Change Type Schemas - AMS Advanced Change Type Reference
ct-00tlkda4242x7ct-00zr0b0ozlcn3ct-0176f0n99vcpsct-01zl37gmuk4q2ct-02ocqy2i0jx3tct-02u0hoaa9gratct-03ms1d7xrck8wct-03t7kvuwx6rgrct-03ytgoevfebjrct-042luqo63j4mxct-046aizcwg5idfct-04gzyy008v1bgct-059ewa92tc2i1ct-05muqzievnxk5ct-05yb337abq3x5ct-063qsm82cfxu6ct-06bwg93ukgg8tct-06mjngx5flwtoct-07jzw8bzd2on7ct-08avsj2e9mc7gct-09qbhy7kvtxqwct-09t6q7j9v5hrnct-0ah3gwb9seqk2ct-0aqx5t0pgfzbgct-0ary07xiajwx4ct-0attesnjqy2cxct-0bpxsrtu16igpct-0c38gftq56zj6ct-0cupn1txog5tkct-0cyqd7laxyhlmct-0el2j07llrxs7ct-0erkoad6uyvvgct-0ffvihqwjvqj1ct-0fpjlxa808sh2ct-0fqo03yizfnw6ct-0g690ekkyfm79ct-0h3p576mj4rqmct-0hahohe17csncct-0hi7z7tyikjf6ct-0hu3q3957aghjct-0idxb0xsg1ui6ct-0ikpop8zqhkxgct-0ixp4ch2tiu04ct-0jb01cofkhwk1ct-0k4b96aatyqglct-0kbey7hb00atpct-0loed9dzig1zect-0lqruajvhwsbkct-0ltm873rsebx9ct-0mss4i7neuj7fct-0pgvtw5rpcsb6ct-0q0bic0ywqk6cct-0q43l40hxrzumct-0qbikxr9okwvyct-0rmgrnr9w8mzhct-0tmpmp1wpgkr9ct-0tpbr6lfa3zngct-0ttx8eh3ice91ct-0vdiy51oyrhhmct-0vevjppj9eta4ct-0vzsr2nyraedlct-0wglhholzo0uwct-0wspy4o646g9pct-0x6dylrnfjgz5ct-0xdawir96cy7kct-0xi6q7uwuwrqect-0xqwmtn1hfh8uct-0ywnhc8e5k9z5ct-0zko7t3rk2efbct-1078jhyxq32dpct-111fhplhx9axect-111r1yayblnw4ct-117rmp64d5mvbct-128svy9nn2yj8ct-12amsdz909cfhct-12lyw7otiyr6fct-12w49boaiwtzpct-13lk0noacn6uact-13swbwdxg106zct-13xvbj5pqg253ct-14027q0sjyt1hct-1404e21baa2oxct-14v49adibs4dbct-14yjom3kvpinuct-15mazjj88xc69ct-16pknsfa8lul7ct-16xg8qguovg2wct-1706xvvk6j9hfct-17cj84y7632o6ct-17vnu10suy631ct-17w6f6kzf6w51ct-1895yr1p87noqct-18fzkt86jmw1sct-18r16ldqil6w9ct-1962s5oczal9zct-1976sir132k22ct-199h35t7uz6jlct-19f40lfm5umy8ct-19fdy7np55xiuct-19jq3ulr3g9zgct-1a1zzgi2nb83dct-1a68ck03fn98rct-1aqsjf86w6vxgct-1ax768xtu8c9qct-1ay83wy4vxa3kct-1b8fudnqq7m8rct-1c0jrxd3su5oect-1d2fml15b9ethct-1d55pi44ff21uct-1d84keiri1jhgct-1dmlg9g1l91h6ct-1e0xmuy1diafqct-1e1xtak34nx76ct-1eft8s6vdhz0wct-1eiczxw8ihc18ct-1erytvmumckoact-1ezarc5xph3tqct-1f9hi4bephqa9ct-1fzddqrr20c2ict-1g6x4ev0hnvfnct-1gi93jhvj28egct-1h1tuxn2oxrtfct-1h5xgl9cr4bzyct-1hzofpphabs3ict-1i20abktsm05vct-1icghmq38rnsnct-1icrtx8ydvdwect-1j3503fres5a5ct-1k3oui719dcjuct-1ksyoxreh35tuct-1malj7snzxrkrct-1n323w7eu27u9ct-1n9gfnog5x7flct-1o1x2itfd6rk8ct-1opjmhuddw194ct-1oxx2g2d7hc90ct-1pvlhug439gl2ct-1pybwg08h8qszct-1q8q56cmwqj9mct-1r19m51jeijlkct-1r1vbr8ahr156ct-1taxucdyi84iyct-1urj94c3hdfu5ct-1v9g9n30woc8hct-1vbv99ko7bsrqct-1vd3y4ygbqmfkct-1vjbacfr4ufdvct-1vq0f289r36ayct-1w8z66n899dctct-1wle0ai4en6kmct-1x66wvkjw2zp5ct-1yq7hhqse71ygct-1yqy4frl5s8y8ct-1zdasmc2ewzrsct-2019s9y3nfml4ct-2052miu12d8fnct-20san5sgtwd9ect-211l2gxvsrrhyct-220bdb8blaixfct-22cbvc1yujhecct-24pi85mjtza8kct-257p9zjk14ijact-25v6r7t8gvkq5ct-26vhhlj9jmlpfct-2781aqd6f6svsct-27apldkhqr0olct-27jjy5wnrfef2ct-27tuth19k52b4ct-281dpwh9tqnanct-281et7bs9ep4sct-2aaaqid7asjy6ct-2b9q8339bj2sact-2bxelbn765ivect-2c7ve50jost1vct-2d55p1d7z6w3dct-2dphvdy1krpj6ct-2edc3sd1sqmrbct-2eof6j3mlcwhfct-2epp05svrlwodct-2fqmbyud166z9ct-2fzh1wckpl7f5ct-2gd0u847qd9d2ct-2ha68tpd7nr3yct-2hh93eyzmwbkdct-2hhqzgxvkcig8ct-2hhud2lx01tq7ct-2hxcllf1b4ey0ct-2hyozbpa0sx0mct-2j7q1hgf26x5cct-2jndrh7uit8ufct-2jvzjwunghrhyct-2lt0jeydeumpect-2mf36chtp1ejhct-2murl5xzbxoxfct-2ni31oyto1i5kct-2nyeguspp2g1lct-2oxl37nphsrjzct-2p93tyd5angmict-2paw0y79kvr3lct-2pbqoffhclpekct-2pfarpvczsstrct-2pkdckieh62psct-2ptn20pq7ur3xct-2pxyajek47am2ct-2q5azjd8p1ag5ct-2qhl8j1pjnbgnct-2qjqju7h67s7wct-2qldv4h9osmauct-2r2bffv9u6q4mct-2rfzmkm6ugighct-2rnjx5yd6jgptct-2svg4k2fqi4akct-2syhk4sr7cvywct-2taqdgegqthjrct-2tqi3kjcusen4ct-2tylseo8rxfscct-2u5rcyv5h34znct-2uimt36z7j6vnct-2utx36abv83pvct-2uw99b8hpncnuct-2uzbqr7x7mekdct-2v82sp4np40kict-2w3rbmnny1qpoct-2wlfo2jxj2rkjct-2wllq61djysxzct-2wrvu4kca9xkyct-2x14cv67uym46ct-2xd2anlb5hbzoct-2y6q4vco4miypct-2yja7ihh30plyct-2z60dyvto9g6cct-2zebb2czoxpjdct-2zqwr34epwzx1ct-2zxya20wmf5bfct-3047c34zuvswhct-309eozh6lpkr8ct-30bfiwxjku1nuct-30ecvfi3tq4k3ct-30j78u6li9aqrct-31eb7rrxb7qjuct-31eyj2hlvqjwuct-33ste5yc7hprsct-34alumbtv2b9pct-34jldf2qihaicct-34sxfo53yuzahct-35p977vul06dfct-361tlo1k7339xct-361vpyun9a9ddct-369odosk0pd9wct-36cn2avfrrj9vct-36emj2uapfbu8ct-36jq7gvwyty8hct-36x3u7v2oklwdct-36zubwzxp44a4ct-379uwo67vbvngct-37bq2l9c8fzxvct-37kcp2v1mriu6ct-37qquo9wbpa8xct-37vqa0oggka3qct-38s4s4tm4ic4uct-38xcr0q86k9lhct-3929xwf222jrict-393q3yaq9ewlmct-39c5qiasbe4hect-3cp96z7r065e4ct-3cx7we852p3afct-3d0lrfb8eckuuct-3dfnglm4ombbsct-3dfubbpesm2v9ct-3dgbnh6gpst4dct-3dpd8mdd9jn1rct-3dscwaeyi6cupct-3e3h8u0sp5z80ct-3e3prksxmdhw8ct-3ebotglihggsect-3eutt7grkict4ct-3fi2cx8b83iuact-3g6fq83nxg1a7ct-3g9dbtun44malct-3gf8dolbo8x9pct-3gg0id58rn82hct-3gjfayulf5hhsct-3glr80c15rp7zct-3hox8uwjgze1fct-3j2zstluz6dxqct-3jo8yccbin4itct-3jrqmeq7j0wkect-3jx80fquylzhfct-3kh1wiizlne1ict-3kinq0u4l33zfct-3l14e139i5p50ct-3lkbpansfv69kct-3ll9hnadql9s1ct-3memthlcmvc1bct-3mlsibqhugrf1ct-3mvvt2zkyveqjct-3nba0wtdugnanct-3nmhh0qr338q6ct-3oafsdbzjtuqpct-3ovo7px2vsa6nct-3oy53m1qzl2s5ct-3pc215bnwb6p7ct-3pwbixz27n3tnct-3qe6io8t6jtnyct-3r2ckznmt0a59ct-3rcl9u1k017wuct-3rd4781c2nnhpct-3rk1nl1ufn5g3ct-3rqqu43krekbyct-3s3ik03uzw19tct-3sk74t8igor0sct-3skaisgnq0pf8ct-3t4lifos8tu58ct-3u61cd4edns0xct-3u9yd8jznb2zdct-3vfxkiudtovm9ct-3w4lxdl3pqxob

Change Type Schemas

Change type schemas specify the execution input parameters for a change type.

Schema for Change Type ct-00tlkda4242x7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create CodeDeploy deployment group for EC2 instance as target.", "description": "Create an AWS CodeDeploy application deployment group specifically for an EC2 instance as target. Tags you create in the EC2 instances, and specify here (EC2FilterTag1, 2, and 3), mark the instances as targets for the deployment group. A name for the deployment group is automatically generated.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-n3hsoirgqeqqdbpk2", "type": "string", "enum": [ "stm-n3hsoirgqeqqdbpk2" ], "default": "stm-n3hsoirgqeqqdbpk2" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "ApplicationName": { "type": "string", "description": "The name of an existing AWS CodeDeploy application within your AMS account.", "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "DeploymentConfigName": { "type": "string", "description": "The configuration for deployment operations. To deploy as many instances as possible at once, use CodeDeployDefault.AllAtOnce. To deploy half of the instances at a time, use CodeDeployDefaultHalfAtATime. To deploy only one instance at a time, use CodeDeployDefault.OneAtATime.", "enum": [ "CodeDeployDefault.AllAtOnce", "CodeDeployDefault.HalfAtATime", "CodeDeployDefault.OneAtATime" ], "default": "CodeDeployDefault.OneAtATime" }, "AutoRollbackEnabled": { "type": "string", "description": "True to enable an automatic rollback of a deployment if it fails; if that happens, CodeDeploy redeploys the last known good revision as a new deployment. False to not enable the automatic rollback.", "enum": [ "True", "False" ], "default": "False" }, "EC2FilterTag": { "type": "string", "description": "Key=Value pair tag for CodeDeploy to filter EC2 instances; for example Name=Application01. The specified tag is used to identify instances as targets for the deployment group.", "pattern": "^([a-zA-Z0-9\\s_.=+/-]{0,127})=([a-zA-Z0-9\\s_.=+/-]{0,255})$" }, "EC2FilterTag2": { "type": "string", "description": "Second Key=Value pair tag for CodeDeploy to filter EC2 instances; for example Environment=Test01. The specified tag is used to identify instances as targets for the deployment group.", "pattern": "^([a-zA-Z0-9\\s_.=+/-]{0,127})=([a-zA-Z0-9\\s_.=+/-]{0,255})$|^$", "default": "" }, "EC2FilterTag3": { "type": "string", "description": "Third Key=Value pair tag for CodeDeploy to filter EC2 instances; for example Version=Latest. The specified tag is used to identify instances as targets for the deployment group.", "pattern": "^([a-zA-Z0-9\\s_.=+/-]{0,127})=([a-zA-Z0-9\\s_.=+/-]{0,255})$|^$", "default": "" }, "ServiceRoleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of an existing CodeDeploy service role that grants permission to make calls to AWS services on your behalf, in the form arn:aws:iam::ACCOUNT_ID:role/aws-codedeploy-role. If blank arn:aws:iam::ACCOUNT_ID:role/aws-codedeploy-role is used.", "pattern": "^$|^arn:aws:iam::[0-9]{12}:role/[\\w-]+$", "default": "" } }, "metadata": { "ui:order": [ "ApplicationName", "DeploymentConfigName", "AutoRollbackEnabled", "EC2FilterTag", "EC2FilterTag2", "EC2FilterTag3", "ServiceRoleArn" ] }, "required": [ "ApplicationName", "EC2FilterTag" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-00zr0b0ozlcn3

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Receive Replication Replica", "description": "Receive S3 object replicas in the destination bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ReceiveReplicationReplica.", "type": "string", "enum": [ "AWSManagedServices-ReceiveReplicationReplica" ], "default": "AWSManagedServices-ReceiveReplicationReplica" }, "Region": { "description": "The AWS Region in which the destination account is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DestinationBucketName": { "description": "The destination S3 bucket name.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "maxItems": 1 }, "SourceBucketName": { "description": "The source S3 bucket name.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "maxItems": 1 }, "ReplicationRole": { "description": "The ARN of the role that allows S3 to perform the replication on your behalf.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::[0-9]{12}:role/[A-Za-z0-9_\\-/]+$" }, "maxItems": 1 }, "EncryptReplicaKMSKey": { "description": "The KMS key used to encrypt destination objects.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" }, "maxItems": 1 }, "OwnerTranslation": { "description": "True to change replica ownership to the AWS account that owns the destination bucket, false to not change replica ownership. This parameter cannot be left blank.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "false" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DestinationBucketName", "SourceBucketName", "ReplicationRole", "EncryptReplicaKMSKey", "OwnerTranslation" ] }, "additionalProperties": false, "required": [ "DestinationBucketName", "SourceBucketName", "ReplicationRole" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0176f0n99vcps

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Resource Tags (Review Required)", "description": "Add tags to existing, supported resources except those in AMS infrastructure stacks (stacks named mc-*). Tags simplify categorization, identification and targeting AWS resources. For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use the automated CT ct-3cx7we852p3af.", "type": "object", "properties": { "Resources": { "description": "Parameters for up to fifty resources that you want to tag.", "type": "array", "items": { "type": "object", "properties": { "ResourceArn": { "description": "The ARN or the resource ID of the resource to be tagged. Resource ID is allowed only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. All other resource types must be provided with the full ARN.", "type": "string", "pattern": "^arn:aws:(|[a-z][a-z0-9-]+):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):([^,\\s]+)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "ResourceArn", "AddOrUpdateTags" ] }, "required": [ "ResourceArn", "AddOrUpdateTags" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Resources", "Priority" ] }, "required": [ "Resources" ] }

Schema for Change Type ct-01zl37gmuk4q2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete SAML Identity Provider", "description": "Delete a SAML identity provider (IdP). The given IdP must not be referenced in any IAM role and must not be the only IdP in the account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleDeleteSamlProvider-Admin", "type": "string", "enum": [ "AWSManagedServices-HandleDeleteSamlProvider-Admin" ], "default": "AWSManagedServices-HandleDeleteSamlProvider-Admin" }, "Region": { "description": "The AWS Region of the account, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Name": { "description": "The name of the SAML IdP.", "type": "array", "items": { "type": "string", "pattern": "^[\\w._-]{1,128}$" }, "minItems": 1, "maxItems": 1 }, "MetadataBackup": { "description": "True for a backup of the SAML provider metadata to be taken before deleting, False for no backup to be taken. Default is True.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Name", "MetadataBackup" ] }, "required": [ "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-02ocqy2i0jx3t

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start Aurora DB Cluster", "description": "Start an Aurora DB cluster, which is a provisioned capacity type and does not have cross-region read replicas. The cluster must be in the 'stopped' state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartDBCluster.", "type": "string", "enum": [ "AWSManagedServices-StartDBCluster" ], "default": "AWSManagedServices-StartDBCluster" }, "Region": { "description": "The AWS Region where the cluster is.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "DBClusterIdentifier": { "description": "The unique RDS DB cluster identifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$" } }, "metadata": { "ui:order": [ "DBClusterIdentifier" ] }, "additionalProperties": false, "required": [ "DBClusterIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-02u0hoaa9grat

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reboot stack", "description": "Use to reboot all running EC2 and RDS DB instances in the specified stack.", "additionalProperties": false, "type": "object", "properties": { "StackId": { "pattern": "^stack-[a-z0-9]{17}$", "description": "The ID of the stack to reboot, in the form stack-a1b2c3d4e5f67890e. All running EC2 and RDS DB instances in the stack are rebooted.", "type": "string" } }, "required": [ "StackId" ] }

Schema for Change Type ct-03ms1d7xrck8w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Termination Protection", "description": "Update existing defined termination protection for EC2 instances.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ManageResourceTerminationProtection.", "type": "string", "enum": [ "AWSManagedServices-ManageResourceTerminationProtection" ], "default": "AWSManagedServices-ManageResourceTerminationProtection" }, "Region": { "description": "The AWS Region in which the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ResourceId": { "description": "EC2 instance ID.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "maxItems": 1 }, "TerminationProtectionDesiredState": { "description": "Enabled to protect your instance against elimination. Disabled to allow your instance to be eliminated.", "type": "array", "items": { "type": "string", "enum": [ "enabled", "disabled" ] }, "maxItems": 1 } }, "metadata": { "ui:order": [ "ResourceId", "TerminationProtectionDesiredState" ] }, "additionalProperties": false, "required": [ "ResourceId", "TerminationProtectionDesiredState" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-03t7kvuwx6rgr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start EC2 Instances", "description": "Start up to 50 stopped EC2 instances.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartInstances.", "type": "string", "enum": [ "AWSManagedServices-StartInstances" ], "default": "AWSManagedServices-StartInstances" }, "Region": { "description": "The AWS Region where the instances are, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceIds": { "description": "A list of up to 50 EC2 instance IDs, in the form i-1234567890abcdef0 or i-b188560f.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "InstanceIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-03ytgoevfebjr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Cluster Permissions", "description": "Grants full control to the Cluster object on the Listener object to bring the SQL Server Listener object online. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateClusterDNSPermission-Admin.", "type": "string", "enum": [ "AWSManagedServices-UpdateClusterDNSPermission-Admin" ], "default": "AWSManagedServices-UpdateClusterDNSPermission-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ClusterName": { "description": "The name of the Cluster record in DNS.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\-]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "ClusterNodeComputerName": { "description": "The name of the Cluster object that is granted permissions to the Cluster DNS record.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\-]{1,15}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ClusterName", "ClusterNodeComputerName" ] }, "additionalProperties": false, "required": [ "ClusterName", "ClusterNodeComputerName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-042luqo63j4mx

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Resource Scheduler Period", "description": "Delete an existing period used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteScheduleOrPeriod.", "type": "string", "enum": [ "AWSManagedServices-DeleteScheduleOrPeriod" ], "default": "AWSManagedServices-DeleteScheduleOrPeriod" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ConfigurationType": { "description": "Specify the value: period. This explicitly requests that the Resource Scheduler period be deleted. The option cannot be left blank; it must be period.", "type": "array", "items": { "type": "string", "enum": [ "period" ], "default": "period" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "The name of the period to delete.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,64}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "ConfigurationType", "Name" ] }, "required": [ "ConfigurationType", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-046aizcwg5idf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy AMI", "description": "Copy an Amazon Machine Image (AMI) in your AMS account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyAMI.", "type": "string", "enum": [ "AWSManagedServices-CopyAMI" ], "default": "AWSManagedServices-CopyAMI" }, "Region": { "description": "The AWS Region to copy the AMI to, in the form us-east-1. This must be the account's default AWS Region.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "Name": { "description": "A name for the new AMI.", "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9\\-\\/\\(\\)_.\\ ]{3,128}$" }, "minItems": 1, "maxItems": 1 }, "SourceImageId": { "description": "The ID of the AMI to copy.", "type": "array", "items": { "type": "string", "pattern": "^ami-[a-f0-9]{8}$|^ami-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "SourceRegion": { "description": "The ID of the AWS Region that contains the source AMI, in the form us-east-1.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "minItems": 1, "maxItems": 1 }, "Encrypted": { "description": "True to encrypt the snapshot of the destination AMI. The default customer master key (CMK) for Amazon Elastic Block Store (EBS) is used unless you specify a non-default AWS Key Management Service (KMS) CMK using the KmsKeyId parameter. False to not encrypt the snapshot. Default is False.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "The KMS key to encrypt the snapshot of the destination AMI. Specify the KMS Key ARN or the KMS key identifier. If left blank and the snapshot of the source AMI is encrypted, the snapshot of the target AMI is encrypted using the default EBS KMS key.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "Name", "SourceImageId", "SourceRegion", "Encrypted", "KmsKeyId" ] }, "additionalProperties": false, "required": [ "Name", "SourceImageId", "SourceRegion" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-04gzyy008v1bg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete KMS Alias", "description": "Delete an alias of an AWS Key Management Service (KMS) customer master key (CMK).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteKMSAlias.", "type": "string", "enum": [ "AWSManagedServices-DeleteKMSAlias" ], "default": "AWSManagedServices-DeleteKMSAlias" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AliasName": { "description": "Name of the alias to be deleted. Do not specify the prefix alias/, it will be added during the execution.", "type": "array", "items": { "type": "string", "pattern": "^(?!alias/)(?!aws/)[a-zA-Z0-9/_-]{1,250}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "AliasName" ] }, "required": [ "AliasName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-059ewa92tc2i1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Archive EBS Snapshots", "description": "Archive Elastic Block Store (EBS) snapshots. The maximum number of EBS snapshots that can be archived concurrently depends on the 'In-progress snapshot archives per account' AWS Service Quota. Snapshots that are in the 'completed' state, storage tier is 'standard', or belonging to the current owner account, can be archived. Snapshots created by the AWS Backup service, used by AMIs, or shared with other accounts, cannot be archived. If you specify snapshots that are invalid, or the archival in-progress quota limit is reached, the RFC fails.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ArchiveEBSSnapshots.", "type": "string", "enum": [ "AWSManagedServices-ArchiveEBSSnapshots" ], "default": "AWSManagedServices-ArchiveEBSSnapshots" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SnapshotIds": { "description": "A comma-separated list of the EBS snapshots to archive. The maximum number of in-progress snapshot archives per account can be checked through the AWS Service Quotas console (search: In-progress snapshot archives per account).", "type": "array", "items": { "type": "string", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 100 } }, "metadata": { "ui:order": [ "SnapshotIds" ] }, "additionalProperties": false, "required": [ "SnapshotIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-05muqzievnxk5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS target endpoint for S3", "description": "Use to create a Database Migration Service (DMS) target endpoint for S3.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-knghtmmgefafdq89u", "type": "string", "enum": [ "stm-knghtmmgefafdq89u" ], "default": "stm-knghtmmgefafdq89u" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "EndpointIdentifier": { "type": "string", "description": "The identifier to be used for the target endpoint. This is a label for the endpoint to help you identify it. It must be unique for all endpoints owned by your AWS account in the current region. It must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "EngineName": { "type": "string", "description": "Must be S3.", "enum": [ "s3" ], "default": "s3" }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. For example, to specify a maximum file size of 512 KB of any CSV file created while migrating to S3 specify maxFileSize=512. See 'Targets for Data Migration' in AWS DMS documentation.", "default": "" }, "S3BucketFolder": { "type": "string", "description": "The folder name in the S3 bucket. If provided, tables are created in the path <bucketFolder>/<schema_name>/<table_name>/ instead of <schema_name>/<table_name>/ within the bucket.", "default": "" }, "S3BucketName": { "type": "string", "description": "The name of the S3 bucket for the target endpoint. Must be in the same region as the DMS replication instance you are using to migrate data." }, "S3CompressionType": { "type": "string", "description": "If, and how, target files should be compressed. Use GZIP to compress the target files in the target endpoint. Use NONE for no file compression.", "enum": [ "GZIP", "NONE" ], "default": "NONE" }, "S3CsvDelimiter": { "type": "string", "description": "The delimiter used to separate columns in the target files. Leave blank to use the default comma (,) delimiter.", "default": "" }, "S3CsvRowDelimiter": { "type": "string", "description": "The delimiter used to separate rows in the source files. Leave blank to use the default carriage return (\\n) delimiter.", "default": "" }, "S3ServiceAccessRoleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the service access IAM role.", "pattern": "^$|^arn:aws:iam::[0-9]{12}:role/[\\w-]+$" } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ExtraConnectionAttributes", "S3BucketFolder", "S3BucketName", "S3CompressionType", "S3CsvDelimiter", "S3CsvRowDelimiter", "S3ServiceAccessRoleArn" ] }, "required": [ "EngineName", "S3BucketName", "S3ServiceAccessRoleArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-05yb337abq3x5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share KMS Key", "description": "Allow cross-account access to a KMS key by adding a statement to the key policy with encrypt and decrypt permissions.", "type": "object", "properties": { "KMSKeyArn": { "description": "The Amazon Resource Name (ARN) of the KMS key, in the form arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.", "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" }, "TargetAccountId": { "description": "The ID of the AWS account that you want to share the KMS key with.", "type": "string", "pattern": "^[0-9]{12}$" }, "IncludeKeyGrantPermissions": { "description": "Add permissions for managing grants of the KMS key. These are required for performing tasks such as copying an encrypted AMI or snapshot.", "type": "boolean", "default": false }, "IAMUserOrRoleARN": { "description": "The ARN of an IAM Role or User in the target account to grant permission to. If no value is provided, the root principal of the target account is used.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:(role|user)/[A-Za-z0-9_-]+$|^$", "default": "" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "KMSKeyArn", "IncludeKeyGrantPermissions", "TargetAccountId", "IAMUserOrRoleARN", "Priority" ] }, "required": [ "KMSKeyArn", "TargetAccountId" ] }

Schema for Change Type ct-063qsm82cfxu6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EBS From Backup", "description": "Create an AWS Elastic Block Store (EBS) stack from backup.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobEBS.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobEBS" ], "default": "AWSManagedServices-StartRestoreJobEBS" }, "Region": { "description": "The AWS Region in which the EBS snapshot is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "AvailabilityZone": { "description": "The Availability Zone in which to restore the EBS snapshot, in the form us-east-1a.", "type": "array", "items": { "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-[0-9]{1}[a-z]{1})$" }, "maxItems": 1 }, "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "IOPS": { "description": "The requested number of I/O operations per second that the new EBS volume can support if VolumeType is io1, io2 or gp3. This value is ignored for other volume types. If VolumeType is gp3, then the IOPS should be between 3000 and 16000, else it should be between 100 and 64000. The IOPS must respect the max ratio of 50 IOPS per GiB.", "type": "array", "items": { "type": "string", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "maxItems": 1 }, "Throughput": { "description": "The Throughput to use for the restored volume if VolumeType is gp3. If VolumeType is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000.", "type": "array", "items": { "type": "string", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "maxItems": 1 }, "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the recovery point to restore.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "VolumeSize": { "description": "The size of the volume, in GiBs. The volume size must be equal to or larger than the snapshot size. If not specified, the default will be the snapshot size. Valid values are between 1 and 16384.", "type": "array", "items": { "type": "string", "pattern": "^([1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|1[0-5][0-9]{3}|16[0-2][0-9]{2}|163[0-7][0-9]|1638[0-4])$" }, "maxItems": 1 }, "VolumeType": { "description": "The volume type for the restored volume. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed. If not specified gp3 will be used as default.", "type": "array", "items": { "type": "string", "default": "gp3", "pattern": "^(standard|io1|io2|gp2|gp3|sc1|st1)$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "AvailabilityZone", "BackupVaultName", "IOPS", "Throughput", "RecoveryPointArn", "VolumeSize", "VolumeType" ] }, "additionalProperties": false, "required": [ "AvailabilityZone", "BackupVaultName", "RecoveryPointArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-06bwg93ukgg8t

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Static Route", "description": "Create a static route on your route table inside a VPC.", "type": "object", "properties": { "RouteTableId": { "description": "The ID of the route table for the route, in the form of rtb-01234567890abcdef.", "type": "string", "pattern": "^rtb-[a-z0-9]{8,17}$" }, "Destination": { "description": "The IPv4 CIDR address block in the form 192.168.10.0/24 or the ID of a prefix list in the form pl-01234567890abcdef used for the destination match.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/(3[0-2]|[1-2][0-9]|[0-9]))$|^pl-[a-z0-9]{8,17}$" }, "RouteTableTarget": { "description": "The ID of the resource that will serve as the route table target. You must specify one of the following targets: internet gateway or virtual private gateway, NAT gateway or VPC peering connection.", "type": "string", "pattern": "^(vgw|igw|nat|tgw|pcx)-[a-z0-9]{8,17}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "RouteTableId", "Destination", "RouteTableTarget", "Priority" ] }, "required": [ "RouteTableId", "Destination", "RouteTableTarget" ], "additionalProperties": false }

Schema for Change Type ct-06mjngx5flwto

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create high availability two-tier stack", "description": "Creates a stack consisting of an Auto Scaling group, an RDS DB instance, and a load balancer (ELB). Optionally allows for application deployment with CodeDeploy by also creating a CodeDeploy application and deployment group both named the value given for ApplicationName. All resource parameters can be configured.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "default": 360 }, "VpcId": { "description": "The ID of the VPC to create the Auto Scaling group in, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack; this becomes the searchable stack name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to forty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "AutoScalingGroup": { "description": "Specifications for the application tier.", "type": "object", "properties": { "AmiId": { "description": "The AMI ID for the Auto Scaling Group to utilize, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-z0-9]{8}$|^ami-[a-z0-9]{17}$" }, "Cooldown": { "description": "The number of seconds after a scaling activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "DesiredCapacity": { "description": "The number of EC2 instances you want running in the group. This number must be greater than or equal to the MinInstances setting and less than or equal to the MaxInstances setting.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 2 }, "EBSOptimized": { "description": "True to create EBS-optimized instances, false to not. EBS-optimization provides dedicated throughput to Amazon EBS and optimal EBS I/O performance.", "type": "boolean", "default": false }, "HealthCheckGracePeriod": { "description": "The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "type": "integer", "minimum": 600, "maximum": 1800, "default": 1800 }, "IAMInstanceProfile": { "description": "The IAM instance profile for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available.", "type": "string", "default": "customer-mc-ec2-instance-profile" }, "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring.", "type": "boolean", "default": true }, "InstanceRootVolumeIops": { "description": "The Iops to use for the root volume if io1 volume type is specified.", "type": "integer", "minimum": 0, "maximum": 20000, "default": 0 }, "InstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to /dev/xvda for Linux, and /dev/sda for Windows.", "type": "string" }, "InstanceRootVolumeSize": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "integer", "minimum": 8, "maximum": 16000 }, "InstanceRootVolumeType": { "description": "Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads; choose standard for HDD-backed volumes optimized for large streaming workloads.", "type": "string", "enum": [ "standard", "io1", "gp2" ], "default": "standard" }, "InstanceType": { "description": "The instance type for the Auto Scaling group to use when creating new EC2 instances.", "type": "string", "default": "m4.large" }, "MaxInstances": { "description": "The maximum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 2 }, "MinInstances": { "description": "The minimum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 2 }, "ScaleDownPolicyCooldown": { "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ScaleDownPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "type": "integer", "minimum": 2, "default": 4 }, "ScaleDownPolicyPeriod": { "description": "The time over which the specified ScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleDownPolicyScalingAdjustment": { "description": "The number of instances by which to scale down.", "type": "integer", "maximum": 0, "default": -1 }, "ScaleDownPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ScaleDownPolicyThreshold": { "description": "The value against which the specified ASGScaleDownPolicyStatistic is compared.", "type": "number", "default": 35 }, "ScaleMetricName": { "description": "The metric to use in a scaling event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ScaleUpPolicyCooldown": { "description": "The amount of time, in seconds, after a scale-up activity is completed before any further trigger-related scaling activities can start.", "type": "integer", "minimum": 60, "default": 60 }, "ScaleUpPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "type": "integer", "minimum": 2, "default": 2 }, "ScaleUpPolicyPeriod": { "description": "The time over which the specified ScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleUpPolicyScalingAdjustment": { "description": "The number of instances by which to scale up.", "type": "integer", "minimum": 0, "default": 2 }, "ScaleUpPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleMetricName.", "type": "string", "enum": [ "SampleCount", "Average", "Sum", "Minimum", "Maximum" ], "default": "Average" }, "ScaleUpPolicyThreshold": { "description": "The value against which the specified ScaleUpPolicyStatistic is compared.", "type": "number", "default": 75 }, "SubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "UserData": { "description": "A comma-delimited list where each element is a line of script to be run on boot.", "type": "array", "items": { "type": "string" }, "minItems": 1, "default": [ "" ] } }, "additionalProperties": false, "required": [ "AmiId", "SubnetIds" ] }, "LoadBalancer": { "description": "Specifications for the load-balancing tier.", "type": "object", "properties": { "SubnetIds": { "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "HealthCheckInterval": { "description": "The approximate interval, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300, "default": 30 }, "HealthCheckTarget": { "description": "Specifies the instance being checked. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535. For example, HTTP:80/", "type": "string", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][a-zA-Z0-9/_.-]*$|^(SSL|TCP):[0-9]{1,5}$" }, "HealthCheckTimeout": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval.", "type": "number", "minimum": 2, "maximum": 60, "default": 5 }, "Public": { "description": "True if the load balancer endpoint is public, false if it is not. Default is false. Set to true if you choose a public subnet for the load balancer.", "type": "boolean", "default": false }, "AccessCIDRRange": { "default": "0.0.0.0/0", "description": "IPv4 CIDR block that the load balancer can receive traffic from.", "type": "string" } }, "additionalProperties": false, "required": [ "SubnetIds" ] }, "Database": { "description": "Specifications for the RDS DB instance.", "type": "object", "properties": { "AllocatedStorage": { "description": "The amount of storage (in gigabytes) to be initially allocated for the database (DB) instance.", "type": "number", "minimum": 5, "maximum": 6144 }, "BackupRetentionPeriod": { "description": "The number of days for which automatic DB snapshots are retained. Setting this to a positive number enables backups. Setting this to 0 disables automated backups.", "type": "number", "minimum": 0, "maximum": 35, "default": 7 }, "Backups": { "description": "True if the RDS instance should have automatic backups, false if it should not. Default is true.", "type": "boolean", "default": true }, "DBEngine": { "description": "The name of the database engine for the DB instance. Not every database engine is available for every AWS region.", "type": "string", "enum": [ "MySQL", "oracle-se1", "oracle-se", "oracle-ee", "sqlserver-ee", "sqlserver-se", "sqlserver-ex", "sqlserver-web", "postgres" ] }, "DBName": { "default": "main", "description": "A name for the database. The meaning of this parameter differs according to the database engine you use.", "type": "string", "minLength": 1 }, "EngineVersion": { "description": "The version number of the database engine to use.", "type": "string" }, "InstanceType": { "description": "The compute and memory capacity for the DB instance.", "type": "string", "enum": [ "db.m1.medium", "db.m1.large", "db.m1.xlarge", "db.m2.xlarge", "db.m2.2xlarge", "db.m2.4xlarge", "db.m3.medium", "db.m3.large", "db.m3.xlarge", "db.m3.2xlarge", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.t2.micro", "db.t2.small", "db.t2.medium" ], "default": "db.m3.medium" }, "IOPS": { "description": "The provisioned IOPS for RDS storage. Must be a multiple between 3 and 10 of the storage amount for the DB instance. Must also be an integer multiple of 1000. For example, if the size of your DB instance is 500 GB, then your Iops value can be 2000, 3000, 4000, or 5000.", "type": "number", "default": 0 }, "LicenseModel": { "description": "License model information for this DB instance.", "type": "string", "enum": [ "bring-your-own-license", "general-public-license", "license-included", "postgresql-license" ] }, "MasterUsername": { "description": "The username that you will use with the configured MasterUserPassword to log in to your DB instance. Must begin with a letter and contain only alphanumeric characters.", "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9]{1,127}$" }, "MasterUserPassword": { "description": "The password that you will use with the configured MasterUserName to log in to your DB instance. Must contain from 8 to 30 printable ASCII alphanumeric characters (excluding backslash, double quotes, and at sign).", "type": "string", "pattern": "^[!#-.0-?A-~]{8,30}$", "metadata": { "ams:sensitive": true } }, "MultiAZ": { "description": "True to have a standby replica of your DB instance created in another Availability Zone for failover support, false to not have a standby replica. Default is true.", "type": "boolean", "default": true }, "PreferredBackupWindow": { "description": "The daily time range during which automated backups are created if BackupRetentionPeriod is set to a positive number. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the PreferredMaintenanceWindow setting, and must be at least 30 minutes.", "type": "string", "default": "22:00-23:00", "pattern": "^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]-(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$" }, "Port": { "description": "The port number on which the database accepts connections. Defaults vary by DB engine.", "type": "number" }, "PreferredMaintenanceWindow": { "description": "The weekly time range (in UTC) during which system maintenance can occur.", "type": "string", "default": "wed:03:32-wed:04:02", "pattern": "^(mon|tues|wed|thurs|fri|sat|sun):(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]-(mon|tues|wed|thurs|fri|sat|sun):(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$" }, "StorageEncrypted": { "description": "True to enable database encryption, false to not. Default is false.", "type": "boolean", "default": false }, "StorageEncryptionKey": { "description": "The ARN of the custom KMS key to encrypt the database if StorageEncrypted = true. If StorageEncrypted = true and you do not specify a StorageEncryptionKey, RDS uses your default encryption key, which AWS KMS creates. Your AWS account has a different default encryption key for each AWS region.", "type": "string", "default": "" }, "StorageType": { "description": "Storage type for the RDS instance. If you specify io1, you must also include a value for the IOPS parameter.", "type": "string", "enum": [ "standard", "gp2", "io1" ], "default": "gp2" }, "SubnetIds": { "description": "Subnet IDs for the RDS instance, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "maxItems": 20, "uniqueItems": true } }, "additionalProperties": false, "required": [ "DBName", "DBEngine", "EngineVersion", "LicenseModel", "MasterUsername", "MasterUserPassword", "SubnetIds" ] }, "Application": { "description": "Optional parameters for including an application to deploy with CodeDeploy. Given a unique ID if none is provided.", "type": "object", "properties": { "ApplicationName": { "description": "The name of an AWS CodeDeploy application.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" }, "DeploymentConfigName": { "description": "The configuration for deployment operations: as many instances as possible at once, half of the instances at a time, or only one instance at a time.", "type": "string", "enum": [ "CodeDeployDefault.AllAtOnce", "CodeDeployDefault.HalfAtATime", "CodeDeployDefault.OneAtATime" ], "default": "CodeDeployDefault.OneAtATime" } }, "additionalProperties": false }, "EnforceIMDSv2": { "description": "For the instance to be launched with only Instance Metadata Service Version 2 (IMDSv2), use required; if IMDSv2 is not required, use optional. Default is optional.", "type": "string", "default": "optional" } }, "additionalProperties": false, "required": [ "Description", "Name", "LoadBalancer", "AutoScalingGroup", "Database", "VpcId", "TimeoutInMinutes" ] }

Schema for Change Type ct-07jzw8bzd2on7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update GuardDuty IPSet", "description": "Use to update an Amazon GuardDuty IPSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "Activate": { "description": "Specified whether the IPSet is active or not.", "type": "boolean", "default": true }, "DetectorId": { "description": "The detector ID that specifies the GuardDuty service to which you want to update an IPSet. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "IpSet": { "description": "The URI of the file that contains the IPSet.", "minLength": 1, "type": "string" }, "IpSetId": { "description": "The unique ID that specifies the IPSet that you want to update.", "type": "string", "minLength": 1 }, "Name": { "description": "The friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.", "minLength": 1, "type": "string" }, "Region": { "description": "The region containing the GuardDuty detector to use; in the form of us-east-1.", "minLength": 1, "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "IpSetId", "Name", "IpSet", "Activate", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "IpSetId", "Region" ] }

Schema for Change Type ct-08avsj2e9mc7g

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create GuardDuty IPSet", "description": "Use to create an Amazon GuardDuty IPSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "Activate": { "description": "Specified whether the IPSet is active or not.", "type": "boolean", "default": true }, "DetectorId": { "description": "The detector ID that specifies the GuardDuty service to which you want to add an IPSet. Leave this blank to use the only detector in the selected region (this will not succeed if there is more than one detector in the selected region).", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "Format": { "default": "TXT", "description": "The format of the file that contains the IPSet.", "enum": [ "TXT", "STIX", "OTX_CSV", "ALIEN_VAULT", "PROOF_POINT", "FIRE_EYE" ], "type": "string" }, "Name": { "description": "The friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.", "minLength": 1, "type": "string" }, "IpSet": { "description": "The URI of the file that contains the IPSet.", "minLength": 1, "type": "string" }, "Region": { "description": "The region containing the GuardDuty detector to use; in the form of us-east-1.", "minLength": 1, "type": "string" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "Name", "IpSet", "Format", "Activate", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "Name", "IpSet", "Region" ] }

Schema for Change Type ct-09qbhy7kvtxqw

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reboot EC2 instance", "description": "Use to reboot an EC2 instance.", "additionalProperties": false, "type": "object", "properties": { "InstanceId": { "pattern": "^i-[a-zA-Z0-9]{8}$|^i-[a-zA-Z0-9]{17}$", "description": "ID of the instance to reboot, in the form i-12345678901234567 or i-1234567.", "type": "string" } }, "required": [ "InstanceId" ] }

Schema for Change Type ct-09t6q7j9v5hrn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create high availability one-tier stack", "description": "Use to create an Application Load Balancer and an Auto Scaling Group.", "type": "object", "properties": { "DatabaseStackId": { "description": "Stack ID of the database to use, in the form stack-1ab2cd3456789101.", "type": "string", "pattern": "^stack-[0-9a-z]{17}$" }, "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to forty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "default": 360 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "ApplicationLoadBalancer": { "description": "Specifications for the ALB.", "type": "object", "properties": { "HealthCheckHealthyThreshold": { "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 2 }, "HealthCheckIntervalInSeconds": { "description": "The amount of time, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300, "default": 10 }, "HealthCheckTargetPath": { "default": "/", "description": "The ping path destination on the application hosts where the load balancer sends health check requests.", "type": "string" }, "HealthCheckTargetPort": { "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "type": "number", "minimum": 1, "maximum": 65535 }, "HealthCheckTargetProtocol": { "default": "HTTP", "description": "The protocol the load balancer uses when performing health checks on targets.", "type": "string", "enum": [ "HTTP", "HTTPS" ] }, "HealthCheckTimeoutSeconds": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckIntervalInSeconds.", "type": "number", "minimum": 2, "maximum": 60, "default": 5 }, "HealthCheckUnhealthyThreshold": { "description": "The number of consecutive health check failures required to declare an EC2 instance unhealthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 2 }, "InstancePort": { "default": 80, "description": "The TCP port the listener uses to send traffic to the target instance.", "type": "number", "minimum": 1, "maximum": 65535 }, "InstanceProtocol": { "default": "HTTP", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "type": "string", "enum": [ "HTTP", "HTTPS", "TCP" ] }, "LoadBalancerCookieExpirationPeriodInSeconds": { "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "number" }, "LoadBalancerPort": { "default": 80, "description": "The port number for the load balancer to use when routing external incoming traffic.", "type": "number", "minimum": 1, "maximum": 65535 }, "LoadBalancerAccessCIDRRange": { "default": "0.0.0.0/0", "description": "IPv4 CIDR block that the load balancer can receive traffic from.", "type": "string" }, "LoadBalancerProtocol": { "default": "HTTP", "description": "The transport protocol to use for routing front-end connections (client to load balancer).", "type": "string", "enum": [ "HTTP", "HTTPS" ] }, "LoadBalancerSslPolicy": { "default": "ELBSecurityPolicy-2016-08", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Only applies if ALBLoadBalancerProtocol = HTTPS.", "type": "string", "enum": [ "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2015-05", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-Res-2020-10" ] }, "Public": { "description": "True if the load balancer endpoint is public, false if it is not. Default is false.", "type": "boolean", "default": false }, "SSLCertificateId": { "description": "The Amazon Resource Name (ARN) of the SSL certificate to use, in the form arn:aws:acm:us-east-1:ACCOUNT-ID:certificate/12345678-1234-1234-1234-123456789012.", "type": "string" }, "SubnetIds": { "description": "Two or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "uniqueItems": true }, "ValidHTTPCode": { "default": "200", "description": "The HTTP codes that a healthy target application server must use when responding to a health check, such as 200, 202 or 200-399.", "type": "string", "pattern": "^[1-5][0-9]{2}(-[1-5][0-9]{2})?$" } }, "additionalProperties": false, "required": [ "SubnetIds" ] }, "AutoScalingGroup": { "description": "Specifications for the ASG.", "type": "object", "properties": { "AmiId": { "description": "ID of the AMI for the Auto Scaling group to use when creating new instances, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-z0-9]{8}$|^ami-[a-z0-9]{17}$" }, "CooldownInSeconds": { "description": "The number of seconds after a scaling activity is complete before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "DesiredCapacity": { "description": "The number of EC2 instances you want running in the group. This number must be greater than or equal to the MinInstances setting and less than or equal to the MaxInstances setting.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "EBSOptimized": { "description": "True to create EBS-optimized instances, false to not. EBS-optimization provides dedicated throughput to Amazon EBS and optimal EBS I/O performance.", "type": "boolean", "default": false }, "HealthCheckGracePeriodInSeconds": { "description": "The amount of time, in seconds, that Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored.", "type": "integer", "minimum": 600, "maximum": 1800, "default": 1800 }, "HealthCheckType": { "description": "The service to use for the health checks. The ELB Health Check Type includes EC2 instance and system status checks. If ASGHealthCheckType = ELB, ensure that your ASGHealthCheckGracePeriod value is long enough so that your instances are not terminated due to load-balancer health checks failing, before your application has been deployed.", "default": "EC2", "type": "string", "enum": [ "EC2", "ELB" ] }, "IAMInstanceProfile": { "description": "The IAM instance profile for the Auto Scaling group. EC2 instances launched with an IAM role automatically have AWS security credentials available.", "type": "string", "default": "customer-mc-ec2-instance-profile" }, "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instances in the Auto Scaling group, false to use only basic monitoring.", "type": "boolean", "default": true }, "InstanceRootVolumeIops": { "description": "The IOPS to use for the root volume if io1 volume type is specified.", "type": "integer", "minimum": 0, "maximum": 20000, "default": 0 }, "InstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to /dev/xvda for Linux, and /dev/sda for Windows.", "type": "string" }, "InstanceRootVolumeSizeInGiB": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "integer", "minimum": 8, "maximum": 1024 }, "InstanceRootVolumeType": { "description": "Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads; choose standard for HDD-backed volumes optimized for large streaming workloads.", "type": "string", "enum": [ "standard", "io1", "gp2" ], "default": "standard" }, "InstanceType": { "description": "The instance type for the Auto Scaling group to use when creating new EC2 instances.", "type": "string", "default": "m4.large" }, "MaxInstances": { "description": "The maximum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "MinInstances": { "description": "The minimum number of instances you want in the Auto Scaling group at any time.", "type": "integer", "minimum": 1, "maximum": 1000, "default": 1 }, "ScaleMetricName": { "description": "The metric to use to in a scale-down event. Exceeding the metric triggers an alarm.", "type": "string", "enum": [ "CPUCreditUsage", "CPUCreditBalance", "CPUUtilization", "DiskReadOps", "DiskWriteOps", "DiskReadBytes", "DiskWriteBytes", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System" ], "default": "CPUUtilization" }, "ScaleDownPolicyCooldownInSeconds": { "description": "The number of seconds after a scale-down activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ScaleDownPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleMetricName threshold.", "type": "integer", "minimum": 2, "default": 4 }, "ScaleDownPolicyPeriod": { "description": "The time over which the specified ScaleDownPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleDownPolicyScalingAdjustment": { "description": "The number of instances by which to scale down.", "type": "integer", "maximum": 0, "default": -1 }, "ScaleDownPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleDownMetricName.", "type": "string", "enum": [ "Average", "Maximum", "Minimum", "SampleCount", "Sum" ], "default": "Average" }, "ScaleDownPolicyThreshold": { "description": "The value against which the specified ScaleDownPolicyStatistic is compared.", "type": "number", "default": 35 }, "ScaleUpPolicyCooldownInSeconds": { "description": "The number of seconds after a scale-up activity is completed before any further scaling activities can start.", "type": "integer", "minimum": 120, "maximum": 600, "default": 300 }, "ScaleUpPolicyEvaluationPeriods": { "description": "The number of periods over which data is compared to the specified ScaleUpMetricName threshold.", "type": "integer", "minimum": 2, "default": 2 }, "ScaleUpPolicyPeriod": { "description": "The time over which the specified ScaleUpPolicyStatistic is applied. You must specify a time in seconds that is a multiple of 60.", "type": "integer", "multipleOf": 60, "minimum": 60, "default": 60 }, "ScaleUpPolicyScalingAdjustment": { "description": "The number of instances by which to scale up.", "type": "integer", "minimum": 0, "default": 2 }, "ScaleUpPolicyStatistic": { "description": "The statistic to apply to the alarm's ScaleMetricName.", "type": "string", "enum": [ "Average", "Maximum", "Minimum", "SampleCount", "Sum" ], "default": "Average" }, "ScaleUpPolicyThreshold": { "description": "The value against which the specified ScaleUpPolicyStatistic is compared.", "type": "number", "default": 75 }, "SubnetIds": { "description": "One or more subnets for the Auto Scaling group to launch instances into (scale up) or remove instances from (scale down), in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 2, "uniqueItems": true }, "UserData": { "description": "A comma-delimited list where each element is a line of script to be run on boot.", "type": "array", "items": { "type": "string" }, "minItems": 1, "default": [ "" ] } }, "additionalProperties": false, "required": [ "AmiId", "SubnetIds" ] } }, "additionalProperties": false, "required": [ "AutoScalingGroup", "ApplicationLoadBalancer", "Description", "Name", "TimeoutInMinutes", "VpcId" ] }

Schema for Change Type ct-0ah3gwb9seqk2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create CodeDeploy application", "description": "Use to create an AWS CodeDeploy application resource with the specified name.", "type": "object", "properties": { "Description": { "description": "The reason for the request.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sft6rv00000000000", "type": "string", "enum": [ "stm-sft6rv00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "CodeDeployApplicationName": { "description": "The name of an AWS CodeDeploy application.", "type": "string", "minLength": 1, "maxLength": 100, "pattern": "^[a-zA-Z0-9._+=,@-]{1,100}$" } }, "additionalProperties": false, "required": [ "CodeDeployApplicationName" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-0aqx5t0pgfzbg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Replace ELB Listener Certificate", "description": "Replace the certificate of an existing Elastic (Classic) Load Balancer (ELB) listener. Use the RemediateDrift parameter to have the automation try to remediate the stack drift, if drift is introduced in the CloudFormation stack that was used to create the load balancer.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-SetClassicLoadBalancerCertificate.", "type": "string", "enum": [ "AWSManagedServices-SetClassicLoadBalancerCertificate" ], "default": "AWSManagedServices-SetClassicLoadBalancerCertificate" }, "Region": { "description": "The AWS Region where the ELB listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "LoadBalancerName": { "description": "The name of the Classic Load Balancer.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-]{1,30}[a-zA-Z0-9]$" }, "minItems": 1, "maxItems": 1 }, "SSLCertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "LoadBalancerPort": { "description": "The listener port of the Classic Load Balancer.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{2,5}$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by replacing the certificate on the Load Balancer listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to setting certificate to the Load Balancer listener. Set to False to replace the certificate on the Load Balancer listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "LoadBalancerName", "SSLCertificateArn", "LoadBalancerPort", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "LoadBalancerName", "SSLCertificateArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ary07xiajwx4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Load Balancer (ELB)", "description": "Create an Elastic (\"Classic\") load balancer (ELB).", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name used in the Console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-3tdleig07sbhstgnf", "type": "string", "enum": [ "stm-3tdleig07sbhstgnf" ], "default": "stm-3tdleig07sbhstgnf" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "LoadBalancer": { "type": "object", "properties": { "Name": { "type": "string", "description": "A friendly name for the load balancer.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,31}$|^$" }, "Scheme": { "type": "string", "description": "True if the load balancer endpoint is public, false if it is private.", "enum": [ "true", "false" ], "default": "false" }, "SecurityGroups": { "type": "array", "description": "A list of security groups to associate with the load balancer.", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true }, "SubnetIds": { "type": "array", "description": "A list of subnet IDs that the Elastic Load Balancing creates load balancer nodes in. For an Internet-facing load balancer provide a public subnet ID, for an internal load balancer we recommend private subnet IDs.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "uniqueItems": true }, "AccessLogInterval": { "type": "string", "description": "The time interval, in minutes, to upload the load balancer access log to the specified S3 bucket. Defaults to 60 Minutes.", "enum": [ "5", "60" ], "default": "60" }, "ConnectionDrainingTimeout": { "type": "integer", "description": "The maximum time, in seconds, to keep the existing connections open before deregistering the instances.", "default": 60, "minimum": 1, "maximum": 3600 }, "IdleTimeout": { "type": "integer", "description": "The time, in seconds, that a connection to the load balancer can remain idle (no data is sent over the connection). After the specified time, the load balancer closes the connection.", "default": 60, "minimum": 1, "maximum": 3600 }, "CrossZone": { "type": "string", "description": "True to enable cross-zone load balancing (the load balancer nodes route traffic to the back-end instances across all Availability Zones), false to disable. Default is true.", "enum": [ "true", "false" ], "default": "true" }, "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the healthy state after it was moved to unhealthy.", "pattern": "[1-9]{1}[0-9]{0,1}", "default": "2" }, "HealthCheckInterval": { "type": "string", "description": "How often, in seconds, that health checks are run on an individual load balancer node.", "pattern": "[1-9]{1}[0-9]{0,3}", "default": "10" }, "HealthCheckTarget": { "type": "string", "description": "The protocol, port, and path of the instance to check. The protocol can be TCP, HTTP, HTTPS, or SSL and valid ports are 1 through 65535. For TCP/SSL no path is required. For HTTP/HTTPS, you must include a ping path in the string. For example, HTTP:80/weather/us/wa/seattle.", "pattern": "(HTTP|HTTPS):[0-9]{1,5}[/][\\w./-]*|(SSL|TCP):[0-9]{1,5}", "default": "TCP:80" }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, during which no response means a failed health probe. This value must be less than the value for HealthCheckInterval.", "pattern": "[1-9]{1}[0-9]{0,3}", "default": "5" }, "HealthCheckUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the unhealthy state.", "pattern": "[1-9]{1}[0-9]{0,2}", "default": "10" }, "BackendInstances": { "type": "array", "description": "A list of EC2 instance IDs to associate with the load balancer, in the form of i-0123abcd or i-01234567890abcdef for a single instance, or i-0123abcd,i-12345abcd or i-01234567890abcdef,i-2345678901abcdefg for multiple instances. Leave blank to not associate individual EC2 instances with the load balancer. A load balancer can be associated with an autoscaling group by specifying the load balancer name in the ASGLoadBalancerNames property during creation or update of the autoscaling group.", "items": { "type": "string", "pattern": "^i-([0-9a-zA-Z]{8}|[0-9a-zA-Z]{17})$" }, "minItems": 0, "uniqueItems": true }, "LBCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session will last for the duration of the browser session.", "pattern": "^[0-9]+$|^$" }, "LBCookieStickinessPolicyName": { "type": "string", "description": "A name for the load balancer cookie stickiness policy. The name must be unique within the set of policies for this load balancer. To associate with a listener, specify the name under PolicyNames in the respective listener configuration.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "AppCookieName": { "type": "string", "description": "A name for the application cookie used for stickiness.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "AppCookiePolicyName": { "type": "string", "description": "A name for the application cookie stickiness policy. The name must be unique within the set of policies for this load balancer. To associate with a listener, specify the name under PolicyNames in the respective listener configuration.", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" } }, "metadata": { "ui:order": [ "Name", "Scheme", "SecurityGroups", "SubnetIds", "BackendInstances", "IdleTimeout", "CrossZone", "AccessLogInterval", "ConnectionDrainingTimeout", "HealthCheckHealthyThreshold", "HealthCheckInterval", "HealthCheckTarget", "HealthCheckTimeout", "HealthCheckUnhealthyThreshold", "LBCookieExpirationPeriod", "LBCookieStickinessPolicyName", "AppCookieName", "AppCookiePolicyName" ] }, "required": [ "SecurityGroups", "SubnetIds" ], "additionalProperties": false }, "Listener1": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ], "default": "HTTP" }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ], "default": "HTTP" }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "required": [ "Port", "Protocol", "InstancePort" ], "additionalProperties": false }, "Listener2": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false }, "Listener3": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false }, "Listener4": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false }, "Listener5": { "type": "object", "properties": { "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic to the listener.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer) to the listener.", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "PolicyNames": { "type": "array", "description": "A list of policy names to associate with the listener.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "minItems": 0, "uniqueItems": true }, "SSLCertificateId": { "type": "string", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use with the listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "pattern": "^$|^arn:aws:acm:[a-z0-9-]+:[0-9]{12}:certificate/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^arn:aws:iam::[0-9]{12}:server-certificate/.*$" } }, "metadata": { "ui:order": [ "Port", "Protocol", "InstancePort", "InstanceProtocol", "PolicyNames", "SSLCertificateId" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Tags", "LoadBalancer", "Listener1", "Listener2", "Listener3", "Listener4", "Listener5" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "LoadBalancer", "Listener1" ], "additionalProperties": false }

Schema for Change Type ct-0attesnjqy2cx

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS source endpoint", "description": "Use to create a Database Migration Service (DMS) source endpoint.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-pud4ghhkp7395n9bc.", "type": "string", "enum": [ "stm-pud4ghhkp7395n9bc" ], "default": "stm-pud4ghhkp7395n9bc" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "CertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) for the certificate to use with the source. This is required if SslMode = verify-ca or verify-full.", "pattern": "^$|^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:cert:[A-Z0-9]+$" }, "DatabaseName": { "type": "string", "description": "The name of the source database. Must not be blank if EngineName = azuredb, db2, oracle, postgres, sqlserver or sybase." }, "EndpointIdentifier": { "type": "string", "description": "A meaningful identifier for the source database endpoint. Must be unique for all endpoints owned by your AWS account in the current region. Must begin with a letter, must contain only ASCII letters, digits and hyphens and must not end with a hyphen or contain two consecutive hyphens.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$" }, "EngineName": { "type": "string", "description": "The type of engine this source endpoint is connected to. Some parameters become required depending on the specified EngineName.", "enum": [ "aurora", "azuredb", "db2", "mariadb", "mysql", "oracle", "postgres", "sqlserver", "sybase" ] }, "ExtraConnectionAttributes": { "type": "string", "description": "Additional attributes associated with the connection. See AWS documentation for more information on the supported extra connection attributes for the EngineName you have selected." }, "KmsKeyId": { "type": "string", "description": "The AWS Key Management Service (AWS KMS) customer master key (CMK) ID to use for encrypting volumes associated with the replication instance. If not specified, the default CMK for Amazon DMS is used.", "pattern": "^$|^[\\w]{8}-[\\w]{4}-[\\w]{4}-[\\w]{4}-[\\w]{12}$" }, "Password": { "type": "string", "description": "The password to be used to log in to the source database.", "metadata": { "ams:sensitive": true } }, "Port": { "type": "integer", "description": "The port used by the source database.", "minimum": 1, "maximum": 65535 }, "ServerName": { "type": "string", "description": "The name of the server where the source database resides." }, "SslMode": { "type": "string", "description": "The SSL mode to use for the SSL connection.", "enum": [ "none", "require", "verify-ca", "verify-full" ], "default": "none" }, "Username": { "type": "string", "description": "The user name to be used to log in to the source database.", "metadata": { "ams:sensitive": true } } }, "metadata": { "ui:order": [ "EndpointIdentifier", "EngineName", "ServerName", "Port", "DatabaseName", "Username", "Password", "SslMode", "CertificateArn", "KmsKeyId", "ExtraConnectionAttributes" ] }, "required": [ "EngineName", "ServerName", "Port", "Username", "Password" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-0bpxsrtu16igp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Reboot RDS DB instance", "description": "Use to reboot an RDS DB instance.", "additionalProperties": false, "type": "object", "properties": { "DbInstanceIdentifier": { "pattern": "(?=[a-zA-Z0-9-]{1,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$", "description": "The identifier of the DB instance to reboot.", "type": "string" }, "ForceFailover": { "default": false, "description": "True to reboot with Multi-AZ failover, for Multi-AZ instances. Default is false.", "type": "boolean" } }, "required": [ "DbInstanceIdentifier" ] }

Schema for Change Type ct-0c38gftq56zj6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Private DNS Record", "description": "Create a new Route 53 DNS resource record sets and a new private hosted zone for a VPC, and configure traffic routing.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DomainName": { "description": "A domain name for the hosted zone. The name can contain only lowercase letters, numbers, hyphens (-), and a dot (.). For example, mycorp.com", "type": "string", "minLength": 2, "pattern": "^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,255}$" }, "VPCId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "DomainType": { "description": "Must be 'private'", "type": "string", "enum": [ "private" ], "default": "private" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "DomainName", "VPCId", "DomainType", "RecordSet" ] }, "required": [ "DomainName", "VPCId", "DomainType", "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0cupn1txog5tk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start Storage Gateway Restore Job", "description": "Start an AWS Backup service restore job to restore a Storage Gateway volume snapshot of the specified resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobStorageGatewayVolume.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobStorageGatewayVolume" ], "default": "AWSManagedServices-StartRestoreJobStorageGatewayVolume" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies a recovery point.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "minItems": 1, "maxItems": 1 }, "BackupVaultName": { "description": "The name of the target backup vault. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "minItems": 1, "maxItems": 1 }, "GatewayArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies a Storage Gateway.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "minItems": 1, "maxItems": 1 }, "TargetName": { "description": "The name of the Internet Small Computer Systems Interface(iSCSI) target. This is the name your iSCSI initiator uses to connect to your volume. The target name can contain lowercase letters, numbers, periods (.), and hyphens (-).", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9\\_\\-\\.]+$" }, "minItems": 1, "maxItems": 1 }, "GatewayType": { "description": "The Storage Gateway volume restore type. For data that is cached in the gateway and stored in S3, choose Cached. For on-premise data stored locally, choose Stored. If you choose Stored, you must also specify a DiskId.", "type": "array", "items": { "type": "string", "enum": [ "Cached", "Stored" ] }, "minItems": 1, "maxItems": 1 }, "DiskId": { "description": "The unique identifier for the gateway local disk that is configured as a stored volume. Find disk IDs for a gateway on the Storage Gateway console. Required when GatewayType = Stored. If specified, all data currently residing on this disk will be lost, and overwritten with the current data on the snapshot.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(|[a-z0-9\\_\\-\\.\\:]+)$" }, "minItems": 1, "maxItems": 1 }, "VolumeSize": { "description": "The size of the volume, in GiBs. If this value is specified, it must be greater than the snapshot size, to take affect. By default, the volume size is equal to the snapshot size.", "type": "array", "items": { "type": "string", "default": "0", "pattern": "^(0|[1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|1[0-5][0-9]{3}|16[0-2][0-9]{2}|163[0-7][0-9]|1638[0-4])$" }, "minItems": 1, "maxItems": 1 }, "IamRoleArn": { "description": "The ARN of the role that allows AWS Backup to perform the actions on your behalf. If no role is specified, the default IAM role, created by AMS during the account onboarding process, is used.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(|arn:aws:iam:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:role\\/[a-zA-Z0-9\\_\\-]+)$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyArn": { "description": "The Amazon Resource Name (ARN) for the AWS KMS key to encrypt the new Storage Gateway volume.", "type": "array", "items": { "type": "string", "default": "", "pattern": "^(|arn:aws:kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+)$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecoveryPointArn", "BackupVaultName", "GatewayArn", "TargetName", "GatewayType", "DiskId", "VolumeSize", "IamRoleArn", "KmsKeyArn" ] }, "required": [ "RecoveryPointArn", "BackupVaultName", "GatewayArn", "TargetName", "GatewayType" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0cyqd7laxyhlm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "CloudWatch LogGroup with optional subscription filter, log streams and metric filters.", "description": "Creates a CloudWatch LogGroup with optional subscription filter, up to 5 log streams and up to 5 metric filters.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-8ian3plt5a6jbv7jt", "type": "string", "enum": [ "stm-8ian3plt5a6jbv7jt" ], "default": "stm-8ian3plt5a6jbv7jt" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "LogGroupName": { "type": "string", "description": "A name for the log group. The name must be prefixed with the word 'customer'.", "pattern": "^customer[a-zA-Z0-9\\.\\-_/#]{1,504}$" }, "LogGroupRetentionInDays": { "type": "string", "description": "The number of days to retain the log events in the log group created. Leave blank to keep logs indefinitely.", "enum": [ "", "1", "3", "5", "7", "14", "30", "60", "90", "120", "150", "180", "365", "400", "545", "731", "1827", "3653" ], "default": "" }, "LogStream1Name": { "type": "string", "description": "A name for log stream 1. The name must be unique within the log group. If left blank log stream 1 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream2Name": { "type": "string", "description": "A name for log stream 2. The name must be unique within the log group. If left blank log stream 2 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream3Name": { "type": "string", "description": "A name for log stream 3. The name must be unique within the log group. If left blank log stream 3 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream4Name": { "type": "string", "description": "A name for log stream 4. The name must be unique within the log group. If left blank log stream 4 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "LogStream5Name": { "type": "string", "description": "A name for log stream 5. The name must be unique within the log group. If left blank log stream 5 is not created.", "pattern": "^[a-zA-Z0-9\\.\\-_/#]{1,512}$|^$", "default": "" }, "SubscriptionFilterIAMroleARN": { "type": "string", "description": "An IAM role that grants CloudWatch Logs permission to put data into the destination. Applicable only if the destination is Kinesis stream or Kinesis Data Firehose delivery stream.", "pattern": "(arn:aws:iam::\\d{12}:role\\/[\\w+=,.@-]{1,64}|^$)", "default": "" }, "SubscriptionFilterPattern": { "type": "string", "description": "The filtering expressions that restrict what gets delivered to the destination AWS resource.", "pattern": "^.{1,1024}$|^$", "default": "" }, "SubscriptionDestinationARN": { "type": "string", "description": "The Amazon Resource Name (ARN) of the Kinesis stream, Kinesis Data Firehose delivery stream, or Lambda function, to use as the subscription feed destination.", "pattern": "^arn:aws:kinesis:[a-z0-9-]+:[0-9]{12}:stream/[a-zA-Z0-9-_\\.]{1,128}$|^arn:aws:firehose:[a-z0-9-]+:[0-9]{12}:deliverystream/[a-zA-Z0-9-_\\.]{1,64}$|^arn:aws:lambda:[a-z0-9-]+:[0-9]{12}:function:[a-zA-Z0-9-_]{1,140}$|^$", "default": "" }, "MetricFilter1Pattern": { "type": "string", "description": "The pattern for MetricFilter1 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter1DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter1Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter1 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter1Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter1. Namespaces are containers for metrics. If left blank MetricFilter1 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter1Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter1 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter2Pattern": { "type": "string", "description": "The pattern for MetricFilter2 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter2DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter2Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter2 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter2Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter2. Namespaces are containers for metrics. If left blank MetricFilter2 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter2Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter2 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter3Pattern": { "type": "string", "description": "The pattern for MetricFilter3 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter3DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter3Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter3 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter3Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter3. Namespaces are containers for metrics. If left blank MetricFilter3 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter3Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter3 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter4Pattern": { "type": "string", "description": "The pattern for MetricFilter4 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter4DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter4Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter4 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter4Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter4. Namespaces are containers for metrics. If left blank MetricFilter4 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter4Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter4 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter5Pattern": { "type": "string", "description": "The pattern for MetricFilter5 that CloudWatch Logs follows to interpret each entry in a log.", "pattern": "^.{1,1024}$|^$", "default": "" }, "MetricFilter5DefaultValue": { "type": "string", "description": "The value to emit when a filter pattern does not match a log event.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter5Value": { "type": "string", "description": "The value that is published to the CloudWatch metric. If left blank MetricFilter5 is not created.", "pattern": "^[0-9]{1,100}$|^$", "default": "" }, "MetricFilter5Namespace": { "type": "string", "description": "The destination namespace of the CloudWatch metric for the MetricFilter5. Namespaces are containers for metrics. If left blank MetricFilter5 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" }, "MetricFilter5Name": { "type": "string", "description": "The name of the CloudWatch metric that the log information is published to. If left blank MetricFilter5 is not created.", "pattern": "^[a-zA-Z0-9_\\-\\/.]{1,1024}$|^$", "default": "" } }, "metadata": { "ui:order": [ "LogGroupName", "LogGroupRetentionInDays", "LogStream1Name", "LogStream2Name", "LogStream3Name", "LogStream4Name", "LogStream5Name", "SubscriptionFilterIAMroleARN", "SubscriptionFilterPattern", "SubscriptionDestinationARN", "MetricFilter1Name", "MetricFilter1Namespace", "MetricFilter1Pattern", "MetricFilter1Value", "MetricFilter1DefaultValue", "MetricFilter2Name", "MetricFilter2Namespace", "MetricFilter2Pattern", "MetricFilter2Value", "MetricFilter2DefaultValue", "MetricFilter3Name", "MetricFilter3Namespace", "MetricFilter3Pattern", "MetricFilter3Value", "MetricFilter3DefaultValue", "MetricFilter4Name", "MetricFilter4Namespace", "MetricFilter4Pattern", "MetricFilter4Value", "MetricFilter4DefaultValue", "MetricFilter5Name", "MetricFilter5Namespace", "MetricFilter5Pattern", "MetricFilter5Value", "MetricFilter5DefaultValue" ] }, "required": [ "LogGroupName" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-0el2j07llrxs7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Window", "description": "Create an AWS Systems Manager (SSM) patch window for patching to take place on instances with the specified PatchGroup. The patch window is an SSM resource that you can manage with the SSM console.", "properties": { "Cutoff": { "description": "The maximum number of hours before the end of the scheduled patch window for starting a new patching command. This helps ensure that patching commands complete before the patch window ends. A new patching command can only start execution within the patch window and before the specified Cutoff. After the Cutoff is reached, no new patching commands can be started.", "default": 0, "maximum": 23, "minimum": 0, "type": "integer" }, "Description": { "description": "A meaningful description for this patch window.", "maxLength": 500, "minLength": 1, "type": "string" }, "Duration": { "description": "The duration of the patch window in hours.", "maximum": 24, "minimum": 1, "type": "integer" }, "EndDate": { "description": "The date and time, in ISO-8601 extended format, for when the patch window is scheduled to become inactive (i.e.: 2019-10-23T19:45:00Z).", "type": "string" }, "MaxConcurrency": { "description": "The maximum number or rate (%) of instances allowed to patch in parallel.", "default": "33%", "maxLength": 7, "minLength": 1, "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$", "type": "string" }, "MaxErrors": { "description": "The maximum number or rate (%) of errors allowed before the Patching stops being scheduled.", "default": "100%", "maxLength": 7, "minLength": 1, "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$", "type": "string" }, "Name": { "description": "A friendly name for this patch window.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "NotificationEmails": { "description": "One or more email addresses to receive notifications about patching status.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$" }, "minItems": 1, "maxItems": 5, "uniqueItems": true }, "PatchGroup": { "description": "The value of the \"Patch Group\" tag of an existing instance; for example 'App123-CustA-EnvTest'. Instances with the specified \"Patch Group\" tag values, are included in the patch window. If needed, you can create \"Patch Group\" tags using the console for the resource, but these tags are usually created at onboarding.", "type": "string", "minLength": 1, "maxLength": 256 }, "Schedule": { "description": "The schedule of the patch window in the form of a cron or rate expression; for example, cron(30 09 ? * * *) or rate(7 days).", "maxLength": 256, "minLength": 1, "type": "string" }, "ScheduleOffset": { "description": "The number of days to wait after the date and time specified by a cron expression before the maintenance window runs.", "default": 0, "maximum": 6, "minimum": 0, "type": "integer" }, "ScheduleTimeZone": { "description": "The time zone that the scheduled patch window executions are based on, in Internet Assigned Numbers Authority (IANA) format (i.e.: UTC, America/Los_Angeles).", "default": "UTC", "pattern": "^[a-zA-Z_]+(\\+|/)?[a-zA-Z0-9_-]*(\\+|/)?[a-zA-Z0-9_-]+$", "type": "string" }, "StartDate": { "description": "The date and time, in ISO-8601 extended format, after which the patch window becomes active (i.e.: 2019-10-23T19:45:00Z).", "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "PatchGroup", "Schedule", "ScheduleOffset", "Duration", "MaxConcurrency", "MaxErrors", "Cutoff", "StartDate", "EndDate", "ScheduleTimeZone", "NotificationEmails" ] }, "required": [ "Cutoff", "Duration", "MaxConcurrency", "MaxErrors", "Name", "NotificationEmails", "PatchGroup", "Schedule", "ScheduleTimeZone" ], "type": "object" }

Schema for Change Type ct-0erkoad6uyvvg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Non-Root Volumes Monitoring", "description": "Enable monitoring on non-root volumes of an EC2 instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeployNonRootVolumeMonitoring.", "type": "string", "enum": [ "AWSManagedServices-DeployNonRootVolumeMonitoring" ], "default": "AWSManagedServices-DeployNonRootVolumeMonitoring" }, "Region": { "description": "The AWS Region where the EC2 instance, and volumes, are.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance, in the form i-12345678 or i-123456789012345ab.", "type": "array", "items": { "type": "string", "pattern": "^i-[0-9a-f]{8}$|^i-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId" ] }, "additionalProperties": false, "required": [ "InstanceId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ffvihqwjvqj1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Restore EC2 Volumes From Backup", "description": "Replace the instance volumes from an existing backup image of the instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ReplaceInstanceVolumesFromSnapshotsWithContext. To restore from snapshot, use version 1 of this change type.", "type": "string", "enum": [ "AWSManagedServices-ReplaceInstanceVolumesFromSnapshotsWithContext" ], "default": "AWSManagedServices-ReplaceInstanceVolumesFromSnapshotsWithContext" }, "Region": { "description": "The AWS Region in which the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The identifier of the EC2 instance to replace the volumes from the backup.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8,17}$" }, "minItems": 1, "maxItems": 1 }, "Backup": { "description": "The Amazon EC2 backup ARN, or AMI ID, custom or from backup, to use to restore the volumes, i.e. ami-0ecdf967356c809c7.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:ec2:[\\w]{2}-[a-z]+-[0-9]{1}::image/[A-Za-z0-9_-]+$|^ami-[a-z0-9]+$" }, "minItems": 1, "maxItems": 1 }, "KMSKeyId": { "description": "The KMS key identifier, or ARN, to encrypt all restored volumes on the EC2 instance.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$|^arn:aws:kms:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:key/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$|^$" }, "minItems": 1, "maxItems": 1 }, "SleepTime": { "description": "The sleep time (how long to wait) before attempting access validation after data restoration completes.", "type": "array", "items": { "type": "string", "pattern": "^PT([0-9]|[1-5][0-9]|60)M$", "default": "PT5M" }, "minItems": 1, "maxItems": 1 }, "ChangeHostname": { "description": "True to change the hostname after the restore operation, to a generated hostname. False to not change the hostname. Default is False.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "False" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "Backup", "KMSKeyId", "ChangeHostname", "SleepTime" ] }, "additionalProperties": false, "required": [ "InstanceId", "Backup" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0fpjlxa808sh2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update policy", "description": "Update an S3 bucket policy.", "type": "object", "properties": { "BucketName": { "description": "The name of the Amazon S3 bucket to which the policy applies.", "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "BucketPolicy": { "description": "Detailed information about the bucket permissions update, or a policy document to be attached to the bucket (paste the policy document into the value field). Details should include the type of access (for example Read, Write or Delete).", "type": "string", "maxLength": 20000 }, "PolicyAction": { "description": "Whether the given bucket policy needs to be appended to the existing bucket policy or to replace the bucket policy entirely. If you want to add a new statement block to the existing policy, choose 'Append'. If you want to replace the entire policy or update the policy in specific sections, provide the entire policy containing desired changes and choose 'Replace'.", "type": "string", "enum": [ "Append", "Replace" ] }, "Operation": { "description": "Must be Update policy.", "type": "string", "default": "Update policy", "enum": [ "Update policy" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "BucketPolicy", "PolicyAction", "Operation", "Priority" ] }, "required": [ "BucketName", "BucketPolicy", "PolicyAction", "Operation" ] }

Schema for Change Type ct-0fqo03yizfnw6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Cross Region Copy", "description": "Update an existing backup plan rule with copy actions like cross region destination vault, and storage retention settings.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ConfigureCrossRegionBackup.", "type": "string", "enum": [ "AWSManagedServices-ConfigureCrossRegionBackup" ], "default": "AWSManagedServices-ConfigureCrossRegionBackup" }, "Region": { "description": "The AWS Region in which the AWS Backup plan is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupPlanName": { "description": "The name of the existing Backup plan to be updated.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "RuleName": { "description": "The name of the existing rule in the specified backup plan to be updated.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "DestinationRegion": { "description": "The AWS Region where the destination backup vault is.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "maxItems": 1 }, "DestinationVaultName": { "description": "The destination backup vault for the copied backup. If the vault does not exist in the destination Region, it is created automatically.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$", "default": "ams-replication-vault" }, "maxItems": 1 }, "DestinationEncryptionKeyArn": { "description": "The destination server-side encryption key that is used to protect your backups. If the vault name does not exist and you do not provide a key ARN, a new key is created in the destination Region. For disaster recovery patterns, we recommend that you provide a key that belongs to a different account.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:aws:kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+)$", "default": "" }, "maxItems": 1 }, "DeleteAfterNumberOfDays": { "description": "The number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterNumberOfDays.", "type": "array", "items": { "type": "string", "pattern": "^(0|[1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[12][0-9]{4}|3[0-4][0-9]{3}|35[0-5][0-9]{2}|35600)$", "default": "0" }, "maxItems": 1 }, "MoveToColdStorageAfterNumberOfDays": { "description": "The number of days after creation that a recovery point is moved to cold storage.", "type": "array", "items": { "type": "string", "pattern": "^(0|[1-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[12][0-9]{4}|3[0-4][0-9]{3}|35[0-5][0-9]{2}|35600)$", "default": "0" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupPlanName", "DeleteAfterNumberOfDays", "DestinationRegion", "DestinationVaultName", "DestinationEncryptionKeyArn", "MoveToColdStorageAfterNumberOfDays", "RuleName" ] }, "additionalProperties": false, "required": [ "BackupPlanName", "DestinationRegion", "RuleName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0g690ekkyfm79

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EFS From Backup", "description": "Create an AWS Elastic File System (EFS) stack from backup.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobEFS.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobEFS" ], "default": "AWSManagedServices-StartRestoreJobEFS" }, "Region": { "description": "The AWS Region in which the EFS snapshot is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9_\\/\\-]{2,50}$" }, "maxItems": 1 }, "EnableEncryption": { "description": "Flag to control, when restoring to a new filesystem, whether it is encrypted or not. If specified, the KmsKeyId must also be set. If not specified, the new filesystem will be created without encryption.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "false" }, "maxItems": 1 }, "ItemsToRestore": { "description": "The list containing up to five directories or files paths to be restored. Paths are case sensitive and cannot contain the following special characters: :, *, ?, \", <, > and `. If not specified, the entire filesystem will be restored.", "type": "array", "items": { "type": "string", "pattern": "^(/[^:*?\"<>`]*)$" }, "maxItems": 5 }, "KmsKeyId": { "description": "The Amazon Resource Name (ARN) for the AWS KMS key to be used to encrypt the new filesystem at rest.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:aws:kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+)$" }, "maxItems": 1 }, "PerformanceMode": { "description": "The performance mode, if restoring to a new filesystem. Use generalPurpose for most file systems. Use maxIO for applications where tens, hundreds, or thousands of EC2 instances are accessing the file system. If not specified, generalPurpose is used.", "type": "array", "items": { "type": "string", "enum": [ "generalPurpose", "maxIO" ], "default": "generalPurpose" }, "maxItems": 1 }, "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the recovery point to restore.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "RestoreToNewFileSystem": { "description": "Flag to control whether the restore process creates a new filesystem or restores it to a directory in the source filesystem. If not specified, it is restored to a new filesystem.", "type": "array", "items": { "type": "string", "enum": [ "true", "false" ], "default": "true" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupVaultName", "EnableEncryption", "ItemsToRestore", "KmsKeyId", "PerformanceMode", "RecoveryPointArn", "RestoreToNewFileSystem" ] }, "additionalProperties": false, "required": [ "BackupVaultName", "RecoveryPointArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0h3p576mj4rqm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change Windows Hostname", "description": "Change the hostname of an EC2 Windows instance. Note that the instance will be rebooted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ChangeHostname.", "type": "string", "enum": [ "AWSManagedServices-ChangeHostname" ], "default": "AWSManagedServices-ChangeHostname" }, "Region": { "description": "The AWS Region where the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "Hostname": { "description": "The new hostname of the instance.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "Platform": { "description": "Must be windows. To change the hostname for a Linux instance, use CT ct-2781aqd6f6svs.", "type": "array", "items": { "type": "string", "default": "windows", "enum": [ "windows" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "Hostname", "Platform" ] }, "required": [ "InstanceId", "Hostname", "Platform" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0hahohe17csnc

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Encrypt Instance Volumes", "description": "Encrypt Elastic Block Store (EBS) volumes attached to an EC2 instance", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EncryptInstanceVolumes", "type": "string", "enum": [ "AWSManagedServices-EncryptInstanceVolumes" ], "default": "AWSManagedServices-EncryptInstanceVolumes" }, "Region": { "description": "The AWS Region where the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the EC2 instance to encrypt volumes for. The instance must support encryption of EBS volumes and not part of an Auto Scaling group.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}|i-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "VolumeIds": { "description": "The list of EBS volume IDs to encrypt. The volume IDs must be attached to the specified EC2 instance.", "type": "array", "items": { "type": "string", "pattern": "^vol-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 25, "uniqueItems": true }, "KMSKeyId": { "description": "The KMS key ID, or ARN, to encrypt all the new volumes.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z]{2}-[a-z]+-\\d{1}:[0-9]{12}:key/)?([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}|mrk-[a-z0-9]{32})$" }, "minItems": 1, "maxItems": 1 }, "DeleteStaleNonEncryptedSnapshotBackups": { "description": "True to delete existing snapshot backups of specified EBS volumes. False to not delete the existing snapshots.", "type": "array", "items": { "type": "string", "enum": [ "True", "False" ], "default": "True" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "InstanceId", "VolumeIds", "KMSKeyId", "DeleteStaleNonEncryptedSnapshotBackups" ] }, "additionalProperties": false, "required": [ "InstanceId", "VolumeIds", "KMSKeyId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0hi7z7tyikjf6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update SQS", "description": "Use to modify the properties of an existing Amazon Simple Queue Service instance.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the SQS queue, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "ID of the stack instance that contains the SQS queue, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "SQSDelaySeconds": { "description": "The time in seconds that the delivery of new messages in the queue will be delayed.", "type": "number", "minimum": 0, "maximum": 900, "default": 0 }, "SQSMaximumMessageSize": { "description": "The limit of how many bytes a message can contain before SQS rejects it.", "type": "number", "minimum": 1024, "maximum": 262144, "default": 262144 }, "SQSMessageRetentionPeriod": { "description": "The number of seconds SQS retains a message, from 60 (1 minute) to 1209600 (14 days).", "type": "number", "minimum": 60, "maximum": 1209600, "default": 345600 }, "SQSQueueName": { "description": "A name for the queue.", "type": "string", "pattern": "^[a-zA-Z0-9-_]{1,80}$", "minLength": 1, "maxLength": 80 }, "SQSReceiveMessageWaitTimeSeconds": { "description": "The number of seconds that the ReceiveMessage call waits for a message to arrive in the queue before returning a response.", "type": "number", "minimum": 0, "maximum": 20, "default": 0 }, "SQSVisibilityTimeout": { "description": "The number of seconds that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request.", "type": "number", "minimum": 0, "maximum": 43200 } } } }, "additionalProperties": false, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-0hu3q3957aghj

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Private ACM Certificate", "description": "Create a private AWS Certificate Manager (ACM) certificate with email or DNS validation. To create a public ACM certificate, use ct-3ll9hnadql9s1.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RequestACMCertificateV2", "type": "string", "enum": [ "AWSManagedServices-RequestACMCertificateV2" ], "default": "AWSManagedServices-RequestACMCertificateV2" }, "Region": { "description": "The AWS Region in which you want the ACM certificate, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DomainName": { "description": "The fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate.", "type": "string", "pattern": "^(?!://)(?=.{1,255}$)((.{1,63}\\.){1,127}(?![0-9]*$)[a-z0-9-]+\\.?)$" }, "CertificateType": { "description": "Confirm that you are creating a private ACM certificate. To create a public ACM certificate, use ct-3ll9hnadql9s1.", "type": "string", "enum": [ "Private" ], "default": "Private" }, "CertificateAuthorityArn": { "description": "The Amazon Resource Name (ARN) of the private certificate authority (CA) used to issue the certificate.", "type": "string", "pattern": "^arn:aws:.+$" }, "SubjectAlternativeNames": { "description": "Additional FQDNs to be included in the subject alternative name extension of the ACM certificate.", "type": "array", "items": { "type": "string", "pattern": "^(?!://)(?=.{1,255}$)((.{1,63}\\.){1,127}(?![0-9]*$)[a-z0-9-]+\\.?)$" }, "minItems": 1, "maxItems": 5 }, "Route53DNSValidation": { "description": "True for automatic ACM validation using your Route53 DNS, if the ACM and the domain are on the same account; false for no automatic validation. Default is false.", "type": "string", "enum": [ "True", "False" ], "default": "False" } }, "metadata": { "ui:order": [ "DomainName", "CertificateType", "CertificateAuthorityArn", "SubjectAlternativeNames", "Route53DNSValidation" ] }, "additionalProperties": false, "required": [ "DomainName", "CertificateAuthorityArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0idxb0xsg1ui6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete RDS Snapshots", "description": "Delete DB instance or cluster snapshots. This document only supports deletion of 'manual' and 'awsbackup' snapshot types. If the snapshot is being copied, the copy operation is terminated. The snapshot must be in available state to be deleted. If one or more snapshots cannot be deleted, automation fails. Up to 20 snapshots can be deleted in one execution.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteRDSSnapshotsV2.", "type": "string", "enum": [ "AWSManagedServices-DeleteRDSSnapshotsV2" ], "default": "AWSManagedServices-DeleteRDSSnapshotsV2" }, "Region": { "description": "The AWS Region where the DB snapshots are located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SnapshotNamesOrArns": { "description": "A list of up to 20 RDS snapshot names or ARN's to delete.", "type": "array", "items": { "type": "string", "pattern": "^(?!rds:).*$" }, "minItems": 1, "maxItems": 20 } }, "metadata": { "ui:order": [ "SnapshotNamesOrArns" ] }, "additionalProperties": false, "required": [ "SnapshotNamesOrArns" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ikpop8zqhkxg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Grant stack admin access", "description": "Request admin access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$|^SC-[0-9]{12}-pp-[a-zA-Z0-9]{13}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-0ixp4ch2tiu04

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create IAM instance profile", "description": "Use to create an instance profile.", "type": "object", "properties": { "InstanceProfileDescription": { "description": "The description of the instance profile.", "type": "string", "maxLength": 5000 }, "InstanceProfileName": { "description": "The name of the instance profile to create.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9_.=@,+-]{1,128}$" }, "RelatedIds": { "description": "(Optional) IDs of resources related to the change request.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 1000, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "required": [ "InstanceProfileDescription", "InstanceProfileName" ], "metadata": { "ui:order": [ "InstanceProfileDescription", "InstanceProfileName", "RelatedIds", "Priority" ] } }

Schema for Change Type ct-0jb01cofkhwk1

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Override Stack Access Duration", "description": "Use to override maximum stack access time for all stacks in this account for single landing zone (SALZ) and for all stacks of the member accounts of an organization for multi-landing zone (MALZ). For multi-landing zone (MALZ), please raise a request for change (RFC) from shared-services account with this change type (CT) ID. Access can be overridden from a minimum of 1 hour to a maximum of 120 hours, default stack access is granted for 12 hours.", "type": "object", "properties": { "TimeRequestedInHours": { "description": "The amount of time, in hours, requested to override. Access can be overridden from a minimum of 1 hour to a maximum of 120 hours, default stack access is granted for 12 hours. Access is terminated after this time.", "type": "integer", "minimum": 1, "maximum": 120, "default": 1 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "TimeRequestedInHours", "Priority" ] }, "required": [ "TimeRequestedInHours" ], "additionalProperties": false }

Schema for Change Type ct-0k4b96aatyqgl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Bulk Update Resource Tags (Review Required)", "description": "Bulk add tags to existing, supported resources except those in AMS infrastructure stacks (stacks named mc-*). Tags simplify categorization, identification and targeting AWS resources. Use this with AWS Tag Editor when managing large numbers of tags (i.e. >50). For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use automated CT ct-3047c34zuvswh.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the tag operation.", "type": "string", "maxLength": 5000 }, "CsvS3Url": { "description": "The S3 bucket endpoint for the CSV file with the tag update details. The CSV file must be formatted to the correct format. Please see AMS tag documentation for the correct format of the CSV file.", "type": "string", "pattern": "^https?://[a-z0-9]([-.a-z0-9]+)[a-z0-9]\\.s3\\.((([a-z]{2}-[a-z]+-\\d{1}\\.)?))amazonaws\\.com/[\\S]*", "minLength": 1, "maxLength": 1536 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Description", "CsvS3Url", "Priority" ] }, "required": [ "Description", "CsvS3Url" ] }

Schema for Change Type ct-0kbey7hb00atp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (Windows)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for Windows OS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"CriticalUpdates\", \"DefinitionUpdates\", \"Drivers\", \"FeaturePacks\", \"SecurityUpdates\", \"ServicePacks\", \"Tools\", \"UpdateRollups\", \"Updates\", \"Upgrades\" and \"All\".", "items": { "enum": [ "CriticalUpdates", "DefinitionUpdates", "Drivers", "FeaturePacks", "SecurityUpdates", "ServicePacks", "Tools", "UpdateRollups", "Updates", "Upgrades", "All" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"Critical\", \"Important\", \"Low\", \"Moderate\", \"Unspecified\" and \"All\".", "items": { "enum": [ "Critical", "Important", "Low", "Moderate", "Unspecified", "All" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1, "pattern": "^(^KB[0-9]{1,7}$)|(^MS[0-9]{2}-[0-9]{3}$)" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "Windows", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "Windows" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "pattern": "^(^KB[0-9]{1,7}$)|(^MS[0-9]{2}-[0-9]{3}$)", "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-0loed9dzig1ze

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS Storage", "description": "Change the RDS instance storage type, capacity or IOPS through direct API calls. The RDS instance can be standalone or belong to a CloudFormation stack, in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-12w49boaiwtzp instead, or ct-361tlo1k7339x if the RDS instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSStorage.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSStorage" ], "default": "AWSManagedServices-UpdateRDSStorage" }, "Region": { "description": "The AWS Region of the account with the RDS database instance; for example, us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "AllocatedStorage": { "description": "The new amount of storage in gibibytes (GiB) to allocate for the DB instance.", "type": "array", "items": { "type": "string", "pattern": "^$|^\\d+$" }, "minItems": 0, "maxItems": 1 }, "StorageType": { "description": "The storage type to be associated with the DB instance.", "type": "array", "items": { "type": "string", "enum": [ "", "gp2", "gp3", "io1", "Magnetic" ], "default": "" } }, "Iops": { "description": "The new provisioned IOPS (I/O operations per second) value for the RDS instance. This parameter is only valid for io1 and gp3 storage type.", "type": "array", "items": { "type": "string", "pattern": "^$|^\\d+$", "default": "" } }, "ApplyImmediately": { "description": "True to apply the change immediately, false to schedule the change on next maintenance window. To discover your next maintenance window, check the details page for the instance in the RDS console.", "type": "string", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "AllocatedStorage", "StorageType", "Iops", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0lqruajvhwsbk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Authorize Egress Rule", "description": "Authorize the egress rule for the specified security group (SG). You must specify the configurations of the egress rule that you are authorizing. Note that this adds an egress rule to the specified SG but does not modify any existing egress rules.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AuthorizeSecurityGroupEgressRule", "type": "string", "enum": [ "AWSManagedServices-AuthorizeSecurityGroupEgressRule" ], "default": "AWSManagedServices-AuthorizeSecurityGroupEgressRule" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the egress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Destination": { "description": "An IP address, in the form 255.255.255.255, or an IP address range in CIDR notation, in the form 255.255.255.255/32, or the ID of another security group in the same region; or self to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$|^self$" }, "minItems": 1, "maxItems": 1 }, "Description": { "description": "A meaningful description of the egress rule.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,255}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination", "Description" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0ltm873rsebx9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update load balancer (ELB) stack", "description": "Modify the properties of an existing Amazon ELB Classic Load Balancer created using CT id ct-12amsdz909cfh, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the ELB that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the ELB.", "type": "object", "properties": { "ELBSubnetIds": { "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef. Changing this value during an update does not append to the existing subnets associated with the load balancer. Include all required subnets when modifying this value.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "ELBBackendInstances": { "description": "One or more EC2 instance IDs to associate with the load balancer, in the form of i-0123abcd or i-01234567890abcdef for a single instance, or i-0123abcd,i-12345abcd or i-01234567890abcdef,i-2345678901abcdefg for multiple instances. A load balancer can be associated with an autoscaling group by specifying the load balancer name in the ASGLoadBalancerNames property during creation or update of the autoscaling group. Changing this value during an update does not append to the existing instances associated with the load balancer. Include all required EC2 instances not part of an autoscaling group when modifying this value. To remove all EC2 instances not part of an autoscaling group during an update specify None.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}$|^i-[a-z0-9]{17}$|^[Nn]one$|^$" }, "minItems": 1, "uniqueItems": true }, "ELBCrossZone": { "description": "With cross-zone load balancing, your load balancer nodes route traffic to the back-end instances across all Availability Zones. True to enable, false to disable. The default is true.", "type": "boolean" }, "ELBCookieExpirationPeriod": { "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieExpirationPeriod2": { "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieStickinessPolicyName": { "description": "A name for the cookie stickiness policy. The name must be unique within the set of policies for this load balancer.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBCookieStickinessPolicyName2": { "description": "A name for the second cookie stickiness policy. The name must be unique within the set of policies for this load balancer.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBHealthCheckHealthyThreshold": { "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "type": "number", "minimum": 2, "maximum": 10 }, "ELBHealthCheckInterval": { "description": "The approximate interval, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300 }, "ELBHealthCheckTarget": { "description": "The protocol, port, and path of the instance to check. For example, HTTP:80/weather/us/wa/seattle. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535.", "type": "string", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][a-zA-Z0-9/_.-]*$|^(SSL|TCP):[0-9]{1,5}$" }, "ELBHealthCheckTimeout": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for ELBHealthCheckInterval.", "type": "number", "minimum": 2, "maximum": 60 }, "ELBHealthCheckUnhealthyThreshold": { "description": "The number of consecutive health check failures required to declare an EC2 instance unhealthy.", "type": "number", "minimum": 2, "maximum": 10 }, "ELBIdleTimeout": { "description": "The time, in seconds, that a connection to the load balancer can remain idle, which means no data is sent over the connection. After the specified time, the load balancer closes the connection.", "type": "number", "minimum": 1, "maximum": 3600 }, "ELBInstancePort": { "description": "The TCP port the listener uses to send traffic to the target instance. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstancePort2": { "description": "The TCP port the optional second listener uses to send traffic to the target instance. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstanceProtocol": { "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance). Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBInstanceProtocol2": { "description": "The protocol the second listener uses for routing traffic to back-end connections (load balancer to backend instance). Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerPort": { "description": "The port number for the load balancer to use when routing external incoming traffic. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerPort2": { "description": "The port number for the load balancer to use when routing external incoming traffic on the second listener. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerProtocol": { "description": "The transport protocol to use for routing front-end connections (client to load balancer). Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerProtocol2": { "description": "The transport protocol to use for routing front-end connections (client to load balancer) on the second listener. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBSSLCertificateId": { "description": "The Amazon Resource Name (ARN) of the SSL certificate to use, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. This must be specified if the HTTPS or SSL protocol is specified for ELBLoadBalancerProtocol. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" }, "ELBSSLCertificateId2": { "description": "The Amazon Resource Name (ARN) of the SSL certificate to use for the optional second listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. Required only if a second listener is used and ELBLoadBalancerProtocol2 is either HTTPS or SSL. Changing this value during an update will cause the existing listener to be deleted and a new one created. Clients will be unable to connect during this time.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" } }, "metadata": { "ui:order": [ "ELBSubnetIds", "ELBBackendInstances", "ELBIdleTimeout", "ELBCrossZone", "ELBHealthCheckTarget", "ELBHealthCheckInterval", "ELBHealthCheckTimeout", "ELBHealthCheckHealthyThreshold", "ELBHealthCheckUnhealthyThreshold", "ELBCookieStickinessPolicyName", "ELBCookieExpirationPeriod", "ELBInstancePort", "ELBInstanceProtocol", "ELBLoadBalancerPort", "ELBLoadBalancerProtocol", "ELBSSLCertificateId", "ELBCookieExpirationPeriod2", "ELBCookieStickinessPolicyName2", "ELBInstancePort2", "ELBInstanceProtocol2", "ELBLoadBalancerPort2", "ELBLoadBalancerProtocol2", "ELBSSLCertificateId2" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "additionalProperties": false, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-0mss4i7neuj7f

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Security Policy", "description": "Update a security policy for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be UpdateSecurityPolicy.", "type": "string", "enum": [ "UpdateSecurityPolicy" ], "default": "UpdateSecurityPolicy" }, "Parameters": { "type": "object", "properties": { "SecurityPolicyName": { "description": "The name of the security policy. Must start with custom-sec-.", "type": "string", "pattern": "^custom-sec-[a-zA-Z0-9][a-zA-Z0-9-_]{0,51}$" }, "SourceAddressesToAdd": { "description": "A list of source addresses to add to the policy.", "type": "array", "items": { "type": "string", "pattern": "^([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)$" }, "minItems": 1, "maxItems": 50 }, "DestinationAddressesToAdd": { "description": "A list of destination addresses to add to the policy. Supply values for this parameter or for AllowListsToAdd, but not both.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)|((([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]))$" }, "minItems": 1, "maxItems": 50 }, "AllowListsToAdd": { "description": "A list of allowlists to add to the policy. Supply values for this parameter or for DestinationAddressesToAdd, but not both.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" }, "minItems": 1, "maxItems": 10 }, "ServicePortsToAdd": { "type": "object", "description": "A list of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) service ports to add.", "properties": { "TCPPortsToAdd": { "description": "A list of Transmission Control Protocol (TCP) service ports to add.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 }, "UDPPortsToAdd": { "description": "A list of User Datagram Protocol (UDP) service ports to add.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 } }, "metadata": { "ui:order": [ "TCPPortsToAdd", "UDPPortsToAdd" ] } }, "SourceAddressesToRemove": { "description": "A list of source addresses to remove from the policy.", "type": "array", "items": { "type": "string", "pattern": "^([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)$" }, "minItems": 1, "maxItems": 50 }, "DestinationAddressesToRemove": { "description": "A list of destination addresses to remove from the policy. Supply values for this parameter or for AllowListsToRemove, but not both.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+(/[0-9]{1,2})?)|((([a-zA-Z0-9][a-zA-Z0-9-_]{0,62}[a-zA-Z0-9]{0,1}))\\.){1,127}([a-zA-Z][a-zA-Z0-9\\-]{0,23}[a-zA-Z]))$" }, "minItems": 1, "maxItems": 50 }, "AllowListsToRemove": { "description": "A list of allowlists to remove from the policy. Supply values for this parameter or for DestinationAddressesToRemove, but not both.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9][a-zA-Z0-9-_]{0,62}$" }, "minItems": 1, "maxItems": 10 }, "ServicePortsToRemove": { "type": "object", "description": "A list of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) service ports to remove.", "properties": { "TCPPortsToRemove": { "description": "A list of Transmission Control Protocol (TCP) service ports to remove.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 }, "UDPPortsToRemove": { "description": "A list of User Datagram Protocol (UDP) service ports to remove.", "type": "array", "items": { "type": "integer", "minimum": 1, "maximum": 65535 }, "minItems": 1, "maxItems": 50 } }, "metadata": { "ui:order": [ "TCPPortsToRemove", "UDPPortsToRemove" ] } }, "ActionType": { "description": "The type of action the security policy will perform on outbound traffic that matches the policy's rules.", "type": "string", "enum": [ "Allow", "Deny" ] }, "EnablePolicy": { "description": "True to enable the security policy, false to disable it.", "type": "boolean" } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityPolicyName", "SourceAddressesToAdd", "DestinationAddressesToAdd", "AllowListsToAdd", "ServicePortsToAdd", "SourceAddressesToRemove", "DestinationAddressesToRemove", "AllowListsToRemove", "ServicePortsToRemove", "ActionType", "EnablePolicy" ] }, "required": [ "SecurityPolicyName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RequestType", "Parameters" ] }, "required": [ "RequestType", "Parameters" ] }

Schema for Change Type ct-0pgvtw5rpcsb6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS From Backup", "description": "Create an Amazon Relational Database Service (RDS) from a backup. When you restore a backup this way, the service-specific restore parameters are presented automatically.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC where the backup is stored, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-siqajx00000000000.", "type": "string", "enum": [ "stm-siqajx00000000000" ] }, "Name": { "description": "A name for the stack; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DBInstanceClass": { "description": "The compute and memory capacity for the DB instance. To inherit this value from the backup, use inherit.", "type": "string", "enum": [ "inherit", "db.m1.small", "db.m1.medium", "db.m1.large", "db.m1.xlarge", "db.m2.xlarge", "db.m2.2xlarge", "db.m2.4xlarge", "db.m3.medium", "db.m3.large", "db.m3.xlarge", "db.m3.2xlarge", "db.m4.large", "db.m4.xlarge", "db.m4.2xlarge", "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.t1.micro", "db.t2.micro", "db.t2.small", "db.t2.medium", "db.t2.large", "db.t2.xlarge", "db.t2.2xlarge" ], "default": "inherit" }, "DBInstanceIdentifier": { "description": "A name for the DB instance. If you specify a name, it is converted to lowercase. If you don't specify a name, a unique physical ID is generated and used for the DBInstanceIdentifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "default": "" }, "DBSnapshotIdentifier": { "description": "The name of the RDS DB backup to use, in the form awsbackup:job-00000000-0000-0000-0000-000000000000.", "type": "string" }, "DBSubnetIds": { "description": "Two or more subnet IDs for the DB instance, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "maxItems": 20, "uniqueItems": true } }, "metadata": { "ui:order": [ "DBInstanceClass", "DBInstanceIdentifier", "DBSnapshotIdentifier", "DBSubnetIds" ] }, "additionalProperties": false, "required": [ "DBSnapshotIdentifier", "DBSubnetIds" ] } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "Parameters" ] }

Schema for Change Type ct-0q0bic0ywqk6c

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete stack", "description": "Delete an existing stack and its resources from your account. The effects of deleting a resource vary. For details, see the appropriate AWS documentation for the resource. Note that termination protection on a resource in the stack causes the RFC to fail. To check for a resource's termination protection status, see the corresponding AWS console.", "type": "object", "properties": { "StackId": { "description": "The ID of the stack instance to delete, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of deleting the stack. This does not prolong the execution. If the delete is not completed in the specified time, the RFC is failed and you are notified that the delete is over time but continuing. The delete operation continues because delete operations cannot be rolled back. Set this timeout so you get notice of delete stack problems in a timely manner. Defaults to 60 if not provided.", "type": "number", "minimum": 0, "maximum": 720 } }, "additionalProperties": false, "required": [ "StackId" ] }

Schema for Change Type ct-0q43l40hxrzum

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Redshift cluster subnet group", "description": "Use to create a Redshift cluster subnet group.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-5rsvv3l4760usboci", "type": "string", "enum": [ "stm-5rsvv3l4760usboci" ], "default": "stm-5rsvv3l4760usboci" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "SubnetGroupDescription": { "type": "string", "description": "A description to help identify your cluster subnet group.", "minLength": 1, "maxLength": 255 }, "SubnetIds": { "type": "array", "minItems": 2, "uniqueItems": true, "description": "Two or more subnet IDs for the cluster subnet group, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" } } }, "metadata": { "ui:order": [ "SubnetGroupDescription", "SubnetIds" ] }, "required": [ "SubnetGroupDescription", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-0qbikxr9okwvy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create VPN Gateway", "description": "Create a virtual private network (VPN) gateway (the endpoint on the VPC side of your VPN connection), and associate it to an existing virtual private cloud (VPC) in your account.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-mcti3bha1vhon1sie", "type": "string", "enum": [ "stm-mcti3bha1vhon1sie" ], "default": "stm-mcti3bha1vhon1sie" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "VpcId": { "type": "string", "description": "The VPC ID to associate the VPN Gateway to.", "pattern": "^vpc-[0-9a-z]{17}|vpc-[0-9a-z]{8}$" }, "AmazonSideAsn": { "type": "integer", "description": "The private Autonomous System Number (ASN) for the Amazon side of a Border Gateway Protocol (BGP) session.", "default": 64512 }, "Name": { "type": "string", "description": "The tag Key name of the new VPN Gateway.", "pattern": "^[a-zA-Z0-9._-]+$", "minLength": 1, "maxLength": 255 } }, "metadata": { "ui:order": [ "VpcId", "AmazonSideAsn", "Name" ] }, "required": [ "VpcId" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0rmgrnr9w8mzh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove TGW Static Route", "description": "Remove the specified TGW static route from the specified transit gateway (TGW) route table. Use this multi-account landing zone (MALZ) change type only in a Networking account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveRouteFromTGWRouteTable.", "type": "string", "enum": [ "AWSManagedServices-RemoveRouteFromTGWRouteTable" ], "default": "AWSManagedServices-RemoveRouteFromTGWRouteTable" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "TransitGatewayRouteTableId": { "description": "The ID of the TGW route table.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1 }, "DestinationCidrBlock": { "description": "The IPV4 CIDR range used for destination matches.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2])){0,1}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayRouteTableId", "DestinationCidrBlock" ] }, "additionalProperties": false, "required": [ "TransitGatewayRouteTableId", "DestinationCidrBlock" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0tmpmp1wpgkr9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Detailed Monitoring", "description": "Update EC2 instances' detailed monitoring setting through direct API calls. The EC2 instances can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-38s4s4tm4ic4u instead, or ct-361tlo1k7339x if the EC2 instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateInstanceEnhancedMonitoring.", "type": "string", "enum": [ "AWSManagedServices-UpdateInstanceEnhancedMonitoring" ], "default": "AWSManagedServices-UpdateInstanceEnhancedMonitoring" }, "Region": { "description": "The AWS Region in which the EC2 instance is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceIds": { "description": "A list of up to 50 EC2 instance IDs, in the form i-1234567890abcdef0 or i-b188560f.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "MonitoringValue": { "description": "Enabled to turn on detailed monitoring for your instances. Disabled to turn off detailed monitoring for your instances and set it to basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring. Detailed monitoring does incur charges. For more information, see AWS CloudWatch documentation.", "type": "array", "items": { "type": "string", "enum": [ "enabled", "disabled" ] } } }, "metadata": { "ui:order": [ "InstanceIds", "MonitoringValue" ] }, "additionalProperties": false, "required": [ "InstanceIds", "MonitoringValue" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0tpbr6lfa3zng

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove ALB Listener Certificate", "description": "Remove a certificate from the specified Application Load Balancer (ALB) listener. Use the RemediateStackDrift parameter for the automation to try to remediate drift, if it is introduced.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveCertificateFromElbv2Listener.", "type": "string", "enum": [ "AWSManagedServices-RemoveCertificateFromElbv2Listener" ], "default": "AWSManagedServices-RemoveCertificateFromElbv2Listener" }, "Region": { "description": "The AWS Region where the application load balancer listener is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ListenerArn": { "description": "The Amazon Resource Name (ARN) of the listener in the form arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/sample/1234567890abcdfe/1234567890abcdfe.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):elasticloadbalancing:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:listener/[a-z]{3}/[A-Za-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "CertificateArn": { "description": "The Amazon Resource Name (ARN) of the certificate in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by removing the certificate from the Loadbalancer Listener. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to removing the certificate from the Loadbalancer Listener. Set to False to remove the certificate from the Loadbalancer Listener in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ListenerArn", "CertificateArn", "RemediateStackDrift" ] }, "additionalProperties": false, "required": [ "CertificateArn", "ListenerArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0ttx8eh3ice91

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete policy", "description": "Use to delete an S3 bucket policy.", "type": "object", "properties": { "BucketName": { "description": "S3 Bucket to delete the bucket policy from.", "type": "string", "pattern": "^[A-Za-z0-9][A-Za-z0-9\\-]{1,61}[A-Za-z0-9]$", "maxLength": 63 }, "Operation": { "description": "Must be Delete policy.", "type": "string", "default": "Delete policy", "enum": [ "Delete policy" ] }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "Operation", "Priority" ] }, "required": [ "BucketName", "Operation" ] }

Schema for Change Type ct-0vdiy51oyrhhm

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Offboard Application Account", "description": "Offboard the specified application account. Run this CT from the associated management account. Before submitting this change type, confirm the offboarding by submitting CT ct-2wlfo2jxj2rkj from the application account. Note offboarding is intended for account closure and cannot be undone.", "type": "object", "properties": { "RequestType": { "description": "Must be OffboardingExecution.", "type": "string", "enum": [ "OffboardingExecution" ], "default": "OffboardingExecution" }, "Parameters": { "type": "object", "properties": { "AccountId": { "description": "The unique identifier (ID) of the application account to offboard.", "type": "string", "pattern": "^[0-9]{12}$" }, "AccountEmail": { "description": "The email associated with the application account to offboard.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "Confirmation": { "description": "To offboard the provided application account, type 'Offboard and delete account resources for account closure' in the text input field.", "type": "string", "pattern": "Offboard and delete account resources for account closure" } }, "additionalProperties": false, "metadata": { "ui:order": [ "AccountId", "AccountEmail", "Confirmation" ] }, "required": [ "AccountId", "AccountEmail", "Confirmation" ] } }, "metadata": { "ui:order": [ "Parameters", "RequestType" ] }, "additionalProperties": false, "required": [ "Parameters", "RequestType" ] }

Schema for Change Type ct-0vevjppj9eta4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Encrypt EBS By Default", "description": "Set Amazon Elastic Block Store (EBS) to enforce the encryption. After you enable encryption by default, the EBS volumes that you create and snapshot copies are always encrypted, either using the KMS key configured as default for EBS encryption or the key that you specified when you created each volume.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EncryptEBSByDefault.", "type": "string", "enum": [ "AWSManagedServices-EncryptEBSByDefault" ], "default": "AWSManagedServices-EncryptEBSByDefault" }, "Region": { "description": "The AWS Region to enable EBS encryption by default in, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" } }, "metadata": { "ui:order": [ "DocumentName", "Region" ] }, "required": [ "DocumentName", "Region" ], "additionalProperties": false }

Schema for Change Type ct-0vzsr2nyraedl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Public DNS Record", "description": "Create a new Route 53 DNS resource record set and a new public hosted zone for a VPC, and configure traffic routing.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DomainName": { "description": "A domain name for the hosted zone. The name can contain only lowercase letters, numbers, hyphens (-), and a dot (.). For example, mycorp.com", "type": "string", "minLength": 2, "pattern": "^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,255}$" }, "DomainType": { "description": "Must be 'public'", "type": "string", "enum": [ "public" ], "default": "public" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "DomainName", "DomainType", "RecordSet" ] }, "required": [ "DomainName", "DomainType", "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0wglhholzo0uw

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Network Load Balancer", "description": "Update the properties of an existing Network Load Balancer.", "type": "object", "properties": { "VpcId": { "description": "The ID of the VPC where the Network Load Balancer is, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Network Load Balancer that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10" }, "HealthCheckIntervalSeconds": { "type": "string", "description": "The approximate interval, in seconds, between health checks.", "enum": [ "10", "30" ] }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests. This is only applicable if HealthCheckTargetProtocol = HTTP or HTTPS." }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "([0-9]{1,5})?" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS", "TCP" ] }, "CrossZoneEnabled": { "type": "string", "description": "True if cross-zone load balancing is enabled. False if it is not.", "enum": [ "true", "false" ] }, "SubnetIds": { "type": "array", "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef. Please note that if you update SubnetIds, the new value must contain all of the required SubnetIds for the NLB, the new ones and the ones used before.", "items": { "type": "string" } }, "ProxyProtocolV2": { "type": "string", "description": "True if proxy protocol version 2 is enabled. False if it is not.", "enum": [ "true", "false" ] }, "DeregistrationDelayTimeoutSeconds": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})" }, "Target1ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target1ID is outside the VPC. Leave blank if TargetType = instance." }, "Target2ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target2ID is outside the VPC. Leave blank if TargetType = instance." }, "Target3ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target3ID is outside the VPC. Leave blank if TargetType = instance." }, "Target4ID": { "type": "string", "description": "The ID of the EC2 instance to register a target if the TargetType = instance, in the form i-0123abcd or i-01234567890abcdef. Leave blank if you don't need to register a target." }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic." }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. Use an Availability Zone name if the target receives traffic from the load balancer nodes in the specified Availability Zone. Use all if the traffic is received from all enabled Availability Zones for the load balancer and the TargetType = ip and the IP address in Target4ID is outside the VPC. Leave blank if TargetType = instance." } }, "metadata": { "ui:order": [ "ProxyProtocolV2", "DeregistrationDelayTimeoutSeconds", "CrossZoneEnabled", "SubnetIds", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckIntervalSeconds", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0wspy4o646g9p

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add DSM Read-Only Login", "description": "Request a read-only login to the Trend Micro console for your account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateEPSDSMReadOnlyUser.", "type": "string", "enum": [ "AWSManagedServices-CreateEPSDSMReadOnlyUser" ], "default": "AWSManagedServices-CreateEPSDSMReadOnlyUser" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "Parameters": { "type": "object", "properties": { "Username": { "description": "The username for the EPS user. The name can be up to 50 characters in length.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,50}$" }, "minItems": 1, "maxItems": 1 }, "FullName": { "description": "The full name for the EPS user. The name can be up to 50 characters in length.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,50}$" }, "minItems": 0, "maxItems": 1 }, "Description": { "description": "The description for the EPS user. The description can be up to 150 characters in length.", "type": "array", "items": { "type": "string", "pattern": "^$|^[ a-zA-Z0-9._\\-:/()#,@\\[\\]+=&;{}!$\\*]{1,150}$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "Username", "FullName", "Description" ] }, "additionalProperties": false, "required": [ "Username" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0x6dylrnfjgz5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Active Directory Trust", "description": "Create a one-way trust between On-Prem Domain and (AWS) Managed Active Directory. For multi-account landing zone (MALZ), use this change type in the shared services account. Before creating the trust, you need to make sure that the following prerequisites are met: 1. You must create the AD trust first on the On-Prem Domain and save the trust password in the Secrets Manager. 2. You must set up a Managed Active Directory (MAD) Security Group with an outbound rule that allows all traffic to On-Prem CIDR ranges.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateADTrust.", "type": "string", "enum": [ "AWSManagedServices-CreateADTrust" ], "default": "AWSManagedServices-CreateADTrust" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "DirectoryId": { "description": "The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.", "type": "string", "pattern": "^d-[0-9a-f]{10}$" }, "RemoteDomainName": { "description": "The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.", "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "SecretArn": { "description": "ARN of the secret where the AD trust password is stored. The secret must be stored as a string value not as a key/value pair. The secret name must be prefixed with customer-shared/; for example, customer-shared/trustpassword.", "type": "string", "pattern": "arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z]{2}-[a-z]+-[0-9]{1}:\\d{12}:secret:([cC][uU][sS][tT][oO][mM][eE][rR]-[sS][hH][aA][rR][eE][dD])[\\w/_+=.@-]{1,512}" }, "TrustType": { "description": "The trust relationship type.", "type": "string", "enum": [ "Forest", "External" ] }, "ConditionalForwarderIpAddresses": { "description": "A comma-delimited list of one or more IP addresses of the remote DNS server associated with RemoteDomainName.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(,(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))*$" } }, "metadata": { "ui:order": [ "DirectoryId", "RemoteDomainName", "SecretArn", "TrustType", "ConditionalForwarderIpAddresses" ] }, "additionalProperties": false, "required": [ "DirectoryId", "RemoteDomainName", "SecretArn", "TrustType", "ConditionalForwarderIpAddresses" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-0xdawir96cy7k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update other", "description": "Use to request a manual update to a resource.", "type": "object", "properties": { "Comment": { "description": "The description of the change.", "type": "string", "maxLength": 5000 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "RelatedIds": { "description": "(Optional) IDs of resources related to the change request.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 1000, "uniqueItems": true } }, "additionalProperties": false, "required": [ "Comment" ], "metadata": { "ui:order": [ "Comment", "RelatedIds", "Priority" ] } }

Schema for Change Type ct-0xi6q7uwuwrqe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Cache (ElastiCache Memcached) stack", "description": "Use to create an Amazon ElastiCache cluster (one or more cache nodes) that uses the Memcached engine, and specify CloudWatch metrics and alarms for the cluster.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sfpo2o00000000000.", "type": "string", "enum": [ "stm-sfpo2o00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ElastiCacheAutoMinorVersionUpgrade": { "description": "True for minor engine upgrades to be applied automatically to the cache cluster during the specified ElastiCachePreferredMaintenanceWindow, false for the upgrades to not be applied automatically. Default is true.", "type": "boolean", "default": true }, "ElastiCacheAvailabilityZones": { "description": "One or more Availability Zones where cache nodes will be created.", "type": "array", "items": { "type": "string" }, "minItems": 1 }, "ElastiCacheClusterName": { "description": "A name for the cache cluster.", "type": "string", "minLength": 1, "maxLength": 20, "pattern": "^[a-zA-Z][a-zA-Z0-9-]{0,18}[a-zA-Z0-9]$|^[a-zA-Z]$" }, "ElastiCacheCPUThresholdAlarmOverride": { "description": "The optional value for the CPUUtilization metric maximum threshold to use instead of the default value for the instance type.", "type": "number", "default": 0, "minimum": 0, "maximum": 100 }, "ElastiCacheEngine": { "description": "Must be memcached.", "type": "string", "enum": [ "memcached" ] }, "ElastiCacheEngineVersion": { "description": "The version of the Memcached engine to be used for this cluster.", "type": "string" }, "ElastiCacheInstanceType": { "description": "The compute and memory capacity of nodes in the cache cluster.", "type": "string", "default": "cache.t3.micro" }, "ElastiCacheMultiAZ": { "description": "True for the nodes to be created in a single Availability Zone, false for them to be created across multiple Availability Zones in the cluster's region. Default is false.", "type": "boolean", "default": false }, "ElastiCacheNumberOfNodes": { "description": "The number of cache nodes that the Memcached cluster should have.", "type": "number", "default": 1, "minimum": 1, "maximum": 20 }, "ElastiCachePort": { "description": "The port number on which each of the cache nodes will accept connections.", "type": "number", "minimum": 0, "maximum": 65535, "default": 11211 }, "ElastiCachePreferredMaintenanceWindow": { "description": "The weekly time range (in UTC) during which system maintenance can occur. For example, you can specify: sun:02:00-sun:04:00.", "type": "string", "pattern": "^(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]-(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]$" }, "ElastiCacheSubnetGroup": { "description": "The name of the subnet group to associate with the cluster.", "type": "string", "minLength": 1, "maxLength": 255, "pattern": "^[a-z0-9-]{1,255}$" }, "ElastiCacheSubnetIds": { "description": "One or more subnet IDs for the cache cluster, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1 }, "SecurityGroups": { "description": "One or more VPC security groups to associate with the cluster, in the form sg-0123abcd or sg-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1 } }, "additionalProperties": false, "required": [ "ElastiCacheAvailabilityZones", "ElastiCacheClusterName", "ElastiCacheEngine", "ElastiCacheSubnetIds" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "Parameters", "TimeoutInMinutes" ] }

Schema for Change Type ct-0xqwmtn1hfh8u

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Resource Tags", "description": "Update tags on existing, tagged resources: Autoscaling, EC2, Elastic Load Balancing, RDS, S3 buckets and Redshift clusters. Additionally, CloudWatch LogGroups that do not belong to a CloudFormation stack are supported. AMS infrastructure stacks (stacks named mc-*) cannot have tags updated with this change type.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateTags.", "type": "string", "enum": [ "AWSManagedServices-UpdateTags" ], "default": "AWSManagedServices-UpdateTags" }, "Region": { "description": "The AWS Region where the tagged resources are, in the form us-east-1.", "type": "string", "pattern": "^[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}$" }, "Parameters": { "type": "object", "properties": { "ResourceArns": { "description": "A list of up to 50 Amazon resource names (ARNs), or the resource IDs, of the resources with tags to be updated. Use resource ID only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. Use the full ARN for all other supported resource types.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:(autoscaling|ec2|elasticloadbalancing|logs|rds|s3|redshift):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):.*)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource, in the form {\"Key\":\"TagKey1\",\"Value\":\"TagValue1\"}. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "string", "pattern": "^\\{\\}$|^\\{\"Key\":\"((aws-migration-project-id)|(?![aA][mMwW][sS])[\\x00-\\x7F+]{1,128})\",\"Value\":\"[\\x00-\\x7F+]{0,255}\"\\}" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RemoveTags": { "description": "Up to fifty tag Keys to remove from the specified resource.", "type": "array", "items": { "type": "string", "pattern": "^((aws-migration-project-id)|(?![aA][mMwW][sS])[\\x00-\\x7F+]{1,128})$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "ResourceArns", "AddOrUpdateTags", "RemoveTags" ] }, "required": [ "ResourceArns" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Region", "Parameters", "DocumentName" ] }, "additionalProperties": false, "required": [ "Region", "DocumentName", "Parameters" ] }

Schema for Change Type ct-0ywnhc8e5k9z5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Deploy AMS Resource Scheduler", "description": "Deploy the AMS Resource Scheduler solution in the account. The AMS Resource Scheduler lets you schedule automatic start and/or stop for Auto Scaling groups, EC2s, and RDS instances. Note that the Resource Scheduler deploys in an enabled state, by default; you can manage that with the AMS Resource Scheduler Disable and Enable change types.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAMSResourceSchedulerStack-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" ], "default": "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" }, "Region": { "description": "The AWS Region of the account for the AMS Resource Scheduler solution to be deployed, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SchedulingActive": { "description": "Yes to enable the Resource Scheduler. No to disable it. The default is Yes. Use Resource Scheduler enable (ct-2wrvu4kca9xky) and disable (ct-14v49adibs4db) change types to manage state.", "type": "array", "items": { "type": "string", "enum": [ "Yes", "No" ] }, "minItems": 1, "maxItems": 1 }, "ScheduledServices": { "description": "Comma-separated list of scheduled services. Use a combination of AutoScaling, EC2, and RDS.", "type": "array", "items": { "type": "string", "pattern": "^$|(^(ec2|rds|autoscaling)(,(ec2|rds|autoscaling)){0,2}$)" }, "minItems": 1, "maxItems": 1 }, "TagName": { "description": "The name of the tag key to use to associate the instance schedule schemas with service resources. Default is Schedule.", "type": "array", "items": { "type": "string", "pattern": "^$|^(?!(aws:|ams:))[a-zA-Z0-9+-=._:/@]{1,127}$" }, "minItems": 1, "maxItems": 1 }, "UseCMK": { "description": "Comma-separated list of Customer Managed Key (CMK) Amazon Resource Names (ARNs) in format arn:<partition>:kms:<region>:<account-id>:key/<key-id> to grant Resource Scheduler permission to. These are CMK that are used to encrypt EBS volumes on EC2 instances.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:(aws|aws-cn|aws-us-gov):kms:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:key/[a-z0-9\\-]+)$" }, "minItems": 1, "maxItems": 20 }, "UseLicenseManager": { "description": "Comma-separated list of AWS License Manager license ARNs to grant Resource Scheduler permission to. These are software or vendor licenses that EC2 instances are configured with.", "type": "array", "items": { "type": "string", "pattern": "^(|arn:(aws|aws-cn|aws-us-gov):license-manager:([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:license-configuration(/|:)lic-.*)$" }, "minItems": 1, "maxItems": 20 }, "DefaultTimezone": { "description": "The name of the timezone, in the form US/Pacific, to be used as the default timezone. The default is UTC.", "type": "array", "items": { "type": "string", "enum": [ "Africa/Abidjan", "Africa/Accra", "Africa/Addis_Ababa", "Africa/Algiers", "Africa/Asmara", "Africa/Bamako", "Africa/Bangui", "Africa/Banjul", "Africa/Bissau", "Africa/Blantyre", "Africa/Brazzaville", "Africa/Bujumbura", "Africa/Cairo", "Africa/Casablanca", "Africa/Ceuta", "Africa/Conakry", "Africa/Dakar", "Africa/Dar_es_Salaam", "Africa/Djibouti", "Africa/Douala", "Africa/El_Aaiun", "Africa/Freetown", "Africa/Gaborone", "Africa/Harare", "Africa/Johannesburg", "Africa/Juba", "Africa/Kampala", "Africa/Khartoum", "Africa/Kigali", "Africa/Kinshasa", "Africa/Lagos", "Africa/Libreville", "Africa/Lome", "Africa/Luanda", "Africa/Lubumbashi", "Africa/Lusaka", "Africa/Malabo", "Africa/Maputo", "Africa/Maseru", "Africa/Mbabane", "Africa/Mogadishu", "Africa/Monrovia", "Africa/Nairobi", "Africa/Ndjamena", "Africa/Niamey", "Africa/Nouakchott", "Africa/Ouagadougou", "Africa/Porto-Novo", "Africa/Sao_Tome", "Africa/Tripoli", "Africa/Tunis", "Africa/Windhoek", "America/Adak", "America/Anchorage", "America/Anguilla", "America/Antigua", "America/Araguaina", "America/Argentina/Buenos_Aires", "America/Argentina/Catamarca", "America/Argentina/Cordoba", "America/Argentina/Jujuy", "America/Argentina/La_Rioja", "America/Argentina/Mendoza", "America/Argentina/Rio_Gallegos", "America/Argentina/Salta", "America/Argentina/San_Juan", "America/Argentina/San_Luis", "America/Argentina/Tucuman", "America/Argentina/Ushuaia", "America/Aruba", "America/Asuncion", "America/Atikokan", "America/Bahia", "America/Bahia_Banderas", "America/Barbados", "America/Belem", "America/Belize", "America/Blanc-Sablon", "America/Boa_Vista", "America/Bogota", "America/Boise", "America/Cambridge_Bay", "America/Campo_Grande", "America/Cancun", "America/Caracas", "America/Cayenne", "America/Cayman", "America/Chicago", "America/Chihuahua", "America/Costa_Rica", "America/Creston", "America/Cuiaba", "America/Curacao", "America/Danmarkshavn", "America/Dawson", "America/Dawson_Creek", "America/Denver", "America/Detroit", "America/Dominica", "America/Edmonton", "America/Eirunepe", "America/El_Salvador", "America/Fortaleza", "America/Glace_Bay", "America/Godthab", "America/Goose_Bay", "America/Grand_Turk", "America/Grenada", "America/Guadeloupe", "America/Guatemala", "America/Guayaquil", "America/Guyana", "America/Halifax", "America/Havana", "America/Hermosillo", "America/Indiana/Indianapolis", "America/Indiana/Knox", "America/Indiana/Marengo", "America/Indiana/Petersburg", "America/Indiana/Tell_City", "America/Indiana/Vevay", "America/Indiana/Vincennes", "America/Indiana/Winamac", "America/Inuvik", "America/Iqaluit", "America/Jamaica", "America/Juneau", "America/Kentucky/Louisville", "America/Kentucky/Monticello", "America/Kralendijk", "America/La_Paz", "America/Lima", "America/Los_Angeles", "America/Lower_Princes", "America/Maceio", "America/Managua", "America/Manaus", "America/Marigot", "America/Martinique", "America/Matamoros", "America/Mazatlan", "America/Menominee", "America/Merida", "America/Metlakatla", "America/Mexico_City", "America/Miquelon", "America/Moncton", "America/Monterrey", "America/Montevideo", "America/Montreal", "America/Montserrat", "America/Nassau", "America/New_York", "America/Nipigon", "America/Nome", "America/Noronha", "America/North_Dakota/Beulah", "America/North_Dakota/Center", "America/North_Dakota/New_Salem", "America/Ojinaga", "America/Panama", "America/Pangnirtung", "America/Paramaribo", "America/Phoenix", "America/Port-au-Prince", "America/Port_of_Spain", "America/Porto_Velho", "America/Puerto_Rico", "America/Rainy_River", "America/Rankin_Inlet", "America/Recife", "America/Regina", "America/Resolute", "America/Rio_Branco", "America/Santa_Isabel", "America/Santarem", "America/Santiago", "America/Santo_Domingo", "America/Sao_Paulo", "America/Scoresbysund", "America/Sitka", "America/St_Barthelemy", "America/St_Johns", "America/St_Kitts", "America/St_Lucia", "America/St_Thomas", "America/St_Vincent", "America/Swift_Current", "America/Tegucigalpa", "America/Thule", "America/Thunder_Bay", "America/Tijuana", "America/Toronto", "America/Tortola", "America/Vancouver", "America/Whitehorse", "America/Winnipeg", "America/Yakutat", "America/Yellowknife", "Antarctica/Casey", "Antarctica/Davis", "Antarctica/DumontDUrville", "Antarctica/Macquarie", "Antarctica/Mawson", "Antarctica/McMurdo", "Antarctica/Palmer", "Antarctica/Rothera", "Antarctica/Syowa", "Antarctica/Vostok", "Arctic/Longyearbyen", "Asia/Aden", "Asia/Almaty", "Asia/Amman", "Asia/Anadyr", "Asia/Aqtau", "Asia/Aqtobe", "Asia/Ashgabat", "Asia/Baghdad", "Asia/Bahrain", "Asia/Baku", "Asia/Bangkok", "Asia/Beirut", "Asia/Bishkek", "Asia/Brunei", "Asia/Choibalsan", "Asia/Chongqing", "Asia/Colombo", "Asia/Damascus", "Asia/Dhaka", "Asia/Dili", "Asia/Dubai", "Asia/Dushanbe", "Asia/Gaza", "Asia/Harbin", "Asia/Hebron", "Asia/Ho_Chi_Minh", "Asia/Hong_Kong", "Asia/Hovd", "Asia/Irkutsk", "Asia/Jakarta", "Asia/Jayapura", "Asia/Jerusalem", "Asia/Kabul", "Asia/Kamchatka", "Asia/Karachi", "Asia/Kashgar", "Asia/Kathmandu", "Asia/Khandyga", "Asia/Kolkata", "Asia/Krasnoyarsk", "Asia/Kuala_Lumpur", "Asia/Kuching", "Asia/Kuwait", "Asia/Macau", "Asia/Magadan", "Asia/Makassar", "Asia/Manila", "Asia/Muscat", "Asia/Nicosia", "Asia/Novokuznetsk", "Asia/Novosibirsk", "Asia/Omsk", "Asia/Oral", "Asia/Phnom_Penh", "Asia/Pontianak", "Asia/Pyongyang", "Asia/Qatar", "Asia/Qyzylorda", "Asia/Rangoon", "Asia/Riyadh", "Asia/Sakhalin", "Asia/Samarkand", "Asia/Seoul", "Asia/Shanghai", "Asia/Singapore", "Asia/Taipei", "Asia/Tashkent", "Asia/Tbilisi", "Asia/Tehran", "Asia/Thimphu", "Asia/Tokyo", "Asia/Ulaanbaatar", "Asia/Urumqi", "Asia/Ust-Nera", "Asia/Vientiane", "Asia/Vladivostok", "Asia/Yakutsk", "Asia/Yekaterinburg", "Asia/Yerevan", "Atlantic/Azores", "Atlantic/Bermuda", "Atlantic/Canary", "Atlantic/Cape_Verde", "Atlantic/Faroe", "Atlantic/Madeira", "Atlantic/Reykjavik", "Atlantic/South_Georgia", "Atlantic/St_Helena", "Atlantic/Stanley", "Australia/Adelaide", "Australia/Brisbane", "Australia/Broken_Hill", "Australia/Currie", "Australia/Darwin", "Australia/Eucla", "Australia/Hobart", "Australia/Lindeman", "Australia/Lord_Howe", "Australia/Melbourne", "Australia/Perth", "Australia/Sydney", "Canada/Atlantic", "Canada/Central", "Canada/Eastern", "Canada/Mountain", "Canada/Newfoundland", "Canada/Pacific", "Europe/Amsterdam", "Europe/Andorra", "Europe/Athens", "Europe/Belgrade", "Europe/Berlin", "Europe/Bratislava", "Europe/Brussels", "Europe/Bucharest", "Europe/Budapest", "Europe/Busingen", "Europe/Chisinau", "Europe/Copenhagen", "Europe/Dublin", "Europe/Gibraltar", "Europe/Guernsey", "Europe/Helsinki", "Europe/Isle_of_Man", "Europe/Istanbul", "Europe/Jersey", "Europe/Kaliningrad", "Europe/Kiev", "Europe/Lisbon", "Europe/Ljubljana", "Europe/London", "Europe/Luxembourg", "Europe/Madrid", "Europe/Malta", "Europe/Mariehamn", "Europe/Minsk", "Europe/Monaco", "Europe/Moscow", "Europe/Oslo", "Europe/Paris", "Europe/Podgorica", "Europe/Prague", "Europe/Riga", "Europe/Rome", "Europe/Samara", "Europe/San_Marino", "Europe/Sarajevo", "Europe/Simferopol", "Europe/Skopje", "Europe/Sofia", "Europe/Stockholm", "Europe/Tallinn", "Europe/Tirane", "Europe/Uzhgorod", "Europe/Vaduz", "Europe/Vatican", "Europe/Vienna", "Europe/Vilnius", "Europe/Volgograd", "Europe/Warsaw", "Europe/Zagreb", "Europe/Zaporozhye", "Europe/Zurich", "GMT", "Indian/Antananarivo", "Indian/Chagos", "Indian/Christmas", "Indian/Cocos", "Indian/Comoro", "Indian/Kerguelen", "Indian/Mahe", "Indian/Maldives", "Indian/Mauritius", "Indian/Mayotte", "Indian/Reunion", "Pacific/Apia", "Pacific/Auckland", "Pacific/Chatham", "Pacific/Chuuk", "Pacific/Easter", "Pacific/Efate", "Pacific/Enderbury", "Pacific/Fakaofo", "Pacific/Fiji", "Pacific/Funafuti", "Pacific/Galapagos", "Pacific/Gambier", "Pacific/Guadalcanal", "Pacific/Guam", "Pacific/Honolulu", "Pacific/Johnston", "Pacific/Kiritimati", "Pacific/Kosrae", "Pacific/Kwajalein", "Pacific/Majuro", "Pacific/Marquesas", "Pacific/Midway", "Pacific/Nauru", "Pacific/Niue", "Pacific/Norfolk", "Pacific/Noumea", "Pacific/Pago_Pago", "Pacific/Palau", "Pacific/Pitcairn", "Pacific/Pohnpei", "Pacific/Port_Moresby", "Pacific/Rarotonga", "Pacific/Saipan", "Pacific/Tahiti", "Pacific/Tarawa", "Pacific/Tongatapu", "Pacific/Wake", "Pacific/Wallis", "US/Alaska", "US/Arizona", "US/Central", "US/Eastern", "US/Hawaii", "US/Mountain", "US/Pacific", "UTC" ] }, "minItems": 1, "maxItems": 1 }, "Action": { "description": "Must be Deploy.", "type": "array", "items": { "type": "string", "enum": [ "Deploy" ], "default": "Deploy" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SchedulingActive", "ScheduledServices", "TagName", "DefaultTimezone", "UseCMK", "UseLicenseManager", "Action" ] }, "required": [ "Action" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-0zko7t3rk2efb

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Resource Tags (Review Required)", "description": "Add tags to, update tags on, or remove tags from, existing, supported, resources except those in AMS infrastructure stacks (stacks named mc-*). Tags simplify categorization, identification and targeting AWS resources. Use BulkUpdate if you have >50 tags to manage. For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use automated CT ct-0xqwmtn1hfh8u.", "type": "object", "properties": { "Resources": { "description": "Parameters for up to fifty resources for tag management.", "type": "array", "items": { "type": "object", "properties": { "ResourceArn": { "description": "The ARN or the resource ID of the resource to be tagged. Resource ID is allowed only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. All other resource types must be provided with the full ARN.", "type": "string", "pattern": "^arn:aws:(|[a-z][a-z0-9-]+):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):([^,\\s]+)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "AddOrUpdateTags": { "description": "Up to fifty tags (key/value pairs) to add to, or update for, the specified resources. If the tag exists, the value for it is overwritten. If the tag does not exist, it is added to the resource. Characters allowed in tags can vary by AWS service. For information about what characters can be used to tag resources in a particular AWS service, please refer to its documentation. In general, allowed characters in tags are letters, numbers, spaces and the following characters: _ . : / = + - @.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RemoveTags": { "description": "Up to fifty tag Keys to remove from the specified resource.", "type": "array", "items": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "ResourceArn", "AddOrUpdateTags", "RemoveTags" ] }, "required": [ "ResourceArn" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Resources", "Priority" ] }, "required": [ "Resources" ] }

Schema for Change Type ct-1078jhyxq32dp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove Service Principal Name", "description": "Remove the Service Principal Name (SPN) associated with a specified hostname or host alias in Microsoft Active Directory. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-RemoveADComputerSPN-Admin", "type": "string", "enum": [ "AWSManagedServices-RemoveADComputerSPN-Admin" ], "default": "AWSManagedServices-RemoveADComputerSPN-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Hostname": { "description": "The hostname of the computer tagged with the SPN.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" }, "minItems": 1, "maxItems": 1 }, "ServiceType": { "description": "The type of service, such as MSSQLSvc, HTTP, TERMSRV, HOST, WSMAN, RestrictedKrbHost.", "type": "array", "items": { "type": "string", "enum": [ "MSSQLSvc", "HTTP", "TERMSRV", "HOST", "WSMAN", "RestrictedKrbHost" ], "default": "HOST" }, "minItems": 1, "maxItems": 1 }, "AliasName": { "description": "The alias associated with the host.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" } }, "GroupManagedServiceAccountName": { "description": "The group Managed Service Account (gMSA) name used to run the specified ServiceType.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_]{1,15}$" } }, "Port": { "description": "The port the service utilizes; for example, 1433.", "type": "array", "items": { "type": "string", "pattern": "^\\$?()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$" } } }, "metadata": { "ui:order": [ "Hostname", "ServiceType", "AliasName", "GroupManagedServiceAccountName", "Port" ] }, "additionalProperties": false, "required": [ "Hostname", "ServiceType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-111fhplhx9axe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Revoke Egress Rule", "description": "Revoke the egress rule for the specified security group (SG). You must specify the configurations of the egress rule that you are revoking. Note that, once revoked, the egress rule is permanently deleted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RevokeSecurityGroupEgressRule", "type": "string", "enum": [ "AWSManagedServices-RevokeSecurityGroupEgressRule" ], "default": "AWSManagedServices-RevokeSecurityGroupEgressRule" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the egress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Destination": { "description": "An IP address, in the form 255.255.255.255, or an IP address range in CIDR notation, in the form 255.255.255.255/32, or the ID of another security group in the same region; or self to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$|^self$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Destination" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-111r1yayblnw4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Load Balancer", "description": "Create an AWS Application Load Balancer (ALB), with additional listeners.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The ID of the VPC where you want the ALB, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-sd7uv500000000000", "type": "string", "enum": [ "stm-sd7uv500000000000" ], "default": "stm-sd7uv500000000000" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 360 }, "LoadBalancer": { "type": "object", "properties": { "Name": { "type": "string", "description": "A friendly name for the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with \"internal-\". If you don't specify a name a unique physical ID is generated for the load balancer.", "pattern": "^(?!internal-)(?!-)([0-9a-zA-Z\\-]{0,32})[^\\-]$|^$" }, "SecurityGroups": { "description": "A list of security groups to associate with the load balancer.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "uniqueItems": true }, "SubnetIds": { "description": "A list of subnet IDs that the Elastic Load Balancing creates load balancer nodes in. You must specify subnets from at least two Availability Zones. For an internet-facing load balancer provide a public subnet ID, for an internal load balancer we recommend private subnet IDs.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 2, "uniqueItems": true }, "Public": { "type": "string", "description": "True if the load balancer endpoint is public, false if it is private.", "enum": [ "true", "false" ], "default": "false" }, "DeletionProtection": { "type": "string", "description": "True to enable deletion protection, false to not. Default is false.", "enum": [ "true", "false" ], "default": "false" }, "IdleTimeout": { "type": "string", "description": "How long the load balancer front-end connection (client to load balancer) can be idle (not receiving data) before the connection is automatically closed.", "pattern": "^([1-9][0-9]{0,2}|[1-3][0-9]{3}|4000)$", "default": "60" } }, "metadata": { "ui:order": [ "Name", "Public", "SecurityGroups", "SubnetIds", "IdleTimeout", "DeletionProtection" ] }, "required": [ "SecurityGroups", "SubnetIds" ], "additionalProperties": false }, "Listener1": { "type": "object", "properties": { "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. For details on default AWS security policies, see AWS documentation for ALBs.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] } }, "metadata": { "ui:order": [ "Port", "Protocol", "SSLCertificateArn", "SSLPolicy" ] }, "required": [ "Port", "Protocol" ], "additionalProperties": false }, "Listener2": { "type": "object", "properties": { "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "pattern": "^$|^(HTTP|HTTPS)$" }, "SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. See AWS documentation for ALBs for details on default AWS security policies.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] } }, "metadata": { "ui:order": [ "Port", "Protocol", "SSLCertificateArn", "SSLPolicy" ] }, "additionalProperties": false }, "TargetGroup": { "type": "object", "properties": { "Name": { "type": "string", "description": "An optional friendly name for the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with \"internal-\". If you don't specify a name a unique physical ID is generated for the target group.", "pattern": "^(?!internal-)(?!-)([0-9a-zA-Z\\-]{0,32})[^\\-]$|^$", "default": "" }, "HealthCheckInterval": { "type": "string", "description": "The approximate amount of time, in seconds, between health checks of an individual target. The range is 5 to 300 seconds.", "pattern": "^([5-9]|[1-8][0-9]|9[0-9]|[12][0-9]{2}|300)$", "default": "10" }, "HealthCheckPath": { "type": "string", "description": "The ping path destination where Elastic Load Balancing sends health check requests.", "default": "/", "pattern": "^(/?[a-z0-9\\-._~%!$&'()*+,;=@]+(/[a-z0-9\\-._~%!$&'()*+,;=:@]+)*/?|/){1,1024}$" }, "HealthCheckPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which is the port on which each target receives traffic from the load balancer.", "pattern": "^$|^([0-9]{1,5})$" }, "HealthCheckProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "^(60|[1-5]{1}[0-9]{1}|[2-9]{1})$" }, "HealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the Healthy state.", "pattern": "^([2-9]{1}|10)$", "default": "2" }, "UnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the Unhealthy state.", "pattern": "^([2-9]{1}|10)$", "default": "10" }, "ValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^(([2-4]{1}[0-9]{2}($|-|,))+)$", "default": "200" }, "TargetPort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$", "default": "80" }, "TargetProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. Valid value ranges from 0 to 3600. The default value is 300 seconds.", "pattern": "^(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})$", "default": "300" }, "SlowStartDuration": { "type": "string", "description": "The time period, in the range 30-900 seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic", "pattern": "^([3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0)$|^$" }, "CookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "^([1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800)$|^$" }, "TargetType": { "type": "string", "description": "The type of target that you must specify when registering targets with this target group.", "enum": [ "instance", "ip" ], "default": "instance" } }, "metadata": { "ui:order": [ "Name", "TargetType", "TargetPort", "TargetProtocol", "HealthCheckInterval", "HealthCheckPath", "HealthCheckPort", "HealthCheckProtocol", "HealthCheckTimeout", "HealthyThreshold", "UnhealthyThreshold", "ValidHTTPCode", "DeregistrationDelayTimeout", "SlowStartDuration", "CookieExpirationPeriod" ] }, "additionalProperties": false }, "HealthyHostsAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 5.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "5" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the HealthyHostCount metric. Valid values are any multiple of 60 (including 60). The default value is 60 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "60" }, "Threshold": { "type": "string", "description": "The minimum number of healthy instances associated to the load balancer within an evaluation period for the alarm to trigger. 0 means at least 1 healthy instance required for not alarming.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false }, "HTTPCodeELB5XXCountAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 3.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "3" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the HTTPCode_ELB_5XX_Count metric. Valid values are any multiple of 60 (including 60). The default value is 300 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "300" }, "Threshold": { "type": "string", "description": "The number of HTTP 5XX server error codes that originate from the load balancer that must be exceedeed within an evaluation period for the alarm to trigger.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false }, "TargetConnectionErrorsAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 3.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "3" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the TargetConnectionErrorCount metric. Valid values are any multiple of 60 (including 60). The default value is 300 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "300" }, "Threshold": { "type": "string", "description": "The number of unsuccessful connections between the load balancer and the Target Group that must be exceedeed within an evaluation period for the alarm to trigger.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false }, "RejectedConnectionCountAlarm": { "type": "object", "properties": { "EvaluationPeriods": { "type": "string", "description": "The number of the most recent periods to evaluate when determining alarm state. The valid number of period intervals is any integer greater than 0 and the default value is 5.", "pattern": "^([1-9]|[1-9][0-9]{1,})$", "default": "5" }, "Period": { "type": "string", "description": "The period, in seconds, over which to evaluate the RejectedConnectionCount metric. Valid values are any multiple of 60 (including 60). The default value is 60 seconds.", "pattern": "^(6[0]+|12[0]+|18[0]+|24[0]+|30[0]+|36[0]+|42[0]+|48[0]+|54[0]+)$", "default": "60" }, "Threshold": { "type": "string", "description": "The number of rejected connections (due to reaching service limits) that originate from the load balancer that must be exceedeed within an evaluation period for the alarm to trigger.", "pattern": "^([0-9](\\.0)|[1-9][0-9]{1,}(\\.0))$", "default": "0.0" } }, "metadata": { "ui:order": [ "EvaluationPeriods", "Period", "Threshold" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Tags", "LoadBalancer", "Listener1", "Listener2", "TargetGroup", "HealthyHostsAlarm", "HTTPCodeELB5XXCountAlarm", "TargetConnectionErrorsAlarm", "RejectedConnectionCountAlarm" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "LoadBalancer", "Listener1" ], "additionalProperties": false }

Schema for Change Type ct-117rmp64d5mvb

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 Instance Profile", "description": "Create an IAM instance profile to use with EC2 instances. Each ARN specified in the parameters creates a part of the IAM policy. Use the Preview option to see what the completed, generated, policy looks like before it is created and implemented.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateIAMRole-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleCreateIAMRole-Admin" ], "default": "AWSManagedServices-HandleCreateIAMRole-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ServicePrincipal": { "description": "Must be ec2.amazonaws.com. This establishes the trust relationship with the EC2 service for this role.", "type": "string", "enum": [ "ec2.amazonaws.com" ], "default": "ec2.amazonaws.com" }, "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "(?![aA][mMwW][sS]|customer-mc|managementhost|ms-)[a-zA-Z0-9_+=,.@-]{1,64}$" }, "RolePath": { "description": "A path for the IAM role, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$" }, "Preview": { "description": "Yes to preview the IAM role policy created with the specified parameter values, without creating the role; No to not preview it but to create and implement the role. The preview is provided as a JSON in the execution output. In order to implement the policy after preview, create a copy of the RFC and set the Preview parameter to No, then submit.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "S3ReadAccess": { "description": "A list of Amazon resource names (ARNs) of S3 buckets. Scopes down the policy for S3 read access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|(^$)" }, "maxItems": 50 }, "S3WriteAccess": { "description": "A list of S3 bucket ARNs. Scopes down the policy for S3 write access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|^[*]$|(^$)" }, "maxItems": 50 }, "KMSReadAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for KMS read access to the given KMS keys only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.+)$|^$" }, "maxItems": 50 }, "KMSCryptographicOperationAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for cryptographic operation access to the given ARNs only.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "maxItems": 50 }, "SSMReadAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM read access to the given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "SSMWriteAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM write access to given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "CloudWatchLogsReadAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for read access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "CloudWatchLogsWriteAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for write access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmReadAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for read access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmWriteAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for write access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchMetricsReadAccess": { "description": "For read access to metrics, use an asterisk ( * ). Scopes down the policy for read access to all CloudWatch metrics.", "type": "array", "items": { "type": "string", "pattern": "^[*]$|^$" }, "maxItems": 50 }, "CloudWatchMetricsWriteAccess": { "description": "A list of CloudWatch metric namespaces. Scopes down the policy for write access to given CoudWatch metric namespaces only.", "type": "array", "items": { "type": "string", "pattern": "(.*?)|^$" }, "maxItems": 50 }, "SecretsManagerReadAccess": { "description": "A list of Secrets Manager secret ARNs. Scopes down the policy for read access to given secrets only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:.+)$|^$" }, "maxItems": 50 }, "SNSReadAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SNSWriteAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "SQSReadAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SQSWriteAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "DynamoDBResourceReadAccess": { "description": "A list of DynamoDB resource ARNs. Scopes down the policy for DynamoDB read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "DynamoDBDataReadWriteAccess": { "description": "A list of DynamoDB table ARNs. Scopes down the policy for DynamoDB data read and write access to given tables only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:table/.+)$|^$" }, "maxItems": 50 }, "STSAssumeRole": { "description": "A list of IAM role ARNs. Scopes down the policy for STS assume role to given IAM roles only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):iam::[0-9]{12}:role/.+)$|^$" }, "maxItems": 50 }, "AdditionalPolicy": { "description": "An additional policy document as a JSON that is less permissive than the AMS baseline policy. For details on AMS baseline policy see AMS documentation.", "type": "string", "pattern": "^[\\s\\S]*$", "maxLength": 10240 } }, "metadata": { "ui:order": [ "ServicePrincipal", "RoleName", "RolePath", "Preview", "S3ReadAccess", "S3WriteAccess", "KMSReadAccess", "KMSCryptographicOperationAccess", "SSMReadAccess", "SSMWriteAccess", "CloudWatchLogsReadAccess", "CloudWatchLogsWriteAccess", "CloudWatchAlarmReadAccess", "CloudWatchAlarmWriteAccess", "CloudWatchMetricsReadAccess", "CloudWatchMetricsWriteAccess", "SecretsManagerReadAccess", "SNSReadAccess", "SNSWriteAccess", "SQSReadAccess", "SQSWriteAccess", "DynamoDBResourceReadAccess", "DynamoDBDataReadWriteAccess", "STSAssumeRole", "AdditionalPolicy" ] }, "required": [ "ServicePrincipal", "RoleName", "Preview" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-128svy9nn2yj8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Change S3 Bucket Encryption Setting", "description": "Enable or update S3 bucket encryption setting through direct API calls. The S3 bucket can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-1gi93jhvj28eg instead, or ct-361tlo1k7339x if the S3 bucket was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateBucketEncryption.", "type": "string", "enum": [ "AWSManagedServices-UpdateBucketEncryption" ], "default": "AWSManagedServices-UpdateBucketEncryption" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BucketName": { "description": "The name of the bucket for which to update the encryption setting.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "minItems": 1, "maxItems": 1 }, "ServerSideEncryption": { "description": "Default encryption for an S3 bucket using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).", "type": "string", "enum": [ "S3ManagedKeys", "KmsManagedKeys" ] }, "KMSKeyId": { "description": "The AWS KMS master key ID used for the ServerSideEncryption KMS encryption. Applicable only if ServerSideEncryption = KmsManagedKeys.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/)?mrk-[a-f0-9]{33}$|^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:)?alias/.{1,}$|^$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "BucketName", "ServerSideEncryption", "KMSKeyId" ] }, "additionalProperties": false, "required": [ "BucketName", "ServerSideEncryption" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-12amsdz909cfh

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create load balancer (ELB) stack", "description": "Use to create an Amazon ELB Classic Load Balancer. Use alternate change types to create an Application Load Balancer (ct-111r1yayblnw4) or Network Load Balancer (ct-2qldv4h9osmau).", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sdhopv30000000000.", "type": "string", "enum": [ "stm-sdhopv30000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ELBBackendInstances": { "default": [ "" ], "description": "One or more EC2 instance IDs to associate with the load balancer, in the form of i-0123abcd or i-01234567890abcdef for a single instance, or i-0123abcd,i-12345abcd or i-01234567890abcdef,i-2345678901abcdefg for multiple instances. Leave blank to not associate individual EC2 instances with the load balancer. A load balancer can be associated with an autoscaling group by specifying the load balancer name in the ASGLoadBalancerNames property during creation or update of the autoscaling group.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}$|^i-[a-z0-9]{17}$|^$" }, "uniqueItems": true }, "ELBCrossZone": { "description": "With cross-zone load balancing, your load balancer nodes route traffic to the back-end instances across all Availability Zones. True to enable, false to disable. The default is true.", "type": "boolean", "default": true }, "ELBCookieExpirationPeriod": { "default": "", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieExpirationPeriod2": { "default": "", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "type": "string", "pattern": "^[0-9]+$|^$" }, "ELBCookieStickinessPolicyName": { "default": "", "description": "A name for the cookie stickiness policy. The name must be unique within the set of policies for this load balancer. Leave blank to skip creation of a policy.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBCookieStickinessPolicyName2": { "default": "", "description": "A name for the second cookie stickiness policy. The name must be unique within the set of policies for this load balancer. Leave blank to skip creation of a second policy.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,127}$|^$" }, "ELBSubnetIds": { "description": "One or more subnet IDs for the load balancer, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "ELBHealthCheckHealthyThreshold": { "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 10 }, "ELBHealthCheckInterval": { "description": "The approximate interval, in seconds, between health checks.", "type": "number", "minimum": 5, "maximum": 300, "default": 30 }, "ELBHealthCheckTarget": { "description": "The protocol, port, and path of the instance to check. For example, HTTP:80/weather/us/wa/seattle. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535.", "type": "string", "pattern": "^(HTTP|HTTPS):[0-9]{1,5}[/][a-zA-Z0-9/_.-]*$|^(SSL|TCP):[0-9]{1,5}$" }, "ELBHealthCheckTimeout": { "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for ELBHealthCheckInterval.", "type": "number", "minimum": 2, "maximum": 60, "default": 5 }, "ELBHealthCheckUnhealthyThreshold": { "description": "The number of consecutive health check failures required to declare an EC2 instance unhealthy.", "type": "number", "minimum": 2, "maximum": 10, "default": 2 }, "ELBIdleTimeout": { "description": "The time, in seconds, that a connection to the load balancer can remain idle, which means no data is sent over the connection. After the specified time, the load balancer closes the connection.", "type": "number", "minimum": 1, "maximum": 3600, "default": 60 }, "ELBInstancePort": { "default": "80", "description": "The TCP port the listener uses to send traffic to the target instance.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstancePort2": { "default": "80", "description": "The TCP port the optional second listener uses to send traffic to the target instance.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBInstanceProtocol": { "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBInstanceProtocol2": { "description": "The protocol the second listener uses for routing traffic to back-end connections (load balancer to backend instance).", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerName": { "description": "A friendly name for the load balancer.", "type": "string", "pattern": "^[a-zA-Z0-9]{1,1}[a-zA-Z0-9-]{0,31}$|^$" }, "ELBLoadBalancerPort": { "default": "80", "description": "The port number for the load balancer to use when routing external incoming traffic.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerPort2": { "default": "81", "description": "The port number for the load balancer to use when routing external incoming traffic on the second listener.", "type": "string", "pattern": "^[0-9]{1,5}$" }, "ELBLoadBalancerProtocol": { "default": "HTTP", "description": "The transport protocol to use for routing front-end connections (client to load balancer).", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBLoadBalancerProtocol2": { "description": "The transport protocol to use for routing front-end connections (client to load balancer) on the second listener. Leave blank to skip creation of an additional listener.", "type": "string", "enum": [ "HTTP", "HTTPS", "SSL", "TCP" ] }, "ELBScheme": { "description": "True if the load balancer endpoint is public, false if it is not. Default is false. Set to true if you choose a public subnet for the load balancer.", "type": "boolean", "default": false }, "ELBSSLCertificateId": { "default": "", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. This must be specified if the HTTPS or SSL protocol is specified for ELBLoadBalancerProtocol.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" }, "ELBSSLCertificateId2": { "default": "", "description": "The Amazon Resource Name (ARN) of the SSL certificate to use for the optional second listener, in the form arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012. Leave blank if a second listener is not being created or if the second listener does not use the HTTPS or SSL for ELBLoadBalancerProtocol2.", "type": "string", "pattern": "^$|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$|^([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$" } }, "metadata": { "ui:order": [ "ELBSubnetIds", "ELBLoadBalancerName", "ELBScheme", "ELBBackendInstances", "ELBIdleTimeout", "ELBCrossZone", "ELBHealthCheckTarget", "ELBHealthCheckInterval", "ELBHealthCheckTimeout", "ELBHealthCheckHealthyThreshold", "ELBHealthCheckUnhealthyThreshold", "ELBCookieStickinessPolicyName", "ELBCookieExpirationPeriod", "ELBInstancePort", "ELBInstanceProtocol", "ELBLoadBalancerPort", "ELBLoadBalancerProtocol", "ELBSSLCertificateId", "ELBCookieExpirationPeriod2", "ELBCookieStickinessPolicyName2", "ELBInstancePort2", "ELBInstanceProtocol2", "ELBLoadBalancerPort2", "ELBLoadBalancerProtocol2", "ELBSSLCertificateId2" ] }, "required": [ "ELBSubnetIds", "ELBLoadBalancerPort", "ELBLoadBalancerProtocol", "ELBInstancePort" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-12lyw7otiyr6f

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Associate Security Group", "description": "Associate security groups with an AWS resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AttachSecurityGroupsV2.", "type": "string", "enum": [ "AWSManagedServices-AttachSecurityGroupsV2" ], "default": "AWSManagedServices-AttachSecurityGroupsV2" }, "Region": { "description": "The AWS Region in which the security groups are located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ResourceType": { "description": "The type of resource to associate the security group or groups to. Supported resource types are EC2Instance, ElasticNetworkInterface, AutoScalingGroup, AutoScalingGroupCurrentInstancesOnly, ElasticLoadBalancer, ApplicationLoadBalancer, RDSDBInstance, RDSDBCluster, ElasticacheCluster, RedshiftCluster, ElasticFileSystem. Important Note: For AutoScalingGroupCurrentInstancesOnly, security groups are only attached to individual instances currently part of the ASG. LaunchTemplate or LaunchConfiguration are not updated. Please make sure to update LaunchTemplate / LaunchConfiguration before updating security groups to AutoScalingGroup Instances.", "type": "string", "enum": [ "EC2Instance", "ElasticNetworkInterface", "AutoScalingGroup", "AutoScalingGroupCurrentInstancesOnly", "ElasticLoadBalancer", "ApplicationLoadBalancer", "RDSDBInstance", "RDSDBCluster", "ElasticacheCluster", "RedshiftCluster", "ElasticFileSystem" ] }, "ResourceId": { "description": "The resource identifier to associate the security groups to, per specified ResourceType. For EC2Iinstance use the instance ID, for ElasticNetworkInterface use the network interface ID, for AutoScalingGroup and AutoScalingGroupCurrentInstancesOnly use the Auto Scaling group name, for ElasticLoadBalancer use the load balancer name; for ApplicationLoadBalancer use the load balancer ARN or the load balancer name; for RDSDBInstance use the DB instance ID; for RDSDBCluster use the DB cluster ID, for ElasticacheCluster use the cache cluster ID, for RedshiftCluster use the cluster ID, for ElasticFileSystem use file system Id.", "type": "string", "pattern": "^.+$" }, "SecurityGroupIds": { "description": "A list of security group IDs to associate to the specified ResourceId.", "type": "array", "items": { "type": "string", "pattern": "^sg-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "OverwriteSecurityGroups": { "description": "True to overwrite the existing security groups of the resource with the specified SecurityGroupIds, false to not overwrite the existing list. Default is false and existing security groups are retained. IMPORTANT: If true, any access allowed by existing security groups is removed and only the new security groups are in effect.", "type": "string", "default": "false", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "ResourceType", "ResourceId", "SecurityGroupIds", "OverwriteSecurityGroups" ] }, "additionalProperties": false, "required": [ "ResourceType", "ResourceId", "SecurityGroupIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-12w49boaiwtzp

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS database stack", "description": "Modify the properties of an Amazon Relational Database Service (RDS) DB instance created using ct-2z60dyvto9g6c, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the RDS DB instance, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the RDS DB instance that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the RDS DB instance.", "type": "object", "properties": { "RDSAllocatedStorage": { "description": "The size of the database in gigabytes (GB). The acceptable limits for this value relate to the engine and storage type that you specify. For details, see AWS documentation on DB instance storage.", "type": "number", "minimum": 20, "maximum": 32768 }, "RDSAllowMajorVersionUpgrade": { "description": "True to allow updates to the DB instance's major version.", "type": "boolean" }, "RDSAutoMinorVersionUpgrade": { "description": "True to apply minor engine upgrades automatically to the DB instance during the maintenance window.", "type": "boolean" }, "RDSBackupRetentionPeriod": { "description": "The number of days to retain automatic DB snapshots. Setting this to a positive number enables backups. Setting this to 0 disables automated backups.", "type": "number", "minimum": 0, "maximum": 35 }, "RDSDBParameterGroupName": { "description": "The name of an existing DB parameter group. If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot.", "type": "string" }, "RDSDeletionProtection": { "description": "True to disable DB instance deletion.", "type": "boolean" }, "RDSDomain": { "description": "The Active Directory directory ID to create the instance in. This is applicable only for Microsoft SQL Server DB engines only.", "type": "string", "pattern": "^$|^d-[0-9a-f]{10}$" }, "RDSDomainIAMRoleName": { "description": "The name of an IAM role that Amazon RDS uses when calling the AWS Directory Service APIs. This is applicable only for Microsoft SQL Server DB engines only.", "type": "string", "pattern": "^$|^customer[\\w-]+$" }, "RDSEngineVersion": { "description": "The version number of the database engine to use. Changing this parameter results in DB instance restart.", "type": "string" }, "RDSInstanceType": { "description": "The compute and memory capacity for the DB instance.", "type": "string" }, "RDSIOPS": { "description": "The provisioned IOPS for RDS storage. Must be a multiple between 3 and 10 of the storage amount for the DB instance. Must also be an integer multiple of 1000. For example, if the size of your DB instance is 500 GB, then your IOPS value can be 2000, 3000, 4000, or 5000.", "type": "number" }, "RDSMasterUserPassword": { "description": "The password that you will use with the configured user name to log in to your DB instance. Must contain from 8 to 30 printable ASCII characters (excluding backslash, double quotes, and at sign).", "type": "string", "pattern": "^[!#-.0-?A-~]{8,30}$", "metadata": { "ams:sensitive": true } }, "RDSMultiAZ": { "description": "True to have a standby replica of your DB instance created in another Availability Zone for failover support, false to not have a standby replica.", "type": "boolean" }, "RDSPerformanceInsights": { "type": "string", "description": "True to enable Performance Insights for the DB instance, false to not. Amazon RDS Performance Insights is a database performance tuning and monitoring feature that helps you assess the load on your database.", "enum": [ "true", "false" ] }, "RDSPerformanceInsightsKMSKey": { "type": "string", "description": "The Amazon resource name (ARN) of the KMS master key to use to encrypt Performance Insights data. Specify default to use the default RDS KMS Key.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "RDSPerformanceInsightsRetentionPeriod": { "type": "string", "description": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).", "enum": [ "7", "731" ] }, "RDSOptionGroupName": { "description": "The option group that this DB instance is associated with.", "type": "string" }, "RDSPreferredBackupWindow": { "description": "The daily time range during which automated backups are created, if RDSBackupRetentionPeriod is set to a positive number. Must be in the format hh:mm-hh:mm (24-hour format), in Universal Coordinated Time (UTC). Must not conflict with the RDSPreferredMaintenanceWindow setting, and must be at least 30 minutes.", "type": "string", "pattern": "^$|^[0-9]{2}:[0-9]{2}-[0-9]{2}:[0-9]{2}$" }, "RDSPreferredMaintenanceWindow": { "description": "The weekly time range during which system maintenance can occur, in UTC. Must be in the format ddd:hh:mm-ddd:hh:mm (24-hour format).", "type": "string", "pattern": "^$|^[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$" }, "RDSStorageType": { "description": "Storage type for the RDS DB instance. If you specify io1, you must also include a value for the RDSIOPS parameter.", "type": "string", "enum": [ "standard", "gp2", "io1", "gp3" ] } }, "metadata": { "ui:order": [ "RDSEngineVersion", "RDSInstanceType", "RDSStorageType", "RDSAllocatedStorage", "RDSIOPS", "RDSMasterUserPassword", "RDSMultiAZ", "RDSPerformanceInsights", "RDSPerformanceInsightsKMSKey", "RDSPerformanceInsightsRetentionPeriod", "RDSDomain", "RDSDomainIAMRoleName", "RDSDBParameterGroupName", "RDSOptionGroupName", "RDSBackupRetentionPeriod", "RDSPreferredBackupWindow", "RDSAutoMinorVersionUpgrade", "RDSAllowMajorVersionUpgrade", "RDSPreferredMaintenanceWindow", "RDSDeletionProtection" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-13lk0noacn6ua

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disassociate Security Group", "description": "Disassociate a security group from up to 50 AWS resources and optionally delete the security group. This change type does not require a review and can be used instead of the manual, review required, change type (ct-3cp96z7r065e4).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DisassociateSecurityGroupV2.", "type": "string", "enum": [ "AWSManagedServices-DisassociateSecurityGroupV2" ], "default": "AWSManagedServices-DisassociateSecurityGroupV2" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "A security group ID to be disassociated from AWS resources. Provide at least one of EC2 instance IDs, Elastic network interface IDs, Auto scaling group names, Elastic load balancer names, Application load balancer names, RDS DB instance identifiers, RDS DB cluster identifiers, Elasticache cluster identifiers, Redshift cluster identifiers, Elastic Filesystem identifiers to disassociate the security group from.", "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "EC2InstanceIds": { "description": "A list of up to 50 EC2 instance IDs to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-z0-9]{8}$|^i-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticNetworkInterfaceIds": { "description": "A list of up to 50 elastic network interface IDs to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^eni-[a-z0-9]{8}$|^eni-[a-z0-9]{17}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "AutoScalingGroupNames": { "description": "A list of up to 50 Auto scaling group names to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-)).{1,255}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticLoadBalancerNames": { "description": "A list of up to 50 elastic load balancer names to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z0-9][a-zA-Z0-9-]{1,30}[a-zA-Z0-9]$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ApplicationLoadBalancerNames": { "description": "A list of up to 50 application load balancer names to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z0-9][a-zA-Z0-9-]{1,30}[a-zA-Z0-9]$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RDSDBInstanceIdentifiers": { "description": "A list of up to 50 RDS DB instance identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z][a-zA-Z0-9-]{1,62}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RDSDBClusterIdentifiers": { "description": "A list of up to 50 RDS DB cluster identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-zA-Z][a-zA-Z0-9-]{1,62}$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticacheClusterIdentifiers": { "description": "A list of up to 50 Elasticache cluster identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "RedshiftClusterIdentifiers": { "description": "A list of up to 50 Redshift cluster identifiers to disassociate the security group from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "ElasticFileSystemIds": { "description": "A list of up to 50 Elastic file system identifiers to disassociate the SecurityGroupId from.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "SecurityGroupId", "EC2InstanceIds", "ElasticNetworkInterfaceIds", "AutoScalingGroupNames", "ElasticLoadBalancerNames", "ApplicationLoadBalancerNames", "RDSDBInstanceIdentifiers", "RDSDBClusterIdentifiers", "ElasticacheClusterIdentifiers", "RedshiftClusterIdentifiers", "ElasticFileSystemIds" ] }, "additionalProperties": false, "required": [ "SecurityGroupId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-13swbwdxg106z

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Instance Type", "description": "Change the DB instance type through direct API calls. The RDS instance can be standalone or belong to a CloudFormation stack; in the latter case, the change might cause stack drift. To avoid causing stack drift, please use ct-12w49boaiwtzp instead, or ct-361tlo1k7339x if the RDS instance was provisioned via CFN ingestion.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateRDSInstanceType.", "type": "string", "enum": [ "AWSManagedServices-UpdateRDSInstanceType" ], "default": "AWSManagedServices-UpdateRDSInstanceType" }, "Region": { "description": "The AWS Region in which the resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "minItems": 1, "maxItems": 1 }, "DBInstanceClass": { "description": "The new compute and memory capacity of the DB instance, for example db.m4.large.", "type": "array", "items": { "type": "string", "pattern": "^db.[a-z0-9]+.[a-z0-9]+$" }, "minItems": 1, "maxItems": 1 }, "ApplyImmediately": { "description": "True to apply the change immediately, false to schedule the change on next maintenance window. To discover your next maintenance window, check the details page for the instance in the RDS console.", "type": "string", "enum": [ "true", "false" ] } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "DBInstanceClass", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "DBInstanceClass", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-13xvbj5pqg253

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Accept Directory Sharing Request", "description": "Accept a directory sharing request sent from the directory owner account. This is run in the directory consumer account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-AcceptSharedDirectory.", "type": "string", "enum": [ "AWSManagedServices-AcceptSharedDirectory" ], "default": "AWSManagedServices-AcceptSharedDirectory" }, "Region": { "description": "The AWS Region where the directory is located, in the form of us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SharedDirectoryId": { "description": "Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.", "type": "array", "items": { "type": "string", "pattern": "^d-[0-9a-f]{10}$" }, "maxItems": 1 }, "OwnerAccountId": { "description": "Identifier for the directory owner account that is sharing the directory.", "type": "array", "items": { "type": "string", "pattern": "^[0-9]{12}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "SharedDirectoryId", "OwnerAccountId" ] }, "additionalProperties": false, "required": [ "SharedDirectoryId", "OwnerAccountId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-14027q0sjyt1h

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 stack", "description": "Use to create an Amazon Elastic Compute Cloud (EC2) instance.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The VPC identifier (ID), in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource. Set a Name tag to give the instance a name in the EC2 console.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 360 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "InstanceAmiId": { "description": "The AMI to use to create the EC2 instance, in the form ami-0123abcd or ami-01234567890abcdef.", "type": "string", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instance, false to use only basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring. Detailed monitoring does incur charges. For more information, see AWS CloudWatch documentation.", "type": "boolean", "default": false }, "InstanceEBSOptimized": { "description": "True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization.", "type": "boolean", "default": false }, "InstanceProfile": { "description": "An IAM instance profile defined in your account for the EC2 instance. The default is an AWS-provided role.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9_.=@,+-]{1,128}$", "default": "customer-mc-ec2-instance-profile" }, "InstanceRootVolumeIops": { "description": "The Iops to use for the root volume if volume type is io1, io2 or gp3. If InstanceRootVolumeType is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "type": "number", "minimum": 100, "maximum": 64000, "default": 100 }, "InstanceRootVolumeName": { "description": "The name of the root volume to use. Defaults to /dev/xvda for Linux, and /dev/sda for Windows.", "type": "string" }, "InstanceRootVolumeSize": { "description": "The size of the root volume for the instance. Defaults to 20 GiB for Linux, and 60 GiB for Windows.", "type": "number", "minimum": 20, "maximum": 16000 }, "InstanceRootVolumeType": { "description": "Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "type": "string", "enum": [ "standard", "io1", "io2", "gp2", "gp3" ], "default": "gp3" }, "InstancePrivateStaticIp": { "description": "The static IP address that the instance can support.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" }, "SecurityGroupIds": { "description": "IDs of the existing security groups to associate with the instance, in the form sg-0123abcd or sg-01234567890abcdef. If nothing is specified, the default AMS security groups will be applied.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "InstanceSubnetId": { "description": "The subnet that you want to launch the instance into, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "InstanceType": { "description": "The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization.", "type": "string", "default": "t2.large" }, "InstanceUserData": { "description": "A newline-delimited string where each line is part of the script to be run on boot.", "type": "string", "maxLength": 4096, "default": "" }, "EnforceIMDSV2": { "description": "Set to 'false' for the instance to be launched with IMDSv1 only. Default value is 'true'. See EC2/IMDS document for more details.", "type": "string", "enum": [ "true", "false" ], "default": "true" } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceAmiId", "InstanceSubnetId", "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceRootVolumeIops", "InstanceRootVolumeName", "InstanceRootVolumeSize", "InstanceRootVolumeType", "InstancePrivateStaticIp", "InstanceType", "InstanceUserData", "SecurityGroupIds", "EnforceIMDSV2" ] }, "required": [ "InstanceAmiId", "InstanceSubnetId", "EnforceIMDSV2" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-1404e21baa2ox

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Approve ChangeSet and update CloudFormation stack", "description": "Approve and execute an existing ChangeSet to update a CloudFormation stack. This ChangeType is used primarily to approve and apply changes requested using the \"Update CloudFormation stack\" CT that would cause removal or replacement of resources, but can also be used to execute any existing ChangeSet to update CloudFormation stacks.", "type": "object", "properties": { "VpcId": { "description": "Identifier of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "Identifier for the existing CloudFormation-based stack to be updated.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "ChangeSetName": { "description": "Name of the ChangeSet to execute against the stack. If the stack update was requested using the \"Update CloudFormation stack\" CT, the ChangeSet name can be found in the failure reason of that RFC. You can also find the ChangeSet name from the ChangeSet ID which can be obtained from CloudFormation console, the ChangeSet ID has the format of arn:${Partition}:cloudformation:${Region}:${Account}:changeSet/${ChangeSetName}/${Id}.", "type": "string", "pattern": "^[a-zA-Z][-a-zA-Z0-9]*$", "maxLength": 128 }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This does not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 1080, "default": 360 } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "ChangeSetName", "TimeoutInMinutes" ] }, "required": [ "VpcId", "StackId", "ChangeSetName", "TimeoutInMinutes" ] }

Schema for Change Type ct-14v49adibs4db

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disable AMS Resource Scheduler", "description": "Disable AMS Resource Scheduler in the account. This will prevent resources from being scheduled for automatic start or stop actions even if they are configured for such actions.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAMSResourceSchedulerStack-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" ], "default": "AWSManagedServices-HandleAMSResourceSchedulerStack-Admin" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SchedulingActive": { "description": "Specify the value: No. This explicitly requests that the Resource Scheduler be disabled. Default is No.", "type": "array", "items": { "type": "string", "enum": [ "No" ], "default": "No" }, "maxItems": 1, "minItems": 1 }, "Action": { "type": "string", "description": "(Required) The Action to be performed.", "enum": [ "Update" ], "default": "Update" } }, "metadata": { "ui:order": [ "SchedulingActive", "Action" ] }, "required": [ "SchedulingActive", "Action" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-14yjom3kvpinu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create ALB or NLB Listener", "description": "Create a listener for an Application Load Balancer (ALB) or Network Load Balancer (NLB). A listener is a process that checks for connection requests, the rules that you define for a listener determine how the load balancer routes requests to its registered targets.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-12345678 or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "minItems": 0, "maxItems": 40, "uniqueItems": true, "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] } }, "StackTemplateId": { "description": "Must be stm-u5n0r6aacdvdwthhm.", "type": "string", "enum": [ "stm-u5n0r6aacdvdwthhm" ] }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "LoadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the load balancer to associate with the listener, in the form arn:aws:elasticloadbalancing:region:account-id:loadbalancer/load-balancer-type/load-balancer-name/load-balancer-id.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:loadbalancer/(net|app)/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "CertificateArn": { "type": "string", "description": "The ARN of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "|(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})|(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)", "default": "" }, "DefaultActionTargetGroupArn": { "type": "string", "description": "The ARN of the target group to which Elastic Load Balancing routes the traffic, in the form arn:aws:elasticloadbalancing:region:account-id:targetgroup/target-group-name/target-group-id.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:targetgroup/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). For ALB, the supported protocols are HTTP and HTTPS. For NLB, the supported protocols are TCP, TLS, UDP, TCP_UDP.", "enum": [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP" ] }, "ALBSslPolicy": { "type": "string", "description": "The ALB security policy that defines the ciphers and protocols that the load balancer supports. Only applicable if Protocol = HTTPS.", "enum": [ "", "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ], "default": "ELBSecurityPolicy-TLS13-1-2-2021-06" }, "NLBSslPolicy": { "description": "The NLB security policy that defines the ciphers and protocols that the load balancer supports. Only applicable if Protocol = TLS.", "type": "string", "enum": [ "", "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ], "default": "ELBSecurityPolicy-TLS13-1-2-2021-06" }, "AlpnPolicy": { "description": "The name of the Application-Layer Protocol Negotiation (ALPN) policy that includes the protocol negotiation within the exchange of hello messages.", "type": "string", "enum": [ "", "HTTP1Only", "HTTP2Only", "HTTP2Optional", "HTTP2Preferred", "None" ], "default": "" } }, "metadata": { "ui:order": [ "LoadBalancerArn", "DefaultActionTargetGroupArn", "Port", "Protocol", "CertificateArn", "ALBSslPolicy", "NLBSslPolicy", "AlpnPolicy" ] }, "required": [ "LoadBalancerArn", "DefaultActionTargetGroupArn", "Port", "Protocol" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-15mazjj88xc69

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Resize EC2 Instance", "description": "Resize an existing EC2 instance in your account. The state of the instance can be either 'running' or 'stopped'. If 'running', the instance is stopped during the resize operation and returned to the initial state after the resizing is complete. Before resizing the instance, ensure that the instance's root volume is not an instance store volume. We highly recommended rigorous load and performance testing before, and after, making instance type changes, and that you also consider the pricing changes that result when instances are resized. Please be aware that this change may result in CloudFormation drift for any stacks that have this resource.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ChangeInstanceType.", "type": "string", "enum": [ "AWSManagedServices-ChangeInstanceType" ], "default": "AWSManagedServices-ChangeInstanceType" }, "Region": { "description": "The AWS Region where the instance is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "InstanceId": { "description": "The ID of the instance to resize, in the form i-12345678901234567 or i-12345678.", "type": "array", "items": { "type": "string", "pattern": "^i-[a-f0-9]{8}$|^i-[a-f0-9]{17}$" }, "minItems": 1, "maxItems": 1 }, "InstanceType": { "description": "The instance type to resize to; for example, t3.xlarge or m4.xlarge. Ensure that the instance type you select has the same underlying hypervisor, either xen or nitro, as the instance type that you are resizing. Choosing an instance type with a different underlying hypervisor is disallowed.", "type": "array", "items": { "type": "string", "pattern": "^[a-z-0-9]+\\.[a-z0-9]+$" }, "minItems": 1, "maxItems": 1 }, "CreateAMIBeforeResize": { "description": "True to create an EC2 instance AMI as a backup before resizing the instance, false to not.", "type": "array", "items": { "type": "boolean", "default": false }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "InstanceId", "InstanceType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-16pknsfa8lul7

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create StackSets Stack", "description": "Create AWS CloudFormation (CFN) StackSets stacks and deploy the stack instances. Use the CloudFormation StackSets feature to create stacks across multiple accounts.", "type": "object", "properties": { "CloudFormationTemplate": { "description": "The CFN template that you have configured to create the resources that you want, copy the JSON and paste it into the field. Provide a value for either this, or the CloudFormationTemplateS3Endpoint parameter.", "type": "string", "minLength": 1, "pattern": "^(?![\\s]*https?)[\\S\\s]*$", "maxLength": 20000 }, "CloudFormationTemplateS3Endpoint": { "description": "The S3 bucket endpoint for the CloudFormation template you want to use. The bucket must be in the same account that you are using, or have a presigned URL. Provide a value for either this, or the CloudFormationTemplate parameter.", "type": "string", "minLength": 1, "pattern": "^[\\s]*https?://[\\S]*[\\s]*$|^[\\s]*$", "maxLength": 2047 }, "Parameters": { "description": "Add up to sixty parameters (parameter name/value pairs) to supply alternate values for parameters in your customized CloudFormation template. By providing the parameters this way, you can reuse your CloudFormation template with different parameter values when needed and can update any parameter value with the CFN Update stack set (review required) change type (ct-1v9g9n30woc8h).", "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string", "pattern": "[A-Za-z0-9]+$" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "Description": { "description": "Meaningful information about the StackSets stack you are creating.", "type": "string", "minLength": 1, "maxLength": 1024 }, "Name": { "description": "A meaningful name for the StackSets stack. The name must start with an alphabetic character and can contain only alphanumeric characters (case-sensitive) and hyphens.", "type": "string", "minLength": 1, "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "maxLength": 128 }, "OuId": { "description": "The ID of the AWS organizational unit for the stack instances being deployed. If you add a parent OU as a target, StackSets also adds any child OU as targets. To deploy the StackSets stack instances in all OUs, use 'all'.", "type": "array", "items": { "type": "string", "pattern": "^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32}|all)$" }, "minItems": 1, "uniqueItems": true }, "Region": { "description": "The AWS Region to deploy the resources, in the form of us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the StackSets stack.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,128}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "CloudFormationTemplate", "CloudFormationTemplateS3Endpoint", "Parameters", "Region", "OuId", "Tags", "Priority" ] }, "required": [ "Name", "Description", "Region", "OuId" ] }

Schema for Change Type ct-16xg8qguovg2w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create and attach up to five EBS volumes to an instance.", "description": "Creates up to five EBS volumes, and attaches them to an existing EC2 instance that you specify. Does not create a root volume.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-hrnfpt7l0qqumcelt", "type": "string", "enum": [ "stm-hrnfpt7l0qqumcelt" ], "default": "stm-hrnfpt7l0qqumcelt" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 45 }, "Parameters": { "type": "object", "properties": { "AvailabilityZone": { "type": "string", "description": "The Availability Zone (AZ) to create the volume in. Must match the AZ of the instance ID in order to attach successfully.", "pattern": "^[a-z]{2}-[a-z]{4,10}-[1-9]{1}[a-z]$" }, "InstanceId": { "type": "string", "description": "The instance that the created EBS volumes will be attached to.", "pattern": "^i-[0-9a-f]{8}$|^i-[0-9a-f]{17}$" }, "Volume1Iops": { "type": "string", "description": "The Iops to use for Volume1 if Volume1Type is io1, io2 or gp3. If Volume1Type is not io1, io2 or gp3, any value provided here is ignored. If Volume1Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume1KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume1. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume1.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume1Name": { "type": "string", "description": "The device name for Volume1 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume1.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$" }, "Volume1Size": { "type": "string", "description": "The size for Volume1 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume1Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume1. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume1Throughput": { "type": "string", "description": "The Throughput to use for Volume1 if Volume1Type is gp3. If Volume1Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume2Iops": { "type": "string", "description": "The Iops to use for Volume2 if Volume2Type is io1, io2 or gp3. If Volume2Type is not io1, io2 or gp3, any value provided here is ignored. If Volume2Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume2KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume2. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume2.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume2Name": { "type": "string", "description": "The device name for Volume2 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume2. Leave blank to skip creation of Volume2.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume2Size": { "type": "string", "description": "The size for Volume2 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume2Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume2. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume2Throughput": { "type": "string", "description": "The Throughput to use for Volume2 if Volume2Type is gp3. If Volume2Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume3Iops": { "type": "string", "description": "The Iops to use for Volume3 if Volume3Type is io1, io2 or gp3. If Volume3Type is not io1, io2 or gp3, any value provided here is ignored. If Volume3Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume3KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume3. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume3.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume3Name": { "type": "string", "description": "The device name for Volume3 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume3. Leave blank to skip creation of Volume3.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume3Size": { "type": "string", "description": "The size for Volume3 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume3Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume3. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume3Throughput": { "type": "string", "description": "The Throughput to use for Volume3 if Volume3Type is gp3. If Volume3Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume4Iops": { "type": "string", "description": "The Iops to use for Volume4 if Volume4Type is io1, io2 or gp3. If Volume4Type is not io1, io2 or gp3, any value provided here is ignored. If Volume4Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume4KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume4. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume4.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume4Name": { "type": "string", "description": "The device name for Volume4 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume4. Leave blank to skip creation of Volume4.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume4Size": { "type": "string", "description": "The size for Volume4 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume4Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume4. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume4Throughput": { "type": "string", "description": "The Throughput to use for Volume4 if Volume4Type is gp3. If Volume4Type is not gp3, any value provided here is ignored. The Throughput should be between 125 and 1000. Default is 125.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" }, "Volume5Iops": { "type": "string", "description": "The Iops to use for Volume5 if Volume5Type is io1, io2 or gp3. If Volume5Type is not io1, io2 or gp3, any value provided here is ignored. If Volume5Type is gp3, then the Iops should be between 3000 and 16000, else it should be between 100 and 64000.", "pattern": "^$|^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "Volume5KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume5. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume5.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume5Name": { "type": "string", "description": "The device name for Volume5 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume5. Leave blank to skip creation of Volume5.", "pattern": "^/dev/sd[a-z]([2-9]|1[012345])?$|^/dev/hd[a-z]([1-9]|1[012345])?$|^/dev/xvd[b-c][a-z]$|^/dev/xvd[b-z]$|^xvd[a-z]$|^xvd[b-c][a-z]$|^$" }, "Volume5Size": { "type": "string", "description": "The size for Volume5 in GiB. Gp2 = Min: 1 GiB, Max: 16384 GiB. io1 = Min: 4 GiB, Max: 16384 GiB. sc1 = Min: 500 GiB, Max: 16384 GiB. st1 = Min: 500 GiB, Max: 16384 GiB. standard = Min: 1 GiB, Max: 1024 GiB.", "pattern": "^$|^([1-9]|[1-9][0-9]{1}|[1-9][0-9]{2}|[1-9][0-9]{3}|[1][0-5][0-9]{3}||[1][6][0-3][0-8][0-4]|16384)$" }, "Volume5Snapshot": { "type": "string", "description": "The snapshot identifier to create EBS Volume5. Leave blank to create an empty Volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume5Throughput": { "type": "string", "description": "The Throughput to use for Volume5 if Volume5Type is gp3. If Volume5Type is not gp3, any value provided here is ignored. Default is 125. The Throughput should be between 125 and 1000.", "pattern": "^$|^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ], "default": "gp3" } }, "metadata": { "ui:order": [ "InstanceId", "AvailabilityZone", "Volume1Name", "Volume1Size", "Volume1Type", "Volume1Iops", "Volume1Throughput", "Volume1KmsKeyId", "Volume1Snapshot", "Volume2Name", "Volume2Size", "Volume2Type", "Volume2Iops", "Volume2Throughput", "Volume2KmsKeyId", "Volume2Snapshot", "Volume3Name", "Volume3Size", "Volume3Type", "Volume3Iops", "Volume3Throughput", "Volume3KmsKeyId", "Volume3Snapshot", "Volume4Name", "Volume4Size", "Volume4Type", "Volume4Iops", "Volume4Throughput", "Volume4KmsKeyId", "Volume4Snapshot", "Volume5Name", "Volume5Size", "Volume5Type", "Volume5Iops", "Volume5Throughput", "Volume5KmsKeyId", "Volume5Snapshot" ] }, "required": [ "InstanceId", "AvailabilityZone", "Volume1Name", "Volume1Size" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1706xvvk6j9hf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Automated IAM Provisioning", "description": "Enable Automated IAM provisioning with read-write permissions in the account used to submit this CT. Once enabled, a new role 'AWSManagedServicesIAMProvisionAdminRole' is created in that account. Additionally, you can use three related change types (ct-1n9gfnog5x7fl, ct-1e0xmuy1diafq, ct-17cj84y7632o6) to create, update, or delete IAM roles and policies using Automated IAM provisioning with read-write permissions, which employs an automated review process with a predefined set of rules for IAM and AMS. Before using, we recommend a good familiarity with IAM rules. To confirm that an account has Automated IAM provisioning enabled, look for the IAM role 'AWSManagedServicesIAMProvisionAdminRole' in the IAM console for that account.", "type": "object", "properties": { "SAMLIdentityProviderArns": { "description": "Comma-separated list of the SAML identity provider (IdP) ARNs to assume the Automated IAM provisioning role. You must set at least one provider, using either this parameter or IamEntityArns.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:saml-provider\\/[\\w._+=,@-]{1,128}$" }, "uniqueItems": true }, "IamEntityArns": { "description": "Comma-separated list of ARNs of the IAM entities to assume the Automated IAM provisioning role. You must set at least one IAM principal, using either this parameter or SAMLIdentityProviderArns.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:role\\/[\\w+=,.@-]{1,64}$" }, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "default": "High", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "SAMLIdentityProviderArns", "IamEntityArns", "Priority" ] } }

Schema for Change Type ct-17cj84y7632o6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Entity or Policy (read-write permissions)", "description": "Delete Identity and Access Management (IAM) role or policy created with change type ct-1n9gfnog5x7fl.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAutomatedIAMProvisioningDelete-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAutomatedIAMProvisioningDelete-Admin" ], "default": "AWSManagedServices-HandleAutomatedIAMProvisioningDelete-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "RoleName": { "description": "A list of up to five IAM role names to delete.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$" }, "minItems": 0, "maxItems": 5, "uniqueItems": true }, "ManagedPolicyName": { "description": "A list of up to five IAM customer managed policy names to delete.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,128}$" }, "minItems": 0, "maxItems": 5, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "ManagedPolicyName" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-17vnu10suy631

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Cache (ElastiCache Redis) stack", "description": "Use to create an Amazon ElastiCache cluster (one or more cache nodes) that uses the Redis engine.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the vpc to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-sfpo2o00000000000.", "type": "string", "enum": [ "stm-sfpo2o00000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "ElastiCacheAutoMinorVersionUpgrade": { "description": "True for minor engine upgrades to be applied automatically to the cache cluster during the specified ElastiCachePreferredMaintenanceWindow, false for the upgrades to not be applied automatically. Default is true.", "type": "boolean", "default": true }, "ElastiCacheBackupSnapshotRetentionLimit": { "description": "The number of days for which Redis retains automatic snapshots before deleting them.", "type": "number", "default": 7, "minimum": 0, "maximum": 30 }, "ElastiCacheClusterName": { "description": "A name for the cache cluster.", "type": "string", "minLength": 1, "maxLength": 20, "pattern": "^[a-zA-Z][a-zA-Z0-9-]{0,18}[a-zA-Z0-9]$|^[a-zA-Z]$" }, "ElastiCacheCPUThresholdAlarmOverride": { "description": "The value for CPUUtilization metric maximum threshold if the automatically derived one from the instance type needs to be overridden.", "type": "number", "default": 0, "minimum": 0, "maximum": 100 }, "ElastiCacheEnableBackup": { "description": "True to enable periodic backups for the cache cluster, false to not. Default is false.", "type": "boolean", "default": false }, "ElastiCacheEngine": { "description": "Must be redis.", "type": "string", "enum": [ "redis" ] }, "ElastiCacheEngineVersion": { "description": "The version of the Redis cache engine to be used for the cluster.", "type": "string" }, "ElastiCacheInstanceType": { "description": "The compute and memory capacity of nodes in the Redis cache cluster.", "type": "string", "default": "cache.t3.micro" }, "ElastiCachePort": { "description": "The port number on which each of the cache nodes will accept connections.", "type": "number", "minimum": 0, "maximum": 65535, "default": 6379 }, "ElastiCachePreferredBackupWindow": { "description": "The daily time range (in UTC) during which Redis will begin taking a daily snapshot of your node group. For example, you can specify 05:00-09:00.", "type": "string", "default": "22:00-23:00", "pattern": "^(?:[0-1][0-9]|2[0-3]):[0-5][0-9]-(?:[0-1][0-9]|2[0-3]):[0-5][0-9]$" }, "ElastiCachePreferredMaintenanceWindow": { "description": "The weekly time range (in UTC) during which system maintenance can occur. For example, you can specify: sun:02:00-sun:04:00.", "type": "string", "pattern": "^(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]-(?:sun|mon|tue|wed|thu|fri|sat):(?:[0-1][0-9]|2[0-3]):[0-5][0-9]$" }, "ElastiCacheSnapshotArns": { "description": "The ARN of the snapshot file that you want to use to seed a new Redis cache cluster.", "type": "string", "minLength": 16, "pattern": "^arn:aws:s3:" }, "ElastiCacheSnapshotName": { "description": "The name of a snapshot from which to restore data into the new Redis cache cluster.", "type": "string" }, "ElastiCacheSubnetGroup": { "description": "The subnet group name that you want to associate with the cluster.", "type": "string", "minLength": 1, "maxLength": 255, "pattern": "^[a-z0-9-]{1,255}$" }, "ElastiCacheSubnetIds": { "description": "One or more subnet IDs for the cache cluster, in the form subnet-0123abcd or subnet-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "minItems": 1 }, "SecurityGroups": { "description": "One or more VPC security groups that you want to associate with the cluster, in the form sg-0123abcd or sg-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "minItems": 1 } }, "additionalProperties": false, "required": [ "ElastiCacheClusterName", "ElastiCacheEngine", "ElastiCacheSubnetIds" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "Parameters", "TimeoutInMinutes" ] }

Schema for Change Type ct-17w6f6kzf6w51

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS DB subnet group", "description": "Create a Relational Database Service (RDS) database (DB) subnet group to be used with a specified RDS DB.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-iutsfv5ci7suupr86", "type": "string", "enum": [ "stm-iutsfv5ci7suupr86" ], "default": "stm-iutsfv5ci7suupr86" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "DBSubnetGroupName": { "type": "string", "description": "The name of your DB subnet group. Must contain 1 to 255 alphanumeric characters including period, underscore, and hyphen; and must be unique per account per region. Cannot be named \"default.\"", "pattern": "^(?!default$)[a-zA-Z0-9._-]{1,255}$" }, "DBSubnetGroupDescription": { "type": "string", "description": "A description to help identify your DB subnet group. If blank the subnet group name is used.", "default": "" }, "SubnetIds": { "type": "array", "minItems": 2, "uniqueItems": true, "description": "Two or more subnet IDs to include in the DB subnet group, in the form subnet-0123abcd or subnet-01234567890abcdef, spanning at least two Availability Zones.", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" } } }, "metadata": { "ui:order": [ "DBSubnetGroupName", "DBSubnetGroupDescription", "SubnetIds" ] }, "required": [ "DBSubnetGroupName", "SubnetIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1895yr1p87noq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop Backup Job", "description": "Stop an AWS Backup service running, or scheduled, backup job.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopBackupJob.", "type": "string", "enum": [ "AWSManagedServices-StopBackupJob" ], "default": "AWSManagedServices-StopBackupJob" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupJobId": { "description": "The ID of the AWS Backup target job.", "type": "array", "items": { "type": "string", "pattern": "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}){1}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupJobId" ] }, "additionalProperties": false, "required": [ "BackupJobId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-18fzkt86jmw1s

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SSM Patch Baseline (Amazon Linux 2)", "description": "Create an AWS Systems Manager (SSM) patch baseline to define which patches are approved for installation on your instances for Amazon Linux 2 OS. Specify existing instance \"Patch Group\" tag values for the patch baseline. The patch baseline is an SSM resource that you can manage with the SSM console.", "additionalProperties": false, "properties": { "ApprovalRules": { "description": "Create auto-approval rules to specify that certain types of operating system patches are approved automatically.", "items": { "additionalProperties": false, "properties": { "ApproveAfterDays": { "default": 7, "description": "The number of days to wait after a patch is released before approving patches automatically.", "maximum": 100, "minimum": 0, "type": "integer" }, "Classification": { "description": "The Classification of the patches to be selected. Allowed values are \"All\", \"Bugfix\", \"Enhancement\", \"Newpackage\", \"Recommended\" and \"Security\".", "items": { "enum": [ "All", "Bugfix", "Enhancement", "Newpackage", "Recommended", "Security" ], "type": "string" }, "type": "array", "uniqueItems": true }, "Severity": { "description": "The severity of the patches to be selected. Allowed values are \"All\", \"Critical\", \"Important\", \"Low\" and \"Medium\".", "items": { "enum": [ "All", "Critical", "Important", "Low", "Medium" ], "type": "string" }, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "Severity", "Classification", "ApproveAfterDays" ] }, "required": [ "ApproveAfterDays" ], "type": "object" }, "maxItems": 10, "minItems": 0, "type": "array", "uniqueItems": true }, "ApprovedPatches": { "description": "The list of patches to approve explicitly.", "items": { "type": "string", "maxLength": 100, "minLength": 1 }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Description": { "description": "A meaningful description for this patch baseline.", "maxLength": 500, "minLength": 1, "type": "string" }, "Name": { "description": "A friendly name for this patch baseline.", "maxLength": 128, "minLength": 3, "pattern": "^[a-zA-Z0-9._-]+$", "type": "string" }, "OperatingSystem": { "default": "Amazon Linux 2", "description": "The operating system of instances to which this baseline is applied.", "enum": [ "Amazon Linux 2" ], "type": "string" }, "PatchGroupTagValues": { "description": "A list of the values of your \"Patch Group\" tags on the instances you want patched; the values for up to twenty-five \"Patch Group\" tags can be provided. Instances with those values are associated with this patch baseline.", "items": { "maxLength": 256, "minLength": 1, "type": "string" }, "maxItems": 25, "minItems": 1, "type": "array", "uniqueItems": true }, "RejectedPatches": { "description": "The list of patches to reject explicitly.", "items": { "maxLength": 100, "minLength": 1, "type": "string" }, "maxItems": 50, "minItems": 0, "type": "array", "uniqueItems": true }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the SSM patch baseline resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "metadata": { "ui:order": [ "OperatingSystem", "Name", "Description", "PatchGroupTagValues", "ApprovalRules", "ApprovedPatches", "RejectedPatches", "Tags" ] }, "required": [ "Name", "PatchGroupTagValues", "OperatingSystem" ], "type": "object" }

Schema for Change Type ct-18r16ldqil6w9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Security Groups", "description": "Delete up to 20 security groups. Note: Only security groups with no dependencies are deleted and security groups with dependencies are not deleted. This change type does not require a review and can be used instead of the manual, review required, change type (ct-3cp96z7r065e4).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteSecurityGroups.", "type": "string", "enum": [ "AWSManagedServices-DeleteSecurityGroups" ], "default": "AWSManagedServices-DeleteSecurityGroups" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "SecurityGroupIds": { "description": "A list of up to 20 security group IDs to be deleted.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 20, "uniqueItems": true }, "ForceDelete": { "description": "True to delete the security groups with only Auto Scaling launch template or launch configuration dependencies, or false if not. Default is false, and only security groups with no dependencies are deleted. Note: Auto Scaling Group or EC2 instances using Launch Templates or Launch Configurations with deleted security groups cannot be launched.", "type": "array", "items": { "type": "string", "default": "false", "enum": [ "true", "false" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupIds", "ForceDelete" ] }, "additionalProperties": false, "required": [ "SecurityGroupIds" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1962s5oczal9z

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Instance or Session Counts", "description": "Update the number of RDP and SSH Bastion instances. Optionally update the session count of RDP Bastions.", "type": "object", "properties": { "BastionType": { "description": "The bastion type to update, this determines which parameters are applicable. RDP Bastion type applies to all of the parameters. SSH Bastion type applies to only the ASGMaxCount, ASGMinCount, ASGDesiredCount parameters.", "type": "string", "enum": [ "RDP Bastion", "SSH Bastion" ] }, "RDPBastionDesiredMaximumSessions": { "description": "RDP bastion desired maximum number of sessions.", "type": "integer" }, "RDPBastionDesiredMinimumSessions": { "description": "RDP bastion desired minimum number of sessions.", "type": "integer" }, "ASGMaxCount": { "description": "The maximum number of bastion instances to run in the bastion ASG.", "type": "integer" }, "ASGMinCount": { "description": "The minimum number of bastion instances to run in the bastion ASG.", "type": "integer" }, "ASGDesiredCount": { "description": "The preferred number of bastion instances to run in the bastion ASG.", "minimum": 1, "type": "integer" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "BastionType", "RDPBastionDesiredMaximumSessions", "RDPBastionDesiredMinimumSessions", "ASGMaxCount", "ASGMinCount", "ASGDesiredCount", "Priority" ] }, "additionalProperties": false, "required": [ "BastionType" ] }

Schema for Change Type ct-1976sir132k22

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Resource Scheduler Period", "description": "Add a new period to use with AMS Resource Scheduler. Periods are used in schedules to precisely define when a resource should run.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddOrUpdatePeriod.", "type": "string", "enum": [ "AWSManagedServices-AddOrUpdatePeriod" ], "default": "AWSManagedServices-AddOrUpdatePeriod" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "Action": { "description": "Specify the value: add. This explicitly requests that the Resource Scheduler period be added. The option cannot be left blank; it must be add.", "type": "array", "items": { "type": "string", "enum": [ "add" ], "default": "add" }, "maxItems": 1, "minItems": 1 }, "Name": { "description": "A meaningful name for the period. The name must be unique for this account.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/])^[A-Za-z0-9-_, +=.:#/]{1,64}$" }, "maxItems": 1, "minItems": 1 }, "Description": { "description": "A meaningful description for the period.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_, +=.:#/@])^[A-Za-z0-9-_, +=.:#/@]{1,1000}$|^$" }, "maxItems": 1, "minItems": 1 }, "BeginTime": { "description": "The time, in HH:MM format, a resource starts under this period.", "type": "array", "items": { "type": "string", "pattern": "^((?:[01]\\d|2[0-3]):[0-5]\\d)$|^$" }, "maxItems": 1, "minItems": 1 }, "EndTime": { "description": "The time, in HH:MM format, a resource stops under this period.", "type": "array", "items": { "type": "string", "pattern": "^((?:[01]\\d|2[0-3]):[0-5]\\d)$|^$" }, "maxItems": 1, "minItems": 1 }, "Months": { "description": "Enter a comma-delimited list of months (e.g. jan, feb), a hyphenated range of months (e.g. jan-dec), or every n-th month (e.g. jan/3 for every 3rd month starting from jan) during which the resource runs. Abbreviated month names (e.g. jan, feb, march) and numbers (1, 2, 12) are supported.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,-/]*)$|^$" }, "maxItems": 1, "minItems": 1 }, "MonthDays": { "description": "Enter a comma-delimited list of days of the month (e.g. 1, 5, 15), a hyphenated range of days (e.g. 1-15), every n-th day of the month (e.g 1/7 for every 7th day starting on the 1st) or every n-th day day of the month in a range ( e.g. 1-15/2 for every other day from 1st to the 15th), the last day of the month (specify L), or the nearest weekday to a specific date (specify W e.g. 15W) during which the resource runs.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,-/]*)$|^$" }, "maxItems": 1, "minItems": 1 }, "WeekDays": { "description": "Enter a comma-delimited list of days of the week (e.g. Mon, Wed, Fri), a range of days of the week (e.g. Mon-Thu), or n-th occurrence of a weekday in the month (e.g Mon#1 or 0#1 for first Monday of the month) during which the resource runs. Enter a day and L ro run a resource on the last occurrence of that weekday in the month (e.g. friL or 4L to run on the last Friday of the month). Abbreviated week day names (e.g. Sun, Mon, Thu), and numbers (0, 1, 3), are supported.", "type": "array", "items": { "type": "string", "pattern": "(?!^[-_,/]$)^([a-zA-Z0-9,#-/]*)$|^$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "Action", "Name", "Description", "BeginTime", "EndTime", "Months", "MonthDays", "WeekDays" ] }, "required": [ "Action", "Name" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-199h35t7uz6jl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Grant Stack Read-Only access", "description": "Request Read-Only access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-19f40lfm5umy8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Gather Log4j Information", "description": "Generates a report identifying Log4j2 occurrences on the specified EC2 instances. This is a best-effort report and some occurrences may go undetected from the report.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-GatherLog4jInformation.", "type": "string", "enum": [ "AWSManagedServices-GatherLog4jInformation" ], "default": "AWSManagedServices-GatherLog4jInformation" }, "Region": { "description": "The AWS Region in which the EC2 instances are located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "S3Bucket": { "description": "The name of the S3 bucket to upload the results to, in the form s3://bucket-name.", "type": "array", "items": { "type": "string", "pattern": "^s3://.+$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "S3Bucket" ] }, "additionalProperties": false }, "TargetParameterName": { "description": "Must be InstanceId.", "type": "string", "enum": [ "InstanceId" ], "default": "InstanceId" }, "Targets": { "type": "array", "items": { "type": "object", "properties": { "Key": { "description": "The criteria for targeting resources. To target all instances in the AWS Region, use AWS::EC2::Instance. To target specific instances, use ParameterValues and specify instance IDs for the Values. Default is AWS::EC2::Instance.", "type": "string", "enum": [ "AWS::EC2::Instance", "ParameterValues" ], "default": "AWS::EC2::Instance" }, "Values": { "description": "Values for specified criteria. For Key=AWS::EC2::Instance, use asterisk (*). For Key=ParameterValues, enter up to fifty instance IDs. Default is asterisk (*).", "type": "array", "items": { "type": "string", "pattern": "^i-[0-9a-f]{8}$|^i-[0-9a-f]{17}|\\*", "default": "*" }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Values" ] }, "required": [ "Key", "Values" ] }, "minItems": 1, "maxItems": 1 }, "MaxConcurrency": { "description": "The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 50.", "type": "string", "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$", "default": "50" }, "MaxErrors": { "description": "The number of errors that are allowed before the system stops running the task on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. The default value is 100%.", "type": "string", "pattern": "^([1-9][0-9]*|[1-9][0-9]%|[0-9]%|100%)$", "default": "100%" } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters", "TargetParameterName", "Targets", "MaxConcurrency", "MaxErrors" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters", "TargetParameterName", "Targets", "MaxConcurrency", "MaxErrors" ] }

Schema for Change Type ct-19fdy7np55xiu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy RDS DB Cluster Snapshot", "description": "Create a copy of an Amazon Relational Database Service (Amazon RDS) DB Cluster snapshot. If you are copying a snapshot shared from another AWS account, it must be located in the same AWS Region as the specified DocumentName.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyDBClusterSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CopyDBClusterSnapshot" ], "default": "AWSManagedServices-CopyDBClusterSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "Parameters": { "type": "object", "properties": { "SourceDBClusterSnapshotARN": { "description": "The Amazon Resource Name (ARN) of the DB Cluster snapshot to be copied.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):rds:[a-z0-9-]+:[0-9]{12}:cluster-snapshot:[a-zA-Z][a-zA-Z0-9-:]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "TargetDBClusterSnapshotIdentifier": { "description": "The target DB cluster snapshot identifier.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "An AWS Key Management Service (KMS) key to encrypt the DB snapshot with, either the KMS key ARN or the KMS key identifier. Leave blank if the source snapshot is unencrypted.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|mrk-[0-9a-f]{32}$)|^$" }, "minItems": 0, "maxItems": 1 }, "SourceRegion": { "description": "The AWS Region where the source snapshot is located. Leave blank if the source snapshot is located in the same AWS Region as the specified DocumentName.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceDBClusterSnapshotARN", "TargetDBClusterSnapshotIdentifier", "KmsKeyId", "SourceRegion" ] }, "additionalProperties": false, "required": [ "SourceDBClusterSnapshotARN", "TargetDBClusterSnapshotIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-19jq3ulr3g9zg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create IAM Resource", "description": "Create an Identity and Access Management (IAM) role or policy with read permissions primarily. Only IAM actions that are less permissive than AMS baseline (control) IAM policy are allowed. For more information, see AMS documentation on Deploying IAM resources.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateIAMResource-Admin.", "type": "string", "enum": [ "AWSManagedServices-CreateIAMResource-Admin" ], "default": "AWSManagedServices-CreateIAMResource-Admin" }, "Region": { "description": "The AWS Region where the IAM resource will be created.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "UseCase": { "description": "The type of resource or combination of resources to create; required parameters change depending on your choice. Create an IAM policy=PolicyName and PolicyDocument, Create an IAM role with an IAM policy attached=RoleName, RoleTrustPolicy, PolicyName and PolicyDocument, Create an IAM policy and attach to an existing customer IAM role=PolicyName, PolicyDocument and RoleName, Create an IAM role and attach an existing IAM policy=RoleName, RoleTrustPolicy and PolicyName. Parameters not relevant to the selected scenario are ignored.", "type": "string", "enum": [ "Create an IAM policy", "Create an IAM role with an IAM policy attached", "Create an IAM policy and attach to an existing customer IAM role", "Create an IAM role and attach an existing IAM policy" ] }, "AutomationAssumeRole": { "description": "Must be ams_ssm_iam_deployment_role.", "type": "string", "default": "ams_ssm_iam_deployment_role" }, "PolicyName": { "description": "A meaningful name for the IAM policy. The name can be up to 128 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,128}$" }, "PolicyDocument": { "description": "An IAM policy document to be attached to the role (paste the policy document into the value field).", "type": "string", "pattern": "^[\\s\\S]*$", "maxLength": 20480 }, "RoleName": { "description": "A meaningful name for the IAM role. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^[a-zA-Z0-9_+=,.@-]{1,64}$|^$" }, "RoleTrustPolicy": { "description": "An assume role policy document to be attached to the role (paste the policy document into the value field).", "type": "string", "pattern": "^[\\s\\S]*$", "maxLength": 20480 }, "ValidatePolicy": { "description": "True to run an IAM linter on the IAM policy definition from PolicyDocument and RoleTrustPolicy parameters, false to not. Default is true.", "type": "boolean", "default": true } }, "metadata": { "ui:order": [ "UseCase", "PolicyName", "PolicyDocument", "RoleName", "RoleTrustPolicy", "ValidatePolicy", "AutomationAssumeRole" ] }, "additionalProperties": false, "required": [ "UseCase", "PolicyName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1a1zzgi2nb83d

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Application Load Balancer", "description": "Update the properties of an existing AWS Application Load Balancer (ALB) that was created by version 3.0 CT: ct-111r1yayblnw4.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Application Load Balancer that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "LoadBalancerSecurityGroups": { "description": "A list of security groups to associate with the load balancer. Please note that changing this value during an update does not append to the existing security groups associated with the load balancer. Include all required security groups when modifying this value.", "type": "array", "items": { "type": "string", "pattern": "^sg-[a-z0-9]{8}$|^sg-[a-z0-9]{17}$" }, "uniqueItems": true }, "LoadBalancerSubnetIds": { "description": "A list of subnet IDs to replace the currently used subnets. If you update the LoadBalancerSubnetIds, specify subnets from at least two Availability Zones. For an internet-facing load balancer provide public subnet IDs, for an internal load balancer we recommend private subnet IDs.", "type": "array", "items": { "type": "string", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "uniqueItems": true }, "LoadBalancerDeletionProtection": { "type": "string", "description": "True to enable deletion protection, false to not. Default is false.", "enum": [ "true", "false" ] }, "LoadBalancerIdleTimeout": { "type": "string", "description": "How long the load balancer front-end connection (client to load balancer) can be idle (not receiving data) before the connection is automatically closed.", "pattern": "^([1-9][0-9]{0,2}|[1-3][0-9]{3}|4000)$" }, "Listener1Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$" }, "Listener1Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "enum": [ "HTTP", "HTTPS" ] }, "Listener1SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "Listener1SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. See AWS documentation for ALBs for details on default AWS security policies.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] }, "Listener2Port": { "type": "string", "description": "The port number for the load balancer to use when routing external incoming traffic.", "pattern": "(?!^22$)(?!^3389$)(?!^5985$)^([1-9]{1}[0-9]{0,4})$|^$" }, "Listener2Protocol": { "type": "string", "description": "The transport protocol to use for routing front-end connections (client to load balancer). The supported protocols are HTTP and HTTPS.", "pattern": "^$|^(HTTP|HTTPS)$" }, "Listener2SSLCertificateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the certificate to associate with the listener, in the form arn:aws:acm:region:account-id:certificate/certificate-id or arn:aws:iam::account-id:server-certificate/certificate-name. Leave blank if Protocol is not HTTPS.", "pattern": "^$|^(arn:aws:acm:[a-z1-9\\-]{9,15}:[0-9]{12}:certificate/[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})$|^(arn:aws:iam::[0-9]{12}:server-certificate/[\\w+=,.@-]+)$" }, "Listener2SSLPolicy": { "type": "string", "description": "The security policy that defines the ciphers and protocols that the load balancer supports. Use only if Protocol = HTTPS. See AWS documentation for ALBs for details on default AWS security policies.", "enum": [ "ELBSecurityPolicy-TLS13-1-2-2021-06", "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", "ELBSecurityPolicy-TLS13-1-1-2021-06", "ELBSecurityPolicy-TLS13-1-0-2021-06", "ELBSecurityPolicy-TLS13-1-3-2021-06", "ELBSecurityPolicy-FS-1-2-Res-2020-10", "ELBSecurityPolicy-FS-1-2-Res-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-2018-06", "ELBSecurityPolicy-TLS-1-2-Ext-2018-06", "ELBSecurityPolicy-TLS-1-2-2017-01", "ELBSecurityPolicy-TLS-1-1-2017-01", "ELBSecurityPolicy-2016-08", "ELBSecurityPolicy-TLS-1-0-2015-04", "ELBSecurityPolicy-2015-05" ] }, "TargetGroupHealthCheckInterval": { "type": "string", "description": "The approximate amount of time, in seconds, between health checks of an individual target. The range is 5 to 300 seconds.", "pattern": "^([5-9]|[1-8][0-9]|9[0-9]|[12][0-9]{2}|300)$" }, "TargetGroupHealthCheckPath": { "type": "string", "description": "The ping path destination where Elastic Load Balancing sends health check requests.", "pattern": "^(/?[a-z0-9\\-._~%!$&'()*+,;=@]+(/[a-z0-9\\-._~%!$&'()*+,;=:@]+)*/?|/){1,1024}$" }, "TargetGroupHealthCheckPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which is the port on which each target receives traffic from the load balancer.", "pattern": "^$|^([0-9]{1,5})$" }, "TargetGroupHealthCheckProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ] }, "TargetGroupHealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "^(60|[1-5]{1}[0-9]{1}|[2-9]{1})$" }, "TargetGroupHealthyThreshold": { "type": "string", "description": "The number of consecutive health probe successes required before moving the instance to the Healthy state.", "pattern": "^([2-9]{1}|10)$" }, "TargetGroupUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health probe failures required before moving the instance to the Unhealthy state.", "pattern": "^([2-9]{1}|10)$" }, "TargetGroupValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^(([2-4]{1}[0-9]{2}($|-|,))+)$" }, "TargetGroupDeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. Valid value ranges from 0 to 3600.", "pattern": "^(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})$" }, "TargetGroupSlowStartDuration": { "type": "string", "description": "The time period, in the range 30-900 seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic", "pattern": "^([3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0)$|^$" }, "TargetGroupCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "^([1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800)$|^$" } }, "metadata": { "ui:order": [ "LoadBalancerSecurityGroups", "LoadBalancerSubnetIds", "LoadBalancerDeletionProtection", "LoadBalancerIdleTimeout", "Listener1Port", "Listener1Protocol", "Listener1SSLCertificateArn", "Listener1SSLPolicy", "Listener2Port", "Listener2Protocol", "Listener2SSLCertificateArn", "Listener2SSLPolicy", "TargetGroupHealthCheckInterval", "TargetGroupHealthCheckPath", "TargetGroupHealthCheckPort", "TargetGroupHealthCheckProtocol", "TargetGroupHealthCheckTimeout", "TargetGroupHealthyThreshold", "TargetGroupUnhealthyThreshold", "TargetGroupValidHTTPCode", "TargetGroupDeregistrationDelayTimeout", "TargetGroupSlowStartDuration", "TargetGroupCookieExpirationPeriod" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1a68ck03fn98r

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create S3 bucket", "description": "Create an Amazon S3 bucket for cloud storage.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-s2b72beb200000000.", "type": "string", "enum": [ "stm-s2b72beb200000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name that is used in the Console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "BucketName": { "description": "A name for the S3 bucket. The S3 bucket name must contain only lowercase letters, numbers, periods (.), and hyphens (-). The name must be unique across all existing bucket names in Amazon S3.", "type": "string", "pattern": "^(?!ams|aws|mc|cf-templates)[a-z0-9]([-.a-z0-9]+)[a-z0-9]$", "minLength": 3, "maxLength": 63 }, "ServerSideEncryption": { "description": "Default encryption for a bucket using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). Use None to disable default encryption. Default is KmsManagedKeys.", "type": "string", "enum": [ "None", "S3ManagedKeys", "KmsManagedKeys" ] }, "KMSKeyId": { "description": "The AWS KMS master key ID used for the ServerSideEncryption KMS encryption. Applicable only if ServerSideEncryption = KmsManagedKeys. Leave blank to use the default encryption key.", "type": "string", "pattern": "^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/mrk-[a-z0-9]{32}$|^$" }, "Versioning": { "description": "The status of versioning for this S3 bucket, either Enabled (versioning of stored objects is enabled) or Suspended (versioning is not enabled). Default is Suspended.", "type": "string", "enum": [ "Enabled", "Suspended" ] }, "IAMPrincipalsRequiringReadObjectAccess": { "description": "List the Identity and Access Management (IAM), or CloudFront Origin Access Identity (OAI), or both, Amazon Resource Names (ARNs) that require read access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole, arn:aws:iam::123456789012:user/myuser and/or arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EH1HDMB1FH2TC.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$|^arn:aws:iam::cloudfront:user\\/CloudFront Origin Access Identity E[A-Z0-9]{11,13}$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringWriteObjectAccess": { "description": "List the IAM ARNs that require write access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringReadObjectAccess": { "description": "List of AWS services that require read access to the S3 bucket; for example, logs.us-east-1.amazonaws.com.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringWriteObjectAccess": { "description": "List of AWS services that require write access to the S3 bucket; for example, logs.us-east-1.amazonaws.com.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$" }, "minItems": 1, "uniqueItems": true }, "EnforceSecureTransport": { "description": "True to enforce HTTPS for object operations, false to not.", "type": "boolean", "default": true }, "AccessAllowedIpRanges": { "description": "List of source IP ranges allowed to access the S3 bucket. Leave blank to not have IP-based restrictions.", "type": "array", "items": { "type": "string" }, "minItems": 0, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "BucketName", "Versioning", "ServerSideEncryption", "KMSKeyId", "EnforceSecureTransport", "IAMPrincipalsRequiringReadObjectAccess", "IAMPrincipalsRequiringWriteObjectAccess", "ServicesRequiringReadObjectAccess", "ServicesRequiringWriteObjectAccess", "AccessAllowedIpRanges" ] }, "required": [ "BucketName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-1aqsjf86w6vxg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create EC2 Stack With Additional Volumes", "description": "Create an Amazon Elastic Compute Cloud (EC2) instance with up to five additional volumes.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-nn8v8ffhcal611bmp.", "type": "string", "enum": [ "stm-nn8v8ffhcal611bmp" ], "default": "stm-nn8v8ffhcal611bmp" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "InstanceAmiId": { "type": "string", "description": "The AMI to use to create the EC2 instance, in the form ami-0123abcd or ami-01234567890abcdef.", "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$" }, "InstanceCoreCount": { "type": "integer", "description": "The number of CPU cores for the instance. If you set this, you need to specify a value for InstanceThreadsPerCore.", "minimum": 0, "maximum": 224, "default": 0 }, "InstanceThreadsPerCore": { "type": "integer", "description": "The number of threads per CPU core. If you set this, you need to specify a value for InstanceCoreCount.", "minimum": 0, "maximum": 2, "default": 0 }, "InstanceDetailedMonitoring": { "type": "string", "description": "True to turn on detailed monitoring for your instances. False to turn off detailed monitoring for your instances and set it to basic monitoring. EC2 detailed monitoring provides more frequent metrics, published at one-minute intervals, instead of the five-minute intervals used in Amazon EC2 basic monitoring. Detailed monitoring does incur charges. For more information, see AWS CloudWatch documentation.", "enum": [ "true", "false" ] }, "InstanceEBSOptimized": { "type": "string", "description": "True for the instance to be optimized for Amazon Elastic Block Store (EBS) I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization.", "enum": [ "true", "false" ] }, "InstanceProfile": { "type": "string", "description": "An IAM instance profile name defined in your account. The default is customer-mc-ec2-instance-profile.", "pattern": "^[a-zA-Z0-9_.=@,+-]{1,128}$" }, "InstanceRootVolumeIops": { "type": "integer", "description": "The IOPS to use for the root volume, if InstanceRootVolumeType = io1, io2 or gp3. If InstanceRootVolumeType is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "InstanceRootVolumeName": { "type": "string", "description": "The device name of the root volume for the instance; for example, /dev/xvda or /dev/sda1. Specify this, and InstanceRootVolumeSize and InstanceRootVolumeType, to make changes to any or all of these parameters. Leave blank for the values for those three parameters to be drawn from the InstanceAmiId. Specifying an InstanceRootVolumeName that does not match that setting in the InstanceAmiId may result in instance launch failures or making changes to the wrong volume. Note that setting a value prohibits updating the value with the EC2 instance stack Update (with additional volumes) ct (ct-1o1x2itfd6rk8) later.", "enum": [ "", "/dev/sda1", "/dev/xvda" ] }, "InstanceRootVolumeSize": { "type": "integer", "description": "The size, in GiB, of the root volume for the instance. To change this from the value set in the InstanceAmiId, you must also specify InstanceRootVolumeName. If no value is provided for InstanceRootVolumeName, any value provided here is ignored.", "minimum": 8, "maximum": 16384 }, "InstanceRootVolumeType": { "type": "string", "description": "The instance type of the root volume for the instance. To change this from the value set in the InstanceAmiId, you must also specify InstanceRootVolumeName. If no value is provided for InstanceRootVolumeName, any value provided here is ignored. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3" ] }, "RootVolumeKmsKeyId": { "description": "The ID, or ARN, of the KMS master key to be used to encrypt the root volume. Specify default to use the default EBS KMS Key. Leave blank to not encrypt the root volume. Note that, if a value is set, the InstanceRootVolumeName must also be specified for KMS encryption settings on the root volume to take effect.", "type": "string", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "InstancePrivateStaticIp": { "type": "string", "description": "The static IP address for the instance." }, "InstanceSecondaryPrivateIpAddressCount": { "type": "integer", "description": "The number of secondary private IP addresses that EC2 automatically assigns to the primary network interface. The number of secondary IP addresses that can be assigned is dependent on the type of instance used.", "minimum": 0 }, "InstanceSubnetId": { "type": "string", "description": "The subnet that you want to launch the instance into, in the form subnet-0123abcd or subnet-01234567890abcdef.", "pattern": "^subnet-[a-z0-9]{8}$|^subnet-[a-z0-9]{17}$" }, "InstanceTerminationProtection": { "type": "string", "description": "True to prevent the instance from being terminated through the API, false to allow it. Default is false. Termination protection must be disabled with an update (ct-1o1x2itfd6rk8) before deleting the stack or performing an update where instance replacement is required, otherwise failures occur.", "enum": [ "true", "false" ] }, "InstanceType": { "type": "string", "description": "The EC2 instance type. Choose an InstanceType that supports EBS optimization if InstanceEBSOptimized = true.", "default": "t3.large" }, "CreditSpecification": { "description": "The credit option for CPU Usage. This is only supported with t2, t3, and t3a, instance types. If your instance is unlikely to require CPU bursting, choose standard, but note that, once all the CPU credits for that instance are used up, it will be throttled. For better burst handling, and to not allow throttling, choose unlimited, but note that additional charges may apply when additional credits are used.", "type": "string", "enum": [ "unlimited", "standard" ], "default": "unlimited" }, "EnforceIMDSV2": { "description": "True for the instance to be launched with IMDSv2 enforced. Default value is True. If you set this to True, make sure your applications are compatible with IMDSv2. See EC2/IMDS document for more details.", "type": "string", "enum": [ "true", "false" ], "default": "true" }, "InstanceUserData": { "type": "string", "description": "A newline-delimited string where each line is part of a script to be run on boot." }, "Volume1Iops": { "type": "integer", "description": "The IOPS to use for the Volume1 volume, if Volume1Type = io1, io2 or gp3. If Volume1Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume1Throughput": { "type": "integer", "description": "The Throughput to use for the Volume1 volume, if Volume1Type = gp3. If Volume1Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume1KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume1. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume1.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume1Name": { "type": "string", "description": "The device name for Volume1 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume1. Leave blank to skip creation of Volume1.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume1Size": { "type": "integer", "description": "The size of Volume1 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume1Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume1.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume2Iops": { "type": "integer", "description": "The IOPS to use for the Volume2 volume, if Volume2Type = io1, io2 or gp3. If Volume2Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume2Throughput": { "type": "integer", "description": "The Throughput to use for the Volume2 volume, if Volume2Type = gp3. If Volume2Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume2KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume2. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume2.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume2Name": { "type": "string", "description": "The device name for Volume2 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume2. Leave blank to skip creation of Volume2.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume2Size": { "type": "integer", "description": "The size of Volume2 in GiB. Defaults to 1 GiB", "minimum": 1, "maximum": 16384 }, "Volume2Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume2.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume3Iops": { "type": "integer", "description": "The IOPS to use for the Volume3 volume, if Volume3Type = io1, io2 or gp3. If Volume3Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume3Throughput": { "type": "integer", "description": "The Throughput to use for the Volume3 volume, if Volume3Type = gp3. If Volume3Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume3KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume3. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume3.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume3Name": { "type": "string", "description": "The device name for Volume3 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume3. Leave blank to skip creation of Volume3.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume3Size": { "type": "integer", "description": "The size of Volume3 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume3Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume3.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume4Iops": { "type": "integer", "description": "The IOPS to use for the Volume4 volume, if Volume4Type = io1, io2 or gp3. If Volume4Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume4Throughput": { "type": "integer", "description": "The Throughput to use for the Volume4 volume, if Volume4Type = gp3. If Volume3Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume4KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume4. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume4.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume4Name": { "type": "string", "description": "The device name for Volume4 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume4. Leave blank to skip creation of Volume4.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume4Size": { "type": "integer", "description": "The size of Volume4 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume4Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume4.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] }, "Volume5Iops": { "type": "integer", "description": "The IOPS to use for the Volume5 volume, if Volume5Type = io1, io2 or gp3. If Volume5Type is not io1, io2 or gp3, any value provided here is ignored.", "minimum": 0, "maximum": 64000 }, "Volume5Throughput": { "type": "integer", "description": "The Throughput to use for the Volume5 volume, if Volume5Type = gp3. If Volume5Type is not gp3, any value provided here is ignored. Default is 125.", "minimum": 125, "maximum": 1000, "default": 125 }, "Volume5KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume5. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume5.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume5Name": { "type": "string", "description": "The device name for Volume5 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume5. Leave blank to skip creation of Volume5.", "pattern": "^((/dev/)?sd[f-p][1-6]?|(/dev/)?xvd[f-z])$" }, "Volume5Size": { "type": "integer", "description": "The size of Volume5 in GiB. Defaults to 1 GiB.", "minimum": 1, "maximum": 16384 }, "Volume5Snapshot": { "type": "string", "description": "The EBS snapshot ID to use to create Volume5.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1, io2, gp2 or gp3 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "io2", "gp2", "gp3", "sc1", "st1" ] } }, "metadata": { "ui:order": [ "InstanceAmiId", "InstanceSubnetId", "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceCoreCount", "InstanceThreadsPerCore", "InstanceRootVolumeIops", "InstanceRootVolumeName", "InstanceRootVolumeSize", "InstanceRootVolumeType", "RootVolumeKmsKeyId", "InstancePrivateStaticIp", "InstanceSecondaryPrivateIpAddressCount", "InstanceType", "CreditSpecification", "InstanceUserData", "InstanceTerminationProtection", "EnforceIMDSV2", "Volume1Name", "Volume1Size", "Volume1Type", "Volume1KmsKeyId", "Volume1Iops", "Volume1Throughput", "Volume1Snapshot", "Volume2Name", "Volume2Size", "Volume2Type", "Volume2KmsKeyId", "Volume2Iops", "Volume2Throughput", "Volume2Snapshot", "Volume3Name", "Volume3Size", "Volume3Type", "Volume3KmsKeyId", "Volume3Iops", "Volume3Throughput", "Volume3Snapshot", "Volume4Name", "Volume4Size", "Volume4Type", "Volume4KmsKeyId", "Volume4Iops", "Volume4Throughput", "Volume4Snapshot", "Volume5Name", "Volume5Size", "Volume5Type", "Volume5KmsKeyId", "Volume5Iops", "Volume5Throughput", "Volume5Snapshot" ] }, "required": [ "InstanceAmiId", "InstanceSubnetId" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1ax768xtu8c9q

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Manage Lifecycle Configuration", "description": "Add a new lifecycle configuration, or replace an existing one for an Amazon S3 bucket.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-PutBucketLifecycleConfiguration.", "type": "string", "enum": [ "AWSManagedServices-PutBucketLifecycleConfiguration" ], "default": "AWSManagedServices-PutBucketLifecycleConfiguration" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BucketName": { "description": "The name of the S3 bucket for the lifecycle configuration.", "type": "array", "items": { "type": "string", "pattern": "^(?!(mc|ams|awsms)-)[a-z0-9][-.a-z0-9]{1,61}[a-z0-9]$" }, "minItems": 1, "maxItems": 1 }, "LifecycleConfiguration": { "description": "The lifecycle configuration in JSON format.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"Rules\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 }, "ReplaceExisting": { "description": "True to replace the existing lifecycle configuration, False to append the new configuration to the existing value. Default is False.", "type": "array", "items": { "type": "string", "default": "False", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "Verification": { "description": "A lifecycle policy can be used to delete all objects in a bucket. To prevent accidental deletion, please ensure you have entered the correct bucket name and the correct lifecycle policy configuration. Enter the value \"confirm\" in this parameter once you have verified this.", "type": "array", "items": { "type": "string", "enum": [ "confirm" ] }, "minItems": 1, "maxItems": 1 }, "MinimumNumberOfDaysBeforeExpiration": { "description": "The minimum number of days before a rule in the lifecycle configuration can expire an object. The value must be greater than one.", "type": "array", "items": { "type": "integer", "minimum": 2, "maximum": 7300 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "BucketName", "LifecycleConfiguration", "ReplaceExisting", "Verification", "MinimumNumberOfDaysBeforeExpiration" ] }, "required": [ "BucketName", "LifecycleConfiguration", "Verification", "MinimumNumberOfDaysBeforeExpiration" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1ay83wy4vxa3k

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update AWS Backup Plan", "description": "Update an existing backup plan. Please note that any changes that you make to a backup plan have no effect on existing backups created by the backup plan. The changes apply only to backups that are created in the future.", "type": "object", "properties": { "BackupPlanName": { "description": "The name of the backup plan to be updated.", "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "minLength": 1, "maxLength": 127 }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "minLength": 1, "maxLength": 255 }, "WindowsVSS": { "type": "string", "description": "Enabled to use the Windows Volume Shadow Copy Service (VSS) backup option in AWS Backup. Disabled to create a regular backup. Default is disabled. If the application has VSS writer registered with Windows VSS, then AWS Backup creates a snapshot that will be consistent for that application. To learn more, see AWS Backup documentation \"Creating Windows VSS backups.\"", "enum": [ "disabled", "enabled" ], "default": "disabled" }, "BackupRuleName": { "description": "The name of the existing rule in the specified backup plan to be updated.", "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "BackupRuleVault": { "type": "string", "description": "The name of the AWS Backup vault to be used in the AWS Backup plan rule.", "pattern": "^[a-zA-Z0-9\\-\\_]{2,50}$", "default": "ams-custom-backups" }, "BackupRuleCompletionWindowMinutes": { "type": "integer", "description": "The amount of time, in minutes, that AWS Backup attempts a backup before canceling the job and returning an error. If a time is specified, then StartWindowMinutes must be specified, and the specified CompleteWindowMinutes time must be at least 60 minutes greater than StartWindowMinutes.", "minimum": 1, "maximum": 99000 }, "BackupRuleScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRuleDeleteAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is deleted, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never expires.", "minimum": 0, "maximum": 35600 }, "BackupRuleMoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that a backup is moved to cold storage, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600 }, "BackupRuleStartWindowMinutes": { "type": "integer", "description": "The period of time, in minutes, after a backup is scheduled to wait before a job is canceled if it doesn't start successfully.", "minimum": 60, "maximum": 99000 }, "BackupRuleRecoveryPointTagKey": { "type": "string", "description": "A key for the tag that is assigned to all created recovery points for the backup rule.", "minLength": 1, "maxLength": 127 }, "BackupRuleRecoveryPointTagValue": { "type": "string", "description": "A value for the BackupRuleRecoveryPointTagKey.", "minLength": 1, "maxLength": 255 }, "BackupRuleEnableContinuousBackup": { "type": "string", "description": "True to create a continuous backup rule, false to not create the rule. With continuous backups, you can restore your AWS Backup-supported resource by rewinding it back to a specific time that you choose, within 1 second of precision (going back a maximum of 35 days). You can do this during the PITR(Point-In-Time Recovery) restore process, where the AWS Backup console displays a Restore time section.", "enum": [ "true", "false" ] }, "BackupRuleCopyActionsDestVaultArn": { "type": "string", "description": "For backup plan rule: The Amazon Resource Name (ARN) of the destination backup vault for the copied backup.", "pattern": "^$|^(arn:(aws|aws-cn|aws-us-gov):backup:([a-z]{2}((-gov))?-[a-z]+-[0-9]){0,1}:[0-9]{12}:backup-vault:[a-zA-Z0-9\\_\\-]+)$" }, "BackupRuleCAMoveToColdStorageAfterDays": { "type": "integer", "description": "For backup plan rule copy actions: The number of days after creation before the recovery point is moved to cold storage, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never moves to cold storage. Only Amazon EFS file system backups can be transitioned to cold storage.", "minimum": 0, "maximum": 35600 }, "BackupRuleCopyActionsDeleteAfterDays": { "type": "integer", "description": "For backup plan rule copy actions: The number of days after creation that a recovery point is deleted, valid values are between 1 and 35600. If the value is 0 or not specified, the backup never expires.", "minimum": 0, "maximum": 35600 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "WindowsVSS", "BackupRuleName", "BackupRuleVault", "BackupRuleCompletionWindowMinutes", "BackupRuleScheduleExpression", "BackupRuleDeleteAfterDays", "BackupRuleMoveToColdStorageAfterDays", "BackupRuleStartWindowMinutes", "BackupRuleRecoveryPointTagKey", "BackupRuleRecoveryPointTagValue", "BackupRuleEnableContinuousBackup", "BackupRuleCopyActionsDestVaultArn", "BackupRuleCAMoveToColdStorageAfterDays", "BackupRuleCopyActionsDeleteAfterDays", "Priority" ] }, "additionalProperties": false, "required": [ "BackupPlanName", "BackupRuleName", "BackupRuleVault" ] }

Schema for Change Type ct-1b8fudnqq7m8r

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete GuardDuty IPSet", "description": "Use to delete an Amazon GuardDuty IPSet instance which is a list of trusted IP addresses that have been whitelisted for highly secure communication with your AWS environment.", "type": "object", "properties": { "DetectorId": { "description": "The detector ID that specifies the GuardDuty service whose IPSet you want to delete.", "pattern": "^[a-fA-F0-9]{32}$|^$", "type": "string" }, "IpSetId": { "description": "The unique ID that specifies the IPSet that you want to delete.", "type": "string", "minLength": 1 }, "Region": { "description": "Region to use in the form of us-east-1.", "type": "string", "minLength": 1 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "Region", "IpSetId", "DetectorId", "Priority" ] }, "additionalProperties": false, "required": [ "IpSetId", "Region" ] }

Schema for Change Type ct-1c0jrxd3su5oe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Copy RDS DB Snapshot", "description": "Create a KMS key encrypted copy of an Amazon Relational Database Service (Amazon RDS) DB snapshot. If you are copying a snapshot shared from another AWS account, it must be located in the same region in which the document is executed.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CopyDbSnapshot.", "type": "string", "enum": [ "AWSManagedServices-CopyDbSnapshot" ], "default": "AWSManagedServices-CopyDbSnapshot" }, "Region": { "description": "The AWS Region to use, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "Parameters": { "type": "object", "properties": { "SourceDbSnapshotArn": { "description": "The Amazon Resource Name (ARN) of the DB snapshot to be copied.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:rds:[a-z0-9-]+:[0-9]{12}:snapshot:[a-zA-Z][a-zA-Z0-9-:]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "TargetDbSnapshotIdentifier": { "description": "An identifier for the target DB snapshot.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z][a-zA-Z0-9-]{1,255}$" }, "minItems": 1, "maxItems": 1 }, "KmsKeyId": { "description": "An AWS Key Management Service (KMS) key to encrypt the DB snapshot with. The KMS key is the KMS Key ARN or the KMS key identifier.", "type": "array", "items": { "type": "string", "pattern": "^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" }, "minItems": 1, "maxItems": 1 }, "SourceRegion": { "description": "The AWS Region where the source snapshot is located. Leave blank if the source snapshot is located in the same region in which the document is executed.", "type": "array", "items": { "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}|^$" }, "minItems": 0, "maxItems": 1 }, "OptionGroupName": { "description": "The name of an option group to associate with the copy of the snapshot. Specify this option if you are copying a snapshot from one AWS Region to another, and your DB instance uses a nondefault option group. If copying across AWS Regions, and your source DB instance uses Transparent Data Encryption for Oracle or Microsoft SQL Server, you must specify this option. For more information, see Option Group Considerations in the Amazon RDS User Guide.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-]{0,255}$" }, "minItems": 0, "maxItems": 1 } }, "metadata": { "ui:order": [ "SourceDbSnapshotArn", "TargetDbSnapshotIdentifier", "KmsKeyId", "SourceRegion", "OptionGroupName" ] }, "additionalProperties": false, "required": [ "SourceDbSnapshotArn", "TargetDbSnapshotIdentifier", "KmsKeyId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1d2fml15b9eth

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DMS replication task.", "description": "Use to create a Database Migration Service (DMS) replication task.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to 40 tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 127 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 40, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-eos7uq0usnmeggdet", "type": "string", "enum": [ "stm-eos7uq0usnmeggdet" ], "default": "stm-eos7uq0usnmeggdet" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "CdcStartTime": { "type": "string", "description": "When the DMS starts change data capture (CDC), in epoch time (milliseconds). For example, for CDC to start on Thursday August 9, 20018 1:02:49 AM (UTC), enter 1533776569. Must not be a future time and not all source endpoints support CDC start time.", "pattern": "^$|^[0-9]*$", "default": "" }, "MigrationType": { "type": "string", "description": "The migration type or method. To migrate existing data use full-load, to migrate existing data and replicate ongoing changes use full-load-and-cdc, to replicate data changes only use cdc.", "enum": [ "full-load", "full-load-and-cdc", "cdc" ] }, "ReplicationInstanceArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the DMS replication instance, in the form arn:aws:dms:REGION:ACCOUNTID:rep:ABAICDVER4V47TYTAA3U3SE7YM.", "pattern": "^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:rep:[a-zA-Z0-9]+$" }, "ReplicationTaskIdentifier": { "type": "string", "description": "An identifier for the task. Use to give the task a name or label.", "pattern": "^$|(?!.*--)[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z0-9]$", "default": "" }, "ReplicationTaskSettings": { "type": "string", "description": "A JSON document defining settings for the task. For example, task metadata settings, logging settings etc. For large inputs, we recommend removing extra whitespaces.", "default": "", "maxLength": 4096 }, "SourceEndpointArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the DMS source endpoint for the task to use, in the form arn:aws:dms:REGION:ACCOUNTID:endpoint:ABAICDMTD4V47TYTAA3U3SE7YM.", "pattern": "^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:endpoint:[A-Z0-9]+$" }, "TableMappings": { "type": "string", "description": "A JSON document to set rules for schema mapping, the mapping method, transformation and filters." }, "TargetEndpointArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the DMS target endpoint for the task to use, in the form arn:aws:dms:REGION:ACCOUNTID:endpoint:XYAICDMTD4V47TYTAA3U3SE7YM.", "pattern": "^arn:aws:dms:[a-z0-9-]+:[0-9]{12}:endpoint:[A-Z0-9]+$" } }, "metadata": { "ui:order": [ "ReplicationTaskIdentifier", "MigrationType", "SourceEndpointArn", "TargetEndpointArn", "ReplicationInstanceArn", "TableMappings", "ReplicationTaskSettings", "CdcStartTime" ] }, "required": [ "MigrationType", "ReplicationInstanceArn", "SourceEndpointArn", "TableMappings", "TargetEndpointArn" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1d55pi44ff21u

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Private DNS Record Sets", "description": "Update an existing Route 53 DNS Hosted Zone with the supplied resource record set.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the Stack.", "type": "object", "properties": { "HostedZoneId": { "description": "The HostedZoneId that is to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^[a-zA-Z][a-zA-Z0-9]{1,32}$" }, "StackId": { "description": "The StackId that is required to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^stack-[a-z0-9]{17}$" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "HostedZoneId", "StackId", "RecordSet" ] }, "required": [ "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1d84keiri1jhg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create KMS key", "description": "Request a KMS key with a predefined key policy.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name used in the Console.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-enf1j068fhg34vugt", "type": "string", "enum": [ "stm-enf1j068fhg34vugt" ], "default": "stm-enf1j068fhg34vugt" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60, "default": 60 }, "Parameters": { "type": "object", "properties": { "Alias": { "type": "string", "description": "An alias for the customer master key (CMK). The alias must not begin with \"aws/\".", "pattern": "^$|(?!aws/)^[a-zA-Z0-9:/_-]+$" }, "EnableKeyRotation": { "type": "string", "description": "True for automatic rotation of the key material for the specified CMK, false for no automatic rotation. Default is true.", "enum": [ "true", "false" ] }, "Description": { "type": "string", "description": "A description for the CMK.", "maxLength": 8192, "minLength": 1 }, "PendingWindow": { "type": "integer", "description": "The number of days in the waiting period before AWS KMS deletes the CMK. Default is 30.", "minimum": 7, "maximum": 30 }, "IAMPrincipalsRequiringDecryptPermissions": { "type": "array", "description": "List of IAM ARNs that require permission to decrypt using the CMK; for example arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser.", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[\\w+=,.@-]{1,64}$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringEncryptPermissions": { "type": "array", "description": "List of IAM ARNs that require permission to encrypt using the CMK; for example arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser.", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[\\w+=,.@-]{1,64}$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringGrantsPermissions": { "type": "array", "description": "List of IAM ARNs, or account IDs, allowed to use this CMK for key grants; for example arn:aws:iam::123456789012:role/myrole or 123456789012.", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[\\w+=,.@-]{1,64}$|^\\d{12}$" }, "minItems": 1, "uniqueItems": true }, "LimitGrantsToAWSResources": { "type": "string", "description": "True to allow only AWS services that are integrated with AWS KMS to perform the grant operation on the user's behalf, false to allow any principal provided in IAMPrincipalsRequiringGrantsPermissions. Default is false.", "enum": [ "true", "false" ] }, "EnforceEncryptionContextKeys": { "type": "string", "description": "True to enforce use of encryption context keys in cryptographic operations, false to not. To define the encryption context keys, use AllowedEncryptionContextKeys. Default is false.", "enum": [ "true", "false" ] }, "AllowedEncryptionContextKeys": { "type": "array", "description": "List of encryption context keys that must be present in requests for cryptographic operations. If supplied, all cryptographic operations must have one of the context keys from this list.", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "AllowServiceRolesAccessKMSKeys": { "type": "array", "description": "Provide KMS key access to AWS services, by providing the endpoint in the form, ec2.us-east-1.amazonaws.com. Then the specified AWS service can use the CMK with limited permissions (list and create grants; describe, encrypt, decrypt, and reencrypt key; and generate data key).", "items": { "type": "string", "pattern": "^([a-zA-Z0-9-.]+\\.)+amazonaws\\.com$" }, "minItems": 1, "uniqueItems": true } }, "metadata": { "ui:order": [ "Alias", "Description", "EnableKeyRotation", "PendingWindow", "IAMPrincipalsRequiringDecryptPermissions", "IAMPrincipalsRequiringEncryptPermissions", "IAMPrincipalsRequiringGrantsPermissions", "LimitGrantsToAWSResources", "EnforceEncryptionContextKeys", "AllowedEncryptionContextKeys", "AllowServiceRolesAccessKMSKeys" ] }, "required": [ "Description" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Name", "Description", "VpcId", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "TimeoutInMinutes", "StackTemplateId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1dmlg9g1l91h6

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Grant Stack Admin access", "description": "Request admin access for one or more users for one or more stacks. The maximum access time is 12 hours.", "type": "object", "properties": { "DomainFQDN": { "description": "The FQDN for the user accounts to grant access to.", "type": "string", "minLength": 1, "maxLength": 255 }, "StackIds": { "description": "A minimum of one stack ID is required.", "type": "array", "items": { "type": "string", "pattern": "^stack-[a-z0-9]{17}$|^SC-[0-9]{12}-pp-[a-zA-Z0-9]{13}$" }, "minItems": 1, "uniqueItems": true }, "TimeRequestedInHours": { "description": "The amount of time, in hours, requested for access to the instance. Access is terminated after this time.", "type": "integer", "minimum": 1, "default": 1 }, "Usernames": { "description": "One or more Active Directory user names used to grant access.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true }, "VpcId": { "description": "The ID of the VPC that contains the stacks where access is required, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" } }, "metadata": { "ui:order": [ "VpcId", "StackIds", "Usernames", "DomainFQDN", "TimeRequestedInHours" ] }, "additionalProperties": false, "required": [ "DomainFQDN", "StackIds", "Usernames", "VpcId" ] }

Schema for Change Type ct-1e0xmuy1diafq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Entity or Policy (read-write permissions)", "description": "Update Identity and Access Management (IAM) role or policy with read-write permissions. You must have enabled this feature with change type ct-1706xvvk6j9hf before submitting this request. Automated IAM provisioning with read-write permissions runs over 200 validations to help ensure successful outcomes.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAutomatedIAMProvisioningUpdate-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAutomatedIAMProvisioningUpdate-Admin" ], "default": "AWSManagedServices-HandleAutomatedIAMProvisioningUpdate-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ValidateOnly": { "description": "Yes to validate the IAM role or policy updated with the specified parameter values, without updating the entity or policy; No to validate and update the entity or policy. The validation result is provided as a JSON in the execution output. In order to implement after validation, create a copy of the RFC and set the ValidateOnly parameter to No, then submit.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "ValidateOnly" ] }, "required": [ "ValidateOnly" ] }, "RoleDetails": { "type": "object", "properties": { "Roles": { "description": "Update a role.", "type": "array", "items": { "type": "object", "properties": { "RoleName": { "description": "A name of the IAM role to update. The name can be up to 64 characters in length, and is limited to characters a-z, A-Z, 0-9, hyphen and underscore", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,64}$" }, "Description": { "description": "A meaningful description for the role.", "type": "string", "minLength": 0, "maxLength": 5200, "default": "" }, "AssumeRolePolicyDocument": { "description": "A JSON policy document, defining which entities can assume the role, you are updating the current policy document associated to the role with. Paste the contents into the input. Content provided replaces existing content.", "type": "string", "minLength": 2, "maxLength": 131072 }, "ManagedPolicyArns": { "description": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. Both AWS managed policies and customer managed policies are allowed. You must include the list of managed policy ARNs currently attached to the role that you wish to keep attached. Value provided replaces existing list of ARNs attached to the role.", "type": "array", "items": { "type": "string", "pattern": "^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$|^arn:[\\w+=/,.@-]+:iam::aws:policy(/[\\w+=/,.@-]+)?$" }, "minItems": 0, "maxItems": 20 }, "MaxSessionDuration": { "description": "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 4 hours. The MaxSessionDuration time begins with the assumption of the role.", "type": "string", "default": "3600", "pattern": "^(360\\d|36[1-9]\\d|3[7-9]\\d{2}|[4-9]\\d{3}|1[0-3]\\d{3}|14[0-3]\\d{2}|14400)$" }, "PermissionsBoundary": { "description": "The ARN of the policy used to set as the permissions boundary for the role. A permissions boundary uses a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. ARN provided replaces current permission boundary ARN set in the role.", "type": "string", "default": "", "pattern": "^$|^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "Description", "AssumeRolePolicyDocument", "ManagedPolicyArns", "MaxSessionDuration", "PermissionsBoundary" ] }, "required": [ "RoleName" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Roles" ] } }, "ManagedPolicyDetails": { "type": "object", "properties": { "Policies": { "description": "Update a customer managed policy.", "type": "array", "items": { "type": "object", "properties": { "ManagedPolicyName": { "description": "The name of the IAM policy to update. The name can be up to 128 characters in length, and is limited to characters a-z, A-Z, 0-9, hyphen and underscore", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,128}$" }, "PolicyDocument": { "description": "The JSON policy document that you want to use as the content for the new policy. Paste the content into the input field. Content provided replaces existing content in the policy.", "type": "string", "minLength": 2, "maxLength": 131072 } }, "additionalProperties": false, "metadata": { "ui:order": [ "ManagedPolicyName", "PolicyDocument" ] }, "required": [ "ManagedPolicyName" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Policies" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters", "RoleDetails", "ManagedPolicyDetails" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1e1xtak34nx76

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create other", "description": "Use to request manual creation of a resource.", "type": "object", "properties": { "Comment": { "description": "The description of the change.", "type": "string", "maxLength": 5000 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "RelatedIds": { "description": "(Optional) IDs of resources related to the change request.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 1000, "uniqueItems": true } }, "additionalProperties": false, "required": [ "Comment" ], "metadata": { "ui:order": [ "Comment", "RelatedIds", "Priority" ] } }

Schema for Change Type ct-1eft8s6vdhz0w

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update DNS Record Permission", "description": "Grant permissions to the computer object to update DNS records after failover. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateDNSRecordsPermission-Admin.", "type": "string", "enum": [ "AWSManagedServices-UpdateDNSRecordsPermission-Admin" ], "default": "AWSManagedServices-UpdateDNSRecordsPermission-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecordNames": { "description": "A list of comma separated DNS record names.", "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9-_,]{1,1000}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecordNames" ] }, "additionalProperties": false, "required": [ "RecordNames" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1eiczxw8ihc18

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Share AMI", "description": "Use to share an AMI with another AMS account.", "additionalProperties": false, "type": "object", "properties": { "TargetAwsAccountId": { "pattern": "^[0-9]{12}$", "description": "ID of the AWS account the AMI will be shared with, in the form 123456789012. The account must already be onboarded to AMS.", "type": "string" }, "AmiId": { "pattern": "^ami-[a-zA-Z0-9]{8}$|^ami-[a-zA-Z0-9]{17}$", "description": "ID of the AMI to share, in the form ami-12345678 or ami-123456789012345ab.", "type": "string" } }, "required": [ "AmiId", "TargetAwsAccountId" ] }

Schema for Change Type ct-1erytvmumckoa

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Resource Tags (Review Required)", "description": "Delete tags from existing, supported resources except those in AMS infrastructure stacks (stacks named mc-*). For Autoscaling, EC2, Elastic Load Balancing, RDS resources and S3 buckets, use automated CT ct-2zebb2czoxpjd.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the tag operation.", "type": "string", "maxLength": 5000 }, "Resources": { "description": "Parameters for up to fifty resources that you want to remove tags from.", "type": "array", "items": { "type": "object", "properties": { "ResourceArn": { "description": "The ARN or the resource ID of the resource to be tagged. Resource ID is allowed only for these resource types: EC2 instance, EBS volume, EBS snapshot, AMI, and security group. All other resource types must be provided with the full ARN.", "type": "string", "pattern": "^arn:aws:(|[a-z][a-z0-9-]+):(|[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(|[0-9]{12}):([^,\\s]+)$|^(ami|i|vol|sg|snap)-([a-f0-9]{8}|[a-f0-9]{17})$" }, "RemoveTags": { "description": "Up to fifty tag keys to remove from the resource.", "type": "array", "items": { "type": "string", "pattern": "^(?![aA][mMwW][sS]:)[a-zA-Z0-9\\s_.:/=+\\\\\\-@\\]*]+$", "minLength": 1, "maxLength": 127 }, "minItems": 1, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "ResourceArn", "RemoveTags" ] }, "required": [ "ResourceArn", "RemoveTags" ] }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Description", "Resources", "Priority" ] }, "required": [ "Description", "Resources" ] }

Schema for Change Type ct-1ezarc5xph3tq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Rotate RDS DB Certificate", "description": "Rotate the DB certificate on an Amazon Relational Database Service (RDS) database (DB) instance. Update any client applications that use SSL/TLS and the server certificate to connect, to use the new CA certificate beforehand. Not doing this will cause an interruption of connectivity between your applications and your database.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RotateDbCertificate.", "type": "string", "enum": [ "AWSManagedServices-RotateDbCertificate" ], "default": "AWSManagedServices-RotateDbCertificate" }, "Region": { "description": "The AWS Region in which the RDS DB is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "RDS DB instance identifier, in the form dbinstance-1.", "type": "array", "items": { "type": "string", "pattern": "(?=[a-zA-Z0-9-]{1,63}$)^[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*$" }, "minItems": 1, "maxItems": 1 }, "CertificateIdentifier": { "description": "Choose from rds-ca-rsa2048-g1, rds-ca-rsa4096-g1, or rds-ca-ecc384-g1 to rotate with the latest certificate. Make sure that the certificate applies to the database engine. If you have issues with your client-side trust store after updating to the latest certificate, then re-submit this RFC and choose rds-ca-2019 to revert. After you correct your client-side trust store with the new CA certificate, update to the desired certificate again. Note that this workaround is only available until August 22, 2024, when the rds-ca-2019 certificate expires.", "type": "array", "items": { "enum": [ "rds-ca-2019", "rds-ca-rsa2048-g1", "rds-ca-rsa4096-g1", "rds-ca-ecc384-g1" ], "type": "string", "default": "rds-ca-2019" }, "minItems": 1, "maxItems": 1 }, "ApplyImmediately": { "description": "True to apply the certificate change immediately. False to schedule the change for the next maintenance window. Note that choosing True causes the instance to reboot. If applicable, make sure that you have updated your client-side trust store beforehand.", "type": "array", "items": { "enum": [ "True", "False" ], "type": "string", "default": "False" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "CertificateIdentifier", "ApplyImmediately" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier", "CertificateIdentifier", "ApplyImmediately" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1f9hi4bephqa9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable TGW Propagation", "description": "Enable the Transit Gateway (TGW) attachment to propagate routes to the TGW route table. For multi-account landing zone (MALZ), use this change type in the Network account only.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-EnableTGWRouteTablePropagation.", "type": "string", "enum": [ "AWSManagedServices-EnableTGWRouteTablePropagation" ], "default": "AWSManagedServices-EnableTGWRouteTablePropagation" }, "Region": { "description": "The AWS Region where the TGW attachment and TGW route table are located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "TransitGatewayAttachmentId": { "description": "The TGW attachment ID, in the form tgw-attach-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^tgw-attach-[a-z0-9]{17}$" }, "maxItems": 1, "minItems": 1 }, "TransitGatewayRouteTableId": { "description": "The TGW route table ID, in the form tgw-rtb-01234567890abcdef.", "type": "array", "items": { "type": "string", "pattern": "^tgw-rtb-[a-z0-9]{17}$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] }, "additionalProperties": false, "required": [ "TransitGatewayAttachmentId", "TransitGatewayRouteTableId" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1fzddqrr20c2i

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update MaxSessionDuration", "description": "Update the MaxSessionDuration property of an AWS Identity and Access Management (IAM) role. This setting determines the maximum duration that can be requested using the DurationSeconds parameter when assuming an IAM role.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateIAMRoleMaxSessionDuration.", "type": "string", "enum": [ "AWSManagedServices-UpdateIAMRoleMaxSessionDuration" ], "default": "AWSManagedServices-UpdateIAMRoleMaxSessionDuration" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RoleName": { "description": "The name of the IAM role to modify.", "type": "array", "items": { "type": "string", "pattern": "^(?!(aws-ams-|aws-sentinel-|ams_ssm_|customer_ssm_))[\\w+=,.@-]+" }, "minItems": 1, "maxItems": 1 }, "MaxSessionDuration": { "description": "The new maximum session duration (in seconds) to set for the role. The duration can range from 3600 seconds to 14400 seconds.", "type": "array", "items": { "type": "integer", "minimum": 3600, "maximum": 14400 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RoleName", "MaxSessionDuration" ] }, "required": [ "RoleName", "MaxSessionDuration" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1g6x4ev0hnvfn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Describe Resource Scheduler Periods", "description": "Describe existing periods used in AMS Resource Scheduler.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DescribeScheduleOrPeriods.", "type": "string", "enum": [ "AWSManagedServices-DescribeScheduleOrPeriods" ], "default": "AWSManagedServices-DescribeScheduleOrPeriods" }, "Region": { "description": "The AWS Region of the account where the AMS Resource Scheduler solution is, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "ConfigurationType": { "description": "Specify the value: periods. This explicitly requests that the Resource Scheduler existing periods be described. The option cannot be left blank; it must be periods.", "type": "array", "items": { "type": "string", "enum": [ "periods" ], "default": "periods" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "ConfigurationType" ] }, "required": [ "ConfigurationType" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1gi93jhvj28eg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update S3 Bucket", "description": "Modify the properties of an S3 bucket created using change type ID ct-1a68ck03fn98r, version 4.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef. This identifies the AWS Region where the S3 bucket is.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the S3 bucket that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the S3 bucket.", "type": "object", "properties": { "ServerSideEncryption": { "description": "Default encryption for an S3 bucket using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). Use None to disable default encryption.", "type": "string", "enum": [ "None", "S3ManagedKeys", "KmsManagedKeys" ] }, "KMSKeyId": { "description": "The AWS KMS master key ID used for the ServerSideEncryption KMS encryption. Applicable only if ServerSideEncryption = KmsManagedKeys.", "type": "string", "pattern": "^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/mrk-[a-z0-9]{32}$|^$" }, "Versioning": { "description": "The status of versioning for this S3 bucket, either Enabled (versioning of stored objects is enabled) or Suspended (versioning is not enabled).", "type": "string", "enum": [ "Enabled", "Suspended" ] }, "IAMPrincipalsRequiringReadObjectAccess": { "description": "List the Identity and Access Management (IAM), or CloudFront Origin Access Identity (OAI), or both, Amazon Resource Names (ARNs) that require read access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole, arn:aws:iam::123456789012:user/myuser and/or arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EH1HDMB1FH2TC. The list of ARNs provided here replaces the existing list in the policy, it does not append to the existing list. To remove all ARNs during an update specify None.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$|^arn:aws:iam::cloudfront:user\\/CloudFront Origin Access Identity E[A-Z0-9]{11,13}$|^None$" }, "minItems": 1, "uniqueItems": true }, "IAMPrincipalsRequiringWriteObjectAccess": { "description": "List the IAM ARNs that require write access to the S3 bucket. For example, arn:aws:iam::123456789012:role/myrole or arn:aws:iam::123456789012:user/myuser. The list of ARNs provided here replaces the existing list in the policy, it does not append to the existing list. To remove all ARNs during an update, specify None.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:iam::\\d{12}:(role|user)\\/[/\\w+=,.@-]{1,64}$|^None$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringReadObjectAccess": { "description": "List of AWS services that require read access to the S3 bucket; for example, logs.us-east-1.amazonaws.com. The list of services provided here replaces the existing list in the policy, it does not append to the existing list. To remove all AWS services during an update, specify None.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$|^None$" }, "minItems": 1, "uniqueItems": true }, "ServicesRequiringWriteObjectAccess": { "description": "List of AWS services that require write access to the S3 bucket; for example, logs.us-east-1.amazonaws.com. The list of services provided here replaces the existing list in the policy, it does not append to the existing list. To remove all AWS services during an update, specify None.", "type": "array", "items": { "type": "string", "pattern": "^[a-z][a-z0-9.-]+.amazonaws.com$|^None$" }, "minItems": 1, "uniqueItems": true }, "EnforceSecureTransport": { "description": "True to enforce HTTPS for object operations. If false, both HTTP and HTTPS traffic is allowed.", "type": "boolean" }, "AccessAllowedIpRanges": { "description": "List of source IP ranges allowed to access the S3 bucket. Leave blank to not have IP-based restrictions. The list of IP ranges provided here replaces the existing list in the policy, it does not append to the existing list. To remove all source IP ranges during an update, specify None.", "type": "array", "items": { "type": "string" }, "minItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Versioning", "ServerSideEncryption", "KMSKeyId", "EnforceSecureTransport", "IAMPrincipalsRequiringReadObjectAccess", "IAMPrincipalsRequiringWriteObjectAccess", "ServicesRequiringReadObjectAccess", "ServicesRequiringWriteObjectAccess", "AccessAllowedIpRanges" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-1h1tuxn2oxrtf

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create DynamoDB From Backup", "description": "Create an Amazon DynamoDB stack from backup.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartRestoreJobDynamoDB.", "type": "string", "enum": [ "AWSManagedServices-StartRestoreJobDynamoDB" ], "default": "AWSManagedServices-StartRestoreJobDynamoDB" }, "Region": { "description": "The AWS Region in which the DynamoDB table is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of a logical container where backups are stored. The backup vault name is case sensitive and must contain from 2 to 50 alphanumeric characters or hyphens.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "maxItems": 1 }, "RecoveryPointArn": { "description": "The Amazon Resource Name (ARN) that uniquely identifies the recovery point to restore.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 1 }, "TargetTableName": { "description": "The name of the new table to which the backup must be restored. The target table name is case sensitive and must contain from 3 to 255 alphanumeric characters, hyphens, underscores or dots.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-\\.]{3,255}$" }, "maxItems": 1 } }, "metadata": { "ui:order": [ "BackupVaultName", "RecoveryPointArn", "TargetTableName" ] }, "additionalProperties": false, "required": [ "BackupVaultName", "RecoveryPointArn", "TargetTableName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1h5xgl9cr4bzy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start stack", "description": "Use to start all stopped EC2 instances in the specified stack.", "type": "object", "properties": { "StackId": { "description": "ID of the stack to start, in the form stack-a1b2c3d4e5f67890e. All stopped EC2 instances in the stack will be started.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" } }, "additionalProperties": false, "required": [ "StackId" ] }

Schema for Change Type ct-1hzofpphabs3i

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update Public DNS Record Sets", "description": "Update an existing Route 53 DNS Hosted Zone with the supplied resource record set.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-CreateAddRoute53Resources.", "type": "string", "enum": [ "AWSManagedServices-CreateAddRoute53Resources" ], "default": "AWSManagedServices-CreateAddRoute53Resources" }, "Region": { "description": "The AWS Region in which the AWS resource is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "description": "Specifications for the Stack.", "type": "object", "properties": { "HostedZoneId": { "description": "The HostedZoneId that is to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^[a-zA-Z][a-zA-Z0-9]{1,32}$" }, "StackId": { "description": "The StackId that is required to be updated. Supply either the HostedZoneId or the StackId but not both.", "type": "string", "pattern": "^$|^stack-[a-z0-9]{17}$" }, "RecordSet": { "description": "A JSON of resource records for the hosted zone.", "type": "array", "items": { "type": "string", "pattern": "^\\s*\\{\\s*\"RecordSet\"\\s*:\\s*\\[.*\\]\\s*\\}\\s*$" }, "minItems": 1, "maxItems": 1 } }, "additionalProperties": false, "metadata": { "ui:order": [ "HostedZoneId", "StackId", "RecordSet" ] }, "required": [ "RecordSet" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1i20abktsm05v

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add AD Group To AD Group", "description": "Add an Active Directory (AD) group in the trusted domain to an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-AddADGroupToADGroup-Admin.", "type": "string", "enum": [ "AWSManagedServices-AddADGroupToADGroup-Admin" ], "default": "AWSManagedServices-AddADGroupToADGroup-Admin" }, "Region": { "description": "The AWS Region where the AMS managed AD is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "NestedGroupName": { "description": "The name of the group in the trusted AD to be added to a group in the AMS managed AD.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "GroupName": { "description": "The name of the AD group that the nested group is added to. The group must exist in AMS managed AD and must belong to the CustomerGroups OU. The group scope must be DomainLocal.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=?/\\|\\\\]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "TrustedDomainFQDN": { "description": "The fully qualified domain name (FQDN) of your domain.", "type": "array", "items": { "type": "string", "pattern": "(?![aA][0-9]{12}.[aA][mM][aA][zZ][oO][nN][aA][wW][sS].[cC][oO][mM])^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "NestedGroupName", "GroupName", "TrustedDomainFQDN" ] }, "required": [ "NestedGroupName", "GroupName", "TrustedDomainFQDN" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1icghmq38rnsn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete AD DNS Conditional Forwarder", "description": "Delete AD DNS conditional forwarder for a remote domain. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteADDNSConditionalForwarder-Admin.", "type": "string", "enum": [ "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin" ], "default": "AWSManagedServices-DeleteADDNSConditionalForwarder-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RemoteDomainName": { "description": "The fully qualified domain name (FQDN) of the remote domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+[.]?$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RemoteDomainName" ] }, "additionalProperties": false, "required": [ "RemoteDomainName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1icrtx8ydvdwe

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove DNS Record", "description": "Remove the specified DNS resource record name, either an A or CNAME, or pointer record (PTR), from the specified DNS zone. By default, only the static record is removed per specified RecordName for A or CNAME records. Use the RecordData parameter to remove duplicates if there are multiple records with the same Host Name (RecordType A), either dynamic or static. For a PTR record type, all the static and dynamic records will be removed. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "AWSManagedServices-RemoveDNSRecord-Admin", "type": "string", "enum": [ "AWSManagedServices-RemoveDNSRecord-Admin" ], "default": "AWSManagedServices-RemoveDNSRecord-Admin" }, "Region": { "description": "The AWS Region where the Microsoft AD in Directory Service is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "RecordName": { "description": "The name of the DNS record (A or CNAME). If it is a pointer record (PTR), provide the IPv4 address.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\-\\_\\-]{1,63}$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" }, "minItems": 1, "maxItems": 1 }, "RecordType": { "description": "The resource record type (A, CNAME, or PTR).", "type": "array", "items": { "type": "string", "enum": [ "A", "CNAME", "PTR" ] }, "minItems": 1, "maxItems": 1 }, "RecordData": { "description": "The IPv4 address. Use this parameter when there are multiple records with the same hostname.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$", "default": "" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "RecordName", "RecordType", "RecordData" ] }, "additionalProperties": false, "required": [ "RecordName", "RecordType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1j3503fres5a5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account VPC", "description": "Create a VPC with up to 10 private subnets and up to 5 optional public subnets per availability zone (AZ) for two or three AZ's.", "type": "object", "properties": { "VpcName": { "description": "A meaningful name for the VPC. Must be unique within this application account.", "type": "string" }, "Parameters": { "type": "object", "properties": { "NumberOfAZs": { "description": "The number of availability zones (AZs) that the VPC supports. Options are 2 or 3.", "type": "number", "minimum": 2, "maximum": 3 }, "VPCCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) for the VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "RouteType": { "description": "The AWS Transit Gateway application route table connection type. For this VPC to accept connections from other VPCs, use routable. For it to not accept those connections, use isolated. The default is routable.", "type": "string", "enum": [ "isolated", "routable" ], "default": "routable" }, "TransitGatewayApplicationRouteTableName": { "description": "The existing AWS Transit Gateway route table for this application account VPC. The default is defaultAppRouteDomain. To create a new application route table, use the Create Application Route Table change type.", "type": "string", "default": "defaultAppRouteDomain" }, "PublicSubnetAZ1CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ2CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ3CIDR": { "description": "The CIDR for the optional first public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ1CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ2CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ3CIDR": { "description": "The CIDR for the optional second public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ1CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ2CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ3CIDR": { "description": "The CIDR for the optional third public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ1CIDR": { "description": "The CIDR for the first private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ2CIDR": { "description": "The CIDR for the first private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ3CIDR": { "description": "The CIDR for the first private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ1CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ2CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ3CIDR": { "description": "The CIDR for the optional second private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ1CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ2CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ3CIDR": { "description": "The CIDR for the optional third private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ1CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ2CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ3CIDR": { "description": "The CIDR for the optional sixth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ1CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ2CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ3CIDR": { "description": "The CIDR for the optional seventh private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ1CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ2CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ3CIDR": { "description": "The CIDR for the optional eighth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ1CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ2CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ3CIDR": { "description": "The CIDR for the optional ninth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ1CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ2CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ3CIDR": { "description": "The CIDR for the optional tenth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" } }, "metadata": { "ui:order": [ "VPCCIDR", "NumberOfAZs", "RouteType", "TransitGatewayApplicationRouteTableName", "PublicSubnetAZ1CIDR", "PublicSubnetAZ2CIDR", "PublicSubnetAZ3CIDR", "PublicSubnet2AZ1CIDR", "PublicSubnet2AZ2CIDR", "PublicSubnet2AZ3CIDR", "PublicSubnet3AZ1CIDR", "PublicSubnet3AZ2CIDR", "PublicSubnet3AZ3CIDR", "PublicSubnet4AZ1CIDR", "PublicSubnet4AZ2CIDR", "PublicSubnet4AZ3CIDR", "PublicSubnet5AZ1CIDR", "PublicSubnet5AZ2CIDR", "PublicSubnet5AZ3CIDR", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "PrivateSubnet1AZ3CIDR", "PrivateSubnet2AZ1CIDR", "PrivateSubnet2AZ2CIDR", "PrivateSubnet2AZ3CIDR", "PrivateSubnet3AZ1CIDR", "PrivateSubnet3AZ2CIDR", "PrivateSubnet3AZ3CIDR", "PrivateSubnet4AZ1CIDR", "PrivateSubnet4AZ2CIDR", "PrivateSubnet4AZ3CIDR", "PrivateSubnet5AZ1CIDR", "PrivateSubnet5AZ2CIDR", "PrivateSubnet5AZ3CIDR", "PrivateSubnet6AZ1CIDR", "PrivateSubnet6AZ2CIDR", "PrivateSubnet6AZ3CIDR", "PrivateSubnet7AZ1CIDR", "PrivateSubnet7AZ2CIDR", "PrivateSubnet7AZ3CIDR", "PrivateSubnet8AZ1CIDR", "PrivateSubnet8AZ2CIDR", "PrivateSubnet8AZ3CIDR", "PrivateSubnet9AZ1CIDR", "PrivateSubnet9AZ2CIDR", "PrivateSubnet9AZ3CIDR", "PrivateSubnet10AZ1CIDR", "PrivateSubnet10AZ2CIDR", "PrivateSubnet10AZ3CIDR" ] }, "additionalProperties": false, "required": [ "VPCCIDR", "NumberOfAZs", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR" ] } }, "metadata": { "ui:order": [ "VpcName", "Parameters" ] }, "additionalProperties": false, "required": [ "VpcName", "Parameters" ] }

Schema for Change Type ct-1k3oui719dcju

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Lambda Execution Role", "description": "Create an Lambda execution role to use with Lambda Function. Each ARN specified in the parameters creates a part of the IAM policy. Use the Preview option to see what the completed, generated, policy looks like before it is created and implemented.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateIAMRole-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleCreateIAMRole-Admin" ], "default": "AWSManagedServices-HandleCreateIAMRole-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ServicePrincipal": { "description": "Must be lambda.amazonaws.com. This establishes the trust relationship with the Lambda service for this role.", "type": "string", "enum": [ "lambda.amazonaws.com" ], "default": "lambda.amazonaws.com" }, "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length and is limited to use characters a-z, A-Z, 0-9, and _+=,.@-.", "type": "string", "pattern": "^(?![aA][mMwW][sS]|customer-mc|managementhost|ms-)[a-zA-Z0-9_+=,.@-]{1,64}$" }, "RolePath": { "description": "A path for the IAM role, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$" }, "Preview": { "description": "Yes to preview the IAM role policy created with the specified parameter values, without creating the role; No to not preview it but to create and implement the role. The preview is provided as a JSON in the execution output. In order to implement the policy after preview, create a copy of the RFC and set the Preview parameter to No, then submit.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "LambdaFunctionArns": { "description": "A list of Amazon resource names (ARNs) of Lambda functions. Scopes down the policy for read/write access to default CloudWatch log groups for Lambda functions.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):lambda:[a-z0-9-]+:[0-9]{12}:function:.+)$|^$" }, "minItems": 1, "maxItems": 50 }, "VPCAccess": { "description": "Yes to connect your function to the account VPC to access private resources while the function is running. No to not connect your function to the account VPC. For details, see the AWS documentation on configuring a Lambda function.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] }, "S3ReadAccess": { "description": "A list of Amazon resource names (ARNs) of S3 buckets. Scopes down the policy for S3 read access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|(^$)" }, "maxItems": 50 }, "S3WriteAccess": { "description": "A list of S3 bucket ARNs. Scopes down the policy for S3 write access to the given buckets only.", "type": "array", "items": { "type": "string", "pattern": "(^arn:(aws|aws-us-gov):s3:::.+$)|^[*]$|(^$)" }, "maxItems": 50 }, "KMSReadAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for KMS read access to the given KMS keys only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.+)$|^$" }, "maxItems": 50 }, "KMSCryptographicOperationAccess": { "description": "A list of KMS key ARNs. Scopes down the policy for cryptographic operation access to the given ARNs only.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "maxItems": 50 }, "SSMReadAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM read access to the given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "SSMWriteAccess": { "description": "A list of SSM parameter ARNs. Scopes down the policy for SSM write access to given parameters only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):ssm:[a-z0-9-]+:[0-9]{12}:parameter/.+)$|^$" }, "maxItems": 50 }, "CloudWatchLogsReadAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for read access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "CloudWatchLogsWriteAccess": { "description": "A list of CloudWatch resource ARNs. Scopes down the policy for write access to given CloudWatch Logs resource only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):logs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmReadAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for read access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchAlarmWriteAccess": { "description": "A list of CloudWatch alarm ARNs. Scopes down the policy for write access to given CloudWatch alarms only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):cloudwatch:[a-z0-9-]+:[0-9]{12}:alarm:.+)$|^$" }, "maxItems": 50 }, "CloudWatchMetricsReadAccess": { "description": "For read access to metrics, use an asterisk ( * ). Scopes down the policy for read access to all CloudWatch metrics.", "type": "array", "items": { "type": "string", "pattern": "^[*]$|^$" }, "maxItems": 50 }, "CloudWatchMetricsWriteAccess": { "description": "A list of CloudWatch metric namespaces. Scopes down the policy for write access to given CoudWatch metric namespaces only.", "type": "array", "items": { "type": "string", "pattern": "(.*?)|^$" }, "maxItems": 50 }, "SecretsManagerReadAccess": { "description": "A list of Secrets Manager secret ARNs. Scopes down the policy for read access to given secrets only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:.+)$|^$" }, "maxItems": 50 }, "SNSReadAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SNSWriteAccess": { "description": "A list of SNS resource ARNs. Scopes down the policy for SNS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sns:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "SQSReadAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "SQSWriteAccess": { "description": "A list of SQS resource ARNs. Scopes down the policy for SQS write access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):sqs:[a-z0-9-]+:[0-9]{12}:.+)$|^$" }, "maxItems": 50 }, "DynamoDBResourceReadAccess": { "description": "A list of DynamoDB resource ARNs. Scopes down the policy for DynamoDB read access to given resources only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:.+)$|^[*]$|^$" }, "maxItems": 50 }, "DynamoDBDataReadWriteAccess": { "description": "A list of DynamoDB table ARNs. Scopes down the policy for DynamoDB data read and write access to given tables only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):dynamodb:[a-z0-9-]+:[0-9]{12}:table/.+)$|^$" }, "maxItems": 50 }, "LambdaReadAccess": { "description": "A list of Lambda function arns. Scopes down the policy for read access to given Lambda functions only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):lambda:[a-z0-9-]+:[0-9]{12}:function:.+)$|^$" }, "maxItems": 50 }, "LambdaInvokeAccess": { "description": "A list of Lambda function arns. Scopes down the policy for invoke access to given Lambda functions only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):lambda:[a-z0-9-]+:[0-9]{12}:function:.+)$|^$" }, "maxItems": 50 }, "EventsReadAccess": { "description": "A list of EventBridge event bus, rule arns or both. Scopes down the policy for read access to given EventBridge event bus, rule arns or both.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):events:[a-z0-9-]+:[0-9]{12}:(event-bus|rule)/.+)$|^$" }, "maxItems": 50 }, "EventsWriteAccess": { "description": "A list of EventBridge event bus, rule arns or both. Scopes down the policy for write access to given EventBridge event bus, rule arns or both.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):events:[a-z0-9-]+:[0-9]{12}:(event-bus|rule)/.+)$|^$" }, "maxItems": 50 }, "STSAssumeRole": { "description": "A list of IAM role ARNs. Scopes down the policy for STS assume role to given IAM roles only.", "type": "array", "items": { "type": "string", "pattern": "^(arn:(aws|aws-us-gov):iam::[0-9]{12}:role/.+)$|^$" }, "maxItems": 50 }, "AdditionalPolicy": { "description": "An additional policy document, as a JSON that is less permissive than the AMS baseline policy. For details on AMS baseline policy see AMS documentation.", "type": "string", "pattern": "^[\\s\\S]*$", "maxLength": 10240 } }, "metadata": { "ui:order": [ "ServicePrincipal", "RoleName", "RolePath", "Preview", "LambdaFunctionArns", "VPCAccess", "S3ReadAccess", "S3WriteAccess", "KMSReadAccess", "KMSCryptographicOperationAccess", "SSMReadAccess", "SSMWriteAccess", "CloudWatchLogsReadAccess", "CloudWatchLogsWriteAccess", "CloudWatchAlarmReadAccess", "CloudWatchAlarmWriteAccess", "CloudWatchMetricsReadAccess", "CloudWatchMetricsWriteAccess", "SecretsManagerReadAccess", "SNSReadAccess", "SNSWriteAccess", "SQSReadAccess", "SQSWriteAccess", "DynamoDBResourceReadAccess", "DynamoDBDataReadWriteAccess", "LambdaReadAccess", "LambdaInvokeAccess", "EventsReadAccess", "EventsWriteAccess", "STSAssumeRole", "AdditionalPolicy" ] }, "required": [ "ServicePrincipal", "RoleName", "LambdaFunctionArns", "Preview", "VPCAccess" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1ksyoxreh35tu

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Custom OUs", "description": "Create multiple custom AWS organizational units (OU) under the following paths, \"customer-managed\", \"applications:managed\", \"applications:tools\" and \"applications:development\".", "type": "object", "properties": { "CustomOUPaths": { "description": "The OU path to create. For example: customer-managed:ActiveDirectory or applications:managed:SAP. There is a maximum of five nested OUs starting from the first OU, and you can only create 10 OUs per RFC. For information on creating an OU path, please refer to AWS documentation.", "type": "array", "items": { "type": "string" }, "minItems": 1, "maxItems": 10, "uniqueItems": true } }, "metadata": { "ui:order": [ "CustomOUPaths" ] }, "additionalProperties": false, "required": [ "CustomOUPaths" ] }

Schema for Change Type ct-1malj7snzxrkr

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create an Amazon Redshift cluster", "description": "Create an Amazon Redshift cluster that is a fully managed data warehouse that consists of a set of compute nodes.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-n8kpln6rtg1eiq83b", "type": "string", "enum": [ "stm-n8kpln6rtg1eiq83b" ], "default": "stm-n8kpln6rtg1eiq83b" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "ClusterIdentifier": { "type": "string", "description": "A unique identifier for the cluster.", "pattern": "^$|^[a-z]+(-?[a-z0-9]+)+$", "default": "", "minLength": 0, "maxLength": 63 }, "ClusterType": { "type": "string", "description": "The type of cluster. On a single-node cluster, the node is shared for leader and compute functionality. On a multi-node cluster, the leader node is separate from the compute nodes.", "enum": [ "single-node", "multi-node" ], "default": "multi-node" }, "IamRoles": { "type": "string", "description": "A comma delimited list of up to 10 AWS Identity and Access Management (IAM) roles that the cluster can use to access other AWS services. Supply the IAM roles by their Amazon Resource Name (ARN), in the form arn:aws:iam::000000000000:role/customer_redshift_role. The role name must be prefixed with \"customer\". Leave blank to not attach any roles to the cluster.", "pattern": "^(arn:aws:iam::[0-9]{12}:role/customer[\\w-]+)(,arn:aws:iam::[0-9]{12}:role/customer[\\w-]+){0,9}$|^$", "default": "" }, "ParameterGroupName": { "type": "string", "description": "The name of an existing Amazon Redshift parameter group.", "default": "" }, "NumberOfNodes": { "type": "string", "description": "The number of compute nodes in the cluster. Only applicable if ClusterType = multi-mode.", "pattern": "^([2-9]|[1-8][0-9]|9[0-9]|100)$|^$", "default": "2" }, "NodeType": { "type": "string", "description": "The type of an Amazon Redshift cluster node. The node type determines the CPU, RAM, storage capacity, and storage drive type for each node.", "enum": [ "ds2.xlarge", "ds2.8xlarge", "dc2.large", "dc2.8xlarge", "dc1.large", "dc1.8xlarge", "ra3.4xlarge", "ra3.16xlarge" ], "default": "dc2.large" }, "ClusterSubnetGroup": { "type": "string", "description": "The name of an existing Amazon Redshift subnet group.", "pattern": "^[a-zA-Z0-9._-]{1,255}$" }, "DatabaseName": { "type": "string", "description": "The name of the first database to be created when the cluster is created.", "pattern": "^[a-zA-Z0-9]{1,64}$" }, "MasterUsername": { "type": "string", "description": "The name that you use with the configured MasterUserPassword to log in to an Amazon Redshift cluster. Must begin with a letter and contain from 1 to 128 alphanumeric characters.", "pattern": "^[a-zA-Z][a-zA-Z0-9]{0,127}$" }, "MasterUserPassword": { "type": "string", "description": "The password that you use with the configured MasterUsername to log in to an Amazon Redshift cluster. Must contain from 8 to 64 printable ASCII characters including at least one uppercase letter, one lowercase letter, and one decimal digit. It cannot contain backslash, forwardslash, single or double quotes, at sign, or whitespace.", "pattern": "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[^ \"@'/\\\\]{8,64}$", "maxLength": 64, "minLength": 8, "metadata": { "ams:sensitive": true } }, "AllowVersionUpgrade": { "type": "string", "description": "True to apply upgrades to the engine that is running on the cluster, during the maintenance window; false to not.", "enum": [ "true", "false" ], "default": "false" }, "SecurityGroups": { "type": "array", "description": "The identifiers of the security groups to control traffic to and from the Redshift cluster.", "items": { "type": "string", "pattern": "^sg-(?=.*[a-z])(?=.*[0-9])(?:.{8}|.{17})$|^$", "default": "" }, "uniqueItems": true }, "DatabasePortNumber": { "type": "integer", "description": "The port number on which the cluster accepts incoming connections.", "default": 5439, "minimum": 1150, "maximum": 65535 }, "AutomatedSnapshotRetentionPeriod": { "type": "integer", "description": "The number of days that automated snapshots are retained. The default is to retain 7 days of snapshots, and the maximum value is 35 days. To disable automated snapshot, use 0.", "default": 7, "minimum": 0, "maximum": 35 }, "PreferredMaintenanceWindow": { "type": "string", "description": "The weekly time range (in UTC) during which automated cluster maintenance can occur. The format of the time range is ddd:hh24:mi-ddd:hh24:mi. Leave blank to allow Amazon Redshift to choose the suitable maintenance window.", "pattern": "^[a-z]{3}:[0-9]{2}:[0-9]{2}-[a-z]{3}:[0-9]{2}:[0-9]{2}$|^$", "default": "" }, "KmsKeyId": { "type": "string", "description": "The ID of the AWS Key Management Service (AWS KMS) key that you want to use to encrypt data in the cluster. Leave blank to not encrypt data.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$", "default": "" } }, "metadata": { "ui:order": [ "ClusterIdentifier", "DatabaseName", "DatabasePortNumber", "MasterUsername", "MasterUserPassword", "NodeType", "ClusterType", "NumberOfNodes", "ParameterGroupName", "ClusterSubnetGroup", "SecurityGroups", "AllowVersionUpgrade", "AutomatedSnapshotRetentionPeriod", "PreferredMaintenanceWindow", "IamRoles", "KmsKeyId" ] }, "required": [ "ClusterSubnetGroup", "DatabaseName", "MasterUsername", "MasterUserPassword" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1n323w7eu27u9

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Pause Redshift Cluster", "description": "Pause an Amazon Redshift cluster. If a recent snapshot is not available, a temporary manual snapshot is created with a retention period of one day. This snapshot is deleted towards the end of execution for both success and failure scenarios. It is safe for AMS to delete this snapshot as pausing the cluster creates an automated snapshot by default.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-PauseRedshiftCluster.", "type": "string", "enum": [ "AWSManagedServices-PauseRedshiftCluster" ], "default": "AWSManagedServices-PauseRedshiftCluster" }, "Region": { "description": "The AWS Region in which the Amazon Redshift cluster is located, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ClusterIdentifier": { "description": "The Amazon Redshift cluster identifier. For example, myred-cluster-1.", "type": "array", "items": { "type": "string", "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "minLength": 1, "maxLength": 63 }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "ClusterIdentifier" ] }, "additionalProperties": false, "required": [ "ClusterIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1n9gfnog5x7fl

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Entity or Policy (read-write permissions)", "description": "Create Identity and Access Management (IAM) role or policy with read-write permissions. You must have enabled this feature with change type ct-1706xvvk6j9hf before submitting this request. Automated IAM provisioning with read-write permissions runs over 200 validations to help ensure successful outcomes.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleAutomatedIAMProvisioningCreate-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleAutomatedIAMProvisioningCreate-Admin" ], "default": "AWSManagedServices-HandleAutomatedIAMProvisioningCreate-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ValidateOnly": { "description": "Yes to only validate the IAM entity or policy with the specified parameter values, without creating the entity or policy; No to validate and create the entity or policy. The validation result is provided as a JSON in the execution output. In order to implement after validation, create a copy of the RFC and set the ValidateOnly parameter to No, then submit.", "type": "string", "enum": [ "Yes", "No" ], "default": "No" } }, "additionalProperties": false, "metadata": { "ui:order": [ "ValidateOnly" ] }, "required": [ "ValidateOnly" ] }, "RoleDetails": { "type": "object", "properties": { "Roles": { "description": "Add a role.", "type": "array", "items": { "type": "object", "properties": { "RoleName": { "description": "A name for the IAM role. The name can be up to 64 characters in length, and is limited to use characters a-z, A-Z, 0-9, hyphen and underscore.", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,64}$" }, "Description": { "description": "A meaningful description for the role.", "type": "string", "minLength": 0, "maxLength": 5200, "default": "" }, "AssumeRolePolicyDocument": { "description": "A JSON policy document that you want to associate with the role, defining which entities can assume the role. This is known as the Assume role policy. Paste the contents into the input.", "type": "string", "minLength": 2, "maxLength": 131072 }, "ManagedPolicyArns": { "description": "A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. Both AWS managed policies and customer managed policies are allowed. If you create a managed policy in this RFC and wish to attach to this role then list the policy here in the form arn:aws:iam::AccountId:policy/NameOfYourPolicy.", "type": "array", "items": { "type": "string", "pattern": "^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$|^arn:[\\w+=/,.@-]+:iam::aws:policy(/[\\w+=/,.@-]+)?$" }, "minItems": 0, "maxItems": 20 }, "Path": { "description": "A path for the IAM role, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$|^$", "minLength": 0, "maxLength": 512 }, "MaxSessionDuration": { "description": "The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 4 hours. The MaxSessionDuration time begins with the assumption of the role.", "type": "string", "default": "3600", "pattern": "^(360\\d|36[1-9]\\d|3[7-9]\\d{2}|[4-9]\\d{3}|1[0-3]\\d{3}|14[0-3]\\d{2}|14400)$" }, "PermissionsBoundary": { "description": "The ARN of the policy used to set the permissions boundary for the role. A permissions boundary uses a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity.", "type": "string", "default": "", "pattern": "^$|^arn:[\\w+=/,.@-]+:iam::[0-9]{12}:policy(/[\\w+=/,.@-]+)?$" }, "InstanceProfile": { "description": "Yes to create an instance profile and associate the role with it. No to not create an instance profile.", "type": "string", "default": "No", "enum": [ "Yes", "No" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RoleName", "Description", "AssumeRolePolicyDocument", "ManagedPolicyArns", "Path", "MaxSessionDuration", "PermissionsBoundary", "InstanceProfile" ] }, "required": [ "RoleName", "AssumeRolePolicyDocument" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Roles" ] } }, "ManagedPolicyDetails": { "type": "object", "properties": { "Policies": { "description": "Add a customer managed policy. To attach a policy to a role created in this RFC, provide the policy in ARN format (arn:aws:iam::AccountId:policy/NameOfYourPolicy) in the ManagedPolicyArns field of the role. Alternatively, use ct-1e0xmuy1diafq to update the role and attach the policy.", "type": "array", "items": { "type": "object", "properties": { "ManagedPolicyName": { "description": "A name for the IAM policy. The name can be up to 122 characters in length, and is limited to use characters a-z, A-Z, 0-9, hyphen and underscore.", "type": "string", "pattern": "^[a-zA-Z0-9_-]{1,122}$" }, "Description": { "description": "A meaningful description for the policy.", "type": "string", "minLength": 0, "maxLength": 5200, "default": "" }, "Path": { "description": "A path for the policy, a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slash (/).", "type": "string", "default": "/", "pattern": "^\\/{1}([^\\/]*\\/)?$|^$", "minLength": 0, "maxLength": 512 }, "PolicyDocument": { "description": "The JSON policy document that you want to use as the content for the new policy. Paste the content into the input field.", "type": "string", "minLength": 2, "maxLength": 131072 } }, "additionalProperties": false, "metadata": { "ui:order": [ "ManagedPolicyName", "Description", "Path", "PolicyDocument" ] }, "required": [ "ManagedPolicyName", "PolicyDocument" ] }, "minItems": 0, "maxItems": 1, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "Policies" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters", "RoleDetails", "ManagedPolicyDetails" ] }, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1o1x2itfd6rk8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update EC2 stack (with additional volumes)", "description": "Use to modify the properties of an EC2 instance created using CT id ct-1aqsjf86w6vxg, version 3.0.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC that contains the EC2 Instance, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the EC2 instance with additional volumes that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "description": "Specifications for updating the EC2 instance with additional volumes.", "type": "object", "properties": { "InstanceDetailedMonitoring": { "description": "True to enable detailed monitoring on the instance, false to use only basic monitoring.", "type": "boolean" }, "InstanceEBSOptimized": { "description": "True for the instance to be optimized for Amazon Elastic Block Store I/O, false for it to not be. If you set this to true, choose an InstanceType that supports EBS optimization. Updates will stop and start Amazon EBS-backed instances.", "type": "boolean" }, "InstanceProfile": { "description": "An IAM instance profile name defined in your account for the EC2 instance.", "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^customer[\\w-]{1,120}$" }, "InstanceSecondaryPrivateIpAddressCount": { "description": "The number of secondary private IP addresses that EC2 automatically assigns to the primary network interface. The number of secondary IP addresses that can be assigned is dependent on the type of instance used.", "type": "integer", "minimum": 0 }, "InstanceTerminationProtection": { "description": "True to prevent the instance from being terminated through the API, false to allow it. Termination protection must be disabled before deleting the stack or performing an update where instance replacement is required, otherwise failures will occur.", "type": "boolean" }, "InstanceType": { "description": "The type of EC2 instance to deploy. If InstanceEBSOptimized = true, specify an InstanceType that supports EBS optimization. Changing the instance type will result in instance stop and start.", "type": "string" }, "InstanceUserData": { "description": "A newline-delimited string where each line is part of the script to be run on boot. Changing the UserData will result in instance stop and start. Note: Existing instances do not pick up changes in UserData automatically, in order for the instance to execute modified UserData you must perform additional changes by logging in to the instance.", "type": "string", "maxLength": 4096 }, "Volume1Iops": { "type": "integer", "description": "The Iops to use for Volume1 if Volume1Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume1KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume1. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume1. Updates are not supported. Use only if Volume1 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume1Name": { "type": "string", "description": "The device name for Volume1 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume1. Leave blank to skip creation of Volume1. Updates are not supported. Use only if Volume1 is a new volume." }, "Volume1Size": { "type": "integer", "description": "The size of Volume1 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume1Snapshot": { "type": "string", "description": "Snapshot ID for Volume1. Updates are not supported. Use only if Volume1 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume1Type": { "type": "string", "description": "The volume type for Volume1. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume2Iops": { "type": "integer", "description": "The Iops to use for Volume2 if Volume2Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume2KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume2. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume2. Updates are not supported. Use only if Volume2 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume2Name": { "type": "string", "description": "The device name for Volume2 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume2. Leave blank to skip creation of Volume2. Updates are not supported. Use only if Volume2 is a new volume." }, "Volume2Size": { "type": "integer", "description": "The size of Volume2 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume2Snapshot": { "type": "string", "description": "Snapshot ID for Volume2. Updates are not supported. Use only if Volume2 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume2Type": { "type": "string", "description": "The volume type for Volume2. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume3Iops": { "type": "integer", "description": "The Iops to use for Volume3 if Volume3Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume3KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume3. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume3. Updates are not supported. Use only if Volume3 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume3Name": { "type": "string", "description": "The device name for Volume3 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume3. Leave blank to skip creation of Volume3. Updates are not supported. Use only if Volume3 is a new volume." }, "Volume3Size": { "type": "integer", "description": "The size of Volume3 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume3Snapshot": { "type": "string", "description": "Snapshot ID for Volume3. Updates are not supported. Use only if Volume3 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume3Type": { "type": "string", "description": "The volume type for Volume3. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume4Iops": { "type": "integer", "description": "The Iops to use for Volume4 if Volume4Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume4KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume4. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume4. Updates are not supported. Use only if Volume4 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume4Name": { "type": "string", "description": "The device name for Volume4 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume4. Leave blank to skip creation of Volume4. Updates are not supported. Use only if Volume4 is a new volume." }, "Volume4Size": { "type": "integer", "description": "The size of Volume4 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume4Snapshot": { "type": "string", "description": "Snapshot ID for Volume4. Updates are not supported. Use only if Volume4 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume4Type": { "type": "string", "description": "The volume type for Volume4. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] }, "Volume5Iops": { "type": "integer", "description": "The Iops to use for Volume5 if Volume5Type = io1.", "minimum": 0, "maximum": 32000 }, "Volume5KmsKeyId": { "type": "string", "description": "ID or ARN of the KMS master key to be used to encrypt Volume5. Specify default to use the default EBS KMS Key. Leave blank to not encrypt Volume5. Updates are not supported. Use only if Volume5 is a new volume.", "pattern": "^default$|^(arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key/){0,1}[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$|^$" }, "Volume5Name": { "type": "string", "description": "The device name for Volume5 (for example, /dev/sdf through /dev/sdp for Linux or xvdf through xvdp for Windows). A valid value for this is required to create Volume5. Leave blank to skip creation of Volume5. Updates are not supported. Use only if Volume5 is a new volume." }, "Volume5Size": { "type": "integer", "description": "The size of Volume5 in GiB. Only size increases are supported when resizing.", "minimum": 1, "maximum": 16384 }, "Volume5Snapshot": { "type": "string", "description": "Snapshot ID for Volume5. Updates are not supported. Use only if Volume5 is a new volume.", "pattern": "^snap-[0-9a-f]{8}$|^snap-[0-9a-f]{17}$|^$" }, "Volume5Type": { "type": "string", "description": "The volume type for Volume5. Choose io1 or gp2 for SSD-backed volumes optimized for transactional workloads. Choose sc1 or st1 for HDD-backed volumes optimized for large streaming workloads. Choose standard for HDD-backed volumes suitable for workloads where data is infrequently accessed.", "enum": [ "standard", "io1", "gp2", "sc1", "st1" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "InstanceDetailedMonitoring", "InstanceEBSOptimized", "InstanceProfile", "InstanceType", "InstanceUserData", "InstanceSecondaryPrivateIpAddressCount", "InstanceTerminationProtection", "Volume1Name", "Volume1Size", "Volume1Type", "Volume1KmsKeyId", "Volume1Iops", "Volume1Snapshot", "Volume2Name", "Volume2Size", "Volume2Type", "Volume2KmsKeyId", "Volume2Iops", "Volume2Snapshot", "Volume3Name", "Volume3Size", "Volume3Type", "Volume3KmsKeyId", "Volume3Iops", "Volume3Snapshot", "Volume4Name", "Volume4Size", "Volume4Type", "Volume4KmsKeyId", "Volume4Iops", "Volume4Snapshot", "Volume5Name", "Volume5Size", "Volume5Type", "Volume5KmsKeyId", "Volume5Iops", "Volume5Snapshot" ] } } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ] }

Schema for Change Type ct-1opjmhuddw194

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Enable Developer Mode", "description": "Enable Developer Mode for an existing application account. Note that, in Developer mode, you are responsible for monitoring infrastructure resources that are provisioned outside of the AMS change management process.", "type": "object", "properties": { "ApplicationAccountId": { "description": "The account ID of the application account to have Developer mode enabled.", "type": "string", "pattern": "^[0-9]{12}$" } }, "metadata": { "ui:order": [ "ApplicationAccountId" ] }, "additionalProperties": false, "required": [ "ApplicationAccountId" ] }

Schema for Change Type ct-1oxx2g2d7hc90

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Security Group (review required)", "description": "Create a security group, and optionally associate it with AWS resources.", "type": "object", "properties": { "VpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the security group. The name can be up to 255 characters in length, and is limited to these characters a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*. The name cannot start with \"sg-\", and must be unique within the VPC.", "type": "string", "minLength": 1, "maxLength": 255 }, "Description": { "description": "Meaningful information about the security group. The description can be up to 255 characters in length, and is limited to these characters a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*.", "type": "string", "minLength": 1, "maxLength": 255 }, "AssociatedResources": { "description": "AWS resources to associate the security group to. For example, EC2 instance IDs, RDS DB instance IDs, Load Balancer names, DSM replication instance names, EFS mount target IDs, ElastiCache cluster IDs.", "type": "array", "items": { "type": "string", "minLength": 1, "maxLength": 64 }, "minItems": 0, "maxItems": 10, "uniqueItems": true }, "InboundRules": { "description": "Inbound rules for the security group. No inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. For a port range of all ports, specify -1.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Source": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To use this security group, specify self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "minLength": 1, "maxLength": 64 }, "Description": { "description": "A meaningful description of the inbound rule.", "type": "string", "minLength": 0, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Source", "Description" ] }, "required": [ "Protocol", "PortRange", "Source" ] }, "minItems": 0, "maxItems": 50 }, "OutboundRules": { "description": "Outbound rules for the security group. No outbound traffic originating from your instance is allowed until you add outbound rules.", "type": "array", "items": { "type": "object", "properties": { "Protocol": { "description": "The protocol name or protocol number for the rule. For example, for TCP, it could be protocol name TCP or protocol number 6. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes.", "type": "string", "minLength": 1, "maxLength": 32 }, "PortRange": { "description": "A port number or a port range. For example, 80 or 49152-65535. For a port range of all ports, specify -1.", "type": "string", "pattern": "^-1$|^[Aa][Ll]{2}$|^(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])(-(0|[1-5][0-9]{0,4}|[6-9][0-9]{0,3}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])){0,1}$" }, "Destination": { "description": "An IP address, or an IP address range in CIDR notation (for example, 203.0.113.5/32), or the ID of another security group in the same region. To use this security group, specify self. From behind a firewall, use the public IP address or range used by the client computers.", "type": "string", "minLength": 1, "maxLength": 64 }, "Description": { "description": "A meaningful description of the outbound rule.", "type": "string", "minLength": 0, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Protocol", "PortRange", "Destination", "Description" ] }, "required": [ "Protocol", "PortRange", "Destination" ] }, "minItems": 0, "maxItems": 50 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] }, "Tags": { "description": "Up to 50 tags (key/value pairs) to categorize the security group.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true } }, "additionalProperties": false, "metadata": { "ui:order": [ "VpcId", "Name", "Description", "AssociatedResources", "InboundRules", "OutboundRules", "Priority", "Tags" ] }, "required": [ "VpcId", "Name", "Description" ] }

Schema for Change Type ct-1pvlhug439gl2

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Associate Private IP Addresses", "description": "Associate one or more secondary private IP addresses to the specified network interface.", "type": "object", "properties": { "NetworkInterfaceId": { "description": "The ID of the network interface, in the form eni-0123456789abcdef0.", "type": "string", "pattern": "^eni-[a-f0-9]{17}" }, "PrivateIpAddresses": { "description": "The IP addresses to be associated as a secondary private IP addresses to the network interface, for example, '10.0.0.82', '10.0.0.83'.", "type": "array", "items": { "type": "string", "pattern": "^(10(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){3}|((172\\.(1[6-9]|2[0-9]|3[01]))|192\\.168)(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){2})$" }, "minItems": 1, "maxItems": 50 }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "NetworkInterfaceId", "PrivateIpAddresses", "Priority" ] }, "required": [ "NetworkInterfaceId", "PrivateIpAddresses" ], "additionalProperties": false }

Schema for Change Type ct-1pybwg08h8qsz

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Disable malware scans", "description": "Use to disable periodic malware full system scan feature in all EC2 instances deployed in a single VPC.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to disable periodic malware scans on, in the form of vpc-12345678 or vpc-1234567890abcdef0.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "VpcId", "Priority" ] }, "additionalProperties": false, "required": [ "VpcId" ] }

Schema for Change Type ct-1q8q56cmwqj9m

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete an ACM Certificate", "description": "Delete an AWS Certificate Manager (ACM) certificate that is currently not in use and not managed by AMS.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteACMCertificate.", "type": "string", "enum": [ "AWSManagedServices-DeleteACMCertificate" ], "default": "AWSManagedServices-DeleteACMCertificate" }, "Region": { "description": "The AWS Region of the ACM certificate, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "CertificateARN": { "description": "The Amazon Resource Name (ARN) of the certificate to delete.", "type": "array", "items": { "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):acm:[a-z]{2}-[a-z]+-[0-9]{1}:[0-9]{12}:certificate/[a-z0-9-]+$" }, "maxItems": 1 } }, "additionalProperties": false, "required": [ "CertificateARN" ], "metadata": { "ui:order": [ "CertificateARN" ] } } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1r19m51jeijlk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create target group for ALB", "description": "Use to create a target group for an Application Load Balancer.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "StackTemplateId": { "description": "Must be stm-9c1t8maqho0os5k22", "type": "string", "enum": [ "stm-9c1t8maqho0os5k22" ], "default": "stm-9c1t8maqho0os5k22" }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 360, "default": 60 }, "Parameters": { "type": "object", "properties": { "ApplicationLoadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the application load balancer in the form arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id. This is used to create CloudWatch alarms that trigger if the Target Group contains no healthy instances.", "pattern": "arn:aws:elasticloadbalancing:[a-z1-9\\-]{9,15}:[0-9]{12}:loadbalancer/app/[a-zA-Z0-9\\-]{1,32}/[a-z0-9]+" }, "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$", "default": "" }, "HealthCheckUnhealthyThreshold": { "type": "string", "description": "The number of consecutive health check failure required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$", "default": "" }, "HealthCheckInterval": { "type": "integer", "description": "The approximate interval, in seconds, between health checks. The supported values are 5 seconds to 300 seconds.", "default": 30, "minimum": 5, "maximum": 300 }, "HealthCheckTimeout": { "type": "string", "description": "The amount of time, in seconds, to wait for a response to a health check. Must be less than the value for HealthCheckInterval. The supported values are 2 seconds to 60 seconds.", "pattern": "60|[1-5]{1}[0-9]{1}|[2-9]{1}|^$", "default": "" }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests.", "default": "/" }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]|traffic-port|", "default": "" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "ValidHTTPCode": { "type": "string", "description": "The HTTP codes that a healthy target application server must use in response to a health check. You can specify multiple values such as 200,202, or a range of values such as 200-499. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS.", "pattern": "^$|([2-4]{1}[0-9]{2}($|-|,))+", "default": "200" }, "InstancePort": { "type": "string", "description": "The TCP port the listener uses to send traffic to the target instance.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "80" }, "Name": { "type": "string", "description": "A name for the target group. This name must be unique per account, per region.", "pattern": "[0-9a-zA-Z\\-]{0,32}", "default": "" }, "InstanceProtocol": { "type": "string", "description": "The protocol the listener uses for routing traffic to back-end connections (load balancer to backend instance).", "enum": [ "HTTP", "HTTPS" ], "default": "HTTP" }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})", "default": "300" }, "SlowStartDuration": { "type": "string", "description": "The time period, in seconds, during which the load balancer sends a newly registered target a linearly-increasing share of the target group traffic.", "pattern": "[3-9]{1}[0-9]{1}|[1-8]{1}[0-9]{2}|900|0|", "default": "" }, "StickinessCookieExpirationPeriod": { "type": "string", "description": "The time period, in seconds, after which the cookie is considered stale. If this parameter isn't specified, the sticky session lasts for the duration of the browser session.", "pattern": "[1-9]{1}[0-9]{0,4}|[1-5]{1}[0-9]{5}|60[0-3]{1}[0-9]{3}|604[0-7]{1}[0-9]{2}|604800|", "default": "" }, "TargetType": { "type": "string", "description": "The registration type of the targets; determines how you specify the TargetGroup targets. If you choose instance, you specify the targets by instance ID. If you choose ip, you specify the targets by IP address. After you create a target group, you cannot change its target type.", "enum": [ "instance", "ip" ], "default": "instance" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target1ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target2ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target3ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target4ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target5ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target5Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target5AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target5ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target6ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target6Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target6AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target6ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target7ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target7Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target7AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target7ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" }, "Target8ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}", "default": "" }, "Target8Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]", "default": "" }, "Target8AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target8ID is outside the VPC, use all. Otherwise, leave blank.", "enum": [ "", "all" ], "default": "" } }, "metadata": { "ui:order": [ "Name", "InstancePort", "InstanceProtocol", "ApplicationLoadBalancerArn", "DeregistrationDelayTimeout", "SlowStartDuration", "StickinessCookieExpirationPeriod", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckUnhealthyThreshold", "HealthCheckInterval", "HealthCheckTimeout", "ValidHTTPCode", "TargetType", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone", "Target5ID", "Target5Port", "Target5AvailabilityZone", "Target6ID", "Target6Port", "Target6AvailabilityZone", "Target7ID", "Target7Port", "Target7AvailabilityZone", "Target8ID", "Target8Port", "Target8AvailabilityZone" ] }, "additionalProperties": false, "required": [ "InstancePort", "InstanceProtocol", "ApplicationLoadBalancerArn" ] } }, "metadata": { "ui:order": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId", "Tags" ] }, "required": [ "Description", "VpcId", "Name", "Parameters", "TimeoutInMinutes", "StackTemplateId" ], "additionalProperties": false }

Schema for Change Type ct-1r1vbr8ahr156

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Recovery Points", "description": "Delete one or more recovery points (snapshots) from the specified vault. Use this change type to delete recovery points that were manually created, and recovery points that were created through a backup plan, and that are older than 30 days. The deletion of recovery points cannot be rolled back.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-DeleteRecoveryPoints.", "type": "string", "enum": [ "AWSManagedServices-DeleteRecoveryPoints" ], "default": "AWSManagedServices-DeleteRecoveryPoints" }, "Region": { "description": "The AWS Region in which the AWS Backup recovery point is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "BackupVaultName": { "description": "The name of the AWS Backup vault that contains the recovery point to delete.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\_\\-]{2,50}$" }, "minItems": 1, "maxItems": 1 }, "RecoveryPointArns": { "description": "A list of up to 50 recovery points to delete.", "type": "array", "items": { "type": "string", "pattern": "^arn:aws:([a-z][a-z0-9-]+):([a-z]{2}((-gov))?-[a-z]+-\\d{1}):[0-9]{0,12}:[a-zA-Z0-9\\_\\-\\/\\:]+$" }, "maxItems": 50, "minItems": 1, "uniqueItems": true } }, "metadata": { "ui:order": [ "BackupVaultName", "RecoveryPointArns" ] }, "additionalProperties": false, "required": [ "BackupVaultName", "RecoveryPointArns" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1taxucdyi84iy

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete Security Policy", "description": "Delete a security policy for AMS managed Palo Alto firewall - Outbound.", "type": "object", "properties": { "RequestType": { "description": "Must be DeleteSecurityPolicy.", "type": "string", "enum": [ "DeleteSecurityPolicy" ], "default": "DeleteSecurityPolicy" }, "Parameters": { "type": "object", "properties": { "SecurityPolicyName": { "description": "The name of the security policy. Must start with custom-sec-.", "type": "string", "pattern": "^custom-sec-[a-zA-Z0-9][a-zA-Z0-9-_]{0,51}$" } }, "additionalProperties": false, "metadata": { "ui:order": [ "SecurityPolicyName" ] }, "required": [ "SecurityPolicyName" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "RequestType", "Parameters" ] }, "required": [ "RequestType", "Parameters" ] }

Schema for Change Type ct-1urj94c3hdfu5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account Route Table", "description": "Create a custom AWS Transit Gateway (TGW) route table for the application accounts in the networking account. By default, the route table does not connect to the on-premise network, but contains preset routes. To request connections to the on-premise network, submit a Management|Other|Other|Update change type.", "type": "object", "properties": { "TransitGatewayApplicationRouteTableName": { "description": "A meaningful name for the TGW route table.", "type": "string" }, "AddPresetStaticRoutes": { "description": "True to create a route table with the default route (0.0.0.0/0) to the outbound (egress) VPC, and a route to the perimeter (DMZ) VPC and the shared services VPC. False to create an empty route domain with no routes. Default is true.", "type": "boolean", "default": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "metadata": { "ui:order": [ "TransitGatewayApplicationRouteTableName", "AddPresetStaticRoutes", "Priority" ] }, "additionalProperties": false, "required": [ "TransitGatewayApplicationRouteTableName" ] }

Schema for Change Type ct-1v9g9n30woc8h

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update StackSets Stack", "description": "Update an existing AWS CloudFormation (CFN) StackSets stack to deploy, or to update, the instances of the stack.", "type": "object", "properties": { "CloudFormationTemplate": { "description": "The CFN template that you have configured to update the stack set, copy the JSON and paste it into the field. Provide a value for either this, or the CloudFormationTemplateS3Endpoint parameter.", "type": "string", "minLength": 1, "pattern": "^(?![\\s]*https?)[\\S\\s]*$", "maxLength": 20000 }, "CloudFormationTemplateS3Endpoint": { "description": "The S3 bucket endpoint for the CloudFormation template you want to use. The bucket must be in the same account that you are using, or have a presigned URL. Provide a value for either this, or the CloudFormationTemplate parameter.", "type": "string", "minLength": 1, "pattern": "^[\\s]*https?://[\\S]*[\\s]*$|^[\\s]*$", "maxLength": 2047 }, "Parameters": { "description": "Add up to sixty parameters (parameter name/value pairs) to supply alternate values for parameters in your customized CloudFormation template. By providing the parameters this way, you can reuse your CloudFormation template with different parameter values when needed and can update any parameter value with the CFN Update stack set (review required) change type (ct-1v9g9n30woc8h).", "type": "array", "items": { "type": "object", "properties": { "Name": { "type": "string", "pattern": "[A-Za-z0-9]+$" }, "Value": { "type": "string" } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Value" ] }, "required": [ "Name", "Value" ] }, "minItems": 0, "maxItems": 60, "uniqueItems": true }, "Description": { "description": "Description of the StackSets stack to be updated", "type": "string", "minLength": 1, "maxLength": 1024 }, "Name": { "description": "Name of the StackSets stack to be updated.", "type": "string", "minLength": 1, "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "maxLength": 128 }, "OuId": { "description": "The ID of the AWS organizational unit for the stack instances being deployed. If you add a parent OU as a target, StackSets also adds any child OU as targets. To deploy the StackSets stack instances in all OUs, use 'all'", "type": "array", "items": { "type": "string", "pattern": "^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32}|r-[a-z0-9]{4,32}|all)$" }, "minItems": 1, "uniqueItems": true }, "Region": { "description": "The AWS Region of the resources you're updating in the form of us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the StackSets stack.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,128}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^(?!(ams-|mc-|aws:))[a-zA-Z0-9 .:+=@_/-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Description", "CloudFormationTemplate", "CloudFormationTemplateS3Endpoint", "Parameters", "Region", "OuId", "Tags", "Priority" ] }, "required": [ "Name", "Region", "OuId" ] }

Schema for Change Type ct-1vbv99ko7bsrq

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create SQS", "description": "Use to create an Amazon Simple Queue Service instance for messages to be shared by system components.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-s1ejpr80000000000.", "type": "string", "enum": [ "stm-s1ejpr80000000000" ] }, "Name": { "description": "A name for the stack or stack component; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to seven tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "required": [ "Key", "Value" ] }, "minItems": 1, "maxItems": 7, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 60 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "SQSDelaySeconds": { "description": "The time in seconds that the delivery of all messages in the queue will be delayed.", "type": "number", "minimum": 0, "maximum": 900, "default": 0 }, "SQSMaximumMessageSize": { "description": "The limit of how many bytes a message can contain before SQS rejects it.", "type": "number", "minimum": 1024, "maximum": 262144, "default": 262144 }, "SQSMessageRetentionPeriod": { "description": "The number of seconds SQS retains a message, from 60 (1 minute) to 1209600 (14 days).", "type": "number", "minimum": 60, "maximum": 1209600, "default": 345600 }, "SQSQueueName": { "description": "A name for the queue, case sensitive.", "type": "string", "pattern": "^[a-zA-Z0-9-_]{1,80}$", "minLength": 1, "maxLength": 80 }, "SQSReceiveMessageWaitTimeSeconds": { "description": "The number of seconds that the ReceiveMessage call waits for a message to arrive in the queue before returning a response. If the number of messages in the queue is extremely small, you might not receive any messages in a particular ReceiveMessage response; in that case you should repeat the request.", "type": "number", "minimum": 0, "maximum": 20, "default": 0 }, "SQSVisibilityTimeout": { "description": "The number of seconds that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request.", "type": "number", "minimum": 0, "maximum": 43200 } }, "additionalProperties": false, "required": [ "SQSQueueName" ] } }, "additionalProperties": false, "required": [ "Description", "VpcId", "StackTemplateId", "Name", "TimeoutInMinutes", "Parameters" ] }

Schema for Change Type ct-1vd3y4ygbqmfk

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Stop DMS Replication Task", "description": "Stop a Database Migration Service (DMS) replication task. The specified task must be in the running state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StopDmsTask.", "type": "string", "enum": [ "AWSManagedServices-StopDmsTask" ], "default": "AWSManagedServices-StopDmsTask" }, "Region": { "description": "The AWS Region where the DMS Replication Task was created, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ReplicationTaskArn": { "description": "The DMS replication task Amazon resource name (ARN).", "type": "array", "items": { "type": "string", "pattern": "arn:aws:dms:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:task:[A-Za-z0-9-]+$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "ReplicationTaskArn" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1vjbacfr4ufdv

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Revoke Ingress Rule", "description": "Revoke the ingress rule for the specified security group (SG). You must specify the configurations of the ingress rule that you are revoking. Note that, once revoked, the ingress rule is permanently deleted.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RevokeSecurityGroupIngressRuleV3.", "type": "string", "enum": [ "AWSManagedServices-RevokeSecurityGroupIngressRuleV3" ], "default": "AWSManagedServices-RevokeSecurityGroupIngressRuleV3" }, "Region": { "description": "The AWS Region in which the security group is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "SecurityGroupId": { "description": "The ID of the security group (SG) that you are updating, in the form sg-0123456789abcdef.", "type": "array", "items": { "type": "string", "pattern": "^sg-[0-9a-f]{8}$|^sg-[0-9a-f]{17}$" }, "minItems": 1, "maxItems": 1 }, "IpProtocol": { "description": "The IP protocol name, or IP protocol number, for the ingress rule. For example, for TCP, enter either TCP, or (IP protocol number) 6. If you enter ICMP, you can specify any or all of the ICMP types and codes.", "type": "array", "items": { "type": "string", "pattern": "^[a-zA-Z0-9\\+-\\\\(\\\\)\\w]{1,18}$" }, "minItems": 1, "maxItems": 1 }, "FromPort": { "description": "Start of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "ToPort": { "description": "End of allowed port range, from 0 to 65535 for TCP/UDP. For ICMP, use -1.", "type": "array", "items": { "type": "string", "pattern": "^-1$|^[0-9]{1,4}$|^[1-5][0-9]{4}$|^6[0-4][0-9]{3}$|^65[0-4][0-9]{2}$|^655[0-2][0-9]$|^6553[0-5]$" }, "minItems": 1, "maxItems": 1 }, "Source": { "description": "An IP address range in CIDR notation, in the form 255.255.255.255/32; or the ID of another security group in the same Region; or self, to specify the same security group.", "type": "array", "items": { "type": "string", "pattern": "^(([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9][0-9]{0,1}|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2])){0,1}$|^sg-[0-9a-f]{8,17}$|^self$|^pl-\\w+|^[0-9]{12}\\/sg-[0-9a-f]{8,17}$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Source" ] }, "required": [ "SecurityGroupId", "IpProtocol", "FromPort", "ToPort", "Source" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1vq0f289r36ay

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Move Account To OU", "description": "Move an account under an AWS organizational unit (OU) to a different OU.", "type": "object", "properties": { "AccountId": { "description": "The unique identifier (ID) of the account that you want to move.", "type": "string", "pattern": "^[0-9]{12}$" }, "TargetOUPath": { "description": "The path of the target OU that you want to move the account to. The path starts with either \"customer-managed\" or \"applications\". For example, \"applications:development\" and \"customer-managed:active\" are valid.", "type": "string", "pattern": "^([A-Za-z0-9-]+:[A-Za-z0-9-]+)+$|^[A-Za-z0-9-]+$" } }, "metadata": { "ui:order": [ "AccountId", "TargetOUPath" ] }, "additionalProperties": false, "required": [ "AccountId", "TargetOUPath" ] }

Schema for Change Type ct-1w8z66n899dct

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Add Self-Provisioned AWS Service", "description": "Add a specific, allowed, AWS service to your AMS account. This CT validates prerequisites in the account and deploys a service with the default parameters. Not all Self-service provisioning services are supported, the ServiceName parameter for this CT lists the ones that are. For each service that you add, AMS creates a new role so you use the service without AMS management under the AMS Shared Responsibility model. Compliance is a shared responsibility and your AMS compliance status does not automatically apply to services or applications that you add in this way. Some AWS services do not have compliance certifications. For more information, see the AWS Services in Scope of AWS Assurance Program page. On that page, unless specifically excluded, features of each of the services are considered in scope of the assurance programs, and are reviewed and tested as part of our assessment when you submit this CT.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-HandleCreateSSPSResources-Admin.", "type": "string", "enum": [ "AWSManagedServices-HandleCreateSSPSResources-Admin" ], "default": "AWSManagedServices-HandleCreateSSPSResources-Admin" }, "Region": { "description": "The AWS Region of the account.", "type": "string", "enum": [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-south-1", "eu-north-1", "eu-central-1", "ca-central-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ap-south-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-east-1", "sa-east-1", "me-south-1", "af-south-1", "us-gov-west-1", "us-gov-east-1", "cn-northwest-1", "cn-north-1" ] }, "Parameters": { "type": "object", "properties": { "ServiceName": { "description": "The name of the AWS service.", "type": "string", "enum": [ "AWS App Mesh", "AWS AppSync", "AWS Batch", "AWS Certificate Manager (ACM)", "AWS Private Certificate Authority (PCA)", "AWS CloudHSM", "AWS CodeBuild", "AWS CodeCommit", "AWS CodeDeploy", "AWS Device Farm", "AWS Elemental MediaStore", "AWS Elemental MediaTailor", "AWS Global Accelerator", "AWS Glue", "AWS License Manager", "AWS Migration Hub", "AWS Outposts", "AWS Resilience Hub", "AWS Security Hub", "AWS Service Catalog AppRegistry", "AWS Shield", "AWS Step Functions", "AWS Systems Manager Automation", "AWS Systems Manager Parameter Store", "AWS Transfer for SFTP", "AWS Transit Gateway", "AWS WAF - Web Application Firewall", "AWS X-Ray", "Amazon API Gateway", "Amazon Athena", "Amazon CloudSearch", "Amazon CloudWatch Synthetics", "Amazon Cognito", "Amazon DevOps Guru", "Amazon Directory Services - ADConnector Only", "Amazon DocumentDB (with MongoDB compatibility)", "Amazon DynamoDB", "Amazon ECR", "Amazon ECS on AWS Fargate", "Amazon EventBridge", "Amazon FSx", "Amazon FSx OnTap", "Amazon Forecast", "Amazon Inspector", "Amazon Kinesis Data Streams", "Amazon Kinesis Video Streams", "Amazon Lex", "Amazon Managed Service for Prometheus", "Amazon Managed Streaming for Apache Kafka", "Amazon MQ", "Amazon Pinpoint", "Amazon QuickSight", "Amazon SageMaker", "Amazon Simple Email Service", "Amazon Simple Workflow Service", "Amazon WorkDocs", "EC2 Image Builder" ] }, "IAMRole": { "description": "An existing IAM console-access role name, or the Amazon resource name (ARN) of the role, to add the permissions to manage the AWS self-service provisioning service (SSPS). If left blank, a new role is created with the necessary permissions.", "type": "string", "pattern": "^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/[A-Za-z0-9_-]+$|^[A-Za-z0-9_-]+$|^$" }, "SAMLProviders": { "description": "A single SAML provider name or a comma-separated list of SAML providers to use with the role.", "type": "string", "pattern": "^[\\w+=,.@-]{0,256}$|^$" } }, "metadata": { "ui:order": [ "ServiceName", "IAMRole", "SAMLProviders" ] }, "additionalProperties": false, "required": [ "ServiceName" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1wle0ai4en6km

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Modify EBS Volumes", "description": "Modify EBS Volumes that are not attached to an EC2 instance in an Auto Scaling group. If you resize the volume, then you may need to extend the OS file system on the volume to use any newly allocated space. If a drift is introduced in the CloudFormation stack that was used to create the volume, then the automation can try to remediate the stack drift for stacks that are not created using CloudFormation ingest change type (ct-36cn2avfrrj9v).", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-ModifyEBSVolumes.", "type": "string", "enum": [ "AWSManagedServices-ModifyEBSVolumes" ], "default": "AWSManagedServices-ModifyEBSVolumes" }, "Region": { "description": "The AWS Region where the EBS Volumes are located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "VolumeIds": { "description": "A list of up to 50 EBS volume IDs, in the form vol-1234567890abcdef0.", "type": "array", "items": { "type": "string", "pattern": "^vol-([0-9a-f]{8}|[0-9a-f]{17})$" }, "minItems": 1, "maxItems": 50, "uniqueItems": true }, "CreateSnapshot": { "description": "True to create a snapshot before modifying the volume, False to not. Default is True.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 }, "VolumeType": { "description": "The desired volume type. If left unspecified, the existing type is retained. Valid values are io1, io2, gp2, gp3, sc1, st1 and standard.", "type": "array", "items": { "type": "string", "enum": [ "io1", "io2", "gp2", "gp3", "sc1", "st1", "standard" ] }, "minItems": 1, "maxItems": 1 }, "VolumeSize": { "description": "The desired size of the volume, in GiB. The target volume size must be greater than or equal to the existing size of the volume. If left unspecified, the existing size is retained.", "type": "array", "items": { "type": "string", "pattern": "^([1-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-6])$" }, "minItems": 1, "maxItems": 1 }, "Iops": { "description": "The requested number of I/O operations per second (IOPS). This parameter is only valid for io1, io2 and gp3 volumes. If left unspecified, the existing value is retained, unless the VolumeType is modified to one that supports different values. We highly recommend that you specify the desired Iops value when changing the VolumeType.", "type": "array", "items": { "type": "string", "pattern": "^([1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9][0-9]{3}|[6][0-3][0-9]{3}|64000)$" }, "minItems": 1, "maxItems": 1 }, "Throughput": { "description": "The throughput to provision for a volume, with a maximum of 1000 MiB/s. This parameter is valid only for gp3 volumes. If left unspecified, a minimum value is assigned or the existing value is retained.", "type": "array", "items": { "type": "string", "pattern": "^([1][2][5-9]$|[1][3-9][0-9]$|[2-9][0-9][0-9]$|1000)$" }, "minItems": 1, "maxItems": 1 }, "RemediateStackDrift": { "description": "True to initiate drift remediation, if any drift is caused by volume modification. False to not attempt drift remediation. Drift remediation can be performed only on CloudFormation stacks that were created using a CT other than the Ingestion CT ct-36cn2avfrrj9v and that are in sync with the definitions in the stack template prior to the volume modification. Set to False to modify a volume in an ingested stack if any drift introduced by the change is acceptable.", "type": "array", "items": { "type": "string", "default": "True", "enum": [ "True", "False" ] }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "VolumeIds", "CreateSnapshot", "VolumeType", "VolumeSize", "Iops", "Throughput", "RemediateStackDrift" ] }, "required": [ "VolumeIds" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1x66wvkjw2zp5

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update target group for NLB", "description": "Use to update properties of an existing Target Group for a Network Load Balancer.", "type": "object", "properties": { "VpcId": { "description": "ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackId": { "description": "The stack ID of the Target Group (for NLB) that you are updating, in the form stack-a1b2c3d4e5f67890e.", "type": "string", "pattern": "^stack-[a-z0-9]{17}$" }, "Parameters": { "type": "object", "properties": { "HealthCheckHealthyThreshold": { "type": "string", "description": "The number of consecutive health check successes required to declare an EC2 instance healthy.", "pattern": "[2-9]{1}|10|^$" }, "HealthCheckInterval": { "type": "integer", "description": "The approximate interval, in seconds, between health checks. Supported values are 10 or 30 seconds. Cannot change if the target protocol is TCP" }, "HealthCheckTargetPath": { "type": "string", "description": "The ping path destination on the application hosts where the load balancer sends health check requests. Only applicable if HealthCheckTargetProtocol = HTTP or HTTPS." }, "HealthCheckTargetPort": { "type": "string", "description": "The port the load balancer uses when performing health checks on targets. The default is traffic-port, which indicates the port on which each target receives traffic from the load balancer.", "pattern": "[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]|traffic-port|" }, "HealthCheckTargetProtocol": { "type": "string", "description": "The protocol the load balancer uses when performing health checks on targets.", "enum": [ "HTTP", "HTTPS", "TCP" ] }, "ProxyProtocolV2": { "type": "string", "description": "True if proxy protocol version 2 is enabled. False if it is not.", "enum": [ "true", "false" ] }, "DeregistrationDelayTimeout": { "type": "string", "description": "The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused.", "pattern": "(3600|3[0-5]{1}[0-9]{2}|[1-2]{1}[0-9]{3}|[0-9]{1,3})" }, "Target1ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target1Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target1AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target1ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target1ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target1ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target2ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target2Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target2AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target2ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target2ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target2ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target3ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target3Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target3AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target3ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target3ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target3ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|$" }, "Target4ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target4Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target4AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target4ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target4ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target4ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target5ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target5Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target5AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target5ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target5ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target5ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target6ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target6Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target6AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target6ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target6ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target6ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" }, "Target7ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target7Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target7AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target7ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target7ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target7ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|$" }, "Target8ID": { "type": "string", "description": "ID of the EC2 instance to register a target, in the form i-0123abcd or i-01234567890abcdef if TargetType = instance. IP address if TargetType = ip. Leave blank if you don't need to register a target.", "pattern": "^$|i-[0-9a-f]{8}|i-[0-9a-f]{17}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.|$)){4}" }, "Target8Port": { "type": "string", "description": "The port number on which the target is listening for traffic.", "pattern": "^$|[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]" }, "Target8AvailabilityZone": { "type": "string", "description": "Where the target receives traffic from. If the TargetType = ip, and the IP address in Target8ID is inside the VPC, leave blank. If the traffic is received from the specified AZ for the load balancer, and the TargetType = ip, and the IP address in Target8ID is outside the VPC, use the name of that AZ. If the traffic is received from all enabled AZs for the load balancer, and the TargetType = ip, and the IP address in Target8ID is outside the VPC, use all. If TargetType = instance, leave blank.", "pattern": "[a-z]{2,3}-[a-z\\-]{4,10}-[1-9]{1}[a-z]{1}|all|^$" } }, "metadata": { "ui:order": [ "DeregistrationDelayTimeout", "ProxyProtocolV2", "HealthCheckTargetPath", "HealthCheckTargetPort", "HealthCheckTargetProtocol", "HealthCheckHealthyThreshold", "HealthCheckInterval", "Target1ID", "Target1Port", "Target1AvailabilityZone", "Target2ID", "Target2Port", "Target2AvailabilityZone", "Target3ID", "Target3Port", "Target3AvailabilityZone", "Target4ID", "Target4Port", "Target4AvailabilityZone", "Target5ID", "Target5Port", "Target5AvailabilityZone", "Target6ID", "Target6Port", "Target6AvailabilityZone", "Target7ID", "Target7Port", "Target7AvailabilityZone", "Target8ID", "Target8Port", "Target8AvailabilityZone" ] }, "additionalProperties": false } }, "metadata": { "ui:order": [ "VpcId", "StackId", "Parameters" ] }, "required": [ "VpcId", "StackId", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-1yq7hhqse71yg

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Start DMS Replication Task", "description": "Start a new Database Migration Service (DMS) replication task, or a task in a stopped or failed state.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-StartDmsTask.", "type": "string", "enum": [ "AWSManagedServices-StartDmsTask" ], "default": "AWSManagedServices-StartDmsTask" }, "Region": { "description": "The AWS Region where the DMS replication task was created, in the form us-east-1.", "type": "string", "pattern": "[a-z]{2}-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "ReplicationTaskArn": { "description": "The DMS replication task Amazon resource name (ARN).", "type": "array", "items": { "type": "string", "pattern": "arn:aws:dms:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:task:[A-Za-z0-9-]+$" }, "minItems": 1, "maxItems": 1 }, "StartReplicationTaskType": { "description": "The type of DMS replication task. To start a new task, use start-replication. To restart a stopped task or failed task from the CDC position where the task stopped, use resume-processing. To restart a stopped or failed task of type full-load or full-load-and-cdc, use reload-target.", "type": "array", "items": { "enum": [ "start-replication", "resume-processing", "reload-target" ], "type": "string", "default": "start-replication" }, "minItems": 1, "maxItems": 1 }, "CdcStartPosition": { "description": "When to start the change data capture (CDC) operation. Use a timestamp in the format (yyyy-mm-ddThh:mm:ss), a log sequence number, or a checkpoint (either source database-engine specific, or AWS DMS-specific).", "type": "array", "items": { "type": "string", "pattern": "^$|^\\d{1,4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$|^checkpoint:\\w{1}\\d{1}\\#\\d{2}\\#[a-z]+-[a-z]+-[a-z]+.[0-9]+:[0-9]+:[-0-9]+:[0-9]+:[0-9]+:[a-z]+-[a-z]+-[a-z]+.[0-9]+:[0-9]+\\#\\d{1}\\#\\d{1}\\#\\*\\#\\d{1}\\#\\d{2}$|^[a-z]+-[a-z]+-[a-z]+.[0-9]+:[0-9]+$" }, "minItems": 1, "maxItems": 1 }, "CdcStopPosition": { "description": "The timestamp in the format (server_time:yyyy-mm-ddThh:mm:ss) to stop the change data capture (CDC) operation.", "type": "array", "items": { "type": "string", "pattern": "^$|^server_time:\\d{1,4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$|^commit_time:[\\s]?\\d{1,4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}[\\s]?$" }, "minItems": 1, "maxItems": 1 } }, "metadata": { "ui:order": [ "*" ] }, "additionalProperties": false, "required": [ "ReplicationTaskArn", "StartReplicationTaskType" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-1yqy4frl5s8y8

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Delete StackSets Stack", "description": "Delete AWS CloudFormation (CFN) StackSets-created stacks and instances.", "type": "object", "properties": { "Name": { "description": "Name of the StackSets stack to be deleted.", "type": "string", "minLength": 1, "pattern": "^(?!(ams-|mc-))[a-z]+(-?[a-z0-9]+)+$", "maxLength": 128 }, "Region": { "description": "The AWS Region to delete the resources, in the form of us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Priority": { "description": "The priority of the request. See AMS \"RFC scheduling\" documentation for a definition of the priorities.", "type": "string", "enum": [ "Low", "Medium", "High" ] } }, "additionalProperties": false, "metadata": { "ui:order": [ "Name", "Region", "Priority" ] }, "required": [ "Name" ] }

Schema for Change Type ct-1zdasmc2ewzrs

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create Application Account With VPC", "description": "Create a managed AWS landing zone application account and a VPC with up to 10 private subnets and up to 5 optional public subnets per availability zone (AZ) for two or three AZ's. Optionally, also create an AWS Backup plan with up to four different rules. Managed AWS landing zone core accounts must already be onboarded to AWS Managed Services (AMS).", "type": "object", "properties": { "AccountName": { "description": "A name for the new application account. Max length 50 characters. The underscore (_) is not allowed.", "type": "string", "pattern": "^[a-zA-Z0-9]{1}[a-zA-Z0-9.-]{0,49}$" }, "AccountEmail": { "description": "The email address for the new application account. The email must be unique per application account.", "type": "string", "pattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$" }, "ApplicationOUName": { "description": "The name of an existing organizational unit (OU) for this application account, in the form of <application ou name>:<child ou name>. The default value is applications:managed.", "type": "string", "default": "applications:managed" }, "SupportLevel": { "description": "The account's AMS support level, Premium or Plus.", "type": "string", "enum": [ "plus", "premium" ] }, "VpcName": { "description": "A meaningful name for the application account VPC. Must be unique within this application account.", "type": "string" }, "NumberOfAZs": { "description": "The number of availability zones (AZs) that the VPC supports. Options are 2 or 3.", "type": "number", "minimum": 2, "maximum": 3 }, "VpcCIDR": { "description": "The Classless Inter-Domain Routing (CIDR) for the VPC.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "RouteType": { "description": "The AWS Transit Gateway application route table connection type. For this VPC to accept connections from other VPCs, use routable. For it to not accept those connections, use isolated. The default is routable.", "type": "string", "enum": [ "isolated", "routable" ], "default": "routable" }, "TransitGatewayApplicationRouteTableName": { "description": "The existing AWS Transit Gateway route table for this application account VPC. The default is defaultAppRouteDomain. To create a new application route table, use the Create Application Route Table change type.", "type": "string", "default": "defaultAppRouteDomain" }, "PublicSubnetAZ1CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ2CIDR": { "description": "The CIDR for the optional first public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnetAZ3CIDR": { "description": "The CIDR for the optional first public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ1CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ2CIDR": { "description": "The CIDR for the optional second public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet2AZ3CIDR": { "description": "The CIDR for the optional second public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ1CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ2CIDR": { "description": "The CIDR for the optional third public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet3AZ3CIDR": { "description": "The CIDR for the optional third public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth public subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PublicSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth public subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ1CIDR": { "description": "The CIDR for the first private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ2CIDR": { "description": "The CIDR for the first private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet1AZ3CIDR": { "description": "The CIDR for the first private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ1CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ2CIDR": { "description": "The CIDR for the optional second private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet2AZ3CIDR": { "description": "The CIDR for the optional second private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ1CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ2CIDR": { "description": "The CIDR for the optional third private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet3AZ3CIDR": { "description": "The CIDR for the optional third private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ1CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ2CIDR": { "description": "The CIDR for the optional fourth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet4AZ3CIDR": { "description": "The CIDR for the optional fourth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ1CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ2CIDR": { "description": "The CIDR for the optional fifth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet5AZ3CIDR": { "description": "The CIDR for the optional fifth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ1CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ2CIDR": { "description": "The CIDR for the optional sixth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet6AZ3CIDR": { "description": "The CIDR for the optional sixth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ1CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ2CIDR": { "description": "The CIDR for the optional seventh private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet7AZ3CIDR": { "description": "The CIDR for the optional seventh private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ1CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ2CIDR": { "description": "The CIDR for the optional eighth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet8AZ3CIDR": { "description": "The CIDR for the optional eighth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ1CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ2CIDR": { "description": "The CIDR for the optional ninth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet9AZ3CIDR": { "description": "The CIDR for the optional ninth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ1CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 1.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ2CIDR": { "description": "The CIDR for the optional tenth private subnet in availability zone 2.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "PrivateSubnet10AZ3CIDR": { "description": "The CIDR for the optional tenth private subnet in optional availability zone 3. Only required if three availability zones are chosen.", "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(/([0-9]|[1-2][0-9]|3[0-2]))$" }, "DirectAlertsEmail": { "description": "Email address to receive specifically tagged resource-based alerts, and the onboarding process will create your SNS subscription. If not specified, then you can subscribe later using the DirectCustomerAlerts change type (ct-t-3rcl9u1k017wu).", "type": "string", "pattern": "^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$" }, "SamlMetadataDocumentURL": { "description": "The URL that points to the Security Assertion Markup Language(SAML) metadata document that is used to enable federated access to the application account. Typically, a pre-signed URL for an Amazon S3 object.", "type": "string", "pattern": "^https://.+$|^$|s3://.+$" }, "BackupPlanName": { "type": "string", "description": "A meaningful name for the AWS Backup plan, which is a policy expression that defines when and how you want to back up your AWS resources.", "default": "default-backup-plan" }, "ResourceTagKey": { "type": "string", "description": "The tag key (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "Backup" }, "ResourceTagValue": { "type": "string", "description": "The tag value (case sensitive) of the resources to be backed up. For example, if you want to use a tag key:value pair like 'Department:accounting', you need to provide 'Department' as the ResourceTagKey and 'accounting' as the ResourceTagValue.", "default": "True" }, "BackupRule1ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$", "default": "cron(0 2 ? * * )" }, "BackupRule1DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 7 }, "BackupRule1MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the daily backup is moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule2DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule2MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that weekly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule3DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that monthly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule3MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the monthly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4ScheduleExpression": { "description": "A cron expression that specifies when the AWS Backup service initiates a backup job. For example, cron(0 2 ? * * *) will set a daily backup for 2am UTC time.", "type": "string", "pattern": "^(cron|rate)\\(.*\\)$" }, "BackupRule4DeleteAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are deleted. Valid values are between 1 and 35600. If a value is set to 0, the backup never expires.", "minimum": 0, "maximum": 35600, "default": 0 }, "BackupRule4MoveToColdStorageAfterDays": { "type": "integer", "description": "The number of days after creation that the yearly backups are moved to cold storage. Valid values are between 1 and 35600. If the value is set to 0, the backup never moves to cold storage.", "minimum": 0, "maximum": 35600, "default": 0 }, "PatchOrchestratorFirstTagKey": { "description": "The first tag-key to use for creating your \"Patch Group\" tag values. For example, AppId. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorSecondTagKey": { "description": "The second tag-key to use for creating your \"Patch Group\" tag values. For example, Environment. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorThirdTagKey": { "description": "The third tag-key to use for creating your \"Patch Group\" tag values. For example, Group. Specify null if you already have defined your own patch groups with a \"Patch Group\" tag.", "type": "string", "pattern": "^[a-zA-Z0-9+\\-=._:/@ ]{1,128}$" }, "PatchOrchestratorDefaultMaintenanceWindowCutoff": { "description": "The number of hours before the end of the Default Maintenance Window in which no new patching commands are started. This interval exists to allow enough time for patching to complete before the window ends.", "minimum": 0, "maximum": 23, "type": "integer" }, "PatchOrchestratorDefaultMaintenanceWindowDuration": { "description": "The duration of the maintenance window in hours.", "minimum": 1, "maximum": 24, "type": "integer" }, "PatchOrchestratorDefaultMaintenanceWindowSchedule": { "description": "The schedule of the maintenance window in the form of a cron or rate expression. For example cron(0 18 * * ? *) would create a window at 18:00 every day, and rate(7 days) would create a window every seven days.", "minLength": 1, "maxLength": 256, "pattern": "^cron\\([0-9a-zA-Z\\ ?*#-,\\/]+\\)$|^rate\\([0-9a-zA-Z\\ ]+\\)$", "type": "string" }, "PatchOrchestratorDefaultMaintenanceWindowTimeZone": { "description": "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.", "pattern": "^[a-zA-Z_]+(\\+|/)?[a-zA-Z0-9_-]*(\\+|/)?[a-zA-Z0-9_-]+$", "type": "string" }, "PatchOrchestratorDefaultPatchBackupRetentionInDays": { "description": "The number of days the backup taken before patching will remain available.", "minimum": 1, "maximum": 90, "type": "integer" }, "PatchOrchestratorNotificationEmails": { "description": "One or more email addresses to receive notifications about default patching status. Use group distribution lists instead of individual emails.", "items": { "type": "string", "pattern": "^[a-zA-Z0-9-_+.]+@[a-zA-Z0-9-_+.]+$" }, "minItems": 1, "maxItems": 5, "type": "array", "uniqueItems": true } }, "metadata": { "ui:order": [ "AccountName", "AccountEmail", "ApplicationOUName", "SupportLevel", "DirectAlertsEmail", "SamlMetadataDocumentURL", "VpcName", "VpcCIDR", "NumberOfAZs", "RouteType", "TransitGatewayApplicationRouteTableName", "PublicSubnetAZ1CIDR", "PublicSubnetAZ2CIDR", "PublicSubnetAZ3CIDR", "PublicSubnet2AZ1CIDR", "PublicSubnet2AZ2CIDR", "PublicSubnet2AZ3CIDR", "PublicSubnet3AZ1CIDR", "PublicSubnet3AZ2CIDR", "PublicSubnet3AZ3CIDR", "PublicSubnet4AZ1CIDR", "PublicSubnet4AZ2CIDR", "PublicSubnet4AZ3CIDR", "PublicSubnet5AZ1CIDR", "PublicSubnet5AZ2CIDR", "PublicSubnet5AZ3CIDR", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "PrivateSubnet1AZ3CIDR", "PrivateSubnet2AZ1CIDR", "PrivateSubnet2AZ2CIDR", "PrivateSubnet2AZ3CIDR", "PrivateSubnet3AZ1CIDR", "PrivateSubnet3AZ2CIDR", "PrivateSubnet3AZ3CIDR", "PrivateSubnet4AZ1CIDR", "PrivateSubnet4AZ2CIDR", "PrivateSubnet4AZ3CIDR", "PrivateSubnet5AZ1CIDR", "PrivateSubnet5AZ2CIDR", "PrivateSubnet5AZ3CIDR", "PrivateSubnet6AZ1CIDR", "PrivateSubnet6AZ2CIDR", "PrivateSubnet6AZ3CIDR", "PrivateSubnet7AZ1CIDR", "PrivateSubnet7AZ2CIDR", "PrivateSubnet7AZ3CIDR", "PrivateSubnet8AZ1CIDR", "PrivateSubnet8AZ2CIDR", "PrivateSubnet8AZ3CIDR", "PrivateSubnet9AZ1CIDR", "PrivateSubnet9AZ2CIDR", "PrivateSubnet9AZ3CIDR", "PrivateSubnet10AZ1CIDR", "PrivateSubnet10AZ2CIDR", "PrivateSubnet10AZ3CIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression", "BackupRule1DeleteAfterDays", "BackupRule1MoveToColdStorageAfterDays", "BackupRule2ScheduleExpression", "BackupRule2DeleteAfterDays", "BackupRule2MoveToColdStorageAfterDays", "BackupRule3ScheduleExpression", "BackupRule3DeleteAfterDays", "BackupRule3MoveToColdStorageAfterDays", "BackupRule4ScheduleExpression", "BackupRule4DeleteAfterDays", "BackupRule4MoveToColdStorageAfterDays", "PatchOrchestratorFirstTagKey", "PatchOrchestratorSecondTagKey", "PatchOrchestratorThirdTagKey", "PatchOrchestratorDefaultMaintenanceWindowCutoff", "PatchOrchestratorDefaultMaintenanceWindowDuration", "PatchOrchestratorDefaultMaintenanceWindowSchedule", "PatchOrchestratorDefaultMaintenanceWindowTimeZone", "PatchOrchestratorDefaultPatchBackupRetentionInDays", "PatchOrchestratorNotificationEmails" ] }, "additionalProperties": false, "required": [ "AccountName", "AccountEmail", "SupportLevel", "VpcName", "VpcCIDR", "NumberOfAZs", "PrivateSubnet1AZ1CIDR", "PrivateSubnet1AZ2CIDR", "BackupPlanName", "ResourceTagKey", "ResourceTagValue", "BackupRule1ScheduleExpression" ] }

Schema for Change Type ct-2019s9y3nfml4

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Remove AD User From AD Group", "description": "Remove an Active Directory (AD) user from an AD group in the AMS managed AD. For multi-account landing zone (MALZ), use this change type in the shared services account.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-RemoveADUserFromGroup-Admin.", "type": "string", "enum": [ "AWSManagedServices-RemoveADUserFromGroup-Admin" ], "default": "AWSManagedServices-RemoveADUserFromGroup-Admin" }, "Region": { "description": "The AWS Region where the AMS managed AD is located, in the form us-east-1.", "type": "string", "pattern": "^([a-z]{2}((-gov))?-[a-z]+-\\d{1})$" }, "Parameters": { "type": "object", "properties": { "UserName": { "description": "The name of the AD user.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|\\@]{2,19}[^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|\\@\\.]$" }, "maxItems": 1, "minItems": 1 }, "GroupName": { "description": "The name of the AD group to remove the user from.", "type": "array", "items": { "type": "string", "pattern": "^(?!\\.+$)(?!\\d+$)(?! +$)[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|][^#,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]{0,61}[^ #,\\+\"\\<>;\r\n\f\\[\\]\\*:=/\\|]$" }, "maxItems": 1, "minItems": 1 }, "DomainFQDN": { "description": "The fully qualified domain name (FQDN) where the user exists, this can be the AMS managed or trusted domain.", "type": "array", "items": { "type": "string", "pattern": "^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$" }, "maxItems": 1, "minItems": 1 } }, "metadata": { "ui:order": [ "UserName", "GroupName", "DomainFQDN" ] }, "required": [ "UserName", "GroupName", "DomainFQDN" ], "additionalProperties": false } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "required": [ "DocumentName", "Region", "Parameters" ], "additionalProperties": false }

Schema for Change Type ct-2052miu12d8fn

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Update RDS MasterUserPassword", "description": "Update the MasterUserPassword property of an Amazon Relational Database Service (RDS) database instance.", "type": "object", "properties": { "DocumentName": { "description": "Must be AWSManagedServices-UpdateInstanceMasterUserPasswordV2.", "type": "string", "enum": [ "AWSManagedServices-UpdateInstanceMasterUserPasswordV2" ], "default": "AWSManagedServices-UpdateInstanceMasterUserPasswordV2" }, "Region": { "description": "The AWS Region of the account with the RDS database instance; for example, us-east-1.", "type": "string", "pattern": "[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}" }, "Parameters": { "type": "object", "properties": { "DBInstanceIdentifier": { "description": "The identifier of the RDS database instance; for example, mydbinstance.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$" }, "SecretName": { "description": "The name of the Secrets Manager secret that stores the new RDS master user password, You must specify either this property, or \"SSMParameter\", but not both.", "type": "string", "pattern": "^$|^[a-zA-Z0-9\\_\\.\\-\\/\\=\\@]{0,255}$", "default": "" }, "SecretKey": { "description": "The \"Key\" in the Secrets Manager secret that stores the new RDS master user password, required only if SecretName is provided.", "type": "string", "pattern": "^$|^[a-zA-Z0-9\\_\\.\\-\\/\\=\\@]{0,255}$", "default": "" }, "SSMParameter": { "description": "The name of the SSM Parameter Store parameter that stores new RDS master user password. You must specify either this property, or \"SecretName\", but not both.", "type": "string", "pattern": "^$|^[a-zA-Z0-9\\_\\.\\-]{0,255}$", "default": "" } }, "metadata": { "ui:order": [ "DBInstanceIdentifier", "SecretName", "SecretKey", "SSMParameter" ] }, "additionalProperties": false, "required": [ "DBInstanceIdentifier" ] } }, "metadata": { "ui:order": [ "DocumentName", "Region", "Parameters" ] }, "additionalProperties": false, "required": [ "DocumentName", "Region", "Parameters" ] }

Schema for Change Type ct-20san5sgtwd9e

{ "$schema": "http://json-schema.org/draft-04/schema#", "name": "Create RDS Instance From Snapshot", "description": "Create an Amazon Relational Database Service (RDS) DB instance from an RDS snapshot.", "type": "object", "properties": { "Description": { "description": "Meaningful information about the resource to be created.", "type": "string", "minLength": 1, "maxLength": 500 }, "VpcId": { "description": "The ID of the VPC to use, in the form vpc-0123abcd or vpc-01234567890abcdef.", "type": "string", "pattern": "^vpc-[a-z0-9]{8}$|^vpc-[a-z0-9]{17}$" }, "StackTemplateId": { "description": "Must be stm-siqajx20000000000.", "type": "string", "enum": [ "stm-siqajx20000000000" ] }, "Name": { "description": "A name for the stack; this becomes the Stack Name.", "type": "string", "minLength": 1, "maxLength": 255 }, "Tags": { "description": "Up to fifty tags (key/value pairs) to categorize the resource.", "type": "array", "items": { "type": "object", "properties": { "Key": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,127}$", "minLength": 1, "maxLength": 127 }, "Value": { "type": "string", "pattern": "^[a-zA-Z0-9\\s_./=+-]{1,255}$", "minLength": 1, "maxLength": 255 } }, "additionalProperties": false, "metadata": { "ui:order": [ "Key", "Value" ] }, "required": [ "Key", "Value" ] }, "minItems": 0, "maxItems": 50, "uniqueItems": true }, "TimeoutInMinutes": { "description": "The maximum amount of time, in minutes, to allow for execution of the change. This will not prolong execution, but the RFC fails if the change is not completed in the specified time.", "type": "number", "minimum": 0, "maximum": 720 }, "Parameters": { "description": "Specifications for the stack.", "type": "object", "properties": { "DBInstanceClass": { "description": "The compute and memory capacity for the DB instance. To inherit this value from the snapshot, use inherit.", "type": "string", "pattern": "^inherit$|^db\\.[a-z0-9]+\\.[a-z0-9]+$", "default": "inherit" }, "DBInstanceIdentifier": { "description": "A name for the DB instance. If you specify a name, it is converted to lowercase. If you don't specify a name, a unique physical ID is generated and used for the DBInstanceIdentifier.", "type": "string", "pattern": "^[a-zA-Z]{1}(?!.*--)(?!.*-$)[A-Za-z0-9-]{0,62}$|^$", "default": "" }, "DBSnapshotIdentifier": { "description": "The name of the RDS DB snapshot to use to create the DB instance.", "type": "string" }, "DBDomain": { "description": "The directory ID of the Active Directory to create the instance in. To use DBDomain, you must provide an eligible SQL Server, Oracle, or Postgres engine in the DBEngine field.", "type": "string", "pattern": "^$|^d-[0-9a-f]{10}$" }, "DBDomainIAMRoleName": { "description": "The name of an IAM role that Amazon RDS uses when calling the AWS Directory Service APIs.", "type": "string", "pattern": "^$|^customer[\\w-]+$" }, "DBEngine": { "description": "The name of the database engine for the DB instance. Must be compatible with the engine of the source. If not specified, it will default to the same engine as the source. Not every database engine is available for every AWS region.", "type": "string" }, "DBOptionGroupName": { "description": "The option group that this DB instance is associated with. If none is provided, th