records must always point to another domain name, never directly to an IP address. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-CreateDNSCnameRecord-Admin", "type": "string", "enum": [ "AWSManagedServices-CreateDNSCnameRecord-Admin" ], "default": "AWSManagedServices-CreateDNSCnameRecord-Admin" }, "Region": { "description": "The AWS Region where AWS managed Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecordName": { "description": "Fully qualified domain name (FQDN) of the target host. For example, EC2WIN-testhost1.example.local or app-lb.elb.ap-southeast2.amazon.com.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9\\-\\.])+$" }, "minItems": 1, "maxItems": 1 }, "RecordCname": { "description": "A meaningful name for the DNS CNAME record. For example, myapp1.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-]{1,63}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecordName", "RecordCname" ] }, "additionalProperties": false, "required": [ "RecordName", "RecordCname" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2ni31oyto1i5k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Service-Specific Credentials", "description": "Generate a set of credentials consisting of a user name and password, to use to access the specified service.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateServiceSpecificCredentials.", "type": "string", "enum": [ "AWSManagedServices-CreateServiceSpecificCredentials" ], "default": "AWSManagedServices-CreateServiceSpecificCredentials" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Username": { "description": "The name of the IAM user to associate with the credentials.", "type": "array", "items": { "type": "string", "pattern": "^[\\w+=,.@-]+" }, "minItems": 1, "maxItems": 1 }, "Service": { "description": "The name of the AWS service to associate with the credentials.", "type": "array", "items": { "type": "string", "enum": [ "CodeCommit" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Username", "Service" ] }, "required": [ "Username", "Service" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2nyeguspp2g1l

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (CentOS)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for CentOS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"All\", \"Bugfix\", \"Enhancement\", \"Newpackage\", \"Recommended\" and \"Security\".", "items": { "enum": [ "All", "Bugfix", "Enhancement", "Newpackage", "Recommended", "Security" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"All\", \"Critical\", \"Important\", \"Low\", \"Moderate\" and \"None\".", "items": { "enum": [ "All", "Critical", "Important", "Low", "Moderate", "None" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1 }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "CentOS", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "CentOS" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-2oxl37nphsrjz

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS source endpoint for S3", "description": "Use to create a Database Migration Service (DMS) source endpoint for S3.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-pud4ghhkp7395n9bc.", "type": "string", "enum": [ "stm-pud4ghhkp7395n9bc" ], "default": "stm-pud4ghhkp7395n9bc" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "EndpointIdentifier": { "type": "string", "description": "A meaningful identifier for the source database endpoint. Must be unique for all endpoints owned by your AWS account in the current region. Must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "EngineName": { "type": "string", "description": "Must be s3.", "enum": [ "s3" ] }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. See AWS documentation for more information on the supported extra connection attributes for S3.", "default": "" }, "S3BucketFolder": { "type": "string", "description": "The folder name in the S3 bucket. This is the Amazon S3 bucket path where the CSV files can be found." }, "S3BucketName": { "type": "string", "description": "The name of the Amazon S3 bucket." }, "S3CompressionType": { "type": "string", "description": "Type of compression to use.", "enum": [ "GZIP", "NONE" ], "default": "NONE" }, "S3CsvDelimiter": { "type": "string", "description": "The delimiter used to separate columns in the source files. The default is a comma." }, "S3CsvRowDelimiter": { "type": "string", "description": "The delimiter used to separate rows in the source files. The default is a carriage return (\\n)" }, "S3ExternalTableDefinition": { "type": "string", "description": "The definition of the external table. A JSON document describing the structure of the tables and columns in the CSV files." }, "S3ServiceAccessRoleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the service access IAM role.", "pattern": "^$|^arn:aws:iam::[0-9]{12}:role/[\\w-]+$" } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ExtraConnectionAttributes", "S3BucketName", "S3BucketFolder", "S3CompressionType", "S3CsvDelimiter", "S3CsvRowDelimiter", "S3ExternalTableDefinition", "S3ServiceAccessRoleArn" ] }, "required": [ "EngineName", "S3BucketName", "S3ExternalTableDefinition", "S3ServiceAccessRoleArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2p93tyd5angmi

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Accelerate Account", "description": "Create an Accelerate account in your AMS-managed landing zone. Accelerate provides patching, backup, monitoring and reports, but no requests for change.", "type": "object", "properties": { "AccountName": { "description": "A name for the new Accelerate account. Max length 50 characters. The underscore (_) is not allowed.", "type": "string", "pattern": "^[a-zA-Z0-9]{1}[a-zA-Z0-9.-]{0,49}$" }, "AccountEmail": { "description": "The email address for the new Accelerate account. The email must be unique per account.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "SupportLevel": { "description": "The account's AMS support level, Premium or Plus.", "type": "string", "enum": [ "plus", "premium" ] }, "AccelerateOUName": { "description": "The name of an existing organizational unit (OU) for this Accelerate account, default is accelerate. To use a child OU of an existing OU, the format is <Accelerate OU name>:<child OU name>.", "type": "string", "default": "accelerate" }, "Regions": { "description": "Select the AWS Region or Regions that you want AMS Accelerate to manage. The primary Region, the Region of your MALZ environment, must be included.", "type": "array", "items": { "type": "string", "pattern": "^(ap-northeast-1|ap-northeast-2|ap-south-1|ap-southeast-1|ap-southeast-2|ca-central-1|eu-central-1|eu-north-1|eu-west-1|eu-west-2|eu-west-3|sa-east-1|us-east-1|us-east-2|us-west-1|us-west-2)$" }, "minItems": 1, "uniqueItems": true }, "EnablePatch": { "description": "True to enable patch add-on, false to not. For an AWS account with the patch add-on, AMS monitors, reports, and installs vendor updates to EC2 instances for supported operating systems during your chosen maintenance windows. Please consult your CSDM about the charges for the Patch add-on.", "type": "boolean", "default": false } }, "metadata": { "ui:order": [ "AccountName", "AccountEmail", "AccelerateOUName", "Regions", "SupportLevel", "EnablePatch" ] }, "additionalProperties": false, "required": [ "AccountName", "AccountEmail", "AccelerateOUName", "Regions", "SupportLevel", "EnablePatch" ] }

Schema for Change Type ct-2paw0y79kvr3l

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Application Account VPC", "description": "Delete the virtual private cloud (VPC) in a managed landing zone application account.", "type": "object", "properties": { "VPCId": { "description": "The ID of the VPC to be deleted.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VPCId" ] }, "additionalProperties": false, "required": [ "VPCId" ] }

Schema for Change Type ct-2pbqoffhclpek

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Associate VPC With Resolver Rule", "description": "Associate a VPC with a Route 53 resolver rule, this causes the resolver to forward all DNS queries for the domain name specified in the rule, and that originate in the VPC, to the IP addresses specified in the rule.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AssociateVPCWithResolverRule.", "type": "string", "enum": [ "AWSManagedServices-AssociateVPCWithResolverRule" ], "default": "AWSManagedServices-AssociateVPCWithResolverRule" }, "Region": { "description": "The AWS Region in which the Route 53 Resolver Rule is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Name": { "description": "A name for the association that you're creating between the resolver rule and a VPC.", "type": "string", "pattern": "^$|^(?!.*(AWSManagedServices-|AMS-|ams-))[A-Za-z0-9-_' ']+$", "default": "" }, "ResolverRuleId": { "description": "The ID of the resolver rule that you want to associate with the VPC.", "type": "string", "pattern": "^(rslvr-rr-)[a-zA-Z0-9]{1,64}$" }, "VPCId": { "description": "The ID of the VPC that you want to associate the resolver rule with.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "Name", "ResolverRuleId", "VPCId" ] }, "additionalProperties": false, "required": [ "ResolverRuleId", "VPCId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2pfarpvczsstr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disassociate resolver rules from VPC", "description": "Removes the associations between specified resolver rules (upto 20) and a specified VPC.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DisassociateVPCResolverRules.", "type": "string", "enum": [ "AWSManagedServices-DisassociateVPCResolverRules" ], "default": "AWSManagedServices-DisassociateVPCResolverRules" }, "Region": { "description": "The AWS Region in which the Route 53 Resolver Rule is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ResolverRuleIds": { "description": "A list of resolver rule IDs that you want to disassociate from the VPC.", "type": "array", "items": { "type": "string", "pattern": "^(rslvr-rr-)[a-zA-Z0-9]{1,64}$" }, "minItems": 1, "maxItems": 20 }, "VPCId": { "description": "The ID of the VPC where Route53 resolver rules are associated.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "ResolverRuleIds", "VPCId" ] }, "additionalProperties": false, "required": [ "ResolverRuleIds", "VPCId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2pkdckieh62ps

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Resource Scheduler Period", "description": "Update an existing period used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddOrUpdatePeriod.", "type": "string", "enum": [ "AWSManagedServices-AddOrUpdatePeriod" ], "default": "AWSManagedServices-AddOrUpdatePeriod" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Action": { "description": "Specify the value: update. This explicitly requests that the Resource Scheduler period be updated. The option cannot be left blank; it must be update.", "type": "array", "items": { "type": "string", "enum": [ "update" ], "default": "update" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "The name of the period to update.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/])^[A-Za-z0-9-_, +=.:#/]{1,64}$" }, "maxItems": 1, "minItems": 1 }, "Description": { "description": "A meaningful description for the period.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,1000}$|^$" }, "maxItems": 1, "minItems": 1 }, "BeginTime": { "description": "The time, in HH:MM format, a resource starts under this period.", "type": "array", "items": { "type": "string", "pattern": "^((?:[01]\\d|2[0-3]):[0-5]\\d)$|^$" }, "maxItems": 1, "minItems": 1 }, "EndTime": { "description": "The time, in HH:MM format, a resource stops under this period.", "type": "array", "items": { "type": "string", "pattern": "^((?:[01]\\d|2[0-3]):[0-5]\\d)$|^$" }, "maxItems": 1, "minItems": 1 }, "Months": { "description": "Enter a comma-delimited list of months (e.g. jan, feb), a hyphenated range of months (e.g. jan-dec), or every n-th month (e.g. jan/3 for every 3rd month starting from jan) during which the resource runs. Abbreviated month names (e.g. jan, feb, march) and numbers (1, 2, 12) are supported.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,-/]*)$|^$" }, "maxItems": 1, "minItems": 1 }, "MonthDays": { "description": "Enter a comma-delimited list of days of the month (e.g. 1, 5, 15), a hyphenated range of days (e.g. 1-15), every n-th day of the month (e.g 1/7 for every 7th day starting on the 1st) or every n-th day day of the month in a range ( e.g. 1-15/2 for every other day from 1st to the 15th), the last day of the month (specify L), or the nearest weekday to a specific date (specify W e.g. 15W) during which the resource runs.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,-/]*)$|^$" }, "maxItems": 1, "minItems": 1 }, "WeekDays": { "description": "Enter a comma-delimited list of days of the week (e.g. Mon, Wed, Fri), a range of days of the week (e.g. Mon-Thu), or n-th occurrence of a weekday in the month (e.g Mon#1 or 0#1 for first Monday of the month) during which the resource runs. Enter a day and L ro run a resource on the last occurrence of that weekday in the month (e.g. friL or 4L to run on the last Friday of the month). Abbreviated week day names (e.g. Sun, Mon, Thu), and numbers (0, 1, 3), are supported.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,#-/]*)$|^$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "Action", "Name", "Description", "BeginTime", "EndTime", "Months", "MonthDays", "WeekDays" ] }, "required": [ "Action", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2ptn20pq7ur3x

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Describe Resource Scheduler Schedules", "description": "Describe (generate a detailed list) of existing schedules used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DescribeScheduleOrPeriods.", "type": "string", "enum": [ "AWSManagedServices-DescribeScheduleOrPeriods" ], "default": "AWSManagedServices-DescribeScheduleOrPeriods" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ConfigurationType": { "description": "Specify the value: schedules. This explicitly requests that the Resource Scheduler existing schedules be described. The option cannot be left blank; it must be schedules.", "type": "array", "items": { "type": "string", "enum": [ "schedules" ], "default": "schedules" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "ConfigurationType" ] }, "required": [ "ConfigurationType" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2pxyajek47am2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disable TGW Propagation", "description": "Disable the Transit Gateway (TGW) attachment from propagating routes to the TGW route table. For multi-account landing zone (MALZ), use this change type in the Network account only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DisableTGWRouteTablePropagation.", "type": "string", "enum": [ "AWSManagedServices-DisableTGWRouteTablePropagation" ], "default": "AWSManagedServices-DisableTGWRouteTablePropagation" }, "Region": { "description": "The AWS Region where the TGW attachment and TGW route table are located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "TransitGatewayAttachmentId": { "description": "The TGW attachment ID, in the form tgw-attach-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^tgw-attach-[a-z0-9]{17}$" }, "maxItems": 1, "minItems": 1 }, "TransitGatewayRouteTableId": { "description": "The TGW route table ID, in the form tgw-rtb-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] }, "additionalProperties": false, "required": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2q5azjd8p1ag5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create a DMS replication subnet group", "description": "Use to create a Database Migration Service (DMS) replication subnet group. Resource creation will fail if the dms-vpc-role IAM role doesn't already exist.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "minItems": 0, "maxItems": 40, "uniqueItems": true, "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] } }, "StackTemplateId": { "description": "Must be stm-j637f96ls1h4oy5fj", "type": "string", "enum": [ "stm-j637f96ls1h4oy5fj" ] }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "Identifier": { "type": "string", "description": "The identifier for the replication subnet group. Given a unique ID if none is provided.", "pattern": "[0-9a-zA-Z\\-]{0,255}" }, "Description": { "type": "string", "description": "The description for the replication subnet group.", "pattern": "[^\\n]+" }, "SubnetIds": { "type": "array", "description": "Two or more subnet IDs for the replication subnet group, in the form subnet-0123abcd or subnet-01234567890abcdef.", "items": { "type": "string" } } }, "metadata": { "ui:order": [ "SubnetIds", "Identifier", "Description" ] }, "required": [ "Description", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2qhl8j1pjnbgn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Group Managed Service Account", "description": "Create a new Active Directory (AD) Group Managed Service Account (gMSA). For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateADGroupManagedServiceAccount-Admin.", "type": "string", "enum": [ "AWSManagedServices-CreateADGroupManagedServiceAccount-Admin" ], "default": "AWSManagedServices-CreateADGroupManagedServiceAccount-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AccountName": { "description": "A meaningful name for your service account.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "ComputerName": { "description": "The name of the computer object that will be added as a member to the AD group provided in the parameter PrincipalAllowedToRetrievePassword. If you are using this parameter, then you must also provide the 'PrincipalAllowedToRetrievePassword' parameter.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "DNSHostName": { "description": "The fully qualified DNS host name of the AD Group Managed Service Account (gMSA).", "type": "array", "items": { "type": "string", "pattern": "^$|^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "minItems": 1, "maxItems": 1 }, "ManagedPasswordIntervalInDays": { "description": "The number of days before a password change is required.", "type": "array", "items": { "type": "string", "pattern": "^\\d+$", "default": "30" }, "minItems": 1, "maxItems": 1 }, "PrincipalAllowedToRetrievePassword": { "description": "AD Group or principal that can retrieve the gMSA password from the Domain Controller.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\ ]*[\\$]?$" }, "minItems": 1, "maxItems": 1 }, "KerberosEncryptionType": { "description": "The Kerberos encryption types the service account supports. If this parameter is empty, the encryption supported will be set to RC4,AES128,AES256", "type": "array", "items": { "type": "string", "pattern": "^$|^(RC4|AES128|AES256|None)(,(RC4|AES128|AES256|None))*$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "AccountName", "ManagedPasswordIntervalInDays", "PrincipalAllowedToRetrievePassword", "ComputerName", "DNSHostName", "KerberosEncryptionType" ] }, "additionalProperties": false, "required": [ "AccountName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2qjqju7h67s7w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete GuardDuty ThreatIntelSet", "description": "Use to delete an Amazon GuardDuty ThreatIntelSet instance which is a list of known malicious IP addresses.", "type": "object", "properties": { "DetectorId": { "description": "The detector ID that specifies the GuardDuty service whose ThreatIntelSet you want to delete. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "Region": { "description": "Region to use in the form of us-east-1.", "type": "string", "minLength": 1 }, "ThreatIntelSetId": { "description": "The unique ID that specifies the ThreatIntelSet that you want to delete.", "type": "string", "minLength": 1 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "ThreatIntelSetId", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "Region", "ThreatIntelSetId" ] }

Schema for Change Type ct-2qldv4h9osmau

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Network Load Balancer", "description": "Use to create a Network Load Balancer.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "minItems": 0, "maxItems": 40, "uniqueItems": true, "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] } }, "StackTemplateId": { "description": "Must be stm-[a-z]{17}", "type": "string", "enum": [ "stm-l70qr9itukvqssg8d" ], "default": "stm-l70qr9itukvqssg8d" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10", "default": "3" }, "HealthCheckIntervalSeconds": { "type": "string", "description": "The approximate interval, in seconds, between health checks.", "enum": [ "10", "30" ], "default": "30" }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests. This is only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "default": "/" }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "([0-9]{1,5})?", "default": "" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS", "TCP" ], "default": "TCP" }, "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "[0-9]{1,5}", "default": "80" }, "LoadBalancerName": { "type": "string", "description": "A friendly name for the load balancer." }, "LoadBalancerPort": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "[0-9]{1,5}", "default": "80" }, "Public": { "type": "string", "description": "True if the load balancer endpoint is public, false if it is not. Default is false. Set to true if you choose a public subnet for the load balancer.", "enum": [ "true", "false" ], "default": "false" }, "CrossZoneEnabled": { "type": "string", "description": "True if cross-zone load balancing is enabled. False if it is not.", "enum": [ "true", "false" ], "default": "false" }, "SubnetIds": { "type": "array", "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef.", "items": { "type": "string" } }, "ProxyProtocolV2": { "type": "string", "description": "True if proxy protocol version 2 is enabled. False if it is not.", "enum": [ "true", "false" ], "default": "false" }, "DeregistrationDelayTimeoutSeconds": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})", "default": "300" }, "TargetType": { "type": "string", "description": "The registration type of the targets in this target group.", "enum": [ "instance", "ip" ], "default": "instance" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "default": "" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "default": "" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target1ID is outside the VPC. Leave blank if TargetType = instance.", "default": "" }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "default": "" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "default": "" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target2ID is outside the VPC. Leave blank if TargetType = instance.", "default": "" }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "default": "" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "default": "" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target3ID is outside the VPC. Leave blank if TargetType = instance.", "default": "" }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "default": "" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "default": "" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target4ID is outside the VPC. Leave blank if TargetType = instance.", "default": "" } }, "metadata": { "ui:order": [ "LoadBalancerName", "SubnetIds", "Public", "LoadBalancerPort", "InstancePort", "ProxyProtocolV2", "DeregistrationDelayTimeoutSeconds", "CrossZoneEnabled", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckIntervalSeconds", "TargetType", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone" ] }, "required": [ "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2r2bffv9u6q4m

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop RDS DB Instance", "description": "Stop an Amazon Relational Database Service (RDS) database (DB) instance. After seven days, the DB instance is automatically re-started. Supported engines are: MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL. This change type doesn't apply to Aurora MySQL and Aurora PostgreSQL.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopRDSInstance.", "type": "string", "enum": [ "AWSManagedServices-StopRDSInstance" ], "default": "AWSManagedServices-StopRDSInstance" }, "Region": { "description": "The AWS Region in which the RDS DB is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "RDS DB instance identifier.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{1,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId" ] }, "additionalProperties": false, "required": [ "InstanceId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2r9xvd3sdsic0

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update custom deny list for Automated IAM Provisioning", "description": "Update the list of customer-defined denied actions for Automated IAM Provisioning. Make sure to provide the complete list of deny actions, including previously provisioned actions. The provided list replaces the previous list.", "type": "object", "properties": { "CustomerCustomDenyActionsList1": { "description": "A comma-separated list of actions to update the custom deny list. For example 'ec2:RunInstances, s3:Get*'. These actions will be denied in IAM policies created or updated by Automated IAM provisioning.", "type": "string", "pattern": "^[a-z0-9-]+:[A-Za-z0-9*-]+(?:,[a-z0-9-]+:[A-Za-z0-9*-]+)*$", "maxLength": 4096 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "default": "High", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "CustomerCustomDenyActionsList1", "Priority" ] }, "required": [ "CustomerCustomDenyActionsList1" ] }

Schema for Change Type ct-2rfzmkm6ugigh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete AWS Account Alias", "description": "Delete an existing AWS account alias. Note that if you delete the account alias, any URL containing the account alias stops working.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteAccountAlias.", "type": "string", "enum": [ "AWSManagedServices-DeleteAccountAlias" ], "default": "AWSManagedServices-DeleteAccountAlias" }, "Region": { "description": "The AWS Region where the account is, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "AWSAccountAlias": { "description": "The alias name of the AWS account to delete.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{3,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "AWSAccountAlias" ] }, "required": [ "AWSAccountAlias" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2rnjx5yd6jgpt

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update GuardDuty ThreatIntelSet", "description": "Use to update an Amazon GuardDuty ThreatIntelSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "Activate": { "description": "Specified whether the ThreatIntelSet is active or not.", "type": "boolean", "default": true }, "DetectorId": { "description": "The detector ID that specifies the GuardDuty service to which you want to update an ThreatIntelSet. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "ThreatIntelSet": { "description": "The URI of the file that contains the ThreatIntelSet.", "minLength": 1, "type": "string" }, "ThreatIntelSetId": { "description": "The unique ID that specifies the ThreatIntelSet that you want to update.", "type": "string", "minLength": 1 }, "Name": { "description": "The friendly name to identify the ThreatIntelSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this ThreatIntelSet.", "minLength": 1, "type": "string" }, "Region": { "description": "The region containing the GuardDuty detector to use; in the form of us-east-1.", "minLength": 1, "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "ThreatIntelSetId", "Name", "ThreatIntelSet", "Activate", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "ThreatIntelSetId", "Region" ] }

Schema for Change Type ct-2svg4k2fqi4ak

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create KMS Alias", "description": "Create an alias for an AWS Key Management Service (KMS) customer master key (CMK).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateKMSAlias.", "type": "string", "enum": [ "AWSManagedServices-CreateKMSAlias" ], "default": "AWSManagedServices-CreateKMSAlias" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AliasName": { "description": "Alias name. The value must not start with aws/. Don't specify the prefix alias/, it will be added during the execution.", "type": "array", "items": { "type": "string", "pattern": "^(?!alias/)(?!(mc|MC|ams|AMS|aws|AWSManagedServices))[a-zA-Z0-9/_-]{1,250}" }, "minItems": 1, "maxItems": 1 }, "TargetKeyId": { "description": "The ID of the KMS key to create the alias for.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "AliasName", "TargetKeyId" ] }, "required": [ "AliasName", "TargetKeyId" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2syhk4sr7cvyw

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Deletion Protection setting for RDS instance or cluster", "description": "Update the DeletionProtection setting for the specified RDS instance or cluster. The RDS instance or cluster can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, use ct-12w49boaiwtzp instead, or ct-361tlo1k7339x if the RDS was provisioned through CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSDeletionProtection.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSDeletionProtection" ], "default": "AWSManagedServices-UpdateRDSDeletionProtection" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DBIdentifierArn": { "description": "The Amazon Resource Name (ARN) of the RDS instance or cluster.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{12}:(db|cluster):[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "DeletionProtection": { "description": "True to enable DeletionProtection, false to disable DeletionProtection. Use this to change the current DeletionProtection status.", "type": "boolean" } }, "metadata": { "ui:order": [ "DBIdentifierArn", "DeletionProtection" ] }, "required": [ "DBIdentifierArn", "DeletionProtection" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2taqdgegqthjr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (Amazon Linux)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for Amazon Linux OS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"All\", \"Bugfix\", \"Enhancement\", \"Newpackage\", \"Recommended\" and \"Security\".", "items": { "enum": [ "All", "Bugfix", "Enhancement", "Newpackage", "Recommended", "Security" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"All\", \"Critical\", \"Important\", \"Low\" and \"Medium\".", "items": { "enum": [ "All", "Critical", "Important", "Low", "Medium" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1 }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "Amazon Linux", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "Amazon Linux" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-2tqi3kjcusen4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Migrate AWS Managed Microsoft AD to Route 53 DNS resolver for SALZ accounts", "description": "Change the DNS resolution in your Amazon VPC by enabling Route 53 as the default DNS resolver for your SALZ account. This transition from Microsoft AD to Route 53 Resolver involves redirecting DNS traffic within your VPC through strategically implemented Route 53 Resolver Endpoints and Conditional Forwarders. These forwarders act as rules to intelligently route DNS queries, ensuring seamless resolution for various destinations. It's essential to plan the migration during a scheduled maintenance window to minimize potential disruptions caused by DNS changes.", "type": "object", "properties": { "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Priority" ] }, "required": [ ] }

Schema for Change Type ct-2tylseo8rxfsc

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Auto Scaling group", "description": "Use to create an Auto Scaling group, the launch configuration to use to create new instances when needed, and CloudWatch metrics and alarms for the group.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-suw38u40000000000.", "type": "string", "enum": [ "stm-suw38u40000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+:-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+:-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "integer", "minimum": 0, "maximum": 360 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ASGAmiId": { "description": "The AMI for the Auto Scaling group to use when creating new instances, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-z0-9]{8}$|^ami-[a-z0-9]{17}$" }, "ASGCooldown": { "description": "The number of seconds after a scaling activity is complete before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ASGDesiredCapacity": { "description": "The number of EC2 instances you want running in the group. This number must be greater than or equal to the ASGMinInstances setting and less than or equal to the ASGMaxInstances setting.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "ASGEBSOptimized": { "description": "True to create EBS-optimized instances, false to not. EBS-optimization provides dedicated throughput to Amazon EBS and optimal EBS I/O performance.", "type": "boolean", "default": false }, "ASGHealthCheckGracePeriod": { "description": "The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "type": "integer", "minimum": 600, "maximum": 1800, "default": 1800 }, "ASGHealthCheckType": { "description": "The service to use for the health checks. The ELB Health Check Type includes EC2 instance and system status checks. Only choose ELB as the ASGHealthCheckType if the ASG is being fronted by Load Balancers. If ASGHealthCheckType = ELB, ensure that your ASGHealthCheckGracePeriod value is long enough so that your instances are not terminated due to load-balancer health checks failing, before your application has been deployed.", "default": "EC2", "type": "string", "enum": [ "EC2", "ELB" ] }, "ASGIAMInstanceProfile": { "description": "The IAM instance profile for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available.", "type": "string", "default": "customer-mc-ec2-instance-profile" }, "ASGInstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring; it also incurs charges..", "type": "boolean", "default": true }, "ASGInstanceRootVolumeIops": { "description": "The Iops to use for the root volume if io1 volume type is specified.", "type": "integer", "minimum": 0, "maximum": 20000, "default": 0 }, "ASGInstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to the root device name of the AMI.", "type": "string" }, "ASGInstanceRootVolumeSize": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux and 60 GiB for Windows or the AMI root volume size, whichever is higher.", "type": "integer", "minimum": 8, "maximum": 16000 }, "ASGInstanceRootVolumeType": { "description": "Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads; choose standard for HDD-backed volumes optimized for large streaming workloads.", "type": "string", "enum": [ "standard", "io1", "gp2", "gp3" ], "default": "standard" }, "ASGInstanceType": { "description": "The instance type for the Auto Scaling group to use when creating new EC2 instances.", "type": "string", "default": "m5.large" }, "ASGLoadBalancerNames": { "description": "A list of load balancers to associate with this Auto Scaling group. Specify this if you want to place your Auto Scaling group behind a load balancer.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 10, "uniqueItems": true }, "ASGMaxInstances": { "description": "The maximum number of instances you want in the Auto Scaling group at any time. Defaults to 1 if not specified.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "ASGMinInstances": { "description": "The minimum number of instances you want in the Auto Scaling group at any time. Defaults to 1 if not specified.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "ASGScaleDownMetricName": { "description": "The metric to use to in a scale-down event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ASGScaleDownPolicyCooldown": { "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ASGScaleDownPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ASGScaleDownMetricName threshold.", "type": "integer", "minimum": 2, "default": 4 }, "ASGScaleDownPolicyPeriod": { "description": "The time over which the specified ASGScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ASGScaleDownPolicyScalingAdjustment": { "description": "The number of instances by which to scale down.", "type": "integer", "maximum": 0, "default": -1 }, "ASGScaleDownPolicyStatistic": { "description": "The statistic to apply to the alarm's ASGScaleDownMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ASGScaleDownPolicyThreshold": { "description": "The value against which the specified ASGScaleDownPolicyStatistic is compared.", "type": "number", "default": 35 }, "ASGScaleUpMetricName": { "description": "The metric to use in a scale-up event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ASGScaleUpPolicyCooldown": { "description": "The amount of time, in seconds, after a scale-up activity is completed before any further trigger-related scaling activities can start.", "type": "integer", "minimum": 60, "default": 60 }, "ASGScaleUpPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ASGScaleUpMetricName threshold.", "type": "integer", "minimum": 2, "default": 2 }, "ASGScaleUpPolicyPeriod": { "description": "The time over which the specified ASGScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ASGScaleUpPolicyScalingAdjustment": { "description": "The number of instances by which to scale up.", "type": "integer", "minimum": 0, "default": 2 }, "ASGScaleUpPolicyStatistic": { "description": "The statistic to apply to the alarm's ASGScaleUpMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ASGScaleUpPolicyThreshold": { "description": "The value against which the specified ASGScaleUpPolicyStatistic is compared.", "type": "number", "default": 75 }, "ASGSubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "ASGUserData": { "description": "A newline-delimited string where each line is part of the script to be run on boot.", "type": "string", "maxLength": 4096, "default": "" } }, "additionalProperties": false, "metadata": { "ui:order": [ "ASGAmiId", "ASGInstanceType", "ASGInstanceRootVolumeName", "ASGInstanceRootVolumeType", "ASGInstanceRootVolumeSize", "ASGInstanceRootVolumeIops", "ASGIAMInstanceProfile", "ASGMinInstances", "ASGMaxInstances", "ASGDesiredCapacity", "ASGSubnetIds", "ASGEBSOptimized", "ASGLoadBalancerNames", "ASGUserData", "ASGCooldown", "ASGHealthCheckGracePeriod", "ASGHealthCheckType", "ASGInstanceDetailedMonitoring", "ASGScaleUpMetricName", "ASGScaleUpPolicyCooldown", "ASGScaleUpPolicyEvaluationPeriods", "ASGScaleUpPolicyPeriod", "ASGScaleUpPolicyScalingAdjustment", "ASGScaleUpPolicyStatistic", "ASGScaleUpPolicyThreshold", "ASGScaleDownMetricName", "ASGScaleDownPolicyCooldown", "ASGScaleDownPolicyEvaluationPeriods", "ASGScaleDownPolicyPeriod", "ASGScaleDownPolicyScalingAdjustment", "ASGScaleDownPolicyStatistic", "ASGScaleDownPolicyThreshold" ] }, "required": [ "ASGAmiId", "ASGSubnetIds" ] }, "EnforceIMDSv2": { "description": "For the instance to be launched with only Instance Metadata Service Version 2 (IMDSv2), use required; if IMDSv2 is not required, use optional. Default is required.", "type": "string", "default": "required" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "StackTemplateId", "Parameters", "TimeoutInMinutes", "Tags", "EnforceIMDSv2" ] }, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-2u5rcyv5h34zn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share RDS DB Snapshot", "description": "Share a snapshot of an Amazon Relational Database Service (RDS) database (DB) instance with another AMS account. Only snapshots encrypted with managed KMS keys can be shared.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ShareDBSnapshot.", "type": "string", "enum": [ "AWSManagedServices-ShareDBSnapshot" ], "default": "AWSManagedServices-ShareDBSnapshot" }, "Region": { "description": "The AWS Region where the DB snapshot is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBSnapshotName": { "description": "The DB snapshot name. Find this in the RDS console for that RDS DB.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "AccountId": { "description": "The ID of the AWS account the DB snapshots will be shared with, in the form 123456789012.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DBSnapshotName", "AccountId" ] }, "additionalProperties": false, "required": [ "DBSnapshotName", "AccountId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2uimt36z7j6vn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Restore RDS DB Instance To Point In Time", "description": "Restore an RDS DB instance to a point in time.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RestoreRDSInstanceToPointInTime.", "type": "string", "enum": [ "AWSManagedServices-RestoreRDSInstanceToPointInTime" ], "default": "AWSManagedServices-RestoreRDSInstanceToPointInTime" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SourceDBInstanceIdentifier": { "description": "Identifier of the source DB instance to restore to a point in time.", "type": "array", "items": { "type": "string", "pattern": "^[a-z](?!.*--)(?!.*-$)[a-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "TargetDBInstanceIdentifier": { "description": "A meaningful name for the new DB instance.", "type": "array", "items": { "type": "string", "pattern": "^[a-z](?!.*--)(?!.*-$)[a-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "RestoreTime": { "description": "Date and time to restore from in Universal Coordinated Time (UTC) format, for example 2009-09-07T23:45:00Z. Leave empty to restore the DB instance from the latest backup time.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^20\\d{2}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}Z$|^$" }, "minItems": 1, "maxItems": 1 }, "DBInstanceClass": { "description": "The compute and memory capacity for the DB instance. Leave empty to use the same instance class as the source DB instance.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^db\\.[a-z0-9]+\\.[a-z0-9]+$|^$" }, "minItems": 1, "maxItems": 1 }, "DBOptionGroupName": { "description": "The option group that this DB instance is associated with. If none is provided, the default option group is associated. An option group can specify features, called options, that are available for a particular Amazon RDS DB instance.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^[a-zA-Z](?!.*--)[a-z0-9-]{1,255}[^-]$|^$" }, "minItems": 0, "maxItems": 1 }, "DBParameterGroupName": { "description": "The name of an existing DB parameter group. If none is provided, the default parameter group is associated. A DB parameter group acts as a container for engine configuration values that are applied to one or more DB instances.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^[a-zA-Z](?!.*--)[a-z0-9-]{1,255}[^-]$|^$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceDBInstanceIdentifier", "TargetDBInstanceIdentifier", "RestoreTime", "DBInstanceClass", "DBOptionGroupName", "DBParameterGroupName" ] }, "required": [ "SourceDBInstanceIdentifier", "TargetDBInstanceIdentifier" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2utx36abv83pv

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Maintenance Window", "description": "Modify patch maintenance window settings created using version 1 of change type ct-0el2j07llrxs7.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateMaintenanceWindow.", "type": "string", "enum": [ "AWSManagedServices-UpdateMaintenanceWindow" ], "default": "AWSManagedServices-UpdateMaintenanceWindow" }, "Region": { "description": "The AWS Region where the SSM maintenance window is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "WindowId": { "description": "The ID of the maintenance window (for example, mw-012345678910abcef).", "type": "array", "items": { "type": "string", "pattern": "^mw-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "OnlyCheckForMaintenanceWindowDrift": { "description": "True to generate a drift detection report (visible in the output section of the executed RFC). False to not generate a drift detection report. If the request has mutable changes, such as modifying maintenance window settings, use False.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "False" }, "minItems": 1, "maxItems": 1 }, "EmailAction": { "description": "Add the specified NotificationEmails to the patch maintenance window with 'Add', remove them from the window with 'Remove'. If you have no NotificationEmails, use 'None'.", "type": "array", "items": { "type": "string", "enum": [ "None", "Add", "Remove" ] }, "minItems": 1, "maxItems": 1 }, "BypassDriftDetection": { "description": "True to bypass checks preventing introduction of drift in CloudFormation resources. If the request should not generate drift, use False.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "False" }, "minItems": 1, "maxItems": 1 }, "NotificationEmails": { "description": "Up to four email addresses, in a comma separated list. Specify that they be added, or removed, from the provided maintenance window with the EmailAction parameter.", "type": "array", "items": { "type": "string", "pattern": "^$|([a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+)+.*", "default": "" }, "minItems": 0, "maxItems": 4, "uniqueItems": true }, "Duration": { "description": "The duration of the maintenance window in hours.", "type": "array", "items": { "type": "string", "pattern": "^[0]$|^(2[0-4]|1[0-9]|[1-9])$", "default": "0" }, "minItems": 0, "maxItems": 1 }, "PatchGroupName": { "description": "A new name for the patch group for the maintenance window to target. Target EC2 instances must be tagged with the tag key \"Patch Group\" and the tag value defined by this parameter. For example, provided the name MyApp, the maintenance window targets any EC2 instances with the tag key \"Patch Group\" and the tag value \"MyApp\". To keep the current patch group name, leave blank.", "type": "array", "items": { "type": "string", "pattern": "^$|^[a-zA-Z0-9_\\-.]{3,128}$", "default": "" }, "minItems": 0, "maxItems": 1 }, "Schedule": { "description": "The schedule of the maintenance window in the form of a cron or rate expression.", "type": "array", "items": { "type": "string", "pattern": "^.{0,256}$", "default": "" }, "minItems": 0, "maxItems": 1 }, "ScheduleTimezone": { "description": "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.", "type": "array", "items": { "type": "string", "pattern": "^$|(^[a-zA-Z_]+(\\\\+|/)?[a-zA-Z0-9_-]*(\\\\+|/)?[a-zA-Z0-9_-]+$)", "default": "" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "WindowId", "OnlyCheckForMaintenanceWindowDrift", "EmailAction", "BypassDriftDetection", "NotificationEmails", "Duration", "PatchGroupName", "Schedule", "ScheduleTimezone" ] }, "additionalProperties": false, "required": [ "EmailAction", "OnlyCheckForMaintenanceWindowDrift", "WindowId", "BypassDriftDetection" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2uw99b8hpncnu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EFS stack", "description": "Use to create a Elastic File System (EFS) stack", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "Encrypted": { "description": "True to create an encrypted file system, false to create a file system that is not encrypted.", "type": "boolean", "default": true }, "KmsKeyId": { "description": "The AWS Key Management Service (AWS KMS) customer master key (CMK) ID to use for the encrypted file system if Encrypted = true. If not specified, the default CMK for Amazon EFS is used.", "type": "string", "maxLength": 2048 }, "PerformanceMode": { "description": "The performance mode of the file system. We recommend generalPurpose for most file systems.", "type": "string", "enum": [ "generalPurpose", "maxIO" ], "default": "generalPurpose" }, "MountTargets": { "description": "Specifications for the file system mount targets.", "type": "array", "items": { "type": "object", "properties": { "AvailabilityZone": { "description": "The availability zone for the mount target. Only one mount target per availability zone is required.", "type": "string", "pattern": "^[a-z0-9-.]{1,127}$" }, "SubnetId": { "description": "The ID of a subnet in the specified mount target availability zone, in the form subnet-0123abcd or subnet-01234567890abcdef. If not specified, a random subnet in the availability zone is chosen.", "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "IpAddress": { "description": "An IPv4 address that is within the address range of the specified SubnetId property. If not specified, Amazon EFS assigns an address that is within the range of the specified subnet.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "AvailabilityZone", "SubnetId", "IpAddress" ] }, "required": [ "AvailabilityZone" ] }, "minItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Encrypted", "KmsKeyId", "PerformanceMode", "MountTargets" ] }, "required": [ "Encrypted", "PerformanceMode", "MountTargets" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "Tags" ] }, "required": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes" ] }

Schema for Change Type ct-2uzbqr7x7mekd

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Termination Protection", "description": "Update existing defined termination protection for stacks.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ManageResourceTerminationProtection.", "type": "string", "enum": [ "AWSManagedServices-ManageResourceTerminationProtection" ], "default": "AWSManagedServices-ManageResourceTerminationProtection" }, "Region": { "description": "The AWS Region in which the stack is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ResourceId": { "description": "Stack name.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-zA-Z0-9\\-]{1,122}$" }, "maxItems": 1 }, "TerminationProtectionDesiredState": { "description": "Enabled to protect your stack against elimination. Disabled to allow your stack to be eliminated.", "type": "array", "items": { "type": "string", "enum": [ "enabled", "disabled" ] }, "maxItems": 1 } }, "metadata": { "ui:order": [ "ResourceId", "TerminationProtectionDesiredState" ] }, "additionalProperties": false, "required": [ "ResourceId", "TerminationProtectionDesiredState" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2v82sp4np40ki

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update target group for ALB", "description": "Use to update properties of an existing Target Group for an Application Load Balancer created by CT id ct-1r19m51jeijlk.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Target Group (for ALB) that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$" }, "HealthCheckUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health check failure required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$" }, "HealthCheckInterval": { "type": "integer", "description": "The approximate interval, in seconds, between health checks. The supported values are 5 seconds to 300 seconds.", "minimum": 5, "maximum": 300 }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "60|[1-5]{1}[0-9]{1}|[2-9]{1}|^$" }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests." }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]|traffic-port|" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ] }, "ValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^$|([2-4]{1}[0-9]{2}($|-|,))+" }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})" }, "SlowStartDuration": { "type": "string", "description": "The time period, in seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic.", "pattern": "[3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0|" }, "StickinessCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "[1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800|" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target1ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target2ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target3ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target4ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target5ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target5Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target5AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target5ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target6ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target6Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target6AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target6ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target7ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target7Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target7AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target7ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] }, "Target8ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target8Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target8AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target8ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ] } }, "metadata": { "ui:order": [ "DeregistrationDelayTimeout", "SlowStartDuration", "StickinessCookieExpirationPeriod", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckUnhealthyThreshold", "HealthCheckInterval", "HealthCheckTimeout", "ValidHTTPCode", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone", "Target5ID", "Target5Port", "Target5AvailabilityZone", "Target6ID", "Target6Port", "Target6AvailabilityZone", "Target7ID", "Target7Port", "Target7AvailabilityZone", "Target8ID", "Target8Port", "Target8AvailabilityZone" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2w3rbmnny1qpo

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add DNS A Record", "description": "Add a new static DNS A record in AWS Managed Microsoft Active Directory (AD). For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-CreateDNSARecord-Admin", "type": "string", "enum": [ "AWSManagedServices-CreateDNSARecord-Admin" ], "default": "AWSManagedServices-CreateDNSARecord-Admin" }, "Region": { "description": "The AWS Region where AWS managed Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecordName": { "description": "A meaningful name for the DNS A record.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,63}$" }, "minItems": 1, "maxItems": 1 }, "IPAddress": { "description": "The IPv4 address the DNS A record resolves to.", "type": "array", "items": { "type": "string", "pattern": "(^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(, )?){1,6}$" }, "minItems": 1, "maxItems": 1 }, "TTLValue": { "description": "The Time to Live (TTL) value in format hh:mm:ss for a DNS resource record (default is 01:00:00).", "type": "array", "items": { "type": "string", "pattern": "^(?:(?:([01]?\\d|2[0-3]):)?([0-5]?\\d):)?([0-5]?\\d)$", "default": "01:00:00" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecordName", "IPAddress", "TTLValue" ] }, "additionalProperties": false, "required": [ "RecordName", "IPAddress" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2wlfo2jxj2rkj

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Confirm Account Offboarding", "description": "Confirm offboarding of the specified application account. Run this from the application account that you want off-boarded. Once this CT is executed successfully, login into the Management account of your MALZ environment and run the Offboard application account CT (ct-0vdiy51oyrhhm). After you successfully submit both CTs, AMS can't undo the offboarding, repurpose the account, or help you to remediate issues in the account.", "type": "object", "properties": { "RequestType": { "description": "Must be OffboardingConfirmation.", "type": "string", "enum": [ "OffboardingConfirmation" ], "default": "OffboardingConfirmation" }, "Parameters": { "type": "object", "properties": { "AccountId": { "description": "The unique identifier (ID) of the application account to offboard.", "type": "string", "pattern": "^[0-9]{12}$" }, "AccountEmail": { "description": "The email associated with the application account to offboard.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "AccountId", "AccountEmail" ] }, "required": [ "AccountId", "AccountEmail" ] } }, "metadata": { "ui:order": [ "Parameters", "RequestType" ] }, "additionalProperties": false, "required": [ "Parameters", "RequestType" ] }

Schema for Change Type ct-2wllq61djysxz

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS Aurora Stack From Backup", "description": "Create an AWS Relational Database Service (RDS) Aurora stack from AWS Backup.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-j24cifrdi0untnsn6", "type": "string", "enum": [ "stm-j24cifrdi0untnsn6" ], "default": "stm-j24cifrdi0untnsn6" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "SnapshotIdentifier": { "type": "string", "description": "The identifier for the DB snapshot or DB cluster snapshot to restore from.", "pattern": "^[a-zA-Z][a-zA-Z0-9-:]{1,255}$" }, "AutoMinorVersionUpgrade": { "type": "string", "description": "True if the RDS instance should have automatic minor version upgrade, false if it should not. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "BackupRetentionPeriod": { "type": "integer", "description": "The number of days for which automatic database (DB) snapshots are retained. Range is 1 - 35.", "default": 7, "minimum": 1, "maximum": 35 }, "ClusterName": { "type": "string", "description": "Optional identifier for the DB Cluster that is created with your instance. If you do not provide one, a default identifier based on the instance identifier is used. The cluster identifier is used in determining the cluster's connection endpoint.", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "default": "" }, "DBEngine": { "type": "string", "description": "The name of the engine for the Aurora database. Not every database engine is available for every AWS region. Engine compatability is determined by engine type (aurora=MySQL 5.6, aurora-mysql=MySQL 5.7, aurora-postgresql=PostgreSQL 10.4, 9.6.9 or 9.6.8).", "enum": [ "aurora", "aurora-mysql", "aurora-postgresql" ], "default": "aurora" }, "DBName": { "type": "string", "description": "A name for the database. The meaning of this parameter differs according to the database engine you use.", "pattern": "^$|[a-zA-Z0-9]{1,64}$", "default": "" }, "DBClusterParameterGroupName": { "description": "The name of an existing DB cluster parameter group. The parameter group must be compatible with the DBEngine and the EngineVersion.", "type": "string", "pattern": "^(?!.*--.*)(?!.*-$)[a-zA-Z][a-zA-Z0-9-.]{0,254}$" }, "DBSubnetGroupName": { "type": "string", "description": "The name of an existing DB subnet group provisioned with the \"RDS database stack | Create DB subnet group\" change type.", "pattern": "^[a-zA-Z0-9._-]{1,255}$" }, "EngineVersion": { "type": "string", "description": "The version number of the database engine to use. Not every database version is available for every AWS region.", "pattern": "^\\d.\\d.\\d{2}[a-z]$|^5.\\d.mysql_aurora.\\d.\\d{2}.\\d$|^8.\\d.mysql_aurora.\\d.\\d{2}.\\d$|^(\\d{2}.\\d{0,2})$|^$", "default": "" }, "InstanceType": { "type": "string", "description": "The instance type to use, this determines the compute and memory capacity for the DB instance. Not every instance type is available for every database engine.", "enum": [ "db.serverless", "db.t2.small", "db.t2.medium", "db.t3.micro", "db.t3.small", "db.t3.medium", "db.t3.large", "db.t3.xlarge", "db.t3.2xlarge", "db.t4g.medium", "db.t4g.large", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.r5.large", "db.r5.xlarge", "db.r5.2xlarge", "db.r5.4xlarge", "db.r5.8xlarge", "db.r5.12xlarge", "db.r5.16xlarge", "db.r5.24xlarge", "db.r6g.large", "db.r6g.xlarge", "db.r6g.2xlarge", "db.r6g.4xlarge", "db.r6g.8xlarge", "db.r6g.12xlarge", "db.r6g.16xlarge", "db.x2g.large", "db.x2g.xlarge", "db.x2g.2xlarge", "db.x2g.4xlarge", "db.x2g.8xlarge", "db.x2g.12xlarge", "db.x2g.16xlarge" ], "default": "db.r4.large" }, "MultiAZ": { "type": "string", "description": "True to have a secondary replica of your DB instance created in another Availability Zone for failover support, false to not have a standby. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "Port": { "type": "string", "description": "The port for the instance. Valid range is: 1150-65535. Specifying 0 assigns the default based on the selected DBEngine (aurora=3306, aurora-mysql=3306, aurora-postgresql=5432).", "pattern": "^(0|11[5-8][0-9]|119[0-9]|1[2-9][0-9]{2}|[2-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", "default": "0" }, "PreferredBackupWindow": { "type": "string", "description": "The daily time range during which automated backups are created. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the PreferredMaintenanceWindow setting, and must be at least 30 minutes.", "pattern": "^[0-9]{2}:[0-9]{2}-[0-9]{2}:[0-9]{2}$", "default": "22:00-23:00" }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh:mm-ddd:hh:mm (24-hour format), in Universal Coordinated Time (UTC) and must be at least 30 minutes. If you don't specify PreferredMaintenanceWindow, then Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of the week.", "pattern": "^$|[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$", "default": "" }, "ServerlessScalingMaxCapacity": { "description": "The maximum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless cluster. The largest value that you can use is 128.0. Only applies to db.serverless InstanceType.", "type": "number", "minimum": 1, "maximum": 128, "default": 1 }, "ServerlessScalingMinCapacity": { "description": "The minimum number of Aurora capacity units (ACUs) for a DB instance in an Aurora Serverless cluster. The smallest value that you can use is 0.5. Only applies to db.serverless InstanceType.", "type": "number", "minimum": 0.5, "maximum": 128, "default": 0.5 } }, "metadata": { "ui:order": [ "SnapshotIdentifier", "DBEngine", "EngineVersion", "InstanceType", "MultiAZ", "DBName", "ClusterName", "DBClusterParameterGroupName", "DBSubnetGroupName", "Port", "AutoMinorVersionUpgrade", "BackupRetentionPeriod", "PreferredBackupWindow", "PreferredMaintenanceWindow", "ServerlessScalingMaxCapacity", "ServerlessScalingMinCapacity" ] }, "required": [ "SnapshotIdentifier", "DBEngine", "EngineVersion", "DBSubnetGroupName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-2wrvu4kca9xky

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable AMS Resource Scheduler", "description": "Enable AMS Resource Scheduler in the account where it was previously disabled. This will re-enable scheduling of resources for automatic start or stop actions where the resources are already tagged with a valid schedule. Make sure to verify currently tagged resources and schedules before enabling the scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAMSResourceSchedulerStack-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" ], "default": "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SchedulingActive": { "description": "Specify the value: Yes. This explicitly requests that the Resource Scheduler be enabled from a disabled state. Default is Yes.", "type": "array", "items": { "type": "string", "enum": [ "Yes" ], "default": "Yes" }, "maxItems": 1, "minItems": 1 }, "Action": { "type": "string", "description": "(Required) The Action to be performed.", "enum": [ "Update" ], "default": "Update" } }, "metadata": { "ui:order": [ "SchedulingActive", "Action" ] }, "required": [ "SchedulingActive", "Action" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2x14cv67uym46

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Instance Size", "description": "Update the instance size for an RDP or SSH customer bastion in an AMS account.", "type": "object", "properties": { "BastionType": { "description": "The bastion type to update.", "type": "string", "default": "RDP Bastion", "enum": [ "RDP Bastion", "SSH Bastion" ] }, "InstanceType": { "description": "The new instance type for the bastion. If BastionType = SSH Bastion, the minimum instance size is t3.small. If BastionType = RDP Bastion, the minimum instance size is t3.medium.", "type": "string", "pattern": "^[a-z0-9]+\\.[a-z0-9]+$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "BastionType", "InstanceType", "Priority" ] }, "additionalProperties": false, "required": [ "BastionType", "InstanceType" ] }

Schema for Change Type ct-2xd2anlb5hbzo

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Unshare Directory", "description": "Stops the directory sharing between the directory owner and consumer accounts. Run this in your Shared Service account that has Managed Active Directory. This change type is only supported for multi-account landing zone (MALZ).", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-UnshareDirectory.", "type": "string", "enum": [ "AWSManagedServices-UnshareDirectory" ], "default": "AWSManagedServices-UnshareDirectory" }, "Region": { "description": "The AWS Region where the directory is located, in the form of us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DirectoryId": { "description": "The identifier of the AWS Managed Microsoft Active directory that you want to stop sharing.", "type": "array", "items": { "type": "string", "pattern": "^d-[0-9a-f]{10}$" }, "maxItems": 1, "minItems": 1 }, "UnshareTarget": { "description": "Identifier for the directory consumer account to unshare the directory from.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "DirectoryId", "UnshareTarget" ] }, "additionalProperties": false, "required": [ "DirectoryId", "UnshareTarget" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2y6q4vco4miyp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update EBS volumes.", "description": "Modify the properties of an existing Elastic Block Store (EBS) volume stack created using CT id ct-16xg8qguovg2w, version 1.0. No service interruption is expected during the update.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the EC2 instance the EBS volumes are attached to, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "ID of the stack instance that contains the EBS Volumes, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "Volume1Iops": { "type": "string", "description": "The Iops to use for Volume1 if Volume1Type is io1, io2 or gp3. If Volume1Type is not io1, io2 or gp3, any value provided here is ignored. If Volume1Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume1Size": { "type": "string", "description": "The size for Volume1 in GiB. The size can be increased, but not decreased.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume1Throughput": { "type": "string", "description": "The Throughput to use for Volume1 if Volume1Type is gp3. If Volume1Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] }, "Volume2Iops": { "type": "string", "description": "The Iops to use for Volume2 if Volume2Type is io1, io2 or gp3. If Volume2Type is not io1, io2 or gp3, any value provided here is ignored. If Volume2Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume2Size": { "type": "string", "description": "The size for Volume2 in GiB. The size can be increased, but not decreased.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume2Throughput": { "type": "string", "description": "The Throughput to use for Volume2 if Volume2Type is gp3. If Volume2Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] }, "Volume3Iops": { "type": "string", "description": "The Iops to use for Volume3 if Volume3Type is io1, io2 or gp3. If Volume3Type is not io1, io2 or gp3, any value provided here is ignored. If Volume3Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume3Size": { "type": "string", "description": "The size for Volume3 in GiB. The size can be increased, but not decreased.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume3Throughput": { "type": "string", "description": "The Throughput to use for Volume3 if Volume3Type is gp3. If Volume3Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] }, "Volume4Iops": { "type": "string", "description": "The Iops to use for Volume4 if Volume4Type is io1, io2 or gp3. If Volume4Type is not io1, io2 or gp3, any value provided here is ignored. If Volume4Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume4Size": { "type": "string", "description": "The size for Volume4 in GiB. The size can be increased, but not decreased.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume4Throughput": { "type": "string", "description": "The Throughput to use for Volume4 if Volume4Type is gp3. If Volume4Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] }, "Volume5Iops": { "type": "string", "description": "The Iops to use for Volume5 if Volume5Type is io1, io2 or gp3. If Volume5Type is not io1, io2 or gp3, any value provided here is ignored. If Volume5Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume5Size": { "type": "string", "description": "The size for Volume5 in GiB. The size can be increased, but not decreased.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume5Throughput": { "type": "string", "description": "The Throughput to use for Volume5 if Volume5Type is gp3. If Volume5Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] } }, "metadata": { "ui:order": [ "Volume1Size", "Volume1Type", "Volume1Iops", "Volume1Throughput", "Volume2Size", "Volume2Type", "Volume2Iops", "Volume2Throughput", "Volume3Size", "Volume3Type", "Volume3Iops", "Volume3Throughput", "Volume4Size", "Volume4Type", "Volume4Iops", "Volume4Throughput", "Volume5Size", "Volume5Type", "Volume5Iops", "Volume5Throughput" ] } } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2yja7ihh30ply

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable cross account copy (Management account)", "description": "Enable and configure cross-account backup and monitoring in a management account. This automation can only be completed successfully in a management account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleConfigureCrossAccountBackupInManagementAccount-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleConfigureCrossAccountBackupInManagementAccount-Admin" ], "default": "AWSManagedServices-HandleConfigureCrossAccountBackupInManagementAccount-Admin" }, "Region": { "description": "The AWS Region to enable the cross account backup and monitoring in, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DestinationAccountId": { "description": "The destination account ID of the cross-account backup to enable.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1 }, "SourceAccountId": { "description": "The source account ID of the cross-account backup to enable.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceAccountId", "DestinationAccountId" ] }, "additionalProperties": false, "required": [ "DestinationAccountId", "SourceAccountId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2z60dyvto9g6c

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS database stack", "description": "Create an Amazon Relational Database Service (RDS) DB instance. To provision an Aurora single instance or multi-AZ instances, use CT ct-2jvzjwunghrhy.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sl81ze20000000000.", "type": "string", "enum": [ "stm-sl81ze20000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "RDSAllocatedStorage": { "description": "The size of the database in gigabytes (GB). The acceptable limits for this value relate to the engine and storage type that you specify. For details, see AWS documentation on DB instance storage.", "type": "number" }, "RDSAutoMinorVersionUpgrade": { "description": "True to apply minor engine upgrades automatically to the DB instance during the maintenance window, false to not. Default is false.", "type": "boolean", "default": false }, "RDSBackupRetentionPeriod": { "description": "The number of days for which automatic DB snapshots are retained. Setting this to a positive number enables backups. Setting this to 0 disables automated backups.", "type": "number", "minimum": 0, "maximum": 35, "default": 7 }, "RDSCharacterSetName": { "description": "The character set to associate with the DB instance. This is applicable only if RDSDBEngine = oracle-se, oracle-se1, oracle-se2, oracle-ee, sqlserver-ee, sqlserver-se, sqlserver-ex or sqlserver-web.", "type": "string", "default": "" }, "RDSDBEngine": { "description": "The name of the database engine for the DB instance. Not every database engine is available for every AWS region.", "type": "string", "enum": [ "mariadb", "mysql", "oracle-se2", "oracle-se1", "oracle-se", "oracle-ee", "sqlserver-ee", "sqlserver-se", "sqlserver-ex", "sqlserver-web", "postgres" ] }, "RDSDBInstanceIdentifier": { "description": "A name for the DB instance. It must begin with a letter, must contain only letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens. If left blank AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "minLength": 0, "maxLength": 63 }, "RDSDBName": { "description": "A name for the database. The meaning of this parameter differs according to the database engine you use.For example, the name can't be longer than 8 characters for Oracle database, for some others the DBName must begin with a letter and contain only alphanumeric characters. For details on DBName requirements, see the AWS RDS documentation for \"CreateDBInstance\" API.", "type": "string" }, "RDSDBParameterGroupName": { "description": "The name of an existing DB parameter group.", "type": "string" }, "RDSDeletionProtection": { "description": "True to enable DB instance deletion protection, false to not. Default is false.", "type": "boolean", "default": false }, "RDSEngineVersion": { "description": "The version number of the database engine to use; for example, 5.7.30 for the MySQL engine. For details on engine versions, see the AWS RDS documentation \"CreateDBInstance\" API.", "type": "string" }, "RDSInstanceType": { "description": "The compute and memory capacity for the DB instance. Not all DB instance classes are available in all AWS Regions, or for all database engines. For details on the list of DB instance classes available for a specific engine, see the AWS RDS documentation for \"CreateDBInstance\" API.", "type": "string", "pattern": "^db\\.[a-z0-9]+\\.[a-z0-9]+$", "default": "db.m4.large" }, "RDSIOPS": { "description": "The provisioned IOPS for RDS storage. Must be a multiple between 3 and 10 of the storage amount for the DB instance. Must also be an integer multiple of 1000. For example, if the size of your DB instance is 500 GB, then your Iops value can be 2000, 3000, 4000, or 5000.", "type": "number", "default": 0 }, "RDSLicenseModel": { "description": "License model information for the DB instance. This is applicable only if RDSDBEngine = oracle-se1 or oracle-se2. Default is license-included.", "type": "string", "enum": [ "bring-your-own-license", "license-included" ] }, "RDSMasterUsername": { "description": "The name that you will use with the configured RDSMasterUserPassword to log in to your DB instance. Must begin with a letter and contain only alphanumeric characters. For details regarding DB engine related constraints on the user name, see the AWS RDS documentation for \"CreateDBInstance\" API.", "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9]{1,128}$", "minLength": 1, "maxLength": 128 }, "RDSMasterUserPassword": { "description": "The password that you will use with the configured RDSMasterUserName to log in to your DB instance. Must contain from 8 to 30 printable ASCII characters (excluding backslash, double quotes, and at sign).", "type": "string", "pattern": "^[!#-.0-?A-~]{8,30}$", "metadata": { "ams:sensitive": true } }, "RDSMultiAZ": { "description": "True to have a standby replica of your DB instance created in another Availability Zone for failover support, false to not have a standby replica. Default is true.", "type": "boolean", "default": true }, "RDSOptionGroupName": { "description": "The option group that this DB instance is associated with.", "type": "string" }, "RDSPerformanceInsights": { "type": "string", "description": "True to enable Performance Insights for the DB instance, false to not. Amazon RDS Performance Insights is a database performance tuning and monitoring feature that helps you assess the load on your database.", "enum": [ "true", "false" ], "default": "true" }, "RDSPerformanceInsightsKMSKey": { "type": "string", "description": "The Amazon resource name (ARN) of the KMS master key to use to encrypt Performance Insights data. Specify default to use the default RDS KMS Key.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" }, "RDSPerformanceInsightsRetentionPeriod": { "type": "string", "description": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).", "enum": [ "7", "731" ], "default": "7" }, "RDSPreferredBackupWindow": { "description": "The daily time range during which automated backups are created if RDSBackupRetentionPeriod is set to a positive number. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the RDSPreferredMaintenanceWindow setting, and must be at least 30 minutes. If left blank a 30-minute window is selected at random from an 8-hour block of time for each AWS Region.", "type": "string", "pattern": "^$|^[0-9]{2}:[0-9]{2}-[0-9]{2}:[0-9]{2}$" }, "RDSPort": { "description": "The port number on which the database accepts connections. Defaults vary per DB engine.", "type": "number" }, "RDSPreferredMaintenanceWindow": { "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh:mm-ddd:hh:mm (24-hour format). If left blank a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week.", "type": "string", "pattern": "^$|^[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$" }, "RDSStorageEncrypted": { "description": "True to enable database encryption, false to not. Default is false.", "type": "boolean", "default": false }, "RDSStorageEncryptionKey": { "description": "The ARN of the custom KMS key to encrypt the database if RDSStorageEncrypted = true. If RDSStorageEncrypted = true and you do not specify a RDSStorageEncryptionKey, RDS uses your default encryption key, which AWS KMS creates. Your AWS account has a different default encryption key for each AWS region.", "type": "string", "pattern": "^$|^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "default": "" }, "RDSStorageType": { "description": "Storage type for the RDS instance. If you specify io1, you must also include a value for the RDSIOPS parameter.", "type": "string", "enum": [ "standard", "gp2", "io1", "gp3" ], "default": "gp2" }, "RDSMaxAllocatedStorage": { "description": "The upper limit, in gibibytes (GiB), to which Amazon RDS can automatically scale the storage of the DB instance. This setting doesn't apply to RDS Custom. To learn more, see Amazon documentation on RDS DB instance storage.", "type": "string", "pattern": "2[0-9]|[3-9][0-9]|[1-9][0-9]{2,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6]|^$" }, "RDSSubnetIds": { "description": "Two or more subnet IDs for the RDS instance, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "maxItems": 20, "uniqueItems": true }, "RDSTimezone": { "description": "The time zone of the DB instance. This is applicable only if RDSDBEngine = sqlserver-ee, sqlserver-se, sqlserver-ex or sqlserver-web.", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "RDSDBEngine", "RDSLicenseModel", "RDSEngineVersion", "RDSInstanceType", "RDSTimezone", "RDSStorageType", "RDSAllocatedStorage", "RDSMaxAllocatedStorage", "RDSIOPS", "RDSDBInstanceIdentifier", "RDSDBName", "RDSMasterUsername", "RDSMasterUserPassword", "RDSMultiAZ", "RDSSubnetIds", "RDSPort", "RDSDBParameterGroupName", "RDSOptionGroupName", "RDSCharacterSetName", "RDSStorageEncrypted", "RDSStorageEncryptionKey", "RDSBackupRetentionPeriod", "RDSPreferredBackupWindow", "RDSAutoMinorVersionUpgrade", "RDSPerformanceInsights", "RDSPerformanceInsightsKMSKey", "RDSPerformanceInsightsRetentionPeriod", "RDSPreferredMaintenanceWindow", "RDSDeletionProtection" ] }, "required": [ "RDSAllocatedStorage", "RDSDBEngine", "RDSDBName", "RDSEngineVersion", "RDSMasterUsername", "RDSMasterUserPassword", "RDSSubnetIds" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-2zebb2czoxpjd

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Resource Tags", "description": "Delete tags from existing, tagged resources: Autoscaling, EC2, Elastic Load Balancing, RDS, S3 buckets and Redshift clusters. Additionally, CloudWatch LogGroups that do not belong to a CloudFormation stack are supported. AMS infrastructure stacks (stacks named mc-*) cannot have tags deleted with this change type.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateTags.", "type": "string", "enum": [ "AWSManagedServices-UpdateTags" ], "default": "AWSManagedServices-UpdateTags" }, "Region": { "description": "The AWS Region where the tagged resources are, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "ResourceArns": { "description": "A list of up to 50 Amazon resource names (ARNs), or the resource IDs, of the resources with tags to be deleted. Use resource ID only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. Use the full ARN for all other supported resource types.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:(autoscaling|ec2|elasticloadbalancing|logs|rds|s3|redshift):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):.*)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RemoveTags": { "description": "Up to fifty tag Keys to remove from the specified resource.", "type": "array", "items": { "type": "string", "pattern": "^((aws-migration-project-id)|(?![aA][mMwW][sS])[\\x00-\\x7F+]{1,128})$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "ResourceArns", "RemoveTags" ] }, "required": [ "ResourceArns", "RemoveTags" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "DocumentName", "Parameters" ] }

Schema for Change Type ct-2zqwr34epwzx1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS DB cluster Snapshot", "description": "Create a snapshot of Amazon Aurora or Multi-AZ DB (Amazon RDS) cluster in available state. The snapshot will be encrypted with the same KMS key as the DB cluster, or unencrypted if the DB cluster is unencrypted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateDBClusterSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CreateDBClusterSnapshot" ], "default": "AWSManagedServices-CreateDBClusterSnapshot" }, "Region": { "description": "The AWS Region in which the RDS DB cluster is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBClusterIdentifier": { "description": "The identifier for the RDS DB cluster that you are creating a snapshot of.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,62}$" }, "minItems": 1, "maxItems": 1 }, "DBClusterSnapshotIdentifier": { "description": "A unique name for the RDS DB cluster snapshot.", "type": "array", "items": { "type": "string", "pattern": "^(?!.*--)[a-zA-Z][a-zA-Z0-9-]{1,62}(?<!-)$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DBClusterIdentifier", "DBClusterSnapshotIdentifier" ] }, "additionalProperties": false, "required": [ "DBClusterIdentifier", "DBClusterSnapshotIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-2zxya20wmf5bf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete KMS key", "description": "Delete an AWS Key Management Service (KMS) Key from an AMS account. By default, there is a 30 day waiting period before the key is deleted; during that period, you can restore the key using the KMS Key Update change type.", "type": "object", "properties": { "KeyName": { "description": "The name of the KMS key to be deleted.", "type": "string", "pattern": "^[a-zA-Z0-9:/_-]{1,256}$" }, "Operation": { "description": "Must be Delete.", "type": "string", "default": "Delete", "enum": [ "Delete" ] }, "KeyDeletionWaitPeriod": { "description": "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the key from the account. Must be between 7 and 30, inclusive. Default is 30.", "default": 30, "maximum": 30, "minimum": 7, "type": "integer" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "KeyName", "Operation", "KeyDeletionWaitPeriod", "Priority" ] }, "required": [ "KeyName", "Operation", "KeyDeletionWaitPeriod" ] }

Schema for Change Type ct-3047c34zuvswh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Bulk Update Resource Tags", "description": "Bulk add tags to existing, supported resources: Autoscaling, EC2, Elastic Load Balancing, RDS and S3 buckets. AMS infrastructure stacks (stacks named mc-*) cannot have tags added with this change type. Use this with AWS Tag Editor when managing large numbers of tags (i.e. >50).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-BulkUpdateTags.", "type": "string", "enum": [ "AWSManagedServices-BulkUpdateTags" ], "default": "AWSManagedServices-BulkUpdateTags" }, "Region": { "description": "The AWS Region where the resources to be tagged are, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "CsvS3Url": { "description": "The S3 presigned URL that points to the CSV file with the tag update details. The CSV file must be formatted to the correct format. See the AMS tag documentation for the correct format of the CSV file.", "type": "array", "items": { "type": "string", "pattern": "^https?://[a-z0-9]([-.a-z0-9]+)[a-z0-9]\\.s3\\.([a-z]{2}-[a-z]+-\\d{1}\\.)?amazonaws\\.com/[\\S]*", "minLength": 1, "maxLength": 5000 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "CsvS3Url" ] }, "required": [ "CsvS3Url" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "DocumentName", "Parameters" ] }

Schema for Change Type ct-309eozh6lpkr8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Allow List", "description": "Create an allow list file for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be CreateAllowList.", "type": "string", "enum": [ "CreateAllowList" ], "default": "CreateAllowList" }, "Parameters": { "type": "object", "properties": { "AllowListName": { "description": "A meaningful name for the allow list, cannot exceed 63 characters.", "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "AllowListName" ] }, "required": [ "AllowListName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RequestType", "Parameters" ] }, "required": [ "RequestType", "Parameters" ] }

Schema for Change Type ct-30bfiwxjku1nu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete EBS Snapshots", "description": "Delete Elastic Block Store (EBS) snapshots. Because deleted snapshots cannot be restored, it's a best practice to schedule this RFC with enough lead to time to cancel the operation, if needed. At least one parameter must be specified. Note: If you use multiple parameters, only snapshots that match all the specified parameters are deleted. Snapshots created by AWS Backup service or used by AMIs cannot be deleted. If using the SnapshotCreationDate or SnapshotTag parameters, snapshots created within the last 30 days are not eligible for deletion. If a snapshot fails to delete, then the execution fails. You can optionally receive a failed snapshots report in an S3 bucket. You can delete up to 1000 snapshots in one execution.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteEBSSnapshots.", "type": "string", "enum": [ "AWSManagedServices-DeleteEBSSnapshots" ], "default": "AWSManagedServices-DeleteEBSSnapshots" }, "Region": { "description": "The AWS Region to where the snapshots are, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Confirmation": { "description": "To confirm permanent deletion of the EBS snapshots, use delete permanently. If this parameter is unspecified, the RFC cannot be created.", "type": "string", "pattern": "^delete permanently$" }, "Parameters": { "type": "object", "properties": { "SnapshotIds": { "description": "A list of up to 20 EBS snapshot IDs to delete, in the form snap-12345678 or snap-123456789012345ab. Use either this parameter or SnapshotIdCsvUrl, not both.", "type": "array", "items": { "type": "string", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$" }, "minItems": 0, "maxItems": 20, "uniqueItems": true }, "SnapshotIdCsvUrl": { "description": "A pre-signed S3 URL for the file with the list of snapshots to delete. The file must contain a comma separated list of up to 1000 snapshot IDs, in the form snap-12345678 or snap-123456789012345ab. Use either this parameter or SnapshotIds, not both.", "type": "array", "items": { "type": "string", "pattern": "^https?://[a-z0-9]([-.a-z0-9]+)[a-z0-9]\\.amazonaws\\.com/[\\S]*$" }, "minItems": 0, "maxItems": 1 }, "SnapshotCreationDate": { "description": "A snapshot creation date. Snapshots created before the specified date 00:00 UTC time are deleted. The date must be 30 or more days ago, in the form 2020-01-31", "type": "array", "items": { "type": "string", "pattern": "^$|^(20[12][0-9])-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])$" }, "minItems": 0, "maxItems": 1 }, "SnapshotTag": { "description": "A tag to filter snapshots for delete. The snapshots without the tag are not deleted. The tag is case sensitive and must be a single key-value pair, for example {\"Key\":\"Delete\",\"Value\":\"True\"}.", "type": "array", "items": { "type": "string", "pattern": "\\{\"Key\":\"(?![aA][mMwW][sS])[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]{1,127}\",\"Value\":\"[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]{1,127}\"\\}" }, "minItems": 0, "maxItems": 1 }, "SnapshotsWithoutVolumes": { "description": "True to delete only snapshots for which the source volumes no longer exist; False to delete all specified snapshots. Default is False.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "False" }, "minItems": 0, "maxItems": 1 }, "S3Bucket": { "description": "(Optional) S3 URI (s3://BUCKET_NAME) of a bucket that belongs to the same account, used to upload the invalid snapshots report.", "type": "array", "items": { "type": "string", "pattern": "s3://.+$|$^" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "SnapshotIds", "SnapshotIdCsvUrl", "SnapshotCreationDate", "SnapshotTag", "SnapshotsWithoutVolumes", "S3Bucket" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Confirmation", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "Confirmation", "DocumentName", "Parameters" ] }

Schema for Change Type ct-30ecvfi3tq4k3

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create an OpenID Connect Provider", "description": "Create an IAM OpenID Connect provider for the Amazon Elastic Kubernetes Service (Amazon EKS) cluster.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAssociateIAMOpenIDProvider-Admin", "type": "string", "enum": [ "AWSManagedServices-HandleAssociateIAMOpenIDProvider-Admin" ], "default": "AWSManagedServices-HandleAssociateIAMOpenIDProvider-Admin" }, "Region": { "description": "The AWS Region of the account, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ClusterName": { "description": "The name of the Amazon EKS cluster to associate with the new OpenID Connect provider.", "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9_-]{1,100}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ClusterName" ] }, "required": [ "ClusterName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-30j78u6li9aqr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete IAM Resource", "description": "Delete Identity and Access Management (IAM) users, roles or policies.", "type": "object", "properties": { "IAM Users": { "description": "A list of up to 10 IAM users to delete, in the ARN format.", "type": "array", "items": { "type": "string", "pattern": "^$|^arn:aws:iam::[0-9]{12}:user/([!-~]+/)*[\\w+=,.@-]+$", "minLength": 32, "maxLength": 607 }, "minItems": 0, "maxItems": 10 }, "IAM Roles": { "description": "A list of up to 10 IAM roles to delete, in the ARN format.", "type": "array", "items": { "type": "string", "pattern": "^$|^arn:aws:iam::[0-9]{12}:role/([!-~]+/)*[\\w+=,.@-]+$", "minLength": 32, "maxLength": 607 }, "minItems": 0, "maxItems": 10 }, "IAM Policies": { "description": "A list of up to 10 IAM policies to delete, in the ARN format.", "type": "array", "items": { "type": "string", "pattern": "^$|^arn:aws:iam::[0-9]{12}:policy/([!-~]+/)*[\\w+=,.@-]+$", "minLength": 34, "maxLength": 673 }, "minItems": 0, "maxItems": 10 }, "Operation": { "description": "Must be Delete.", "type": "string", "default": "Delete", "enum": [ "Delete" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "IAM Users", "IAM Roles", "IAM Policies", "Operation", "Priority" ] }, "required": [ "Operation" ] }

Schema for Change Type ct-31eb7rrxb7qju

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Replication Rule", "description": "Add an S3 replication rule to the specified S3 bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-PutReplicationRule.", "type": "string", "enum": [ "AWSManagedServices-PutReplicationRule" ], "default": "AWSManagedServices-PutReplicationRule" }, "Region": { "description": "The AWS Region in which the source bucket is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ReplicationRuleName": { "description": "The replication rule name.", "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9_-]+$" }, "maxItems": 1 }, "DestinationAccount": { "description": "The destination S3 bucket account ID, use the same account ID if the destination bucket is within the current account.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1 }, "DestinationBucketName": { "description": "The destination S3 bucket name.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "maxItems": 1 }, "SourceBucketName": { "description": "The source S3 bucket name.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "maxItems": 1 }, "ReplicationRole": { "description": "The ARN of the role that allows S3 to perform the replication on your behalf.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/[A-Za-z0-9_-]+$" }, "maxItems": 1 }, "DecryptObjectKMSKey": { "description": "The KMS key(s) used to decrypt objects in the source S3 bucket.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" } }, "EncryptReplicaKMSKey": { "description": "The KMS key used to encrypt destination objects.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" }, "maxItems": 1 }, "OwnerTranslation": { "description": "True to change replica ownership to the AWS account that owns the destination bucket, false to not change replica ownership. This parameter cannot be left blank.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "false" }, "minItems": 1, "maxItems": 1 }, "Prefix": { "description": "An object key name prefix that identifies the subset of objects to which the rule applies; for example, 'customer-'.", "type": "array", "items": { "type": "string", "default": "" }, "maxItems": 1 }, "Priority": { "description": "S3 uses the rule priority to determine which rule to apply. The higher the number, the higher the priority. Default rule priority is 1.", "type": "array", "items": { "type": "string", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "1" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "ReplicationRuleName", "SourceBucketName", "DestinationAccount", "DestinationBucketName", "ReplicationRole", "OwnerTranslation", "DecryptObjectKMSKey", "EncryptReplicaKMSKey", "Prefix", "Priority" ] }, "additionalProperties": false, "required": [ "ReplicationRuleName", "SourceBucketName", "DestinationAccount", "DestinationBucketName", "ReplicationRole" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-31eyj2hlvqjwu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Performance Insights.", "description": "Update Performance Insights for a DB instance or Multi-AZ DB cluster. Amazon RDS Performance Insights is a database performance tuning and monitoring feature that helps you assess the load on your database. You can change settings, enable, or disable the feature.", "type": "object", "properties": { "DBIdentifierArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the DB instance or cluster.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{12}:(db|cluster):[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "PerformanceInsights": { "type": "string", "description": "True to enable Performance Insights for the DB instance, false to not. Enabling Performance Insights doesn't cause downtime, a reboot, or a failover.", "enum": [ "true", "false" ] }, "PerformanceInsightsKMSKeyId": { "type": "string", "description": "The Amazon resource name (ARN) of the KMS master key to use to encrypt Performance Insights data. Specify default to use the default RDS KMS Key.", "pattern": "^default$|^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "default": "default" }, "PerformanceInsightsRetentionPeriod": { "type": "string", "description": "The number of days to retain Performance Insights data. The default is 7 days", "enum": [ "7 days", "1 month", "2 months", "3 months", "4 months", "5 months", "6 months", "7 months", "8 months", "9 months", "10 months", "11 months", "12 months", "13 months", "14 months", "15 months", "16 months", "17 months", "18 months", "19 months", "20 months", "21 months", "22 months", "23 months" ], "default": "7 days" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DBIdentifierArn", "PerformanceInsights", "PerformanceInsightsKMSKeyId", "PerformanceInsightsRetentionPeriod", "Priority" ] }, "required": [ "DBIdentifierArn", "PerformanceInsights" ] }

Schema for Change Type ct-33ste5yc7hprs

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Custom SCP", "description": "Create a custom service control policy (SCP) to manage permissions across AWS organization.", "type": "object", "properties": { "TargetId": { "description": "The unique identifier (ID) of the root, or organizational unit (OU), or account, that you want to attach the SCP to. For information on creating a SCP, refer to AWS documentation.", "type": "string", "pattern": "^ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$|^r-[0-9a-z]{4,32}$|^[0-9]{12}$" }, "CustomServiceControlPolicy": { "description": "The JSON contents of the SCP that you want to attach to the target.", "type": "string", "maxLength": 5000 }, "SCPDescription": { "description": "A description of the SCP to be attached to the provided target.", "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "SCPDescription", "TargetId", "CustomServiceControlPolicy", "Priority" ] }, "additionalProperties": false, "required": [ "TargetId", "CustomServiceControlPolicy" ] }

Schema for Change Type ct-34alumbtv2b9p

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update stack patching configuration", "description": "Use to update patch configuration.", "additionalProperties": false, "type": "object", "properties": { "HealthyHostThreshold": { "exclusiveMaximum": true, "description": "The minimum health threshold, in decimal, of available instances within a stack that must be maintained during patching.", "maximum": 1, "type": "number", "minimum": 0 }, "MaintenanceWindow": { "description": "The monthly maintenance window within which patching will occur, in UTC.", "type": "object", "properties": { "DayOfWeek": { "description": "Day of the week (1 to 7 == Monday to Sunday).", "maximum": 7, "type": "integer", "minimum": 1 }, "DurationInMinutes": { "description": "Duration of the window in minutes.", "maximum": 1440, "type": "integer", "minimum": 60 }, "Minute": { "description": "Minute of the hour of the day that the window will begin.", "maximum": 59, "type": "integer", "minimum": 0 }, "Hour": { "description": "Hour of the day that the window will begin.", "maximum": 23, "type": "integer", "minimum": 0 }, "WeekOfMonth": { "description": "Week of the month that the window will reside within (1 == first week of the month, 4 == 4th week of the month).", "maximum": 4, "type": "integer", "minimum": 1 } } }, "StackId": { "pattern": "^stack-[a-zA-Z0-9]{17}$", "description": "The ID of the stack to perform the task on, in the form of stack-12345678901234567.", "type": "string" } }, "required": [ "StackId" ] }

Schema for Change Type ct-34jldf2qihaic

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Attach EBS Volume", "description": "Attach an EBS volume to an EC2 instance. This change type provides an option that attempts to remediate drift in the CloudFormation stack where the volume is being attached, but that option, RemediateStackDrift, does not work on volumes created using the CloudFormation ingest change type (ct-36cn2avfrrj9v).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AttachEBSVolume.", "type": "string", "enum": [ "AWSManagedServices-AttachEBSVolume" ], "default": "AWSManagedServices-AttachEBSVolume" }, "Region": { "description": "The AWS Region where the EBS Volume is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance, in the form i-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "minItems": 1, "maxItems": 1 }, "VolumeId": { "description": "The ID of the EBS volume, in the form vol-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^vol-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 1 }, "DeviceName": { "description": "The device name where the volume is to be attached, e.g. /dev/sdf or xvdg. If no device name is included, one is chosen for you.", "type": "array", "items": { "type": "string", "pattern": "^(/dev/sd[a-z][1-15]{0,1})|xvd[a-z]$|/dev/xvd[a-z]$|^$" }, "minItems": 0, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by volume attachment. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to the volume attachment. Set to False to attach a volume in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "VolumeId", "InstanceId", "DeviceName", "RemediateStackDrift" ] }, "required": [ "VolumeId", "InstanceId", "RemediateStackDrift" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-34sxfo53yuzah

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remediate Stack Drift", "description": "Remediate the drift (out-of-band changes) in a stack, bringing the stack in sync and enabling you to perform future updates using the available Update CTs. Drift remediation can be performed on EC2 resource types.", "type": "object", "properties": { "StackName": { "description": "The name of the stack to remediate the drift, in the form of stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{8}$|^stack-[a-z0-9]{17}$" }, "DryRun": { "description": "True to perform drift remediation in dry run mode, false to perform drift remediation not in dry run mode. Default is false. Dry run mode checks if the stack drift can be remediated or not, but does not attempt remediation. Note that, when DryRun=true, reserved stack outputs for drift remediation, in the form of AMSCFNDriftRemediationBuildReferences95556500d5, can be added or updated. To learn more about outputs, see AWS CloudFormation documentation.", "type": "boolean", "default": false }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "StackName", "DryRun", "Priority" ] }, "required": [ "StackName" ] }

Schema for Change Type ct-35p977vul06df

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add NLB Listener Certificate", "description": "Add a certificate to the specified Network Load Balancer (NLB) listener. Use the RemediateStackDrift parameter for the automation to try to remediate drift, if it is introduced.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddCertificateToElbv2Listener.", "type": "string", "enum": [ "AWSManagedServices-AddCertificateToElbv2Listener" ], "default": "AWSManagedServices-AddCertificateToElbv2Listener" }, "Region": { "description": "The AWS Region where the network load balancer listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ListenerArn": { "description": "The Amazon Resource Name (ARN) of the listener in the form arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/sample/1234567890abcdfe/1234567890abcdfe.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):elasticloadbalancing:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:listener/net/[A-Za-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "CertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "IsDefault": { "description": "True to set the certificate as the default certificate on the listener, False to not set the certificate as the default certificate on the listener. Default value is False.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by adding the certificate to the Load Balancer listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to adding certificate to the Load Balancer listener. Set to False to add the certificate to the Load Balancer listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ListenerArn", "CertificateArn", "IsDefault", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "CertificateArn", "ListenerArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-361tlo1k7339x

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update CloudFormation Stack", "description": "Update the template and/or parameters of a CFN stack. To only update the parameters in an existing stack a modified CFN template is not required, modified parameters can be provided instead. Values for existing parameters are overwritten, values for new parameters are added. To add, delete or modify a resource, or to change attributes not referenced through a parameter, use a modified CFN template. If the update would result in a resource in the stack being replaced or removed, the RFC fails and requires approval through the \"Approve ChangeSet and update CloudFormation stack\" CT (ct-1404e21baa2ox).", "type": "object", "properties": { "VpcId": { "description": "Identifier of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "Identifier for the existing CloudFormation-based stack to be updated.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "CloudFormationTemplateS3Endpoint": { "description": "The Amazon S3 bucket URL for the CloudFormation template you want to deploy. The template must be accessible from this account or provided as a pre-signed Amazon S3 URL. To update the template for an existing stack, provide either an Amazon S3 URL for the template in this option, or an inline template in the CloudFormationTemplate option.", "type": "string", "minLength": 1, "pattern": "^[\\s]*https?://[\\S]*[\\s]*$|^[\\s]*$", "maxLength": 2047 }, "CloudFormationTemplate": { "description": "The CloudFormation template that you have configured to create or update the resources that you want. To update the template for an existing stack, provide either an Amazon S3 URL for the template in the CloudFormationTemplateS3Endpoint option, or an inline template in this option.", "type": "string", "minLength": 1, "pattern": "^(?![\\s]*https?)[\\S\\s]*$", "maxLength": 20000 }, "TemplateParameters": { "description": "Parameters (key/value pairs) from the CloudFormation template used to configure the stack. Unspecified parameters retain their current values. New parameters defined in the updated template must either have a default value or a value provided here.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "uniqueItems": true }, "AutoApproveRiskyUpdates": { "description": "Logical IDs in your template that represent resources for which a high-risk update should be automatically approved, without requiring your approval of a change set. High-risk is defined as an update that could cause resource deletion or replacement. If the stack update includes high-risk changes that are not included in this list, you will be required to approve a change set to execute the change through the \"Approve ChangeSet and update CloudFormation stack\" CT (ct-1404e21baa2ox).", "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "BypassDriftCheck": { "description": "Logical IDs in your template that represent drifted, or drift unsupported resources for which the drift check should be bypassed before updating the resource. If the stack update includes updating drifted, or drift unsupported resources that are not included in this list, the update will fail. Carefully inspect the drift report before bypassing the drift check for the resources to be updated.", "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This does not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 1080, "default": 360 } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "CloudFormationTemplateS3Endpoint", "CloudFormationTemplate", "TemplateParameters", "AutoApproveRiskyUpdates", "TimeoutInMinutes", "BypassDriftCheck" ] }, "required": [ "VpcId", "StackId", "TimeoutInMinutes" ] }

Schema for Change Type ct-361vpyun9a9dd

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create CloudWatch alarms", "description": "Create one or more CloudWatch alarms. For detailed information on CloudWatch alarm properties, see AWS documentation \"Creating CloudWatch Alarms\".", "type": "object", "properties": { "Alarms": { "description": "Parameters for one or more CloudWatch alarms.", "type": "array", "items": { "type": "object", "properties": { "ActionsEnabled": { "description": "True for specified CloudWatch supported actions, including SNS topic actions, to be triggered. False for actions to not be triggered. For AMS to monitor your alarms, the SNS topic must be added to each configured action and ActionsEnabled must be set to true. To request that AMS perform actions not supported by CloudWatch, provide AMS with detailed instructions on handling the alarm in a service request after the alarm is created.", "type": "boolean" }, "AlarmActions": { "description": "The Amazon Resource Name (ARN) of existing actions to execute when this alarm transitions to the ALARM state from any other state. If unspecified, no action is taken when this alarm transitions to the ALARM state. For AWS Managed Services (AMS) to monitor the alarms, include your AMS MMS SNS topic, in the form [\"arn:aws:sns:${REGION}:${ACCOUNT_ID}:MMS-Topic\"]", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 1024 }, "maxItems": 5, "uniqueItems": true }, "AlarmDescription": { "description": "A meaningful description for the alarm.", "type": "string", "minLength": 0, "maxLength": 1024 }, "AlarmName": { "description": "A name for the alarm. The name must be unique within the AWS account.", "type": "string", "minLength": 1, "maxLength": 255 }, "ComparisonOperator": { "description": "The operation to use when comparing the Statistic and Threshold values that you specify. The specified Statistic value is used as the first operand. Options: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold.", "type": "string", "enum": [ "GreaterThanOrEqualToThreshold", "GreaterThanThreshold", "LessThanThreshold", "LessThanOrEqualToThreshold" ] }, "DatapointsToAlarm": { "description": "The number of datapoints that must be breaching to trigger the alarm. Required if you are setting an \"M out of N\" alarm. If you set DatapointsToAlarm and EvaluationPeriod as different values, you are setting an \"M out of N\" alarm (DatapointsToAlarm is \"M\", EvaluationPeriod is \"N\").", "type": "integer", "minimum": 1 }, "Dimensions": { "description": "The dimensions (arbitrary name/value pairs) for the metric associated with the alarm.", "type": "array", "items": { "type": "object", "properties": { "Name": { "description": "The name of the dimension.", "type": "string", "minLength": 1, "maxLength": 255 }, "Value": { "description": "The value representing the dimension measurement.", "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "maxItems": 10, "uniqueItems": true }, "EvaluateLowSampleCountPercentile": { "description": "For alarms based on percentiles. Options: evaluate, ignore. For the alarm state to not change during periods with too few data points to be statistically significant, set ignore. For the alarm to always be evaluated, and possibly change state, no matter how many data points are available, set evaluate or leave blank.", "type": "string", "minLength": 1, "maxLength": 255, "enum": [ "evaluate", "ignore" ] }, "EvaluationPeriods": { "description": "The number of consecutive data points that must be breached to trigger the alarm. For an \"M out of N\" alarm, this value is the N.", "type": "integer", "minimum": 1 }, "ExtendedStatistic": { "description": "For alarms based on percentiles. The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. You must specify either this, or Statistic, but not both.", "type": "string", "pattern": "p(\\d{1,2}(\\.\\d{0,2})?|100)" }, "InsufficientDataActions": { "description": "The Amazon Resource Name (ARN) of one or more existing CloudWatch alarm actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. If unspecified, no action is taken when this alarm transitions to the INSUFFICIENT_DATA state. For AWS Managed Services (AMS) to monitor the alarm, include your AMS MMS SNS topic, in the form [\"arn:aws:sns:${REGION}:${ACCOUNT_ID}:MMS-Topic\"]", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 1024 }, "maxItems": 5, "uniqueItems": true }, "MetricName": { "description": "An existing standard or custom CloudWatch metric for the alarm to track. For a list of AWS CloudWatch metrics, see AWS CloudWatch metrics documentation. To use a custom CloudWatch metric, see your CloudWatch console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Namespace": { "description": "An existing standard or custom CloudWatch namespace for the alarm. For a list of AWS namespaces, see AWS documentation. To use a custom namespace, see your CloudWatch console Metrics area.", "type": "string", "minLength": 1, "maxLength": 255 }, "OkActions": { "description": "The Amazon Resource Name (ARN) of one or more existing CloudWatch alarm actions to execute when this alarm transitions to the OK state from any other state. If unspecified, no action is taken when this alarm transitions to the OK state. For AWS Managed Services (AMS) to monitor the alarm, include your AMS MMS SNS topic, in the form [\"arn:aws:sns:${REGION}:${ACCOUNT_ID}:MMS-Topic\"]", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 1024 }, "maxItems": 5, "uniqueItems": true }, "Period": { "description": "The period, in seconds, over which the specified statistic is applied. Valid values are 10, 30, and any multiple of 60. Be sure to specify 10 or 30 only for metrics that are stored by a PutMetricData call with a StorageResolution of 1.", "type": "integer", "minimum": 1 }, "Statistic": { "description": "The statistic for the metric associated with the alarm; does not apply to percentile metrics. Options: SampleCount, Average, Sum, Minimum, Maximum. For percentile statistics, use parameter ExtendedStatistic. You must specify either this property, or ExtendedStatistic, but not both.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ] }, "Threshold": { "description": "The value against which the specified statistic is compared.", "type": "number" }, "TreatMissingData": { "description": "How this alarm handles missing data points. Options: breaching, notBreaching, ignore, missing. If unspecified, the default behavior, missing, is used.", "type": "string", "enum": [ "breaching", "notBreaching", "ignore", "missing" ], "minLength": 1, "maxLength": 255 }, "Unit": { "description": "The unit of measure for the statistic. Valid options are provided in the AWS Java SDK page for Enum StandardUnit.", "type": "string", "enum": [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "AlarmName", "AlarmDescription", "Namespace", "MetricName", "EvaluationPeriods", "Period", "ComparisonOperator", "Threshold", "Statistic", "Dimensions", "Unit", "DatapointsToAlarm", "EvaluateLowSampleCountPercentile", "ExtendedStatistic", "TreatMissingData", "ActionsEnabled", "AlarmActions", "InsufficientDataActions", "OkActions" ] }, "required": [ "AlarmName", "ComparisonOperator", "EvaluationPeriods", "MetricName", "Namespace", "Period", "Threshold" ] } }, "Region": { "description": "The AWS Region to create the alarm or set of alarms in.", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Region", "Alarms" ] }, "required": [ "Alarms", "Region" ] }

Schema for Change Type ct-369odosk0pd9w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share Directory", "description": "Share a specified directory in your AWS account (directory owner) with another AWS account (directory consumer). Run this in your Shared Service account that has Managed Active Directory. This change type is only supported for multi-account landing zone (MALZ).", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-ShareDirectory.", "type": "string", "enum": [ "AWSManagedServices-ShareDirectory" ], "default": "AWSManagedServices-ShareDirectory" }, "Region": { "description": "The AWS Region where the directory is located, in the form of us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DirectoryId": { "description": "Identifier of the AWS Managed Microsoft Active directory that you want to share with another AWS account.", "type": "array", "items": { "type": "string", "pattern": "^d-[0-9a-f]{10}$" }, "maxItems": 1, "minItems": 1 }, "TargetAccountId": { "description": "Identifier for the directory consumer account to share the directory with.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "DirectoryId", "TargetAccountId" ] }, "additionalProperties": false, "required": [ "DirectoryId", "TargetAccountId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-36cn2avfrrj9v

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Stack From CloudFormation (CFN) Template", "description": "Create a stack by pointing to a customized CloudFormation (CFN) template in an S3 bucket, or by pasting the contents of that template as input to this change type.", "type": "object", "properties": { "CloudFormationTemplate": { "description": "Your customized CFN template, copied directly into this input parameter. Use this parameter, CloudFormationTemplate, or the CloudFormationTemplateS3Endpoint parameter. Do not use both.", "type": "string", "minLength": 1, "pattern": "^(?![\\s]*https?)[\\S\\s]*$", "maxLength": 20000 }, "CloudFormationTemplateS3Endpoint": { "description": "The S3 bucket endpoint for the CloudFormation template you want to use. The bucket must be in the same account that you are using, or have a presigned URL.", "type": "string", "minLength": 1, "pattern": "^[\\s]*https?://[\\S]*[\\s]*$|^[\\s]*$", "maxLength": 2047 }, "Parameters": { "description": "Add up to sixty parameters (parameter name/value pairs) to supply alternate values for parameters in your customized CloudFormation template. By providing the parameters this way, you can reuse your CloudFormation template with different parameter values when needed and can update any parameter value with the CFN Stack Update change type.", "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "Description": { "description": "Meaningful information about the stack to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "Name": { "description": "A name for the stack; this becomes the Stack Name in the AMS console.", "type": "string", "minLength": 1, "maxLength": 255 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the stack.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 360 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "CloudFormationTemplateS3Endpoint", "CloudFormationTemplate", "Parameters", "TimeoutInMinutes", "Tags" ] }, "required": [ "Description", "Name", "VpcId", "TimeoutInMinutes" ] }

Schema for Change Type ct-36emj2uapfbu8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 for WIGS", "description": "Create an Amazon Elastic Compute Cloud (EC2) instance for use with Workload Ingest (WIGS) change type (ct-257p9zjk14ija). For information, see AMS documentation on WIGS in the AMS Application Developer's Guide.", "type": "object", "properties": { "InstanceVpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "InstanceNameTagValue": { "description": "A value for the Instance Name Tag Key.", "type": "string", "pattern": "^(?!([aA][mMwW][sS]|mc-))[a-zA-Z0-9_.@-]{0,256}$" }, "InstanceAmiId": { "description": "The AMI to use to create the EC2 instance, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "InstanceEBSOptimized": { "description": "True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization.", "type": "boolean", "default": false }, "InstanceType": { "description": "The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization.", "type": "string", "pattern": "^[a-z0-9]+\\.[a-z0-9]+$", "default": "t3.large" }, "InstanceRootVolumeSize": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "number", "minimum": 20, "maximum": 16000 }, "InstanceSubnetId": { "description": "The subnet that you want to launch the instance into, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceVpcId", "InstanceSubnetId", "InstanceAmiId", "InstanceType", "InstanceEBSOptimized", "InstanceRootVolumeSize", "InstanceNameTagValue", "Priority" ] }, "required": [ "InstanceVpcId", "InstanceAmiId", "InstanceSubnetId" ] }

Schema for Change Type ct-36jq7gvwyty8h

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change RDS MultiAZ Setting", "description": "Change the DB instance MultiAZ value through direct API calls. The MultiAZ setting determines whether or not the DB instance is deployed across multiple availability zones (AZs). The RDS instance can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-12w49boaiwtzp instead, or ct-361tlo1k7339x if the RDS instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSMultiAZ.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSMultiAZ" ], "default": "AWSManagedServices-UpdateRDSMultiAZ" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "MultiAZ": { "description": "True for the DB instance to be deployed across multiple AZs, false for it to not.", "type": "string", "enum": [ "true", "false" ] }, "ApplyImmediately": { "description": "True to apply the change immediately, false to schedule the change for the next maintenance window.", "type": "string", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "MultiAZ", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "MultiAZ", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-36x3u7v2oklwd

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create AWS Account Alias", "description": "Create an AWS account alias. Note that an AWS account can have only one alias. This operation fails if the AWS account already has an alias. To update an existing account alias, use the Update Account Alias (ct-3skaisgnq0pf8) change type.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAccountAlias.", "type": "string", "enum": [ "AWSManagedServices-CreateAccountAlias" ], "default": "AWSManagedServices-CreateAccountAlias" }, "Region": { "description": "The AWS Region where the account is, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "AWSAccountAlias": { "description": "The alias name for the AWS account to create.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{3,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "AWSAccountAlias" ] }, "required": [ "AWSAccountAlias" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-36zubwzxp44a4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add CIDR Ingress", "description": "Add RDP or SSH bastion ingress Classless Inter-Domain Routing (CIDR) allow lists.", "type": "object", "properties": { "BastionType": { "description": "The bastion type to update.", "type": "string", "enum": [ "RDP Bastion", "SSH Bastion" ] }, "IngressCIDRAddresses": { "description": "The CIDR ingress IP addresses to be allowed.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "minItems": 1, "maxItems": 3 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "BastionType", "IngressCIDRAddresses", "Priority" ] }, "additionalProperties": false, "required": [ "BastionType", "IngressCIDRAddresses" ] }

Schema for Change Type ct-379uwo67vbvng

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update SAML Identity Provider", "description": "Update IAM identity provider using the SAML metadata document file that you stored in your chosen S3 bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleUpdateSamlProvider-Admin", "type": "string", "enum": [ "AWSManagedServices-HandleUpdateSamlProvider-Admin" ], "default": "AWSManagedServices-HandleUpdateSamlProvider-Admin" }, "Region": { "description": "The AWS Region of the account, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SAMLMetadataDocumentURL": { "description": "The S3 URL of the SAML metadata document file, in the form s3://bucketname/path/to/saml-metadata.xml.", "type": "array", "items": { "type": "string", "pattern": "^s3://[a-z0-9]([-.a-z0-9]+)[a-z0-9]/.+$" }, "minItems": 1, "maxItems": 1 }, "SAMLProviderArn": { "description": "The ARN of the SAML provider.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:saml-provider/[\\w._-]{1,128}" }, "minItems": 1, "maxItems": 1 }, "SAMLProviderBackup": { "description": "True for a backup of the SAML provider metadata to be taken before deleting, False for no backup to be taken. Default is True.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SAMLMetadataDocumentURL", "SAMLProviderArn", "SAMLProviderBackup" ] }, "required": [ "SAMLMetadataDocumentURL", "SAMLProviderArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-37bq2l9c8fzxv

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Detach Instance From Target Group", "description": "Detach an instance, or instances, from the specified port of a target group (ALB or NLB).", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-DetachInstancesFromTargetGroup", "type": "string", "enum": [ "AWSManagedServices-DetachInstancesFromTargetGroup" ], "default": "AWSManagedServices-DetachInstancesFromTargetGroup" }, "Region": { "description": "The AWS Region where the target group and instances are located, in the form of us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstancesIds": { "description": "The instance, or instances', IDs (up to 20) to be detached from the required target group, in the form of i-1234abcdef.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "maxItems": 20 }, "InstancesPort": { "description": "The port to detach the instance, or instances, from.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "maxItems": 1 }, "TargetGroupArn": { "description": "The target group Amazon Resource Name (ARN), in the form of arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:elasticloadbalancing:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstancesIds", "InstancesPort", "TargetGroupArn" ] }, "additionalProperties": false, "required": [ "InstancesIds", "InstancesPort", "TargetGroupArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-37kcp2v1mriu6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Replace Instance Profile", "description": "Replace the instance profile of an EC2 instance that is not part of an Auto Scaling group. This change may result in CloudFormation drift for any stacks that have this resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ReplaceInstanceProfileV2.", "type": "string", "enum": [ "AWSManagedServices-ReplaceInstanceProfileV2" ], "default": "AWSManagedServices-ReplaceInstanceProfileV2" }, "Region": { "description": "The AWS Region where the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance, in the form i-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^i-([a-f0-9]{8}|[a-f0-9]{17})$" }, "minItems": 1, "maxItems": 1 }, "InstanceProfile": { "description": "An IAM instance profile name defined in your account.", "type": "array", "items": { "type": "string", "pattern": "^[\\w+=,.@-]+$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "InstanceProfile" ] }, "required": [ "InstanceId", "InstanceProfile" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-37qquo9wbpa8x

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete or Deactivate Access Key", "description": "Delete or deactivate the specified AWS IAM access key ID for the specified user.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeactivateIAMAccessKey.", "type": "string", "enum": [ "AWSManagedServices-DeactivateIAMAccessKey" ], "default": "AWSManagedServices-DeactivateIAMAccessKey" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "UserName": { "description": "The name of the IAM user that the key belongs to.", "type": "string", "pattern": "^[\\w+=,.@-]+", "minLength": 1, "maxLength": 128 }, "AccessKeyId": { "description": "The ID of the access key to delete or deactivate.", "type": "string", "pattern": "^AKIA\\w+$", "minLength": 16, "maxLength": 128 }, "Delete": { "description": "True to delete the access key for the specified user, False to deactivate it without deleting.", "type": "boolean", "default": false } }, "additionalProperties": false, "metadata": { "ui:order": [ "UserName", "AccessKeyId", "Delete" ] }, "required": [ "UserName", "AccessKeyId", "Delete" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-37vqa0oggka3q

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop Aurora DB Cluster", "description": "Stop an Aurora DB cluster, which is a provisioned capacity type and does not have cross-region read replicas. The cluster must be in the 'available' state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopDBCluster.", "type": "string", "enum": [ "AWSManagedServices-StopDBCluster" ], "default": "AWSManagedServices-StopDBCluster" }, "Region": { "description": "The AWS Region where the cluster is.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "DBClusterIdentifier": { "description": "The unique RDS DB cluster identifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$" } }, "metadata": { "ui:order": [ "DBClusterIdentifier" ] }, "additionalProperties": false, "required": [ "DBClusterIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-38s4s4tm4ic4u

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update EC2 stack", "description": "Use to modify the properties of an EC2 instance created using CT id ct-14027q0sjyt1h, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the EC2 Instance, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the EC2 instance that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the EC2 instance.", "type": "object", "properties": { "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instance, false to use only basic monitoring.", "type": "boolean" }, "InstanceEBSOptimized": { "description": "True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization. Updates will stop and start Amazon EBS-backed instances.", "type": "boolean" }, "InstanceProfile": { "description": "An IAM instance profile name defined in your account for the EC2 instance.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^customer[\\w-]{1,120}$" }, "InstanceType": { "description": "The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization. Changing the instance type will result in instance stop and start.", "type": "string" }, "InstanceUserData": { "description": "A newline-delimited string where each line is part of the script to be run on boot. Changing the UserData will result in instance stop and start. Note: Existing instances do not pick up changes in UserData automatically, in order for the instance to execute modified UserData you must perform additional changes by logging in to the instance.", "type": "string", "maxLength": 4096 } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceType", "InstanceUserData" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-38xcr0q86k9lh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Developer Mode Account With VPC", "description": "Create a managed AWS landing zone developer mode account and a VPC with up to 10 private subnets and up to 5 optional public subnets per availability zone (AZ) for two or three AZ's. Optionally, also create an AWS Backup plan with up to four different rules. Managed AWS landing zone core accounts must already be onboarded to AWS Managed Services (AMS).", "type": "object", "properties": { "AccountName": { "description": "A name for the new developer mode account. Max length 50 characters. The underscore (_) is not allowed.", "type": "string", "pattern": "^[a-zA-Z0-9]{1}[a-zA-Z0-9.-]{0,49}$" }, "AccountEmail": { "description": "The email address for the new developer mode account. The email must be unique per developer mode account.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "DeveloperModeOUName": { "description": "The name of an existing organizational unit (OU) for this developer mode account, in the form of <developer mode ou name>:<child ou name>. The default value is applications:development.", "type": "string", "default": "applications:development" }, "SupportLevel": { "description": "The account's AMS support level, Premium or Plus.", "type": "string", "enum": [ "plus", "premium" ] }, "VpcName": { "description": "A meaningful name for the developer mode account VPC. Must be unique within this developer mode account.", "type": "string" }, "NumberOfAZs": { "description": "The number of availability zones (AZs) that the VPC supports. Options are 2 or 3.", "type": "number", "minimum": 2, "maximum": 3 }, "VpcCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) for the VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "RouteType": { "description": "The AWS Transit Gateway application route table connection type. For this VPC to accept connections from other VPCs, use routable. For it to not accept those connections, use isolated. The default is routable.", "type": "string", "enum": [ "isolated", "routable" ], "default": "routable" }, "TransitGatewayApplicationRouteTableName": { "description": "The existing AWS Transit Gateway route table for this developer mode account VPC. The default is defaultAppRouteDomain. To create a new application route table, use the Create Application Route Table change type.", "type": "string", "default": "defaultAppRouteDomain" }, "PublicSubnetAZ1CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ2CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ3CIDR": { "description": "The CIDR for the optional first public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ1CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ2CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ3CIDR": { "description": "The CIDR for the optional second public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ1CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ2CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ3CIDR": { "description": "The CIDR for the optional third public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ1CIDR": { "description": "The CIDR for the first private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ2CIDR": { "description": "The CIDR for the first private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ3CIDR": { "description": "The CIDR for the first private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ1CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ2CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ3CIDR": { "description": "The CIDR for the optional second private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ1CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ2CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ3CIDR": { "description": "The CIDR for the optional third private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ1CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ2CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ3CIDR": { "description": "The CIDR for the optional sixth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ1CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ2CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ3CIDR": { "description": "The CIDR for the optional seventh private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ1CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ2CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ3CIDR": { "description": "The CIDR for the optional eighth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ1CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ2CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ3CIDR": { "description": "The CIDR for the optional ninth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ1CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ2CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ3CIDR": { "description": "The CIDR for the optional tenth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "DirectAlertsEmail": { "description": "Email address to receive specifically tagged resource-based alerts, and the onboarding process will create your SNS subscription. If not specified, then you can subscribe later using the DirectCustomerAlerts change type (ct-t-3rcl9u1k017wu).", "type": "string", "pattern": "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$" }, "SamlMetadataDocumentURL": { "description": "The URL that points to the Security Assertion Markup Language(SAML) metadata document that is used to enable federated access to the developer mode account. Typically, a pre-signed URL for an Amazon S3 object.", "type": "string", "pattern": "^https://.+$|^$|s3://.+$" }, "BackupPlanName": { "type": "string", "description": "A meaningful name for the AWS Backup plan, which is a policy expression that defines when and how you want to back up your AWS resources.", "default": "default-backup-plan" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "Backup" }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "True" }, "BackupRule1ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$", "default": "cron(0 2 ? * * )" }, "BackupRule1DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 7 }, "BackupRule1MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule2DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule3DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that monthly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the monthly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule4DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "PatchOrchestratorFirstTagKey": { "description": "The first tag-key to use for creating your \"Patch Group\" tag values. For example, AppId. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorSecondTagKey": { "description": "The second tag-key to use for creating your \"Patch Group\" tag values. For example, Environment. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorThirdTagKey": { "description": "The third tag-key to use for creating your \"Patch Group\" tag values. For example, Group. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$", "default": "null" }, "PatchOrchestratorDefaultMaintenanceWindowCutoff": { "description": "The number of hours before the end of the Default Maintenance Window in which no new patching commands are started. This interval exists to allow enough time for patching to complete before the window ends.", "default": 0, "minimum": 0, "maximum": 23, "type": "integer" }, "PatchOrchestratorDefaultMaintenanceWindowDuration": { "description": "The duration of the maintenance window in hours.", "default": 4, "minimum": 1, "maximum": 24, "type": "integer" }, "PatchOrchestratorDefaultMaintenanceWindowSchedule": { "description": "The schedule of the maintenance window in the form of a cron or rate expression. For example cron(0 18 * * ? *) would create a window at 18:00 every day, and rate(7 days) would create a window every seven days.", "default": "cron(0 18 * * ? *)", "minLength": 1, "maxLength": 256, "pattern": "^cron\\([0-9a-zA-Z\\ ?*#-,\\/]+\\)$|^rate\\([0-9a-zA-Z\\ ]+\\)$", "type": "string" }, "PatchOrchestratorDefaultMaintenanceWindowTimeZone": { "description": "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.", "default": "UTC", "pattern": "^[a-zA-Z_]+(\\+|/)?[a-zA-Z0-9_-]*(\\+|/)?[a-zA-Z0-9_-]+$", "type": "string" }, "PatchOrchestratorDefaultPatchBackupRetentionInDays": { "description": "The number of days the backup taken before patching will remain available.", "default": 60, "minimum": 1, "maximum": 90, "type": "integer" }, "PatchOrchestratorNotificationEmails": { "description": "One or more email addresses to receive notifications about default patching status. Use group distribution lists instead of individual emails.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$" }, "minItems": 1, "maxItems": 5, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "AccountName", "AccountEmail", "DeveloperModeOUName", "SupportLevel", "DirectAlertsEmail", "SamlMetadataDocumentURL", "VpcName", "VpcCIDR", "NumberOfAZs", "RouteType", "TransitGatewayApplicationRouteTableName", "PublicSubnetAZ1CIDR", "PublicSubnetAZ2CIDR", "PublicSubnetAZ3CIDR", "PublicSubnet2AZ1CIDR", "PublicSubnet2AZ2CIDR", "PublicSubnet2AZ3CIDR", "PublicSubnet3AZ1CIDR", "PublicSubnet3AZ2CIDR", "PublicSubnet3AZ3CIDR", "PublicSubnet4AZ1CIDR", "PublicSubnet4AZ2CIDR", "PublicSubnet4AZ3CIDR", "PublicSubnet5AZ1CIDR", "PublicSubnet5AZ2CIDR", "PublicSubnet5AZ3CIDR", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "PrivateSubnet1AZ3CIDR", "PrivateSubnet2AZ1CIDR", "PrivateSubnet2AZ2CIDR", "PrivateSubnet2AZ3CIDR", "PrivateSubnet3AZ1CIDR", "PrivateSubnet3AZ2CIDR", "PrivateSubnet3AZ3CIDR", "PrivateSubnet4AZ1CIDR", "PrivateSubnet4AZ2CIDR", "PrivateSubnet4AZ3CIDR", "PrivateSubnet5AZ1CIDR", "PrivateSubnet5AZ2CIDR", "PrivateSubnet5AZ3CIDR", "PrivateSubnet6AZ1CIDR", "PrivateSubnet6AZ2CIDR", "PrivateSubnet6AZ3CIDR", "PrivateSubnet7AZ1CIDR", "PrivateSubnet7AZ2CIDR", "PrivateSubnet7AZ3CIDR", "PrivateSubnet8AZ1CIDR", "PrivateSubnet8AZ2CIDR", "PrivateSubnet8AZ3CIDR", "PrivateSubnet9AZ1CIDR", "PrivateSubnet9AZ2CIDR", "PrivateSubnet9AZ3CIDR", "PrivateSubnet10AZ1CIDR", "PrivateSubnet10AZ2CIDR", "PrivateSubnet10AZ3CIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression", "BackupRule1DeleteAfterDays", "BackupRule1MoveToColdStorageAfterDays", "BackupRule2ScheduleExpression", "BackupRule2DeleteAfterDays", "BackupRule2MoveToColdStorageAfterDays", "BackupRule3ScheduleExpression", "BackupRule3DeleteAfterDays", "BackupRule3MoveToColdStorageAfterDays", "BackupRule4ScheduleExpression", "BackupRule4DeleteAfterDays", "BackupRule4MoveToColdStorageAfterDays", "PatchOrchestratorFirstTagKey", "PatchOrchestratorSecondTagKey", "PatchOrchestratorThirdTagKey", "PatchOrchestratorDefaultMaintenanceWindowCutoff", "PatchOrchestratorDefaultMaintenanceWindowDuration", "PatchOrchestratorDefaultMaintenanceWindowSchedule", "PatchOrchestratorDefaultMaintenanceWindowTimeZone", "PatchOrchestratorDefaultPatchBackupRetentionInDays", "PatchOrchestratorNotificationEmails" ] }, "additionalProperties": false, "required": [ "AccountName", "AccountEmail", "SupportLevel", "VpcName", "VpcCIDR", "NumberOfAZs", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression" ] }

Schema for Change Type ct-3929xwf222jri

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove NLB Listener Certificate", "description": "Remove a certificate from the specified Network Load Balancer (NLB) listener. Use the RemediateStackDrift parameter for the automation to try to remediate drift, if it is introduced.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveCertificateFromElbv2Listener.", "type": "string", "enum": [ "AWSManagedServices-RemoveCertificateFromElbv2Listener" ], "default": "AWSManagedServices-RemoveCertificateFromElbv2Listener" }, "Region": { "description": "The AWS Region where the network load balancer listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ListenerArn": { "description": "The Amazon Resource Name (ARN) of the listener in the form arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/net/sample/1234567890abcdfe/1234567890abcdfe.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):elasticloadbalancing:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:listener/net/[A-Za-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "CertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by removing the certificate from the Loadbalancer Listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to removing the certificate from the Loadbalancer Listener. Set to False to remove the certificate from the Loadbalancer Listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ListenerArn", "CertificateArn", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "CertificateArn", "ListenerArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-393q3yaq9ewlm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS DB Snapshot", "description": "Create a snapshot of an Amazon Relational Database Service (RDS) database (DB) instance. The snapshot will be encrypted with the same KMS key as the DB instance, or unencrypted if DB instance is unencrypted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateDBSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CreateDBSnapshot" ], "default": "AWSManagedServices-CreateDBSnapshot" }, "Region": { "description": "The AWS Region in which the RDS DB is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier for the RDS DB that you are creating a snapshot of.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,62}$" }, "minItems": 1, "maxItems": 1 }, "DBSnapshotName": { "description": "A name for the DB snapshot.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "DBSnapshotName" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "DBSnapshotName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-39c5qiasbe4he

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Resume Redshift Cluster", "description": "Resume a paused Amazon Redshift cluster.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ResumeRedshiftCluster.", "type": "string", "enum": [ "AWSManagedServices-ResumeRedshiftCluster" ], "default": "AWSManagedServices-ResumeRedshiftCluster" }, "Region": { "description": "The AWS Region in which the Amazon Redshift cluster is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ClusterIdentifier": { "description": "The Amazon Redshift cluster identifier. For example, myred-cluster-1.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "minLength": 1, "maxLength": 63 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ClusterIdentifier" ] }, "additionalProperties": false, "required": [ "ClusterIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3cp96z7r065e4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete or disassociate a security group", "description": "Disassociate a security group from the specified AWS resources and optionally delete the security group.", "type": "object", "properties": { "SecurityGroupId": { "description": "ID of the security group to be deleted or disassociated from AWS resources. You cannot delete a security group that is still associated with any AWS resources.", "type": "string", "pattern": "^sg-[0-9a-zA-Z]{8}$|^sg-[0-9a-zA-Z]{17}$" }, "DisassociatedResources": { "description": "AWS resources to disassociate the security group from. For example, EC2 instance IDs, RDS DB instance IDs, Load Balancer names, DSM replication instance names, EFS mount target IDs, ElastiCache cluster IDs.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 64 }, "minItems": 0, "maxItems": 10, "uniqueItems": true }, "DeleteSecurityGroup": { "description": "True if the security should be deleted in addition to disassociating it from the AWS resources, or false if not. Default is false.", "type": "boolean", "default": false }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityGroupId", "DisassociatedResources", "DeleteSecurityGroup", "Priority" ] }, "required": [ "SecurityGroupId", "DisassociatedResources", "DeleteSecurityGroup" ] }

Schema for Change Type ct-3cx7we852p3af

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Resource Tags", "description": "Add tags to existing, supported resources: Autoscaling, EC2, Elastic Load Balancing, RDS, S3 buckets and Redshift clusters. Additionally, CloudWatch LogGroups that do not belong to a CloudFormation stack are supported. AMS infrastructure stacks (stacks named mc-*) cannot have tags added with this change type.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateTags.", "type": "string", "enum": [ "AWSManagedServices-UpdateTags" ], "default": "AWSManagedServices-UpdateTags" }, "Region": { "description": "The AWS Region where the resources to be tagged are, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "ResourceArns": { "description": "A list of up to 50 Amazon resource names (ARNs), or the resource IDs, of the resources to be tagged. Use resource ID only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. Use the full ARN for all other supported resource types.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:(autoscaling|ec2|elasticloadbalancing|logs|rds|s3|redshift):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):.*)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource, in the form {\"Key\":\"TagKey1\",\"Value\":\"TagValue1\"}. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "string", "pattern": "^\\{\\}$|^\\{\"Key\":\"((aws-migration-project-id)|(?![aA][mMwW][sS])[\\x00-\\x7F+]{1,128})\",\"Value\":\"[\\x00-\\x7F+]{0,255}\"\\}" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "ResourceArns", "AddOrUpdateTags" ] }, "required": [ "ResourceArns", "AddOrUpdateTags" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "DocumentName", "Parameters" ] }

Schema for Change Type ct-3d0lrfb8eckuu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove Computer Object", "description": "Remove a stale computer object from Microsoft Active Directory (AD) and the corresponding DNS A and PTR records from DNS. Removing the computer object will prevent anyone from raising access against this host using the AMS access control. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveADComputerObject-Admin.", "type": "string", "enum": [ "AWSManagedServices-RemoveADComputerObject-Admin" ], "default": "AWSManagedServices-RemoveADComputerObject-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Hostname": { "description": "The hostname of the computer object in Active Directory.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-]{1,15}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Hostname" ] }, "required": [ "Hostname" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3da2lxapopb86

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Custom RDS Parameter Group", "description": "Create a custom RDS parameter group and optionally attach it to an existing RDS instance.", "type": "object", "properties": { "ParameterGroupName": { "description": "The name of the parameter group.", "type": "string", "pattern": "^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,254}$" }, "ParameterGroupFamily": { "description": "The parameter group family name. Example: 'mysql5.6'.", "type": "string", "pattern": "^[a-zA-Z0-9.-]+$" }, "Description": { "description": "A meaningful description for the parameter group.", "type": "string", "default": "RDS parameter group" }, "Parameters": { "description": "An array of parameter names and values. This is optional, and if not specified, the parameter group is created with the default parameters for the database engine.", "type": "array", "items": { "type": "object", "properties": { "ParameterName": { "description": "The name of the parameter.", "type": "string", "pattern": "^[a-zA-Z0-9_.-]+$" }, "ParameterValue": { "description": "The value of the parameter.", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "ParameterName", "ParameterValue" ] }, "required": [ "ParameterName", "ParameterValue" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "RDSInstanceName": { "description": "The name of the RDS instance to which this parameter group will be attached.", "type": "string", "pattern": "^$|^[a-zA-Z]{1}(?:-?[a-zA-Z0-9]){0,62}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "required": [ "ParameterGroupName", "ParameterGroupFamily" ], "additionalProperties": false, "metadata": { "ui:order": [ "ParameterGroupName", "ParameterGroupFamily", "Description", "Parameters", "RDSInstanceName", "Priority" ] } }

Schema for Change Type ct-3dfnglm4ombbs

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SNS topic", "description": "Create an SNS topic and up to five subscriptions.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-eakrsalqo9m62tpun", "type": "string", "enum": [ "stm-eakrsalqo9m62tpun" ], "default": "stm-eakrsalqo9m62tpun" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "TopicName": { "type": "string", "description": "A name for the SNS topic. If not specified, a unique topic name is generated. Name can contain up to 256 alphanumeric, - and _ characters.", "pattern": "^[a-zA-Z0-9-_]{0,256}|^$", "default": "" }, "DisplayName": { "type": "string", "description": "A display name for the SNS topic for use with short message service (SMS) messages. Must contain up to 10 alphanumeric, - and _ characters.", "pattern": "^[a-zA-Z0-9-_]{0,10}|^$", "default": "" }, "Subscription1Protocol": { "type": "string", "description": "The Endpoint Protocol for the Subscription1Endpoint parameter.", "enum": [ "http", "https", "email", "sqs", "sms", "lambda" ] }, "Subscription1Endpoint": { "type": "string", "description": "One of the AMS supported valid endpoints: SQS, SMS, Email, HTTP, HTTPS and Lambda to subscribe to this topic. For details, refer to AWS documentation for valid SNS topic subscription endpoints.", "pattern": "^http://.*$|^https://.*$|^(arn:(aws|aws-us-gov):(sqs|lambda):[a-z0-9-]+:[0-9]{12}:.+)$|^\\+[0-9]*$|^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$|^$", "default": "" }, "Subscription1RawMessageDelivery": { "type": "string", "description": "True to enable raw message delivery (messages are not encoded in JSON that provides metadata), false to not. Use only for SQS, HTTP or HTTPS endpoint.", "enum": [ "true", "false" ], "default": "false" }, "Subscription2Protocol": { "type": "string", "description": "The Endpoint Protocol for the Subscription2Endpoint parameter.", "enum": [ "http", "https", "email", "sqs", "sms", "lambda" ] }, "Subscription2Endpoint": { "type": "string", "description": "One of the AMS supported valid endpoints: SQS, SMS, Email, HTTP, HTTPS and Lambda to subscribe to this topic. For details, refer to AWS documentation for valid SNS topic subscription endpoints.", "pattern": "^http://.*$|^https://.*$|^(arn:(aws|aws-us-gov):(sqs|lambda):[a-z0-9-]+:[0-9]{12}:.+)$|^\\+[0-9]*$|^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$|^$", "default": "" }, "Subscription2RawMessageDelivery": { "type": "string", "description": "True to enable raw message delivery (messages are not encoded in JSON that provides metadata), false to not. Use only for SQS, HTTP or HTTPS endpoint.", "enum": [ "true", "false" ], "default": "false" }, "Subscription3Protocol": { "type": "string", "description": "The Endpoint Protocol for the Subscription3Endpoint parameter.", "enum": [ "http", "https", "email", "sqs", "sms", "lambda" ] }, "Subscription3Endpoint": { "type": "string", "description": "One of the AMS supported valid endpoints: SQS, SMS, Email, HTTP, HTTPS and Lambda to subscribe to this topic. For details, refer to AWS documentation for valid SNS topic subscription endpoints.", "pattern": "^http://.*$|^https://.*$|^(arn:(aws|aws-us-gov):(sqs|lambda):[a-z0-9-]+:[0-9]{12}:.+)$|^\\+[0-9]*$|^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$|^$", "default": "" }, "Subscription3RawMessageDelivery": { "type": "string", "description": "True to enable raw message delivery (messages are not encoded in JSON that provides metadata), false to not. Use only for SQS, HTTP or HTTPS endpoint.", "enum": [ "true", "false" ], "default": "false" }, "Subscription4Protocol": { "type": "string", "description": "The Endpoint Protocol for the Subscription4Endpoint parameter.", "enum": [ "http", "https", "email", "sqs", "sms", "lambda" ] }, "Subscription4Endpoint": { "type": "string", "description": "One of the AMS supported valid endpoints: SQS, SMS, Email, HTTP, HTTPS and Lambda to subscribe to this topic. For details, refer to AWS documentation for valid SNS topic subscription endpoints.", "pattern": "^http://.*$|^https://.*$|^(arn:(aws|aws-us-gov):(sqs|lambda):[a-z0-9-]+:[0-9]{12}:.+)$|^\\+[0-9]*$|^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$|^$", "default": "" }, "Subscription4RawMessageDelivery": { "type": "string", "description": "True to enable raw message delivery (messages are not encoded in JSON that provides metadata), false to not. Use only for SQS, HTTP or HTTPS endpoint.", "enum": [ "true", "false" ], "default": "false" }, "Subscription5Protocol": { "type": "string", "description": "The Endpoint Protocol for the Subscription5Endpoint parameter.", "enum": [ "http", "https", "email", "sqs", "sms", "lambda" ] }, "Subscription5Endpoint": { "type": "string", "description": "One of the AMS supported valid endpoints: SQS, SMS, Email, HTTP, HTTPS and Lambda to subscribe to this topic. For details, refer to AWS documentation for valid SNS topic subscription endpoints.", "pattern": "^http://.*$|^https://.*$|^(arn:(aws|aws-us-gov):(sqs|lambda):[a-z0-9-]+:[0-9]{12}:.+)$|^\\+[0-9]*$|^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$|^$", "default": "" }, "Subscription5RawMessageDelivery": { "type": "string", "description": "True to enable raw message delivery (messages are not encoded in JSON that provides metadata), false to not. Use only for SQS, HTTP or HTTPS endpoint.", "enum": [ "true", "false" ], "default": "false" }, "KmsMasterKeyId": { "type": "string", "description": "A valid AWS KMS key ARN to enable server-side encryption at rest, in the form of 'arn:aws:kms:ap-southeast-2:123456789023:key/bb43bd18-3a75-482e-822d-d0d3a5544dc8'", "default": "" } }, "metadata": { "ui:order": [ "TopicName", "DisplayName", "KmsMasterKeyId", "Subscription1Protocol", "Subscription1Endpoint", "Subscription1RawMessageDelivery", "Subscription2Protocol", "Subscription2Endpoint", "Subscription2RawMessageDelivery", "Subscription3Protocol", "Subscription3Endpoint", "Subscription3RawMessageDelivery", "Subscription4Protocol", "Subscription4Endpoint", "Subscription4RawMessageDelivery", "Subscription5Protocol", "Subscription5Endpoint", "Subscription5RawMessageDelivery" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-3dfubbpesm2v9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Terminate EC2 Instances", "description": "Terminate up to fifty EC2 instances. The automation checks that none of the instances are part of an Auto Scaling group and none have termination protection enabled. Instances meeting either of those criteria are not terminated. Standalone resources for testing purposes are created by AMS upon your request, they are not part of a stack and can't be deleted with ct-0q0bic0ywqk6c.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-TerminateStandaloneInstances.", "type": "string", "enum": [ "AWSManagedServices-TerminateStandaloneInstances" ], "default": "AWSManagedServices-TerminateStandaloneInstances" }, "Region": { "description": "The AWS Region where the instances are located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Confirmation": { "description": "Explicitly confirm the termination of the specified EC2 instances with 'terminate instances', note that the RFC is not created if this parameter is null. Additionally, note that Amazon EBS volumes with DeleteOnTermination=true are automatically deleted when the instance terminates; for the root volume of an instance, DeleteOnTermination=true by default.", "type": "string", "pattern": "^terminate instances$" }, "Parameters": { "type": "object", "properties": { "InstanceIds": { "description": "A list of up to fifty EC2 instance IDs, in the form i-1234567890abcdef0 or i-a123456b.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "InstanceIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Confirmation", "Parameters" ] }, "required": [ "DocumentName", "Region", "Confirmation", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3dgbnh6gpst4d

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop stack", "description": "Use to stop all running EC2 instances in the specified stack.", "additionalProperties": false, "type": "object", "properties": { "StackId": { "pattern": "^stack-[a-z0-9]{17}$", "description": "ID of the stack to stop, in the form stack-a1b2c3d4e5f67890e. All running EC2 instances in the stack will be stopped.", "type": "string" } }, "required": [ "StackId" ] }

Schema for Change Type ct-3dpd8mdd9jn1r

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create IAM Resource", "description": "Create Identity and Access Management (IAM) user, role, or policy.", "type": "object", "properties": { "UseCase": { "description": "Provide a detailed use case for the IAM user, role, or policy. Note that IAM users are recommended when long-term credentials are required, otherwise IAM roles are recommended.", "type": "string", "minLength": 1, "maxLength": 1000 }, "IAM User": { "description": "Create IAM User.", "type": "array", "items": { "type": "object", "properties": { "UserName": { "description": "A name for the IAM user. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$", "minLength": 1, "maxLength": 64 }, "AccessType": { "description": "How the user will access AWS.", "type": "string", "enum": [ "Programmatic access", "Console access" ] }, "UserPermissions": { "description": "Detailed information about the user permissions, or a policy document to be attached to the user (paste the policy document into the value field). Details should include the type of access (for example Read, Write or Delete).", "type": "string", "minLength": 1, "maxLength": 5000 }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the IAM User.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "UserName", "AccessType", "UserPermissions", "Tags" ] }, "required": [ "UserName", "AccessType", "UserPermissions" ] }, "minItems": 0, "maxItems": 1 }, "IAM Role": { "description": "Create IAM role.", "type": "array", "items": { "type": "object", "properties": { "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$", "minLength": 1, "maxLength": 64 }, "TrustPolicy": { "description": "Detailed information about the trust relationship, or an assume role policy document to be attached to the role (paste the policy document into the value field).", "type": "string", "minLength": 1, "maxLength": 5000 }, "AddPermissionsAsInlinePolicy": { "description": "Yes to create the provided role permissions as inline policy; No to create as customer managed policy. Default is No.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "RolePermissionPolicyName": { "description": "A name for the IAM policy given in RolePermission parameter. The name can be up to 128 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,128}$", "minLength": 1, "maxLength": 128 }, "RolePermissions": { "description": "Detailed information about role permissions, or a policy document to be attached to the role (paste the policy document into the value field). Details should include the type of access (for example Read, Write or Delete).", "type": "string", "minLength": 1, "maxLength": 5000 }, "InstanceProfile": { "description": "Yes to create an instance profile and associate the role with it. No to not create an instance profile. Default is No.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the IAM role.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+@-]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "InstanceProfile", "TrustPolicy", "RolePermissions", "AddPermissionsAsInlinePolicy", "RolePermissionPolicyName", "Tags" ] }, "required": [ "RoleName", "TrustPolicy", "RolePermissions" ] }, "minItems": 0, "maxItems": 1 }, "IAM Policy": { "description": "Create IAM policy.", "type": "array", "items": { "type": "object", "properties": { "PolicyName": { "description": "A name for the IAM policy. The name can be up to 128 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,128}$", "minLength": 1, "maxLength": 128 }, "PolicyDocument": { "description": "Detailed information about policy permissions, or a policy document (paste the policy document into the value field).", "type": "string", "minLength": 1, "maxLength": 20480 }, "RelatedResources": { "description": "IAM users or roles to which the policy applies.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 64 }, "minItems": 0, "maxItems": 10, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "PolicyName", "PolicyDocument", "RelatedResources" ] }, "required": [ "PolicyName", "PolicyDocument", "RelatedResources" ] }, "minItems": 0, "maxItems": 10, "uniqueItems": true }, "Operation": { "description": "Must be Create.", "type": "string", "default": "Create", "enum": [ "Create" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "UseCase", "IAM User", "IAM Role", "IAM Policy", "Operation", "Priority" ] }, "required": [ "UseCase", "Operation" ] }

Schema for Change Type ct-3dscwaeyi6cup

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Transit Gateway Route Table", "description": "Create a transit gateway (TGW) route table. Use this change type for multi-account landing zone (MALZ) Networking accounts only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateTGWRouteTable.", "type": "string", "enum": [ "AWSManagedServices-CreateTGWRouteTable" ], "default": "AWSManagedServices-CreateTGWRouteTable" }, "Region": { "description": "The AWS region in which the Transit Gateway is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "TransitGatewayRouteTableName": { "description": "The name of the transit gateway route table. Do not specify these AMS-protected route tables: CoreRouteDomain, DMZBastionsRouteDomain, EgressRouteDomain, OnPremiseRouteDomain, and defaultAppRouteDomain.", "type": "string", "pattern": "^[a-zA-Z0-9_+-]{1,256}$" }, "TransitGatewayId": { "description": "The ID of the transit gateway, in the form tgw-01234567891234.", "type": "string", "pattern": "^tgw-[a-z0-9]{17}$" }, "TGWRouteTableType": { "description": "To create an application route table with a static route to destination: 0.0.0.0/0 going out through the egress VPC attachment, and static routes to the DMZ VPC and shared services VPC CIDRs, use createApplicationRouteDomain. To create a custom route table with an empty static route, use createCustomRouteDomain. The default is createApplicationRouteDomain.", "type": "string", "default": "createApplicationRouteDomain", "enum": [ "createApplicationRouteDomain", "createCustomRouteDomain" ] } }, "metadata": { "ui:order": [ "TransitGatewayRouteTableName", "TransitGatewayId", "TGWRouteTableType" ] }, "additionalProperties": false, "required": [ "TransitGatewayRouteTableName", "TransitGatewayId", "TGWRouteTableType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3e3h8u0sp5z80

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete EBS Volumes", "description": "Delete Elastic Block Store (EBS) volumes in an available state. Volumes that are not attached to an instance are in an available state and can be deleted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteEBSVolumesV2.", "type": "string", "enum": [ "AWSManagedServices-DeleteEBSVolumesV2" ], "default": "AWSManagedServices-DeleteEBSVolumesV2" }, "Region": { "description": "The AWS Region where the EBS volumes are, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "VolumeIds": { "description": "A list of up to 50 EBS volumes to delete.", "type": "array", "items": { "type": "string", "pattern": "^vol-[0-9a-f]{8}$|^vol-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "CreateBackup": { "description": "Set to True to create backup snapshots before deleting EBS volumes. Leave blank to not create backup snapshots.", "type": "boolean", "default": true }, "DeleteStackVolume": { "description": "Set to True to continue deletion of volume if it is a CloudFormation stack resource.", "type": "boolean", "default": false } }, "metadata": { "ui:order": [ "VolumeIds", "CreateBackup", "DeleteStackVolume" ] }, "additionalProperties": false, "required": [ "VolumeIds", "CreateBackup", "DeleteStackVolume" ] } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "Parameters", "DocumentName" ] }

Schema for Change Type ct-3e3prksxmdhw8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create AMI From Auto Scaling Group", "description": "Create an Amazon Machine Image (AMI) from an EC2 Instance in an Auto Scaling group.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAmiInAutoScalingGroup.", "type": "string", "enum": [ "AWSManagedServices-CreateAmiInAutoScalingGroup" ], "default": "AWSManagedServices-CreateAmiInAutoScalingGroup" }, "Region": { "description": "The AWS Region where the Auto Scaling group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AutoScalingGroupName": { "description": "The name of the Auto Scaling group to use to create the AMI.", "type": "array", "items": { "type": "string", "pattern": "^.{1,255}$" }, "minItems": 1, "maxItems": 1 }, "Sysprep": { "description": "True to Sysprep the Windows instance, False to not. Default is False. For Linux instances, if set to True, the hostname is reset and the instance is removed from the domain. If True, ensure that there are at least two EC2 instances that are in the 'InService' state in the Auto Scaling group. The instance is stopped and any connected user is logged out from the session. The instance is started after the AMI is created.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "StopInstance": { "description": "True to stop the instance, False to not. Default is False. If True, ensure that there are at least two EC2 instances that are in the 'InService' state in the Auto Scaling group. The instance is stopped and any connected user is logged out from the session. If Sysprep is True, the instance is stopped before creating the AMI, irrespective of the value you set here. The instance is started after the AMI is created.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "AutoScalingGroupName", "Sysprep", "StopInstance" ] }, "required": [ "AutoScalingGroupName", "Sysprep", "StopInstance" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3ebotglihggse

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (Red Hat)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for RHEL OS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"All\", \"Bugfix\", \"Enhancement\", \"Newpackage\", \"Recommended\" and \"Security\".", "items": { "enum": [ "All", "Bugfix", "Enhancement", "Newpackage", "Recommended", "Security" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"All\", \"Critical\", \"Important\", \"Low\", \"Moderate\" and \"None\".", "items": { "enum": [ "All", "Critical", "Important", "Low", "Moderate", "None" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1 }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "Red Hat Enterprise Linux", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "Red Hat Enterprise Linux" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-3eutt7grkict4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add AD Group", "description": "Create an Active Directory (AD) group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateADGroup-Admin.", "type": "string", "enum": [ "AWSManagedServices-CreateADGroup-Admin" ], "default": "AWSManagedServices-CreateADGroup-Admin" }, "Region": { "description": "The AWS Region where the AMS managed AD is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "GroupName": { "description": "A meaningful name for the AD group. It must contain 2 to 63 characters and cannot contain the following special characters: /\\[]:;|=,+*?<>\" or a leading or trailing space.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "GroupDescription": { "description": "A description for the new group.", "type": "array", "items": { "type": "string", "pattern": "^.{1,1024}$" }, "maxItems": 1, "minItems": 1 }, "GroupScope": { "description": "The scope for the new group. Default is DomainLocal. For current definitions see Microsoft AD documentation.", "type": "array", "items": { "type": "string", "enum": [ "DomainLocal", "Global", "Universal" ], "default": "DomainLocal" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "GroupName", "GroupDescription", "GroupScope" ] }, "required": [ "GroupName", "GroupDescription" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3fi2cx8b83iua

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update an Auto Scaling Group", "description": "Update an Auto Scaling Group and associated launch configuration created with CT ct-2tylseo8rxfsc, version 2.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the Auto Scaling Group in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Auto Scaling Group that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the Auto Scaling Group.", "type": "object", "properties": { "ASGAmiId": { "description": "The AMI for the Auto Scaling Group update. All instances in the group are replaced if this is updated.", "type": "string", "pattern": "^ami-[a-z0-9]{8}$|^ami-[a-z0-9]{17}$" }, "ASGCooldown": { "description": "The number of seconds after a scaling activity is complete before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600 }, "ASGDesiredCapacity": { "description": "The number of EC2 instances you want running in the group. This number must be greater than or equal to the ASGMinInstances setting and less than or equal to the ASGMaxInstances setting.", "type": "integer", "minimum": 1, "maximum": 1000 }, "ASGEBSOptimized": { "description": "True to create EBS-optimized instances, false to not. All instances in the group are replaced if this is updated.", "type": "string", "enum": [ "true", "false" ] }, "ASGHealthCheckGracePeriod": { "description": "The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "type": "integer", "minimum": 600, "maximum": 1800 }, "ASGHealthCheckType": { "description": "The service to use for the health checks. The ELB Health Check Type includes EC2 instance and system status checks. Only choose ELB as the ASGHealthCheckType if the ASG is being fronted by Load Balancers. If ASGHealthCheckType = ELB, ensure that your ASGHealthCheckGracePeriod value is long enough so that your instances are not terminated due to load-balancer health checks failing, before your application has been deployed.", "type": "string", "enum": [ "EC2", "ELB" ] }, "ASGIAMInstanceProfile": { "description": "The IAM instance profile name for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available. All instances in the group are replaced if this is updated.", "type": "string", "pattern": "^customer[\\w-]+$" }, "ASGInstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring. All instances in the group are replaced if this is updated.", "type": "string", "enum": [ "true", "false" ] }, "ASGInstanceRootVolumeIops": { "description": "The Iops to use for the root volume if ASGInstanceRootVolumeType = io1. All instances in the group are replaced if this is updated.", "type": "integer", "minimum": 0, "maximum": 20000 }, "ASGInstanceRootVolumeSize": { "description": "The size of the root volume for the instance. All instances in the group are replaced if this is updated.", "type": "integer", "minimum": 8, "maximum": 16000 }, "ASGInstanceRootVolumeType": { "description": "Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads; choose standard for HDD-backed volumes optimized for large streaming workloads. All instances in the group are replaced if this is updated.", "type": "string", "enum": [ "standard", "io1", "gp2" ] }, "ASGInstanceType": { "description": "The instance type for the Auto Scaling group instances to update to. All instances in the group are replaced if this is updated.", "type": "string" }, "ASGLoadBalancerNames": { "description": "A list of load balancers to associate with this Auto Scaling group. Use Classic Load Balancer (ELBs).", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 10, "uniqueItems": true }, "ASGMaxInstances": { "description": "The maximum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000 }, "ASGMinInstances": { "description": "The minimum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000 }, "ASGScaleDownMetricName": { "description": "The metric to use to in a scale-down event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ] }, "ASGScaleDownPolicyCooldown": { "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600 }, "ASGScaleDownPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ASGScaleDownMetricName threshold.", "type": "integer", "minimum": 2 }, "ASGScaleDownPolicyPeriod": { "description": "The time over which the specified ASGScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60 }, "ASGScaleDownPolicyScalingAdjustment": { "description": "The number of instances by which to scale down.", "type": "integer", "maximum": 0 }, "ASGScaleDownPolicyStatistic": { "description": "The statistic to apply to the alarm's ASGScaleDownMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ] }, "ASGScaleDownPolicyThreshold": { "description": "The value against which the specified ASGScaleDownPolicyStatistic is compared.", "type": "number" }, "ASGScaleUpMetricName": { "description": "The metric to use in a scale-up event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ] }, "ASGScaleUpPolicyCooldown": { "description": "The amount of time, in seconds, after a scale-up activity is completed before any further trigger-related scaling activities can start.", "type": "integer", "minimum": 60 }, "ASGScaleUpPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ASGScaleUpMetricName threshold.", "type": "integer", "minimum": 2 }, "ASGScaleUpPolicyPeriod": { "description": "The time over which the specified ASGScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60 }, "ASGScaleUpPolicyScalingAdjustment": { "description": "The number of instances by which to scale up.", "type": "integer", "minimum": 0 }, "ASGScaleUpPolicyStatistic": { "description": "The statistic to apply to the alarm's ASGScaleUpMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ] }, "ASGScaleUpPolicyThreshold": { "description": "The value against which the specified ASGScaleUpPolicyStatistic is compared.", "type": "number" }, "ASGSubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-12345678. All instances in the group are replaced if this is updated.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "ASGUserData": { "description": "A newline delimited list where each element is a line of script to be run on boot. All instances in the group are replaced if this is updated.", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "ASGAmiId", "ASGCooldown", "ASGDesiredCapacity", "ASGEBSOptimized", "ASGHealthCheckGracePeriod", "ASGHealthCheckType", "ASGIAMInstanceProfile", "ASGInstanceDetailedMonitoring", "ASGInstanceRootVolumeIops", "ASGInstanceRootVolumeSize", "ASGInstanceRootVolumeType", "ASGInstanceType", "ASGLoadBalancerNames", "ASGMaxInstances", "ASGMinInstances", "ASGScaleDownMetricName", "ASGScaleDownPolicyCooldown", "ASGScaleDownPolicyEvaluationPeriods", "ASGScaleDownPolicyPeriod", "ASGScaleDownPolicyScalingAdjustment", "ASGScaleDownPolicyStatistic", "ASGScaleDownPolicyThreshold", "ASGScaleUpMetricName", "ASGScaleUpPolicyCooldown", "ASGScaleUpPolicyEvaluationPeriods", "ASGScaleUpPolicyPeriod", "ASGScaleUpPolicyScalingAdjustment", "ASGScaleUpPolicyStatistic", "ASGScaleUpPolicyThreshold", "ASGSubnetIds", "ASGUserData" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-3g6fq83nxg1a7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add ALB Listener Certificate", "description": "Add a certificate to the specified Application Load Balancer (ALB) listener. Use the RemediateStackDrift parameter for the automation to try to remediate drift, if it is introduced.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddCertificateToElbv2Listener.", "type": "string", "enum": [ "AWSManagedServices-AddCertificateToElbv2Listener" ], "default": "AWSManagedServices-AddCertificateToElbv2Listener" }, "Region": { "description": "The AWS Region where the application load balancer listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ListenerArn": { "description": "The Amazon Resource Name (ARN) of the listener in the form arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/sample/1234567890abcdfe/1234567890abcdfe.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):elasticloadbalancing:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:listener/[a-z]{3}/[A-Za-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "CertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "IsDefault": { "description": "True to set the certificate as the default certificate on the listener, False to not set the certificate as the default certificate on the listener. Default value is False.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by adding the certificate to the Load Balancer listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to adding certificate to the Load Balancer listener. Set to False to add the certificate to the Load Balancer listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ListenerArn", "CertificateArn", "IsDefault", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "CertificateArn", "ListenerArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3g9dbtun44mal

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change Timezone", "description": "Change the time zone of an EC2 instance. To reboot the EC2 instance after changing the time zone, set Reboot = true.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-SetInstanceTimeZone.", "type": "string", "enum": [ "AWSManagedServices-SetInstanceTimeZone" ], "default": "AWSManagedServices-SetInstanceTimeZone" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the instance, in the form i-12345678901234567 or i-12345678.", "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "Reboot": { "description": "True to reboot the EC2 instance after changing the time zone. False to not reboot.", "type": "string", "default": "False", "enum": [ "True", "False" ] }, "TimeZone": { "description": "The time zone to set on the EC2 instance, in the form Australia/Sydney (AUS Eastern Standard Time).", "type": "string", "enum": [ "Africa/Abidjan (Greenwich Standard Time)", "Africa/Accra (Greenwich Standard Time)", "Africa/Addis_Ababa (E. Africa Standard Time)", "Africa/Algiers (W. Central Africa Standard Time)", "Africa/Bamako (Greenwich Standard Time)", "Africa/Bangui (W. Central Africa Standard Time)", "Africa/Banjul (Greenwich Standard Time)", "Africa/Bissau (Greenwich Standard Time)", "Africa/Blantyre (South Africa Standard Time)", "Africa/Brazzaville (W. Central Africa Standard Time)", "Africa/Bujumbura (South Africa Standard Time)", "Africa/Cairo (Egypt Standard Time)", "Africa/Casablanca (Morocco Standard Time)", "Africa/Ceuta (Romance Standard Time)", "Africa/Conakry (Greenwich Standard Time)", "Africa/Dakar (Greenwich Standard Time)", "Africa/Dar_es_Salaam (E. Africa Standard Time)", "Africa/Djibouti (E. Africa Standard Time)", "Africa/Douala (W. Central Africa Standard Time)", "Africa/El_Aaiun (Morocco Standard Time)", "Africa/Freetown (Greenwich Standard Time)", "Africa/Gaborone (South Africa Standard Time)", "Africa/Harare (South Africa Standard Time)", "Africa/Johannesburg (South Africa Standard Time)", "Africa/Juba (E. Africa Standard Time)", "Africa/Kampala (E. Africa Standard Time)", "Africa/Khartoum (Sudan Standard Time)", "Africa/Kigali (South Africa Standard Time)", "Africa/Kinshasa (W. Central Africa Standard Time)", "Africa/Lagos (W. Central Africa Standard Time)", "Africa/Libreville (W. Central Africa Standard Time)", "Africa/Lome (Greenwich Standard Time)", "Africa/Luanda (W. Central Africa Standard Time)", "Africa/Lubumbashi (South Africa Standard Time)", "Africa/Lusaka (South Africa Standard Time)", "Africa/Malabo (W. Central Africa Standard Time)", "Africa/Maputo (South Africa Standard Time)", "Africa/Maseru (South Africa Standard Time)", "Africa/Mbabane (South Africa Standard Time)", "Africa/Mogadishu (E. Africa Standard Time)", "Africa/Monrovia (Greenwich Standard Time)", "Africa/Nairobi (E. Africa Standard Time)", "Africa/Ndjamena (W. Central Africa Standard Time)", "Africa/Niamey (W. Central Africa Standard Time)", "Africa/Nouakchott (Greenwich Standard Time)", "Africa/Ouagadougou (Greenwich Standard Time)", "Africa/Porto-Novo (W. Central Africa Standard Time)", "Africa/Sao_Tome (Sao Tome Standard Time)", "Africa/Tripoli (Libya Standard Time)", "Africa/Tunis (W. Central Africa Standard Time)", "Africa/Windhoek (Namibia Standard Time)", "America/Adak (Aleutian Standard Time)", "America/Anchorage (Alaskan Standard Time)", "America/Anguilla (SA Western Standard Time)", "America/Antigua (SA Western Standard Time)", "America/Araguaina (Tocantins Standard Time)", "America/Argentina/La_Rioja (Argentina Standard Time)", "America/Argentina/Rio_Gallegos (Argentina Standard Time)", "America/Argentina/Salta (Argentina Standard Time)", "America/Argentina/San_Juan (Argentina Standard Time)", "America/Argentina/San_Luis (Argentina Standard Time)", "America/Argentina/Tucuman (Argentina Standard Time)", "America/Argentina/Ushuaia (Argentina Standard Time)", "America/Aruba (SA Western Standard Time)", "America/Asuncion (Paraguay Standard Time)", "America/Bahia (Bahia Standard Time)", "America/Bahia_Banderas (Central Standard Time (Mexico))", "America/Barbados (SA Western Standard Time)", "America/Belem (SA Eastern Standard Time)", "America/Belize (Central America Standard Time)", "America/Blanc-Sablon (SA Western Standard Time)", "America/Boa_Vista (SA Western Standard Time)", "America/Bogota (SA Pacific Standard Time)", "America/Boise (Mountain Standard Time)", "America/Buenos_Aires (Argentina Standard Time)", "America/Cambridge_Bay (Mountain Standard Time)", "America/Campo_Grande (Central Brazilian Standard Time)", "America/Cancun (Eastern Standard Time (Mexico))", "America/Caracas (Venezuela Standard Time)", "America/Cayenne (SA Eastern Standard Time)", "America/Cayman (SA Pacific Standard Time)", "America/Chicago (Central Standard Time)", "America/Chihuahua (Mountain Standard Time (Mexico))", "America/Costa_Rica (Central America Standard Time)", "America/Creston (US Mountain Standard Time)", "America/Cuiaba (Central Brazilian Standard Time)", "America/Curacao (SA Western Standard Time)", "America/Danmarkshavn (UTC)", "America/Dawson (Pacific Standard Time)", "America/Dawson_Creek (US Mountain Standard Time)", "America/Denver (Mountain Standard Time)", "America/Detroit (Eastern Standard Time)", "America/Dominica (SA Western Standard Time)", "America/Edmonton (Mountain Standard Time)", "America/Eirunepe (SA Pacific Standard Time)", "America/El_Salvador (Central America Standard Time)", "America/Fortaleza (SA Eastern Standard Time)", "America/Glace_Bay (Atlantic Standard Time)", "America/Godthab (Greenland Standard Time)", "America/Goose_Bay (Atlantic Standard Time)", "America/Grand_Turk (Turks And Caicos Standard Time)", "America/Grenada (SA Western Standard Time)", "America/Guadeloupe (SA Western Standard Time)", "America/Guatemala (Central America Standard Time)", "America/Guayaquil (SA Pacific Standard Time)", "America/Guyana (SA Western Standard Time)", "America/Halifax (Atlantic Standard Time)", "America/Havana (Cuba Standard Time)", "America/Hermosillo (US Mountain Standard Time)", "America/Indiana/Knox (Central Standard Time)", "America/Indiana/Marengo (US Eastern Standard Time)", "America/Indiana/Petersburg (Eastern Standard Time)", "America/Indiana/Tell_City (Central Standard Time)", "America/Indiana/Vevay (US Eastern Standard Time)", "America/Indiana/Vincennes (Eastern Standard Time)", "America/Indiana/Winamac (Eastern Standard Time)", "America/Indianapolis (US Eastern Standard Time)", "America/Inuvik (Mountain Standard Time)", "America/Iqaluit (Eastern Standard Time)", "America/Jamaica (SA Pacific Standard Time)", "America/Juneau (Alaskan Standard Time)", "America/Kentucky/Monticello (Eastern Standard Time)", "America/Kralendijk (SA Western Standard Time)", "America/La_Paz (SA Western Standard Time)", "America/Lima (SA Pacific Standard Time)", "America/Los_Angeles (Pacific Standard Time)", "America/Lower_Princes (SA Western Standard Time)", "America/Maceio (SA Eastern Standard Time)", "America/Managua (Central America Standard Time)", "America/Manaus (SA Western Standard Time)", "America/Marigot (SA Western Standard Time)", "America/Martinique (SA Western Standard Time)", "America/Matamoros (Central Standard Time)", "America/Mazatlan (Mountain Standard Time (Mexico))", "America/Menominee (Central Standard Time)", "America/Merida (Central Standard Time (Mexico))", "America/Metlakatla (Alaskan Standard Time)", "America/Mexico_City (Central Standard Time (Mexico))", "America/Miquelon (Saint Pierre Standard Time)", "America/Moncton (Atlantic Standard Time)", "America/Monterrey (Central Standard Time (Mexico))", "America/Montevideo (Montevideo Standard Time)", "America/Montreal (Eastern Standard Time)", "America/Montserrat (SA Western Standard Time)", "America/Nassau (Eastern Standard Time)", "America/New_York (Eastern Standard Time)", "America/Nipigon (Eastern Standard Time)", "America/Nome (Alaskan Standard Time)", "America/Noronha (UTC-02)", "America/North_Dakota/Beulah (Central Standard Time)", "America/North_Dakota/Center (Central Standard Time)", "America/North_Dakota/New_Salem (Central Standard Time)", "America/Ojinaga (Mountain Standard Time)", "America/Panama (SA Pacific Standard Time)", "America/Pangnirtung (Eastern Standard Time)", "America/Paramaribo (SA Eastern Standard Time)", "America/Phoenix (US Mountain Standard Time)", "America/Port-au-Prince (Haiti Standard Time)", "America/Port_of_Spain (SA Western Standard Time)", "America/Porto_Velho (SA Western Standard Time)", "America/Puerto_Rico (SA Western Standard Time)", "America/Punta_Arenas (Magallanes Standard Time)", "America/Rainy_River (Central Standard Time)", "America/Rankin_Inlet (Central Standard Time)", "America/Recife (SA Eastern Standard Time)", "America/Regina (Canada Central Standard Time)", "America/Resolute (Central Standard Time)", "America/Rio_Branco (SA Pacific Standard Time)", "America/Santa_Isabel (Pacific Standard Time (Mexico))", "America/Santarem (SA Eastern Standard Time)", "America/Santiago (Pacific SA Standard Time)", "America/Santo_Domingo (SA Western Standard Time)", "America/Sao_Paulo (E. South America Standard Time)", "America/Scoresbysund (Azores Standard Time)", "America/Sitka (Alaskan Standard Time)", "America/St_Barthelemy (SA Western Standard Time)", "America/St_Johns (Newfoundland Standard Time)", "America/St_Kitts (SA Western Standard Time)", "America/St_Lucia (SA Western Standard Time)", "America/St_Thomas (SA Western Standard Time)", "America/St_Vincent (SA Western Standard Time)", "America/Swift_Current (Canada Central Standard Time)", "America/Tegucigalpa (Central America Standard Time)", "America/Thule (Atlantic Standard Time)", "America/Thunder_Bay (Eastern Standard Time)", "America/Tijuana (Pacific Standard Time (Mexico))", "America/Toronto (Eastern Standard Time)", "America/Tortola (SA Western Standard Time)", "America/Vancouver (Pacific Standard Time)", "America/Whitehorse (Pacific Standard Time)", "America/Winnipeg (Central Standard Time)", "America/Yakutat (Alaskan Standard Time)", "America/Yellowknife (Mountain Standard Time)", "Antarctica/Casey (Singapore Standard Time)", "Antarctica/Davis (SE Asia Standard Time)", "Antarctica/DumontDUrville (West Pacific Standard Time)", "Antarctica/Macquarie (Central Pacific Standard Time)", "Antarctica/Mawson (West Asia Standard Time)", "Antarctica/McMurdo (New Zealand Standard Time)", "Antarctica/Palmer (SA Eastern Standard Time)", "Antarctica/Rothera (SA Eastern Standard Time)", "Antarctica/Syowa (E. Africa Standard Time)", "Antarctica/Vostok (Central Asia Standard Time)", "Arctic/Longyearbyen (W. Europe Standard Time)", "Asia/Aden (Arab Standard Time)", "Asia/Almaty (Central Asia Standard Time)", "Asia/Amman (Jordan Standard Time)", "Asia/Anadyr (Russia Time Zone 11)", "Asia/Aqtau (West Asia Standard Time)", "Asia/Aqtobe (West Asia Standard Time)", "Asia/Ashgabat (West Asia Standard Time)", "Asia/Baghdad (Arabic Standard Time)", "Asia/Bahrain (Arab Standard Time)", "Asia/Baku (Azerbaijan Standard Time)", "Asia/Bangkok (SE Asia Standard Time)", "Asia/Barnaul (Altai Standard Time)", "Asia/Beirut (Middle East Standard Time)", "Asia/Bishkek (Central Asia Standard Time)", "Asia/Brunei (Singapore Standard Time)", "Asia/Calcutta (India Standard Time)", "Asia/Chita (Transbaikal Standard Time)", "Asia/Choibalsan (Ulaanbaatar Standard Time)", "Asia/Chongqing (China Standard Time)", "Asia/Colombo (Sri Lanka Standard Time)", "Asia/Damascus (Syria Standard Time)", "Asia/Dhaka (Bangladesh Standard Time)", "Asia/Dili (Tokyo Standard Time)", "Asia/Dubai (Arabian Standard Time)", "Asia/Dushanbe (West Asia Standard Time)", "Asia/Gaza (West Bank Standard Time)", "Asia/Harbin (China Standard Time)", "Asia/Hebron (West Bank Standard Time)", "Asia/Hong_Kong (China Standard Time)", "Asia/Hovd (W. Mongolia Standard Time)", "Asia/Irkutsk (North Asia East Standard Time)", "Asia/Jakarta (SE Asia Standard Time)", "Asia/Jayapura (Tokyo Standard Time)", "Asia/Jerusalem (Israel Standard Time)", "Asia/Kabul (Afghanistan Standard Time)", "Asia/Kamchatka (Russia Time Zone 11)", "Asia/Karachi (Pakistan Standard Time)", "Asia/Kashgar (Central Asia Standard Time)", "Asia/Katmandu (Nepal Standard Time)", "Asia/Khandyga (Yakutsk Standard Time)", "Asia/Krasnoyarsk (North Asia Standard Time)", "Asia/Kuala_Lumpur (Singapore Standard Time)", "Asia/Kuching (Singapore Standard Time)", "Asia/Kuwait (Arab Standard Time)", "Asia/Macau (China Standard Time)", "Asia/Magadan (Magadan Standard Time)", "Asia/Makassar (Singapore Standard Time)", "Asia/Manila (Singapore Standard Time)", "Asia/Muscat (Arabian Standard Time)", "Asia/Nicosia (GTB Standard Time)", "Asia/Novokuznetsk (North Asia Standard Time)", "Asia/Novosibirsk (N. Central Asia Standard Time)", "Asia/Omsk (Omsk Standard Time)", "Asia/Oral (West Asia Standard Time)", "Asia/Phnom_Penh (SE Asia Standard Time)", "Asia/Pontianak (SE Asia Standard Time)", "Asia/Pyongyang (North Korea Standard Time)", "Asia/Qatar (Arab Standard Time)", "Asia/Qyzylorda (Qyzylorda Standard Time)", "Asia/Rangoon (Myanmar Standard Time)", "Asia/Riyadh (Arab Standard Time)", "Asia/Sakhalin (Sakhalin Standard Time)", "Asia/Samarkand (West Asia Standard Time)", "Asia/Seoul (Korea Standard Time)", "Asia/Shanghai (China Standard Time)", "Asia/Singapore (Singapore Standard Time)", "Asia/Srednekolymsk (Russia Time Zone 10)", "Asia/Taipei (Taipei Standard Time)", "Asia/Tashkent (West Asia Standard Time)", "Asia/Tbilisi (Georgian Standard Time)", "Asia/Tehran (Iran Standard Time)", "Asia/Thimphu (Bangladesh Standard Time)", "Asia/Tokyo (Tokyo Standard Time)", "Asia/Tomsk (Tomsk Standard Time)", "Asia/Ulaanbaatar (Ulaanbaatar Standard Time)", "Asia/Urumqi (Central Asia Standard Time)", "Asia/Ust-Nera (Vladivostok Standard Time)", "Asia/Vientiane (SE Asia Standard Time)", "Asia/Vladivostok (Vladivostok Standard Time)", "Asia/Yakutsk (Yakutsk Standard Time)", "Asia/Yekaterinburg (Ekaterinburg Standard Time)", "Asia/Yerevan (Caucasus Standard Time)", "Atlantic/Azores (Azores Standard Time)", "Atlantic/Bermuda (Atlantic Standard Time)", "Atlantic/Canary (GMT Standard Time)", "Atlantic/Cape_Verde (Cape Verde Standard Time)", "Atlantic/Madeira (GMT Standard Time)", "Atlantic/Reykjavik (Greenwich Standard Time)", "Atlantic/South_Georgia (UTC-02)", "Atlantic/St_Helena (Greenwich Standard Time)", "Atlantic/Stanley (SA Eastern Standard Time)", "Australia/Adelaide (Cen. Australia Standard Time)", "Australia/Brisbane (E. Australia Standard Time)", "Australia/Broken_Hill (Cen. Australia Standard Time)", "Australia/Currie (Tasmania Standard Time)", "Australia/Darwin (AUS Central Standard Time)", "Australia/Eucla (Aus Central W. Standard Time)", "Australia/Hobart (Tasmania Standard Time)", "Australia/Lindeman (E. Australia Standard Time)", "Australia/Lord_Howe (Lord Howe Standard Time)", "Australia/Melbourne (AUS Eastern Standard Time)", "Australia/Perth (W. Australia Standard Time)", "Australia/Sydney (AUS Eastern Standard Time)", "Canada/Atlantic (Atlantic Standard Time)", "Canada/Central (Central Standard Time)", "Canada/Eastern (Eastern Standard Time)", "Canada/Mountain (Mountain Standard Time)", "Canada/Newfoundland (Newfoundland Standard Time)", "Canada/Pacific (Pacific Standard Time)", "Etc/GMT (UTC)", "Etc/GMT+11 (UTC-11)", "Etc/GMT+12 (Dateline Standard Time)", "Etc/GMT+2 (UTC-02)", "Etc/GMT+8 (UTC-08)", "Etc/GMT+9 (UTC-09)", "Etc/GMT-12 (UTC+12)", "Etc/GMT-13 (UTC+13)", "Europe/Amsterdam (W. Europe Standard Time)", "Europe/Andorra (W. Europe Standard Time)", "Europe/Astrakhan (Astrakhan Standard Time)", "Europe/Athens (GTB Standard Time)", "Europe/Belgrade (Central Europe Standard Time)", "Europe/Berlin (W. Europe Standard Time)", "Europe/Bratislava (Central Europe Standard Time)", "Europe/Brussels (Romance Standard Time)", "Europe/Bucharest (GTB Standard Time)", "Europe/Budapest (Central Europe Standard Time)", "Europe/Busingen (W. Europe Standard Time)", "Europe/Chisinau (E. Europe Standard Time)", "Europe/Copenhagen (Romance Standard Time)", "Europe/Dublin (GMT Standard Time)", "Europe/Gibraltar (W. Europe Standard Time)", "Europe/Guernsey (GMT Standard Time)", "Europe/Helsinki (FLE Standard Time)", "Europe/Isle_of_Man (GMT Standard Time)", "Europe/Istanbul (Turkey Standard Time)", "Europe/Jersey (GMT Standard Time)", "Europe/Kaliningrad (Kaliningrad Standard Time)", "Europe/Kiev (FLE Standard Time)", "Europe/Lisbon (GMT Standard Time)", "Europe/Ljubljana (Central Europe Standard Time)", "Europe/London (GMT Standard Time)", "Europe/Luxembourg (W. Europe Standard Time)", "Europe/Madrid (Romance Standard Time)", "Europe/Malta (W. Europe Standard Time)", "Europe/Mariehamn (FLE Standard Time)", "Europe/Minsk (Belarus Standard Time)", "Europe/Monaco (W. Europe Standard Time)", "Europe/Moscow (Russian Standard Time)", "Europe/Oslo (W. Europe Standard Time)", "Europe/Paris (Romance Standard Time)", "Europe/Podgorica (Central Europe Standard Time)", "Europe/Prague (Central Europe Standard Time)", "Europe/Riga (FLE Standard Time)", "Europe/Rome (W. Europe Standard Time)", "Europe/Samara (Russia Time Zone 3)", "Europe/San_Marino (W. Europe Standard Time)", "Europe/Sarajevo (Central European Standard Time)", "Europe/Saratov (Saratov Standard Time)", "Europe/Simferopol (Russian Standard Time)", "Europe/Skopje (Central European Standard Time)", "Europe/Sofia (FLE Standard Time)", "Europe/Stockholm (W. Europe Standard Time)", "Europe/Tallinn (FLE Standard Time)", "Europe/Tirane (Central Europe Standard Time)", "Europe/Uzhgorod (FLE Standard Time)", "Europe/Vaduz (W. Europe Standard Time)", "Europe/Vatican (W. Europe Standard Time)", "Europe/Vienna (W. Europe Standard Time)", "Europe/Vilnius (FLE Standard Time)", "Europe/Volgograd (Volgograd Standard Time)", "Europe/Warsaw (Central European Standard Time)", "Europe/Zagreb (Central European Standard Time)", "Europe/Zaporozhye (FLE Standard Time)", "Europe/Zurich (W. Europe Standard Time)", "Indian/Antananarivo (E. Africa Standard Time)", "Indian/Chagos (Central Asia Standard Time)", "Indian/Christmas (SE Asia Standard Time)", "Indian/Cocos (Myanmar Standard Time)", "Indian/Comoro (E. Africa Standard Time)", "Indian/Kerguelen (West Asia Standard Time)", "Indian/Mahe (Mauritius Standard Time)", "Indian/Maldives (West Asia Standard Time)", "Indian/Mauritius (Mauritius Standard Time)", "Indian/Mayotte (E. Africa Standard Time)", "Indian/Reunion (Mauritius Standard Time)", "Pacific/Apia (Samoa Standard Time)", "Pacific/Auckland (New Zealand Standard Time)", "Pacific/Bougainville (Bougainville Standard Time)", "Pacific/Chatham (Chatham Islands Standard Time)", "Pacific/Easter (Easter Island Standard Time)", "Pacific/Efate (Central Pacific Standard Time)", "Pacific/Enderbury (UTC+13)", "Pacific/Fakaofo (UTC+13)", "Pacific/Fiji (Fiji Standard Time)", "Pacific/Funafuti (UTC+12)", "Pacific/Galapagos (Central America Standard Time)", "Pacific/Gambier (UTC-09)", "Pacific/Guadalcanal (Central Pacific Standard Time)", "Pacific/Guam (West Pacific Standard Time)", "Pacific/Honolulu (Hawaiian Standard Time)", "Pacific/Johnston (Hawaiian Standard Time)", "Pacific/Kiritimati (Line Islands Standard Time)", "Pacific/Kosrae (Central Pacific Standard Time)", "Pacific/Kwajalein (UTC+12)", "Pacific/Majuro (UTC+12)", "Pacific/Marquesas (Marquesas Standard Time)", "Pacific/Midway (UTC-11)", "Pacific/Nauru (UTC+12)", "Pacific/Niue (UTC-11)", "Pacific/Norfolk (Norfolk Standard Time)", "Pacific/Noumea (Central Pacific Standard Time)", "Pacific/Pago_Pago (UTC-11)", "Pacific/Palau (Tokyo Standard Time)", "Pacific/Pitcairn (UTC-08)", "Pacific/Port_Moresby (West Pacific Standard Time)", "Pacific/Rarotonga (Hawaiian Standard Time)", "Pacific/Saipan (West Pacific Standard Time)", "Pacific/Tahiti (Hawaiian Standard Time)", "Pacific/Tarawa (UTC+12)", "Pacific/Tongatapu (Tonga Standard Time)", "Pacific/Wake (UTC+12)", "Pacific/Wallis (UTC+12)", "US/Alaska (Alaskan Standard Time)", "US/Arizona (US Mountain Standard Time)", "US/Central (Central Standard Time)", "US/Eastern (Eastern Standard Time)", "US/Hawaii (Hawaiian Standard Time)", "US/Mountain (Mountain Standard Time)", "US/Pacific (Pacific Standard Time)", "UTC (UTC)" ] } }, "metadata": { "ui:order": [ "InstanceId", "Reboot", "TimeZone" ] }, "additionalProperties": false, "required": [ "InstanceId", "Reboot", "TimeZone" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3gf8dolbo8x9p

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS target endpoint", "description": "Use to create a Database Migration Service (DMS) target endpoint for RDS supported MySQL, MariaDB, PostgreSQL, Oracle and Microsoft SQL server engine.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-knghtmmgefafdq89u", "type": "string", "enum": [ "stm-knghtmmgefafdq89u" ], "default": "stm-knghtmmgefafdq89u" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "CertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) for the certificate to use with the target. This is required if SslMode = verify-ca or verify-full.", "pattern": "^$|^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:cert:[A-Z0-9]+$", "default": "" }, "DatabaseName": { "type": "string", "description": "The name of the target database. Must not be blank if EngineName = oracle, postgres or sqlserver.", "default": "" }, "EndpointIdentifier": { "type": "string", "description": "The identifier to be used for the target endpoint. This is a label for the endpoint to help you identify it. It must be unique for all endpoints owned by your AWS account in the current region. It must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|^(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "EngineName": { "type": "string", "description": "The type of engine this target endpoint is connected to. Amazon RDS-supported MySQL, MariaDB, PostgreSQL, Oracle and Microsoft SQL are the options.", "enum": [ "mariadb", "mysql", "oracle", "postgres", "sqlserver" ] }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. For example, to disable foreign key checks in MySQL compatible database as targets add initstmt=SET FOREIGN_KEY_CHECKS=0. See 'Targets for Data Migration' in AWS DMS documentation.", "default": "" }, "KmsKeyId": { "type": "string", "description": "This is the customer master key (CMK) that is used to encrypt connection parameters. If not specified the default CMK for AWS DMS is used.", "default": "" }, "Password": { "type": "string", "description": "The password to be used to log in to the endpoint database.", "metadata": { "ams:sensitive": true }, "default": "" }, "Port": { "type": "string", "description": "The port used by the endpoint database.", "pattern": "^$|^([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$", "default": "" }, "ServerName": { "type": "string", "description": "The name of the server where the target database resides. For an EC2 instance, this can be the IP address or the hostname. For an Amazon RDS DB instance, this can be the endpoint for the DB instance.", "default": "" }, "SslMode": { "type": "string", "description": "The SSL mode to ecrypt connections for target endpoint. Not all SSL modes work with all database endpoints. See 'Using SSL' in AWS DMS documentation.", "enum": [ "none", "require", "verify-ca", "verify-full" ], "default": "none" }, "Username": { "type": "string", "description": "The user name to be used to log in to the target database.", "metadata": { "ams:sensitive": true }, "default": "" } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ServerName", "Port", "Username", "Password", "DatabaseName", "ExtraConnectionAttributes", "KmsKeyId", "SslMode", "CertificateArn" ] }, "required": [ "EngineName", "ServerName", "Port", "Username", "Password" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-3gg0id58rn82h

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share EBS Snapshot", "description": "Share an Elastic Block Store (EBS) snapshot with another AMS account. If the destination account is onboarded in a different AMS Region, use change type ID ct-3lkbpansfv69k in the destination account to copy shared snapshot across regions. Only snapshots encrypted with managed KMS keys can be shared.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ShareEBSSnapshot.", "type": "string", "enum": [ "AWSManagedServices-ShareEBSSnapshot" ], "default": "AWSManagedServices-ShareEBSSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "AccountId": { "description": "The ID of the AWS account the EBS snapshots will be shared with, in the form 123456789012.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "minItems": 1, "maxItems": 1 }, "SnapshotId": { "description": "The ID of the EBS snapshot to share.", "type": "array", "items": { "type": "string", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SnapshotId", "AccountId" ] }, "additionalProperties": false, "required": [ "SnapshotId", "AccountId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3gjfayulf5hhs

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Developer Mode", "description": "Enable Developer Mode (Dev Mode). Dev mode provides you with elevated permissions, in AMS Plus accounts, to provision and update AWS resources outside of the AMS change management process. Dev mode does this by leveraging native AWS API calls within the AMS Virtual Private Cloud (VPC), enabling you to design and implement infrastructure and applications in your managed environment. When using an account that has Dev mode enabled, continuity management, patch management, and change management are provided for resources provisioned through the AMS change management process or by using an AMS Amazon Machine Image (AMI). However, these AMS management features are not offered for resources provisioned through native AWS APIs. Rather, you are responsible for monitoring infrastructure resources that are provisioned outside of the AMS change management process. Dev mode is limited to accounts with non-production workloads. With elevated permissions, you have an increased responsibility to ensure adherence to internal controls.", "type": "object", "properties": { "Enable": { "description": "To confirm that you are enabling Dev mode, enter Yes. If this parameter is left unspecified, Dev mode is not enabled.", "type": "string", "enum": [ "Yes" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Enable", "Priority" ] }, "required": [ "Enable" ] }

Schema for Change Type ct-3glr80c15rp7z

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Terminate Standalone DB Instance Or Cluster", "description": "Terminate a standalone DB instance or cluster. The automation checks that the DB instance, or cluster, is not part of a CloudFormation stack and does not have termination protection enabled. Please note that deleting the DB cluster deletes all the automated backups for that DB cluster and those backups can't be recovered. Standalone resources for testing purposes are created by AMS upon your request, they are not part of a stack and they can't be deleted with ct-0q0bic0ywqk6c.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-TerminateStandaloneDBInstanceOrCluster.", "type": "string", "enum": [ "AWSManagedServices-TerminateStandaloneDBInstanceOrCluster" ], "default": "AWSManagedServices-TerminateStandaloneDBInstanceOrCluster" }, "Region": { "description": "The AWS Region where DB identifier is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Confirmation": { "description": "Explicitly confirm the termination of the DB identifier with 'permanently delete', note that the RFC is not created if this parameter is null. Additionally, once the DB identifier is deleted it can't be restored unless there is an snapshot for the DB identifier.", "type": "string", "pattern": "^permanently delete$" }, "Parameters": { "type": "object", "properties": { "CreateFinalSnapshot": { "description": "True to create a final DB snapshot before deleting the DB identifier, false to not create a final snapshot. By default, the DB snapshot is created. If set to false and there are no existing snapshots for the DB identifier, it can't be restored.", "type": "boolean", "default": true }, "DBIdentifierArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the DB instance or cluster.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{12}:(db|cluster):[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "DeleteAutomatedBackups": { "description": "True to remove automated (system) backups immediately after the DB instance is deleted, false to not remove the backups immediately; applies to DB instance backups only. Default is false. Note that automated backups are deleted once the snapshot expires, based on the retention period settings the source instance had when you deleted it. Retained automated backups are removed by the system after their last system snapshot expires.", "type": "boolean", "default": false }, "FinalDBSnapshotIdentifier": { "description": "A meaningful name for the DB identifier snapshot to be created when the CreateFinalSnapshot parameter is set to true.", "type": "string", "pattern": "^[a-zA-Z](?!.*--)[a-zA-Z0-9-]*[a-zA-Z0-9]$|^$", "minLength": 0, "maxLength": 256, "default": "" } }, "metadata": { "ui:order": [ "DBIdentifierArn", "DeleteAutomatedBackups", "CreateFinalSnapshot", "FinalDBSnapshotIdentifier" ] }, "additionalProperties": false, "required": [ "DBIdentifierArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Confirmation", "Parameters" ] }, "required": [ "DocumentName", "Region", "Confirmation", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3hox8uwjgze1f

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SAML Identity Provider", "description": "Create an IAM identity provider using the SAML metadata document file that you stored in your chosen S3 bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateSamlProvider-Admin", "type": "string", "enum": [ "AWSManagedServices-HandleCreateSamlProvider-Admin" ], "default": "AWSManagedServices-HandleCreateSamlProvider-Admin" }, "Region": { "description": "The AWS Region of the account, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SAMLMetadataDocumentURL": { "description": "The S3 URL of the SAML metadata document file, in the form s3://bucketname/path/to/saml-metadata.xml.", "type": "array", "items": { "type": "string", "pattern": "^s3://[a-z0-9]([-.a-z0-9]+)[a-z0-9]/.+$" }, "minItems": 1, "maxItems": 1 }, "Name": { "description": "A meaningful name for the identity provider.", "type": "array", "items": { "type": "string", "default": "customer-saml", "pattern": "^[\\w._-]{1,128}" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SAMLMetadataDocumentURL", "Name" ] }, "required": [ "SAMLMetadataDocumentURL" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3j2zstluz6dxq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Authorize Ingress Rule", "description": "Authorize the ingress rule for the specified security group (SG). You must specify the configurations of the ingress rule that you are authorizing. Note that this adds an ingress rule to the specified SG but does not modify any existing ingress rules.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3.", "type": "string", "enum": [ "AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3" ], "default": "AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the ingress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Source": { "description": "An IP address range in CIDR notation, in the form 255.255.255.255/32; or the ID of another security group in the same Region; or self, to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8,17}$|^self$|^pl-\\w+|^[0-9]{12}\\/sg-[0-9a-f]{8,17}$" }, "minItems": 1, "maxItems": 1 }, "Description": { "description": "A meaningful description of the ingress rule.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,255}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Source", "Description" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Source" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3jo8yccbin4it

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disassociate TGW Attachment", "description": "Disassociate transit gateway (TGW) attachment from the transit gateway (TGW) route table. Use this change type for multi-account landing zone (MALZ) in Networking account only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DisassociateTGWAttachment.", "type": "string", "enum": [ "AWSManagedServices-DisassociateTGWAttachment" ], "default": "AWSManagedServices-DisassociateTGWAttachment" }, "Region": { "description": "The AWS Region in which the TGW attachment and TGW route table is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "TransitGatewayAttachmentId": { "description": "The ID of the TGW attachment to disassociate from the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-attach-[a-z0-9]{17}$" }, "maxItems": 1 }, "TransitGatewayRouteTableId": { "description": "The ID of the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] }, "additionalProperties": false, "required": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3jrqmeq7j0wke

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Redshift Cluster From Snapshot", "description": "Create a Redshift cluster with the same configration as the source snapshot.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-szovkq00000000000", "type": "string", "enum": [ "stm-szovkq00000000000" ], "default": "stm-szovkq00000000000" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "ClusterIdentifier": { "type": "string", "description": "A unique identifier for the cluster. Only ASCII letters, digits, hyphens. Cannot end with a hyphen or have more than two consecutive hyphens.", "pattern": "^(|(?!.*--.*)(?!.*-$)[a-z][a-z0-9-]{0,62})$" }, "ClusterSnapshot": { "type": "string", "description": "The name of the snapshot from which to create the new cluster. Only ASCII letters, digits, and hyphens.", "pattern": "^[a-zA-Z0-9-]{1,255}$|^rs:[a-zA-Z0-9-]{1,255}$" }, "NodeType": { "description": "The type of Amazon Redshift cluster node. The node type determines the CPU, RAM, storage capacity, and storage drive type for each node. You can only modify this if you are using any AWS DS (dense storage) node type. In that case, you can choose to restore into another DS node type of the same size. For example, you can restore ds1.8xlarge into ds2.8xlarge, or ds1.xlarge into ds2.xlarge. If you have a DC instance type, you must restore into that same instance type and size.", "type": "string", "enum": [ "ds2.xlarge", "ds2.8xlarge", "dc2.large", "dc2.8xlarge", "dc1.large", "dc1.8xlarge", "ra3.xlplus", "ra3.4xlarge", "ra3.16xlarge" ] }, "SnapshotAccountOwner": { "type": "string", "description": "The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot. Numbers only, no hyphens.", "pattern": "^(|[0-9]{12})$" }, "SnapshotClusterIdentifier": { "type": "string", "description": "The name of the cluster the source snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.", "pattern": "^(|(?!.*--.*)(?!.*-$)[a-z][a-z0-9-]{0,62})$" }, "IamRoles": { "type": "string", "description": "A comma-delimited list of up to 10 AWS Identity and Access Management (IAM) roles that the cluster can use to access other AWS services. Supply the IAM roles by their Amazon Resource Name (ARN), in the form arn:aws:iam::000000000000:role/customer_redshift_role. The role name must be prefixed with \"customer\". Leave blank to not attach any roles to the cluster.", "pattern": "^(arn:aws:iam::[0-9]{12}:role/customer[/\\w+=,.@-]+)(,arn:aws:iam::[0-9]{12}:role/customer[/\\w+=,.@-]+){0,9}$|^$" }, "ParameterGroupName": { "type": "string", "description": "The name of an existing Amazon Redshift parameter group. If no value is provided the default parameter group will be used.", "pattern": "^(|[a-zA-Z]+(?:-?[a-zA-Z0-9.]+){1,255})$" }, "ClusterSubnetGroup": { "type": "string", "description": "The name of an existing Amazon Redshift subnet group.", "pattern": "^[a-zA-Z0-9._-]{1,255}$" }, "AllowVersionUpgrade": { "type": "string", "description": "True to apply upgrades to the engine that is running on the cluster, during the maintenance window; false to not.", "enum": [ "true", "false" ], "default": "false" }, "SecurityGroups": { "type": "array", "description": "The identifiers of the security groups to control traffic to and from the Redshift cluster.", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true }, "DatabasePortNumber": { "type": "integer", "description": "The port number on which the cluster accepts incoming connections.", "default": 5439, "minimum": 1150, "maximum": 65535 }, "AutomatedSnapshotRetentionPeriod": { "type": "integer", "description": "The number of days that automated snapshots are retained. The default is to retain 7 days of snapshots, and the maximum value is 35 days. To disable automated snapshot retention, use 0.", "default": 7, "minimum": 0, "maximum": 35 }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range (in UTC) during which automated cluster maintenance can occur. The format of the time range is ddd:hh24:mi-ddd:hh24:mi. Leave blank to allow Amazon Redshift to choose a random 30 minute maintenance window.", "pattern": "^[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$|^$", "default": "" } }, "metadata": { "ui:order": [ "ClusterIdentifier", "ClusterSnapshot", "SnapshotAccountOwner", "SnapshotClusterIdentifier", "NodeType", "IamRoles", "ParameterGroupName", "ClusterSubnetGroup", "AllowVersionUpgrade", "SecurityGroups", "DatabasePortNumber", "AutomatedSnapshotRetentionPeriod", "PreferredMaintenanceWindow" ] }, "required": [ "ClusterSnapshot", "ClusterSubnetGroup", "NodeType" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Tags", "Parameters" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3jx80fquylzhf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Enhanced Monitoring", "description": "Update the Enhanced Monitoring property of an Amazon Relational Database Service (RDS) database instance or cluster. Enhanced Monitoring allows you to collect vital operating system metrics and process information, at the defined granularity.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSEnhancedMonitoring.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSEnhancedMonitoring" ], "default": "AWSManagedServices-UpdateRDSEnhancedMonitoring" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DBIdentifierArn": { "description": "The Amazon Resource Name (ARN) of the RDS instance or cluster.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{12}:(db|cluster):[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "MonitoringInterval": { "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. The valid intervals are 0, 1, 5, 10, 15, 30 and 60. To disable collecting Enhanced Monitoring metrics, specify 0.", "type": "string", "enum": [ "0", "1", "5", "10", "15", "30", "60" ] }, "MonitoringRoleName": { "description": "The name of the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. If no role is specified, the default role 'rds-monitoring-role' will be used or created if it does not exist.", "type": "string", "default": "rds-monitoring-role", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$" } }, "metadata": { "ui:order": [ "DBIdentifierArn", "MonitoringInterval", "MonitoringRoleName" ] }, "required": [ "DBIdentifierArn", "MonitoringInterval" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3kh1wiizlne1i

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Stack Read-Only access", "description": "Update read only access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-3kinq0u4l33zf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remediate Stack Drift", "description": "Remediate the drift (out-of-band changes) in a stack, bringing the stack in sync and enabling you to perform future updates using the available Update CTs. Note: up to 10 drifted resources will be remediated per RFC.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartDriftRemediation.", "type": "string", "enum": [ "AWSManagedServices-StartDriftRemediation" ], "default": "AWSManagedServices-StartDriftRemediation" }, "Region": { "description": "The AWS Region in which the CloudFormation stack is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "StackName": { "description": "The name of the stack to remediate the drift for, in the form of stack-a1b2c3d4e5f67890e.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{8}$|^stack-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "DryRun": { "description": "True to perform drift remediation in dry run mode, false to perform drift remediation not in dry run mode. Default is false. Dry run mode checks if the stack drift can be remediated or not, but does not attempt remediation. Note that, when DryRun=true, reserved stack outputs for drift remediation, in the form of AMSCFNDriftRemediationBuildReferences95556500d5, can be added or updated. To learn more about outputs, see AWS CloudFormation documentation.", "type": "array", "items": { "type": "string", "default": "false", "enum": [ "true", "false" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "StackName", "DryRun" ] }, "additionalProperties": false, "required": [ "StackName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3l14e139i5p50

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "acm-certificate-with-additional-sans", "description": "ACM Certificate with additional SANs", "type": "object", "properties": { "Description": { "description": "Stack's purpose description", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-[a-z]{17}", "type": "string", "enum": [ "stm-ftu71ma6q29bvulv0" ] }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "type": "object", "properties": { "DomainName": { "type": "string", "description": "Fully qualified domain name (FQDN), such as www.example.com, of the site that you want to secure with the ACM certificate. A wildcard can be used to create a certificate for multiple subdomains, e.g. *.example.com", "pattern": "^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$" }, "ValidationDomain": { "type": "string", "description": "The domain that domain name registrars use to send validation emails. This value must be the same as the domain name or a superdomain of the domain name. If left blank, the DomainName value will be used.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeName1": { "type": "string", "description": "FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeName2": { "type": "string", "description": "FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeName3": { "type": "string", "description": "FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeName4": { "type": "string", "description": "FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeName5": { "type": "string", "description": "FQDNs to be included in the Subject Alternative Name extension of the ACM certificate.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeNameValidationDomain1": { "type": "string", "description": "The domain that domain name registrars use to send validation emails. This value must be the same as the domain name or a superdomain of the domain name. If left blank, the SubjectAlternativeName1 value will be used.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeNameValidationDomain2": { "type": "string", "description": "The domain that domain name registrars use to send validation emails. This value must be the same as the domain name or a superdomain of the domain name. If left blank, the SubjectAlternativeName2 value will be used.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeNameValidationDomain3": { "type": "string", "description": "The domain that domain name registrars use to send validation emails. This value must be the same as the domain name or a superdomain of the domain name. If left blank, the SubjectAlternativeName3 value will be used.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeNameValidationDomain4": { "type": "string", "description": "The domain that domain name registrars use to send validation emails. This value must be the same as the domain name or a superdomain of the domain name. If left blank, the SubjectAlternativeName4 value will be used.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" }, "SubjectAlternativeNameValidationDomain5": { "type": "string", "description": "The domain that domain name registrars use to send validation emails. This value must be the same as the domain name or a superdomain of the domain name. If left blank, the SubjectAlternativeName5 value will be used.", "pattern": "^$|^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$", "default": "" } }, "required": [ "DomainName" ], "metadata": { "ui:order": [ "DomainName", "ValidationDomain", "SubjectAlternativeName1", "SubjectAlternativeNameValidationDomain1", "SubjectAlternativeName2", "SubjectAlternativeNameValidationDomain2", "SubjectAlternativeName3", "SubjectAlternativeNameValidationDomain3", "SubjectAlternativeName4", "SubjectAlternativeNameValidationDomain4", "SubjectAlternativeName5", "SubjectAlternativeNameValidationDomain5" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "StackTemplateId", "Parameters", "TimeoutInMinutes", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "StackTemplateId", "TimeoutInMinutes", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3lkbpansfv69k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy EBS Snapshot", "description": "Copy an Elastic Block Store (EBS) snapshot in your AMS account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyEBSSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CopyEBSSnapshot" ], "default": "AWSManagedServices-CopyEBSSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SourceRegion": { "description": "The AWS Region that contains the source snapshot, in the form us-east-1.", "type": "array", "items": { "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "minItems": 1, "maxItems": 1 }, "SourceSnapshotId": { "description": "The ID of the EBS snapshot to copy, in the form snap-12345678 or snap-123456789012345ab.", "type": "array", "items": { "type": "string", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "An AWS Key Management Service (KMS) key to encrypt the EBS snapshot with. The KMS key is the KMS Key ARN or the KMS key identifier. If left blank and the source snapshot is encrypted, the target snapshot will be encrypted using the default EBS KMS key.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "minItems": 1, "maxItems": 1 }, "Description": { "description": "A description for the new snapshot. If left blank a default description is used, in the form [Copied {SourceSnapshotId} from {SourceRegion}].", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 255 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceRegion", "SourceSnapshotId", "KmsKeyId", "Description" ] }, "additionalProperties": false, "required": [ "SourceRegion", "SourceSnapshotId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3ll9hnadql9s1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Public ACM Certificate", "description": "Create a public AWS Certificate Manager (ACM) certificate with email or DNS validation. To create a private ACM certificate, use ct-0hu3q3957aghj.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RequestACMCertificateV2", "type": "string", "enum": [ "AWSManagedServices-RequestACMCertificateV2" ], "default": "AWSManagedServices-RequestACMCertificateV2" }, "Region": { "description": "The AWS Region in which you want the ACM certificate, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DomainName": { "description": "The fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate.", "type": "string", "pattern": "^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$" }, "ValidationMethod": { "description": "How you will validate that you own or control the domain for the ACM certificate.", "type": "string", "enum": [ "EMAIL", "DNS" ], "default": "EMAIL" }, "CertificateType": { "description": "Confirm that you are creating a public ACM certificate. To create a private ACM certificate, use ct-0hu3q3957aghj.", "type": "string", "enum": [ "Public" ], "default": "Public" }, "ValidationDomain": { "description": "The domain for ACM to use when sending validation emails. This value must be the same as the DomainName, or a superdomain of the DomainName. If left blank, the DomainName value is used.", "type": "string", "pattern": "^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$|^$", "default": "" }, "SubjectAlternativeNames": { "description": "The additional FQDNs to be included in the subject alternative name extension of the ACM certificate.", "type": "array", "items": { "type": "string", "pattern": "^(\\*\\.){0,1}(\\w+)(.\\w+)*(\\.\\w+)$" }, "minItems": 1, "maxItems": 5 }, "Route53DNSValidation": { "description": "True for automatic ACM validation using your Route53 DNS, if the ACM and the domain are on the same account; false for no automatic validation. Default is false.", "type": "string", "enum": [ "True", "False" ], "default": "False" } }, "metadata": { "ui:order": [ "DomainName", "CertificateType", "ValidationMethod", "ValidationDomain", "SubjectAlternativeNames", "Route53DNSValidation" ] }, "additionalProperties": false, "required": [ "DomainName", "ValidationMethod" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3memthlcmvc1b

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update a security group", "description": "Update the inbound and the outbound rules of a security group, and optionally associate it with AWS resources.", "type": "object", "properties": { "SecurityGroupId": { "description": "ID of the security group to be updated or disassociated from the specified AWS resources.", "type": "string", "pattern": "^sg-[0-9a-zA-Z]{8}$|^sg-[0-9a-zA-Z]{17}$" }, "AddAssociatedResources": { "description": "Additional AWS resources to associate the security group to. For example, EC2 instance IDs, RDS DB instance IDs, Load Balancer names, DSM replication instance names, EFS mount target IDs, ElastiCache cluster IDs. To remove resources, use the Delete Security group CT.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 64 }, "minItems": 0, "maxItems": 10, "uniqueItems": true }, "AddInboundRules": { "description": "New inbound rules to be added.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. Use -1 for all ports.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Source": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To reference this security group, use self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8,17}$|^self$|^pl-\\w+|^[0-9]{12}\\/sg-[0-9a-f]{8,17}$" }, "Description": { "description": "Meaningful description of the inbound rule.", "type": "string", "minLength": 0, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Source", "Description" ] }, "required": [ "Protocol", "PortRange", "Source" ] }, "minItems": 0, "maxItems": 50 }, "RemoveInboundRules": { "description": "Existing inbound rules to be removed.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. Use -1 for all ports.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Source": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To reference this security group, use self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8,17}$|^self$|^pl-\\w+|^[0-9]{12}\\/sg-[0-9a-f]{8,17}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Source" ] }, "required": [ "Protocol", "PortRange", "Source" ] }, "minItems": 0, "maxItems": 50 }, "AddOutboundRules": { "description": "New outbound rules to be added.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. Use -1 for all ports.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Destination": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To reference this security group, use self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "minLength": 1, "maxLength": 64 }, "Description": { "description": "Meaningful description of the outbound rule.", "type": "string", "minLength": 0, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Destination", "Description" ] }, "required": [ "Protocol", "PortRange", "Destination" ] }, "minItems": 0, "maxItems": 50 }, "RemoveOutboundRules": { "description": "Existing outbound rules to be removed.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. Use -1 for all ports.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Destination": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To reference this security group, use self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "minLength": 1, "maxLength": 64 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Destination" ] }, "required": [ "Protocol", "PortRange", "Destination" ] }, "minItems": 0, "maxItems": 50 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the resource. Overwrites the original tags.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityGroupId", "AddAssociatedResources", "AddInboundRules", "RemoveInboundRules", "AddOutboundRules", "RemoveOutboundRules", "Priority", "Tags" ] }, "required": [ "SecurityGroupId" ] }

Schema for Change Type ct-3mlsibqhugrf1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EBS Snapshot", "description": "Create an Elastic Block Store (EBS) snapshot from an EBS volume. The volume must be attached to an EC2 instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateEBSSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CreateEBSSnapshot" ], "default": "AWSManagedServices-CreateEBSSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "VolumeId": { "description": "The ID of the source EBS volume, in the form vol-12345678 or vol-123456789012345ab.", "type": "array", "items": { "type": "string", "pattern": "^vol-[0-9a-f]{8}$|^vol-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "Description": { "description": "A description for the new snapshot.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 255 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "VolumeId", "Description" ] }, "additionalProperties": false, "required": [ "VolumeId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3mvvt2zkyveqj

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop EC2 Instances", "description": "Stop up to 50 running EC2 instances. If you specify an EC2 instance that is part of an Auto Scaling group (ASG), the instance is terminated and replaced by the ASG. If not part of an ASG, the instance remains stopped, in the account, until started or deleted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopInstances.", "type": "string", "enum": [ "AWSManagedServices-StopInstances" ], "default": "AWSManagedServices-StopInstances" }, "Region": { "description": "The AWS Region where the instances are, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceIds": { "description": "A list of up to 50 EC2 instance IDs, in the form i-1234567890abcdef0 or i-b188560f.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ForceStop": { "description": "True to stop the instances even if the KMS key used in encrypting any of the volumes of the instance is non-existent or pending deletion. False to not stop them if the KMS key is non-existent or pending deletion. Stopping these sorts of instances is not recommended unless the data on them is not required or is already backed up, because once stopped, they cannot be started.", "type": "array", "items": { "type": "string", "default": "false", "enum": [ "true", "false" ] }, "minItems": 1, "maxItems": 1 }, "StopASGInServiceInstances": { "description": "True to stop and terminate any ASG instance that is in the 'InService' state. False to only stop standalone instances and ASG instances that are in the 'Standby' state (ASG instances in the 'InService' state are not stopped. )", "type": "array", "items": { "type": "string", "default": "false", "enum": [ "true", "false" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "InstanceIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3nba0wtdugnan

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create AD DNS Conditional Forwarder", "description": "Create AD DNS conditional forwarder with up to five DNS servers associated with a remote domain name. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateADDNSConditionalForwarder-Admin.", "type": "string", "enum": [ "AWSManagedServices-CreateADDNSConditionalForwarder-Admin" ], "default": "AWSManagedServices-CreateADDNSConditionalForwarder-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RemoteDomainName": { "description": "The fully qualified domain name (FQDN) of the remote domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "minItems": 1, "maxItems": 1 }, "IPAddresses": { "description": "A list of private IP addresses of the remote DNS servers associated with the conditional forwarder.", "type": "array", "items": { "type": "string", "pattern": "^(10\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3}))$|^(192\\.168\\.(\\d{1,3})\\.(\\d{1,3}))$|^(172\\.(1[6-9]|2[0-9]|3[0-1])\\.[0-9]{1,3}\\.[0-9]{1,3})$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true } }, "metadata": { "ui:order": [ "RemoteDomainName", "IPAddresses" ] }, "additionalProperties": false, "required": [ "RemoteDomainName", "IPAddresses" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3nmhh0qr338q6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Associate TGW Attachment", "description": "Associate transit gateway (TGW) attachment to the transit gateway (TGW) route table. Use this change type for multi-account landing zone (MALZ) in Networking account only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AssociateTGWAttachment.", "type": "string", "enum": [ "AWSManagedServices-AssociateTGWAttachment" ], "default": "AWSManagedServices-AssociateTGWAttachment" }, "Region": { "description": "The AWS Region in which the TGW attachment and TGW route table is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "TransitGatewayAttachmentId": { "description": "The ID of the TGW attachment to associate to the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-attach-[a-z0-9]{17}$" }, "maxItems": 1 }, "TransitGatewayRouteTableId": { "description": "The ID of the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] }, "additionalProperties": false, "required": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3oafsdbzjtuqp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create VPC Endpoint (Interface)", "description": "Create an interface VPC endpoint, which allows you to connect to services powered by AWS PrivateLink, including many AWS services.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component. This becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-f0cumpt1rfc1p1739", "type": "string", "enum": [ "stm-f0cumpt1rfc1p1739" ], "default": "stm-f0cumpt1rfc1p1739" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "VpcId": { "type": "string", "description": "The VPC ID to attach the interface endpoint to, in the form vpc-0123abcd or vpc-01234567890abcdef.", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "ServiceName": { "type": "string", "description": "The service name the interface VPC endpoint is for. For example, com.amazonaws.ap-southeast-2.cloudformation.", "pattern": "(com.amazonaws|aws.sagemaker).[a-z0-9-.]{3,60}" }, "SecurityGroups": { "type": "array", "description": "The security groups to associate with the interface VPC endpoint, in the form sg-0123abcd or sg-01234567890abcdef.", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "uniqueItems": true }, "SubnetIds": { "type": "array", "description": "The subnet IDs to associate with the interface VPC endpoint, in the form subnet-0123abcd or subnet-01234567890abcdef.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "uniqueItems": true }, "EnablePrivateDns": { "type": "string", "description": "True to associate a private hosted zone with the VPC, false to not. The private hosted zone contains a record set for the default public DNS name for the service for the Region, which resolves to the private IP addresses of the network interfaces that are attached to the interface VPC endpoint.", "enum": [ "true", "false" ], "default": "false" } }, "metadata": { "ui:order": [ "VpcId", "ServiceName", "SecurityGroups", "SubnetIds", "EnablePrivateDns" ] }, "required": [ "VpcId", "ServiceName", "SecurityGroups", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "Name", "Description", "TimeoutInMinutes", "StackTemplateId", "Tags", "Parameters" ] }, "required": [ "VpcId", "Name", "Description", "TimeoutInMinutes", "StackTemplateId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3ovo7px2vsa6n

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update KMS Key", "description": "Request an update of a KMS Key.", "type": "object", "properties": { "KeyDescription": { "description": "A meaningful description of the KMS key; for example, a description that indicates that the KMS key is appropriate for a task. The default value is an empty string (no description). Note that the description appears in the details for the key in the KMS console. Do not include confidential or sensitive information as this field may appear in plain text in CloudTrail logs and other output.", "type": "string", "maxLength": 5000 }, "TargetKeyARN": { "description": "The Amazon Resource Name (ARN) of the target KMS key,in the form arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab, to update.", "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|mrk-[a-z0-9]{32})$" }, "AliasName": { "description": "An alias name for the KMS key. The alias name must be unique in the AWS account and region, can be up to 256 characters in length, and is limited to use characters a-z, A-Z, 0-9, and /_-", "type": "string", "pattern": "^[a-zA-Z0-9/_-]{1,256}$" }, "KeyStatus": { "description": "The KMS key status. Default is Enabled.", "type": "string", "default": "Enabled", "enum": [ "Enabled", "Disabled", "Cancel Key Deletion and Enabled", "Cancel Key Deletion and Disabled" ] }, "KeyRotation": { "description": "True if the KMS key should be rotated, false if it should not.", "type": "boolean" }, "KeyPermissions": { "description": "Detailed information about the key permissions, or a JSON policy document to be attached to the key (paste the policy document into the value field).", "type": "string", "maxLength": 5000 }, "PolicyAction": { "description": "Whether the given 'KeyPermissions' needs to be appended to the existing key policy or to replace the key policy entirely. If you want to add a new statement block to the existing policy, choose 'Append'. If you want to replace the entire policy or update the policy in specific sections, provide the entire policy containing desired changes in 'KeyPermissions' and choose 'Replace'. Leave this parameter blank if 'KeyPermissions' is not to be modified.", "type": "string", "enum": [ "Append", "Replace" ] }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "Operation": { "description": "Must be Update.", "type": "string", "default": "Update", "enum": [ "Update" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "KeyDescription", "TargetKeyARN", "AliasName", "KeyStatus", "KeyRotation", "KeyPermissions", "PolicyAction", "Tags", "Operation", "Priority" ] }, "required": [ "TargetKeyARN", "Operation" ] }

Schema for Change Type ct-3oy53m1qzl2s5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "On Demand Patching", "description": "Run on-demand SSM patching on specified instances; either a list of instances or instances with the specified tag/key pair.", "additionalProperties": false, "properties": { "Description": { "description": "A meaningful description for this on demand patch run.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this on demand patch run.", "maxLength": 128, "minLength": 3, "type": "string" }, "StartInactiveInstances": { "description": "True to start instances that were stopped before being patched, false to keep them stopped. Allowed values are \"True\" and \"False\".", "enum": [ "True", "False" ], "type": "string" }, "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "default": "ams-manual-backups", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$", "type": "string" }, "BackupIamRole": { "description": "The name of the role that allows AWS Backup to perform the actions on your behalf. The backup IAM role name must contain from 1 to 64 alphanumeric characters or hyphens.", "default": "ams-backup-iam-role", "pattern": "^[a-zA-Z0-9\\_\\-]{1,64}$", "type": "string" }, "BackupRetentionInDays": { "description": "The number of days the backup taken before patching will remain available.", "default": "21", "pattern": "^([1-9]|[1-9][0-9]|[1-2][0-9]{2}|3[0-5][0-9]{1}|36[0-4]|365)$", "type": "string" }, "PatchingTargets": { "description": "EC2 instances to run on-demand patching.", "items": { "additionalProperties": false, "properties": { "Key": { "description": "Enter \"InstanceIds\" to patch instances based on instanceIds. Or \"tag:\" followed by the tag key, such as \"tag:Patch Group\". The instances with whatever key/value pair that you enter, are marked for on-demand patching.", "maxLength": 150, "minLength": 1, "type": "string", "pattern": "^(tag:[\\w\\s_.:/=+\\-@]+|InstanceIds)$" }, "Values": { "description": "Provide the list of instanceIds if the key mentioned above is \"InstanceIds\". Else, provide a single tag value corresponding to the \"Key\" mentioned above. See AWS Systems Manager, Automation queue, documentation for information on queue limits.", "items": { "maxLength": 255, "minLength": 1, "type": "string" }, "minItems": 1, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Key", "Values" ] }, "required": [ "Key", "Values" ], "type": "object" }, "maxItems": 1, "minItems": 1, "type": "array" } }, "metadata": { "ui:order": [ "Name", "Description", "PatchingTargets", "StartInactiveInstances", "BackupVaultName", "BackupIamRole", "BackupRetentionInDays" ] }, "required": [ "Name", "PatchingTargets", "StartInactiveInstances" ], "type": "object" }

Schema for Change Type ct-3pc215bnwb6p7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Security Group", "description": "Create a security group with limited scope. For complex security groups, use the manual Security group Create change type (ct-1oxx2g2d7hc90).", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "SecurityGroupName": { "description": "A name for the security group. The name cannot start with \"sg-\", and must be unique within the VPC.", "type": "string", "minLength": 1, "maxLength": 255 }, "SecurityGroupDescription": { "description": "Meaningful information about the security group.", "type": "string", "minLength": 1, "maxLength": 255 }, "TcpUdpIngressRules": { "description": "TCP and UDP based ingress rules for the security group. No inbound TCP or UDP traffic originating from another host to your instance is allowed until you add these rules to the security group.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol for this rule, either TCP or UDP. Note you can add multiple rules for each.", "type": "string", "enum": [ "TCP", "UDP" ] }, "FromPort": { "description": "Start of allowed port range (0-65535 for TCP/UDP).", "type": "integer", "minimum": 0, "maximum": 65535 }, "ToPort": { "description": "End of allowed port range (0-65535 for TCP/UDP).", "type": "integer", "minimum": 0, "maximum": 65535 }, "Description": { "description": "Meaningful description of the TCP/UDP inbound rule.", "type": "string", "minLength": 0, "maxLength": 255 }, "AddressRanges": { "description": "An IP address range in CIDR notation (for example, 10.0.0.0/8). If you want to specify a single IP, use a CIDR Prefix of \"/32\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^self$|^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){1}$", "minLength": 1, "maxLength": 64 } }, "SecurityGroupIds": { "description": "The ID of another security group in the same Region. To use this security group, specify \"self\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$|^self$", "minLength": 1, "maxLength": 64 } } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "FromPort", "ToPort", "AddressRanges", "SecurityGroupIds", "Description" ] }, "required": [ "Protocol", "FromPort", "ToPort" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "TcpUdpEgressRules": { "description": "TCP and UDP based outbound rules for the security group. Unless custom egress rules are specified, all TCP and UDP outbound traffic originating from your instance is allowed.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol for this rule, either TCP or UDP. Note you can add multiple rules for each.", "type": "string", "enum": [ "TCP", "UDP" ] }, "FromPort": { "description": "Start of allowed port range (0-65535 for TCP/UDP).", "type": "integer", "minimum": 0, "maximum": 65535 }, "ToPort": { "description": "End of allowed port range (0-65535 for TCP/UDP).", "type": "integer", "minimum": 0, "maximum": 65535 }, "Description": { "description": "Meaningful description of the TCP/UDP outbound rule.", "type": "string", "minLength": 0, "maxLength": 255 }, "AddressRanges": { "description": "An IP address range in CIDR notation (for example, 10.0.0.0/8). If you want to specify a single IP, use a CIDR Prefix of \"/32\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^self$|^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){1}$", "minLength": 1, "maxLength": 64 } }, "SecurityGroupIds": { "description": "The ID of another security group in the same Region. To use this security group, specify \"self\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$|^self$", "minLength": 1, "maxLength": 64 } } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "FromPort", "ToPort", "AddressRanges", "SecurityGroupIds", "Description" ] }, "required": [ "Protocol", "FromPort", "ToPort" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "IcmpIngressRules": { "description": "ICMP based ingress rules for the security group. No inbound ICMP traffic originating from another host to your instance is allowed until you add these rules to the security group.", "type": "array", "items": { "type": "object", "properties": { "Type": { "description": "The ICMP type. Specify \"-1\" for all types.", "type": "integer" }, "Code": { "description": "The ICMP code. Specify \"-1\" for all codes. Must be \"-1\" if ICMP type is \"-1\".", "type": "integer" }, "Description": { "description": "Meaningful description of the ICMP inbound rule.", "type": "string", "minLength": 0, "maxLength": 255 }, "AddressRanges": { "description": "An IP address range in CIDR notation (for example, 10.0.0.0/8). If you want to specify a single IP, use a CIDR Prefix of \"/32\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^self$|^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){1}$", "minLength": 1, "maxLength": 64 } }, "SecurityGroupIds": { "description": "The ID of another security group in the same Region. To use this security group, specify \"self\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$|^self$", "minLength": 1, "maxLength": 64 } } }, "additionalProperties": false, "metadata": { "ui:order": [ "Type", "Code", "AddressRanges", "SecurityGroupIds", "Description" ] }, "required": [ "Type", "Code" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "IcmpEgressRules": { "description": "ICMP based outbound rules for the security group. Unless custom egress rules are specified, all ICMP outbound traffic originating from your instance is allowed.", "type": "array", "items": { "type": "object", "properties": { "Type": { "description": "The ICMP type. Specify \"-1\" for all types.", "type": "integer" }, "Code": { "description": "The ICMP code. Specify \"-1\" for all codes. Must be \"-1\" if ICMP type is \"-1\".", "type": "integer" }, "Description": { "description": "Meaningful description of the ICMP outbound rule.", "type": "string", "minLength": 0, "maxLength": 255 }, "AddressRanges": { "description": "An IP address range in CIDR notation (for example, 10.0.0.0/8). If you want to specify a single IP, use a CIDR Prefix of \"/32\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^self$|^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){1}$", "minLength": 1, "maxLength": 64 } }, "SecurityGroupIds": { "description": "The ID of another security group in the same Region. To use this security group, specify \"self\". You must specify either AddressRanges parameter or SecurityGroupIds parameter, but you can also specify both.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$|^self$", "minLength": 1, "maxLength": 64 } } }, "additionalProperties": false, "metadata": { "ui:order": [ "Type", "Code", "AddressRanges", "SecurityGroupIds", "Description" ] }, "required": [ "Type", "Code" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the security group.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "SecurityGroupName", "SecurityGroupDescription", "TcpUdpIngressRules", "TcpUdpEgressRules", "IcmpIngressRules", "IcmpEgressRules", "Tags" ] }, "required": [ "VpcId", "SecurityGroupName", "SecurityGroupDescription" ] }

Schema for Change Type ct-3pwbixz27n3tn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Customer-Managed Application Account", "description": "Create a customer-managed application account in a multi-account AWS landing zone. Customer-managed accounts give you full control to operate the infrastructure within the centralized architecture managed by AMS. Multi-account AWS landing zone core accounts must already be onboarded to AWS Managed Services (AMS).", "type": "object", "properties": { "AccountName": { "description": "A name for the new customer-managed application account. Max length 50 characters. The underscore (_) is not allowed.", "type": "string", "pattern": "^[a-zA-Z0-9]{1}[a-zA-Z0-9.-]{0,49}$" }, "AccountEmail": { "description": "The email address for the owner of the new customer-managed application account. The AccountEmail address must be unique per account.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "CustomerManagedOUName": { "description": "The name of an existing customer-managed organizational unit (OU) for this account, in the form of <customer-managed ou name> or <customer-managed ou name>:<child ou name>. The default value is customer-managed. To create new OUs under customer-managed OU, please use create custom OU CT ct-1ksyoxreh35tu", "type": "string", "default": "customer-managed" } }, "metadata": { "ui:order": [ "AccountName", "AccountEmail", "CustomerManagedOUName" ] }, "additionalProperties": false, "required": [ "AccountName", "AccountEmail" ] }

Schema for Change Type ct-3qe6io8t6jtny

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Self-Provisioned AWS Service", "description": "Add a specific, allowed, AWS service to your AMS account. AMS adds the necessary permissions to use the service to an existing IAM role that you specify, or creates a new role that allows you to use the service without AMS management under the AMS Shared Responsibility model. Compliance is a shared responsibility and your AMS compliance status does not automatically apply to services or applications that you add in this way. Some AWS services do not have compliance certifications. For more information, go to the AWS Services in Scope of AWS Assurance Program page. On that page, unless specifically excluded, features of each of the services are considered in scope of the assurance programs, and are reviewed and tested as part of the assessment.", "type": "object", "properties": { "ServiceName": { "description": "The name of the AWS service.", "type": "string", "enum": [ "Alexa for Business", "Amazon API Gateway", "Amazon AppStream 2.0", "Amazon Athena", "Amazon Bedrock", "Amazon CloudSearch", "Amazon CloudWatch Synthetics", "Amazon Cognito", "Amazon Comprehend", "Amazon Connect", "Amazon DocumentDB (with MongoDB compatibility)", "Amazon DynamoDB", "Amazon DevOps Guru", "Amazon ECR", "Amazon ECS on AWS Fargate", "Amazon EKS on AWS Fargate", "Amazon EMR", "Amazon EventBridge", "Amazon Forecast", "Amazon FSx", "Amazon Inspector", "Amazon Kinesis Data Analytics", "Amazon Kinesis Data Firehose", "Amazon Kinesis Data Streams", "Amazon Kinesis Video Streams", "Amazon Lex", "Amazon Managed Service for Prometheus", "Amazon Managed Streaming for Apache Kafka", "Amazon MQ", "Amazon Personalize", "Amazon QuickSight", "Amazon Rekognition", "Amazon SageMaker", "Amazon Simple Email Service", "Amazon Simple Workflow Service", "Amazon Textract", "Amazon Transcribe", "Amazon WorkDocs", "Amazon WorkSpaces", "AWS Amplify", "AWS Audit Manager", "AWS Batch", "AMS Code services", "AWS App Mesh", "AWS AppSync", "AWS Certificate Manager (ACM)", "AWS Private Certificate Authority (PCA)", "AWS CloudEndure", "AWS CloudHSM", "AWS CodeBuild", "AWS CodeCommit", "AWS CodeDeploy", "AWS CodePipeline", "AWS Compute Optimizer", "AWS DataSync", "AWS Elastic Disaster Recovery", "AWS Elemental MediaConvert", "AWS Elemental MediaLive", "AWS Elemental MediaPackage", "AWS Elemental MediaStore", "AWS Elemental MediaTailor", "AWS Global Accelerator", "AWS Glue", "AWS Lake Formation", "AWS Lambda", "AWS License Manager", "AWS Migration Hub", "AWS Outposts", "AWS Resilience Hub", "AWS Secrets Manager", "AWS Security Hub", "AWS Service Catalog AppRegistry", "AWS Shield", "AWS Snowball", "AWS Step Functions", "AWS Systems Manager Parameter Store", "AWS Systems Manager Automation", "AWS Transfer for SFTP", "AWS Transit Gateway", "AWS WAF - Web Application Firewall", "AWS Well Architected Tool", "AWS X-Ray", "EC2 Image Builder", "VM Import/Export" ] }, "IAMRole": { "description": "ARN of an existing IAM role to add the permissions to self-manage the AWS service. If left blank, a new role is created with the necessary permissions.", "type": "string", "pattern": "^arn:aws:iam::\\d{12}:role\\/[\\w+=,.@-]{1,64}$" }, "SAMLProviders": { "description": "A single SAML provider name or a comma-separated list of SAML providers to use with the role", "type": "string", "pattern": "^[\\w+=,.@-]{1,256}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "ServiceName", "IAMRole", "SAMLProviders", "Priority" ] }, "required": [ "ServiceName" ] }

Schema for Change Type ct-3r2ckznmt0a59

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Static Route", "description": "Create a static route on transit gateway (TGW) route table. Use this change type for multi-account landing zone (MALZ) Networking accounts only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateRouteInTGWRouteTable.", "type": "string", "enum": [ "AWSManagedServices-CreateRouteInTGWRouteTable" ], "default": "AWSManagedServices-CreateRouteInTGWRouteTable" }, "Region": { "description": "The AWS Region in which the TGW attachment and TGW route table is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Blackhole": { "description": "True to indicate that the route's target isn't available. Do this when the traffic for the static route is to be dropped by the Transit Gateway. False to route the traffic to the specified TGW attachment ID. Default value is false.", "type": "array", "items": { "type": "boolean", "default": false }, "minItems": 1, "maxItems": 1 }, "DestinationCidrBlock": { "description": "The IPV4 CIDR range used for destination matches. Routing decisions are based on the most specific match.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2])){0,1}$" }, "maxItems": 1 }, "TransitGatewayAttachmentId": { "description": "The TGW Attachment ID that will serve as route table target. If Blackhole is false, this parameter is required, otherwise leave this parameter blank.", "type": "array", "items": { "type": "string", "pattern": "^tgw-attach-[a-z0-9]{17}$" }, "maxItems": 1 }, "TransitGatewayRouteTableId": { "description": "The ID of the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayRouteTableId", "DestinationCidrBlock", "TransitGatewayAttachmentId", "Blackhole" ] }, "additionalProperties": false, "required": [ "TransitGatewayRouteTableId", "DestinationCidrBlock" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3rcl9u1k017wu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Subscribe to DirectCustomerAlerts", "description": "Subscribe an email address to the Direct-Customer-Alerts SNS topic.", "type": "object", "properties": { "Region": { "description": "The AWS Region of the account with the SNS subscription.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Email": { "description": "The email address subscribing to the Direct-Customer-Alerts SNS topic.", "pattern": "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$", "type": "string" } }, "metadata": { "ui:order": [ "Region", "Email" ] }, "additionalProperties": false, "required": [ "Region", "Email" ] }

Schema for Change Type ct-3rd4781c2nnhp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Direct Change mode", "description": "Enable Direct Change mode (DCM). DCM grants native AWS access to provision and update AWS resources. The resources and changes to them are fully supported by AMS, including monitoring, patch, backup, and incident response management.", "type": "object", "properties": { "SamlIdentityProviderArns": { "description": "Comma-separated list of ARNs (Amazon Resource Name) of the SAML identity provider (IdP), or providers, to assume the DCM roles. You must set at least one provider, using either this parameter, or one of the other provider parameters (IamEntityArns or AwsServicePrincipals).", "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "IamEntityArns": { "description": "Comma-separated list of ARNs of the IAM entities to assume the DCM roles (example: role, user). You must set at least one provider, using either this parameter, or one of the other provider parameters (SamlIdentityProviderArns or AwsServicePrincipals).", "type": "array", "items": { "type": "string" }, "uniqueItems": true }, "AwsServicePrincipals": { "description": "Comma-separated list of AWS service principal names for a service, or services, to assume the DCM roles (example: ecs.amazonaws.com). To find a service principal name, see AWS documentation. You must set at least one provider, using either this parameter, or one of the other provider parameters (SamlIdentityProviderArns or IamEntityArns).", "type": "array", "items": { "type": "string" }, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "SamlIdentityProviderArns", "IamEntityArns", "AwsServicePrincipals" ] } }

Schema for Change Type ct-3rk1nl1ufn5g3

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Resource Scheduler Schedule", "description": "Delete an existing schedule used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteScheduleOrPeriod.", "type": "string", "enum": [ "AWSManagedServices-DeleteScheduleOrPeriod" ], "default": "AWSManagedServices-DeleteScheduleOrPeriod" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ConfigurationType": { "description": "Specify the value: schedule. This explicitly requests that the Resource Scheduler schedule be deleted. The option cannot be left blank; it must be schedule.", "type": "array", "items": { "type": "string", "enum": [ "schedule" ], "default": "schedule" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "The name of the schedule to delete.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,64}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "ConfigurationType", "Name" ] }, "required": [ "ConfigurationType", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3rqqu43krekby

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create AMI", "description": "Create an Amazon Machine Image (AMI) based on an existing standalone EC2 instance in your AMS account. The instance must be in the stopped state before running this change type.", "type": "object", "properties": { "AmiName": { "description": "A name for the AMI. Must be unique per Region and account. If the name is not unique, the create AMI operation fails.", "type": "string", "minLength": 1, "maxLength": 255 }, "InstanceId": { "description": "ID of the instance to create the AMI from, in the form of i-01234567890abcdef. The instance must be stopped. Specify a standalone EC2 instance, do not use an Auto Scaling group instance. Refer to the AMS User Guide documentation on creating AMIs for instructions on preparing the instance.", "type": "string", "pattern": "^i-[a-zA-Z0-9]{8}$|^i-[a-zA-Z0-9]{17}$" }, "AmiTags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceId", "AmiName", "AmiTags" ] }, "required": [ "InstanceId", "AmiName" ] }

Schema for Change Type ct-3s3ik03uzw19t

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start RDS DB Instance", "description": "Start an Amazon Relational Database Service (RDS) database (DB) instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRDSInstance.", "type": "string", "enum": [ "AWSManagedServices-StartRDSInstance" ], "default": "AWSManagedServices-StartRDSInstance" }, "Region": { "description": "The AWS Region in which the RDS DB is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "RDS DB instance identifier.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{1,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId" ] }, "additionalProperties": false, "required": [ "InstanceId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3sk74t8igor0s

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Attach Instance Target To Target Group", "description": "Attach instance or instances to the target group (ALB and NLB).", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-AttachInstancesToTargetGroup", "type": "string", "enum": [ "AWSManagedServices-AttachInstancesToTargetGroup" ], "default": "AWSManagedServices-AttachInstancesToTargetGroup" }, "Region": { "description": "The AWS Region where the target group and instances are located, in the form of us-east-1", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstancesIds": { "description": "The instance or instances IDs to be attached to the required target group, in the form of i-1234abcdef", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "maxItems": 20 }, "InstancesPort": { "description": "The target instance port number.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "maxItems": 1 }, "TargetGroupArn": { "description": "The target group Amazon Resource Name (ARN), in the form of arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:elasticloadbalancing:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstancesIds", "InstancesPort", "TargetGroupArn" ] }, "additionalProperties": false, "required": [ "InstancesIds", "InstancesPort", "TargetGroupArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3skaisgnq0pf8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update AWS Account Alias", "description": "Update an existing AWS account alias. Note that an AWS account can have only one alias. If you update the account alias, the new alias overwrites the previous alias, and the URL containing the previous alias stops working.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAccountAlias.", "type": "string", "enum": [ "AWSManagedServices-CreateAccountAlias" ], "default": "AWSManagedServices-CreateAccountAlias" }, "Region": { "description": "The AWS Region where the account is, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "AWSAccountAlias": { "description": "The new alias name for the AWS account.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{3,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 }, "ReplaceAliasIfExists": { "description": "Specify True, to explicitly request that the current AWS account alias name be updated. Must be True; cannot be left blank.", "type": "array", "items": { "enum": [ "True" ], "type": "string", "default": "True" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "AWSAccountAlias", "ReplaceAliasIfExists" ] }, "required": [ "AWSAccountAlias", "ReplaceAliasIfExists" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-3t4lifos8tu58

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create target group for NLB", "description": "Use to create a target group for a Network Load Balancer.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-6pvp2f7cp481g1r47", "type": "string", "enum": [ "stm-6pvp2f7cp481g1r47" ], "default": "stm-6pvp2f7cp481g1r47" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "NetworkLoadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the network load balancer in the form arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id. This is used to create CloudWatch alarms that trigger if the Target Group contains no healthy instances.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:loadbalancer/net/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$", "default": "3" }, "HealthCheckInterval": { "type": "integer", "description": "The approximate interval, in seconds, between health checks. The supported values are 10 or 30 seconds.", "default": 30 }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "default": "/" }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]|traffic-port|", "default": "" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS", "TCP" ], "default": "TCP" }, "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "80" }, "Name": { "type": "string", "description": "A name for the target group. This name must be unique per account, per region.", "pattern": "[0-9a-zA-Z\\-]{0,32}", "default": "" }, "ProxyProtocolV2": { "type": "string", "description": "True if proxy protocol version 2 is enabled. False if it is not.", "enum": [ "true", "false" ], "default": "false" }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})", "default": "300" }, "TargetType": { "type": "string", "description": "The registration type of the targets; determines how you specify the TargetGroup targets. If you choose instance, you specify the targets by instance ID. If you choose ip, you specify the targets by IP address. After you create a target group, you cannot change its target type.", "enum": [ "instance", "ip" ], "default": "instance" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target1ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target1ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target1ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$", "default": "" }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target2ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target2ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target2ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$", "default": "" }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target3ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target3ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target3ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|$", "default": "" }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target4ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target4ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target4ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$", "default": "" }, "Target5ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target5Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target5AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target5ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target5ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target5ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$", "default": "" }, "Target6ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target6Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target6AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target6ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target6ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target6ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$", "default": "" }, "Target7ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target7Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target7AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target7ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target7ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target7ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|$", "default": "" }, "Target8ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target8Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target8AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target8ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target8ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target8ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$", "default": "" } }, "metadata": { "ui:order": [ "Name", "InstancePort", "NetworkLoadBalancerArn", "DeregistrationDelayTimeout", "ProxyProtocolV2", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckInterval", "TargetType", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone", "Target5ID", "Target5Port", "Target5AvailabilityZone", "Target6ID", "Target6Port", "Target6AvailabilityZone", "Target7ID", "Target7Port", "Target7AvailabilityZone", "Target8ID", "Target8Port", "Target8AvailabilityZone" ] }, "additionalProperties": false, "required": [ "InstancePort", "NetworkLoadBalancerArn" ] } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-3u61cd4edns0x

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Resource Scheduler Schedule", "description": "Update an existing schedule to be used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddOrUpdateSchedule.", "type": "string", "enum": [ "AWSManagedServices-AddOrUpdateSchedule" ], "default": "AWSManagedServices-AddOrUpdateSchedule" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Action": { "description": "Specify the value: update. This explicitly requests that the Resource Scheduler schedule be updated. The option cannot be left blank; it must be update.", "type": "array", "items": { "type": "string", "enum": [ "update" ], "default": "update" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "The name of the schedule to update.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,64}$" }, "maxItems": 1, "minItems": 1 }, "Description": { "description": "A meaningful description for the schedule.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,1000}$|^$" }, "maxItems": 1, "minItems": 1 }, "Hibernate": { "description": "True to hibernate (suspend-to-disk) EC2 instances that are enabled for hibernation and meet hibernation requirements, false to not. Check the EC2 console to find out if your instances are enabled for hibernation. Default is false.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "Enforced": { "description": "True to enforce the schedule, false to not. When this field is set to true, the Resource Scheduler will stop a running resource if it is manually started outside of the running period, and it will start a resource if it is stopped manually during the running period. Default is false.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "OverrideStatus": { "description": "Override the current schedule action. If set to running, the instance will be started but not stopped until it is manually stopped. Similarly when set to stopped, the instance will be stopped but not started automatically until manually started. There is no default. If left unspecified this setting is not used.", "type": "array", "items": { "type": "string", "enum": [ "running", "stopped" ] }, "maxItems": 1, "minItems": 1 }, "Periods": { "description": "A comma-separated list of one or more period names in this schedule. The name, or names, must match the existing defined periods.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,2000}$" }, "maxItems": 1, "minItems": 1 }, "RetainRunning": { "description": "True to prevent the Resource Scheduler from stopping a resource at the end of a period if the instance was manually started before the beginning of the period. False to not. Default is false.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "StopNewInstances": { "description": "True to stop a resource the first time it is tagged if it is running outside of the running period. False to not stop the resource. The default is true.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "SSMMaintenanceWindow": { "description": "Comma-separated name or names of one, or more, existing AWS Systems Manager maintenance windows, to use as the period. First, ensure that the UseMaintenanceWindow parameter is set to true. Create a maintenance window with the Deployment | Patching | SSM patch window | Create change type (ct-0el2j07llrxs7).", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, ]$)^[A-Za-z0-9-_, ]{1,4096}$|^$" }, "maxItems": 1, "minItems": 1 }, "TimeZone": { "description": "The name of the time zone, in the form US/Pacific, the schedule uses. If no time zone is specified then the time zone DefaultTimezone set when the Resource Scheduler was deployed is used.", "type": "array", "items": { "type": "string", "enum": [ "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Velho", "America/Puerto_Rico", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/Syowa", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Colombo", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Thimphu", "Asia/Tokyo", "Asia/Ulaanbaatar", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faroe", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/Perth", "Australia/Sydney", "Canada/Atlantic", "Canada/Central", "Canada/Eastern", "Canada/Mountain", "Canada/Newfoundland", "Canada/Pacific", "Europe/Amsterdam", "Europe/Andorra", "Europe/Athens", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "GMT", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Wake", "Pacific/Wallis", "US/Alaska", "US/Arizona", "US/Central", "US/Eastern", "US/Hawaii", "US/Mountain", "US/Pacific", "UTC" ] }, "maxItems": 1, "minItems": 1 }, "UseMaintenanceWindow": { "description": "True to add an Amazon RDS maintenance window as a period to an Amazon RDS instance schedule, or to add an AWS Systems Manager (SSM) maintenance window as a period to an Amazon EC2 instance schedule. An RDS maintenance window is automatically created by RDS. An SSM maintenance window you create with the Deployment | Patching | SSM maintenance window | Create (ct-0el2j07llrxs7) change type. False to not add either maintenance window, but to use the start and stop settings of the period.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 }, "UseMetrics": { "description": "Enable CloudWatch metrics for this schedule. This field overrides the default settings defined when the Resource Scheduler was deployed.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ] }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "Action", "Name", "Description", "Hibernate", "Enforced", "OverrideStatus", "Periods", "RetainRunning", "StopNewInstances", "SSMMaintenanceWindow", "TimeZone", "UseMaintenanceWindow", "UseMetrics" ] }, "required": [ "Action", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3u9yd8jznb2zd

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Encrypt AMI", "description": "Use to create a custom AMI with an encrypted EBS snapshot, which protects data at rest. When the encrypted AMI is launched, the corresponding EBS volume is encrypted.", "type": "object", "properties": { "AmiId": { "description": "ID of the AMI to encrypt, in the form ami-0123abcd or ami-01234567890abcdef. The new AMI appends a date/time stamp and 'encrypted-copy' to the name of the source AMI.", "type": "string", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "KmsKeyId": { "description": "A KMS key to encrypt the AMI with. If one is not specified, the default EBS KMS key for the account is used. Allows any format specified in EC2 documentation for CopyImage API: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html", "type": "string", "metadata": { "ams:sensitive": true } }, "VpcId": { "description": "ID of the VPC where the source AMI is available and where the encrypted AMI will be created, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "additionalProperties": false, "required": [ "AmiId", "VpcId" ] }

Schema for Change Type ct-3vfxkiudtovm9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Set Patch Window Status", "description": "Enable or disable an existing AWS Systems Manager (SSM) patch window. If the window is enabled, any task associated with it runs on the next occurrence of the maintenance window. If disabled, any future occurrences of the window no longer run. Occurrences of the window that are already running continue to run until completion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-SetSsmMaintenanceWindowStatus.", "type": "string", "enum": [ "AWSManagedServices-SetSsmMaintenanceWindowStatus" ], "default": "AWSManagedServices-SetSsmMaintenanceWindowStatus" }, "Region": { "description": "The AWS Region in which the maintenance window is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "MaintenanceWindowId": { "description": "The ID of the SSM patch maintenance window to set the status for.", "type": "array", "items": { "type": "string", "pattern": "^mw-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "Enabled": { "description": "True to enable the patch window, false to disable it.", "type": "array", "items": { "type": "boolean" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "MaintenanceWindowId", "Enabled" ] }, "required": [ "MaintenanceWindowId", "Enabled" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-3w4lxdl3pqxob

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create HA One-Tier Stack With ELB", "description": "Create a stack with an Auto Scaling Group, and an Elastic Load Balancer (ELB) with up to two listeners, integrated with an existing security group that you specify.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-g7rc538l62r4c23nb", "type": "string", "enum": [ "stm-g7rc538l62r4c23nb" ], "default": "stm-g7rc538l62r4c23nb" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 360 }, "AutoScaling": { "type": "object", "properties": { "AmiId": { "type": "string", "description": "ID of the AMI for the Auto Scaling group to use when creating new instances, in the form ami-0123abcd or ami-01234567890abcdef.", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "Cooldown": { "type": "string", "description": "The number of seconds after a scaling activity is completed before any further scaling activities can start.", "default": "300" }, "EBSOptimized": { "type": "string", "description": "True to create EBS-optimized instances, false to not. EBS-optimization provides dedicated throughput to Amazon EBS and optimal EBS I/O performance.", "enum": [ "true", "false" ], "default": "false" }, "HealthCheckGracePeriod": { "type": "string", "description": "The amount of time, in seconds, that auto scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "default": "600" }, "HealthCheckType": { "type": "string", "description": "The service from which the health status is used, Amazon EC2 or Elastic Load Balancer.", "enum": [ "EC2", "ELB" ], "default": "EC2" }, "IAMInstanceProfile": { "type": "string", "description": "The IAM instance profile for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available.", "pattern": "^customer[\\w-]+$", "default": "customer-mc-ec2-instance-profile" }, "DetailedMonitoring": { "type": "string", "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring.", "enum": [ "true", "false" ], "default": "true" }, "RootVolumeIops": { "type": "string", "description": "The IOPS to use for the root volume if volume type is io1, io2, or gp3." }, "RootVolumeName": { "type": "string", "description": "The device name of the root volume (/dev/xvda or /dev/sda1).", "enum": [ "/dev/xvda", "/dev/sda1" ], "default": "/dev/xvda" }, "RootVolumeSize": { "type": "integer", "description": "The size of the root volume for the instance in GiB.", "minimum": 8, "maximum": 16000 }, "RootVolumeThroughput": { "type": "integer", "description": "The throughput in MiB/s to provision for the root volume if the volume type is gp3.", "minimum": 125, "maximum": 1000 }, "RootVolumeType": { "type": "string", "description": "The type of the root volume for the instance. The default is gp3.", "enum": [ "standard", "io1", "io2", "gp2", "gp3" ], "default": "gp3" }, "InstanceType": { "type": "string", "description": "The instance type for the Auto Scaling group to use when creating new EC2 instances.", "default": "m4.large" }, "MaxBatchSize": { "type": "integer", "description": "The maximum number of Auto Scaling group instances that AWS CloudFormation updates at a time.", "default": 1 }, "MaxInstances": { "type": "string", "description": "The maximum number of instances you want in the Auto Scaling group at any time.", "default": "2" }, "MinInstances": { "type": "string", "description": "The minimum number of instances you want in the Auto Scaling group at any time.", "default": "2" }, "MinInstancesInService": { "type": "integer", "description": "The minimum number of instances that you want in service within the Auto Scaling group while AWS CloudFormation updates old instances.", "default": 1 }, "ScaleDownPolicyCooldown": { "type": "string", "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "default": "300" }, "ScaleDownPolicyEvaluationPeriods": { "type": "string", "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "default": "4" }, "ScaleDownPolicyPeriod": { "type": "string", "description": "The time over which the specified ScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "default": "60" }, "ScaleDownPolicyScalingAdjustment": { "type": "string", "description": "The number of instances by which to scale down.", "default": "-1" }, "ScaleDownPolicyStatistic": { "type": "string", "description": "The statistic to apply to the scaling down alarm's associated metric (ScaleMetricName).", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ScaleDownPolicyThreshold": { "type": "string", "description": "The value against which the specified ScaleDownPolicyStatistic is compared.", "default": "35" }, "ScaleMetricName": { "type": "string", "description": "The metric to use in a scaling event.", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ScaleUpPolicyCooldown": { "type": "string", "description": "The number of seconds after a scale-up activity is completed before any further scaling activities can start.", "default": "60" }, "ScaleUpPolicyEvaluationPeriods": { "type": "string", "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "default": "2" }, "ScaleUpPolicyPeriod": { "type": "string", "description": "The time over which ScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "default": "60" }, "ScaleUpPolicyScalingAdjustment": { "type": "string", "description": "The number of instances by which to scale up.", "default": "2" }, "ScaleUpPolicyStatistic": { "type": "string", "description": "The statistic to apply to the scaling up alarm's associated metric (ScaleMetricName).", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ScaleUpPolicyThreshold": { "type": "string", "description": "The value against which the specified ScaleUpPolicyStatistic is compared.", "default": "75" }, "SubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-([a-z0-9]{17}|[a-z0-9]{8})$" }, "uniqueItems": true }, "UserData": { "type": "array", "description": "A comma-delimited list where each element is a line of script to be run on boot.", "items": { "type": "string" }, "uniqueItems": true } }, "metadata": { "ui:order": [ "AmiId", "InstanceType", "RootVolumeIops", "RootVolumeName", "RootVolumeSize", "RootVolumeThroughput", "RootVolumeType", "EBSOptimized", "MaxInstances", "MinInstances", "IAMInstanceProfile", "SubnetIds", "UserData", "MaxBatchSize", "MinInstancesInService", "HealthCheckType", "HealthCheckGracePeriod", "DetailedMonitoring", "Cooldown", "ScaleMetricName", "ScaleUpPolicyCooldown", "ScaleUpPolicyEvaluationPeriods", "ScaleUpPolicyPeriod", "ScaleUpPolicyScalingAdjustment", "ScaleUpPolicyStatistic", "ScaleUpPolicyThreshold", "ScaleDownPolicyCooldown", "ScaleDownPolicyEvaluationPeriods", "ScaleDownPolicyPeriod", "ScaleDownPolicyScalingAdjustment", "ScaleDownPolicyStatistic", "ScaleDownPolicyThreshold" ] }, "required": [ "AmiId", "SubnetIds" ], "additionalProperties": false }, "LoadBalancer": { "type": "object", "properties": { "Name": { "type": "string", "description": "A friendly name for the load balancer.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,31}$|^$" }, "Public": { "type": "string", "description": "True if the load balancer endpoint is public, false if it is private.", "enum": [ "true", "false" ], "default": "false" }, "SecurityGroups": { "type": "string", "description": "A list of security groups to associate with the load balancer.", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "SubnetIds": { "type": "array", "description": "A list of subnet IDs that the Elastic Load Balancing creates load balancer nodes in. For an Internet-facing load balancer provide a public subnet ID, for an internal load balancer we recommend private subnet IDs.", "items": { "type": "string", "pattern": "^subnet-([a-z0-9]{17}|[a-z0-9]{8})$" }, "uniqueItems": true }, "AccessLogInterval": { "type": "string", "description": "The time interval, in minutes, to upload the load balancer access log to the specified S3 bucket. Defaults to 60 Minutes.", "enum": [ "5", "60" ], "default": "60" }, "ConnectionDrainingTimeout": { "type": "integer", "description": "The maximum time, in seconds, to keep the existing connections open before deregistering the instances.", "default": 60, "minimum": 1, "maximum": 3600 }, "IdleTimeout": { "type": "integer", "description": "The time, in seconds, that a connection to the load balancer can remain idle (no data is sent over the connection). After the specified time, the load balancer closes the connection.", "default": 60, "minimum": 1, "maximum": 3600 }, "CrossZone": { "type": "string", "description": "True to enable cross-zone load balancing (the load balancer nodes route traffic to the back-end instances across all Availability Zones), false to disable. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the healthy state after it was moved to unhealthy.", "pattern": "^[1-9]{1}[0-9]{0,1}$", "default": "2" }, "HealthCheckInterval": { "type": "string", "description": "How often, in seconds, that health checks are run on an individual load balancer node.", "pattern": "^[1-9]{1}[0-9]{0,3}$", "default": "10" }, "HealthCheckTarget": { "type": "string", "description": "The protocol, port, and path of the instance to check. The protocol can be TCP, HTTP, HTTPS, or SSL and valid ports are 1 through 65535. For TCP/SSL no path is required. For HTTP/HTTPS, you must include a ping path in the string. For example, HTTP:80/weather/us/wa/seattle.", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][\\w./-]*$|^(SSL|TCP):[0-9]{1,5}$", "default": "TCP:80" }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, during which no response means a failed health probe. This value must be less than the value for Interval.", "pattern": "^[1-9]{1}[0-9]{0,3}$", "default": "5" }, "HealthCheckUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the unhealthy state.", "pattern": "^[1-9]{1}[0-9]{0,2}$", "default": "10" }, "LBCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie should be considered stale. If this parameter isn't specified, the sticky session will last for the duration of the browser session.", "pattern": "^[0-9]+$|^$" }, "LBCookieStickinessPolicyName": { "type": "string", "description": "A name for the load balancer cookie stickiness policy. The name must be unique within the set of policies for this load balancer. To associate with a listener, specify the name under PolicyNames in the respective listener configuration.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "AppCookieName": { "type": "string", "description": "A name for the application cookie used for stickiness.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "AppCookiePolicyName": { "type": "string", "description": "A name for the application cookie stickiness policy. The name must be unique within the set of policies for this load balancer. To associate with a listener, specify the name under PolicyNames in the respective listener configuration.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" } }, "metadata": { "ui:order": [ "Name", "Public", "SecurityGroups", "SubnetIds", "CrossZone", "IdleTimeout", "AccessLogInterval", "ConnectionDrainingTimeout", "HealthCheckHealthyThreshold", "HealthCheckInterval", "HealthCheckTarget", "HealthCheckTimeout", "HealthCheckUnhealthyThreshold", "LBCookieExpirationPeriod", "LBCookieStickinessPolicyName", "AppCookieName", "AppCookiePolicyName" ] }, "required": [ "SecurityGroups", "SubnetIds" ], "additionalProperties": false }, "Listener1": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ], "default": "HTTP" }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "SSLCertificateId" ] }, "required": [ "Port", "Protocol", "InstancePort" ], "additionalProperties": false }, "Listener2": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "SSLCertificateId" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Tags", "AutoScaling", "LoadBalancer", "Listener1", "Listener2" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "AutoScaling", "LoadBalancer", "Listener1" ], "additionalProperties": false }