From 4567295aea43f49c56856ad81c8d62d98e1aefd1 Mon Sep 17 00:00:00 2001 From: nmbr7 <19748270+nmbr7@users.noreply.github.com> Date: Wed, 27 Nov 2024 01:09:35 +0000 Subject: [PATCH] Updated Schema files --- resourceSchema/schema_aws.json | 239 ++++++++++++++++++++++++++------- 1 file changed, 187 insertions(+), 52 deletions(-) diff --git a/resourceSchema/schema_aws.json b/resourceSchema/schema_aws.json index c552ba1..8a292d9 100644 --- a/resourceSchema/schema_aws.json +++ b/resourceSchema/schema_aws.json @@ -62149,6 +62149,28 @@ "resourceType" ] }, + "aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration": { + "properties": { + "portName": { + "type": "string", + "description": "The name of the port for a target group associated with the VPC Lattice configuration.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The full ARN of the target group or groups associated with the VPC Lattice configuration.\n" + } + }, + "type": "object", + "required": [ + "portName", + "roleArn", + "targetGroupArn" + ] + }, "aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage": { "properties": { "sizeInGib": { @@ -133737,6 +133759,19 @@ }, "type": "object" }, + "aws:rds/InstanceDesiredStateTimeouts:InstanceDesiredStateTimeouts": { + "properties": { + "create": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + }, + "update": { + "type": "string", + "description": "A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as \"30s\" or \"2h45m\". Valid time units are \"s\" (seconds), \"m\" (minutes), \"h\" (hours).\n" + } + }, + "type": "object" + }, "aws:rds/InstanceListenerEndpoint:InstanceListenerEndpoint": { "properties": { "address": { @@ -216253,7 +216288,7 @@ }, "assetType": { "type": "string", - "description": "The type of asset that is added to a data set. Valid values are: `S3_SNAPSHOT`, `REDSHIFT_DATA_SHARE`, and `API_GATEWAY_API`.\n" + "description": "The type of asset that is added to a data set. Valid values include `API_GATEWAY_API`, `LAKE_FORMATION_DATA_PERMISSION`, `REDSHIFT_DATA_SHARE`, `S3_DATA_ACCESS`, `S3_SNAPSHOT`.\n" }, "description": { "type": "string", @@ -216289,7 +216324,7 @@ "inputProperties": { "assetType": { "type": "string", - "description": "The type of asset that is added to a data set. Valid values are: `S3_SNAPSHOT`, `REDSHIFT_DATA_SHARE`, and `API_GATEWAY_API`.\n", + "description": "The type of asset that is added to a data set. Valid values include `API_GATEWAY_API`, `LAKE_FORMATION_DATA_PERMISSION`, `REDSHIFT_DATA_SHARE`, `S3_DATA_ACCESS`, `S3_SNAPSHOT`.\n", "willReplaceOnChanges": true }, "description": { @@ -216321,7 +216356,7 @@ }, "assetType": { "type": "string", - "description": "The type of asset that is added to a data set. Valid values are: `S3_SNAPSHOT`, `REDSHIFT_DATA_SHARE`, and `API_GATEWAY_API`.\n", + "description": "The type of asset that is added to a data set. Valid values include `API_GATEWAY_API`, `LAKE_FORMATION_DATA_PERMISSION`, `REDSHIFT_DATA_SHARE`, `S3_DATA_ACCESS`, `S3_SNAPSHOT`.\n", "willReplaceOnChanges": true }, "description": { @@ -237080,15 +237115,15 @@ }, "userData": { "type": "string", - "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataBase64": { "type": "string", - "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataReplaceOnChange": { "type": "boolean", - "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate when set to `true`. Defaults to `false` if not set.\n" + "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate of the EC2 instance when set to `true`. Defaults to `false` if not set.\n" }, "volumeTags": { "type": "object", @@ -237394,15 +237429,15 @@ }, "userData": { "type": "string", - "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataBase64": { "type": "string", - "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataReplaceOnChange": { "type": "boolean", - "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate when set to `true`. Defaults to `false` if not set.\n" + "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate of the EC2 instance when set to `true`. Defaults to `false` if not set.\n" }, "volumeTags": { "type": "object", @@ -237712,15 +237747,15 @@ }, "userData": { "type": "string", - "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataBase64": { "type": "string", - "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataReplaceOnChange": { "type": "boolean", - "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate when set to `true`. Defaults to `false` if not set.\n" + "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate of the EC2 instance when set to `true`. Defaults to `false` if not set.\n" }, "volumeTags": { "type": "object", @@ -242912,15 +242947,15 @@ }, "userData": { "type": "string", - "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataBase64": { "type": "string", - "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n" + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n" }, "userDataReplaceOnChange": { "type": "boolean", - "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate when set to `true`. Defaults to `false` if not set.\n" + "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate of the EC2 instance when set to `true`. Defaults to `false` if not set.\n" }, "validFrom": { "type": "string", @@ -243252,17 +243287,17 @@ }, "userData": { "type": "string", - "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n", "willReplaceOnChanges": true }, "userDataBase64": { "type": "string", - "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n", "willReplaceOnChanges": true }, "userDataReplaceOnChange": { "type": "boolean", - "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate when set to `true`. Defaults to `false` if not set.\n", + "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate of the EC2 instance when set to `true`. Defaults to `false` if not set.\n", "willReplaceOnChanges": true }, "validFrom": { @@ -243593,17 +243628,17 @@ }, "userData": { "type": "string", - "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n", "willReplaceOnChanges": true }, "userDataBase64": { "type": "string", - "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate.\n", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. Updates to this field will trigger a stop/start of the EC2 instance by default. If the `user_data_replace_on_change` is set then updates to this field will trigger a destroy and recreate of the EC2 instance.\n", "willReplaceOnChanges": true }, "userDataReplaceOnChange": { "type": "boolean", - "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate when set to `true`. Defaults to `false` if not set.\n", + "description": "When used in combination with `user_data` or `user_data_base64` will trigger a destroy and recreate of the EC2 instance when set to `true`. Defaults to `false` if not set.\n", "willReplaceOnChanges": true }, "validFrom": { @@ -253470,6 +253505,10 @@ "$ref": "#/types/aws:ecs/ServiceAlarms:ServiceAlarms", "description": "Information about the CloudWatch alarms. See below.\n" }, + "availabilityZoneRebalancing": { + "type": "string", + "description": "ECS automatically redistributes tasks within a service across Availability Zones (AZs) to mitigate the risk of impaired application availability due to underlying infrastructure failures and task lifecycle activities. The valid values are `ENABLED` and `DISABLED`. Defaults to `DISABLED`.\n" + }, "capacityProviderStrategies": { "type": "array", "items": { @@ -253608,6 +253647,13 @@ "$ref": "#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", "description": "Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. See below.\n" }, + "vpcLatticeConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" + }, + "description": "The VPC Lattice configuration for your service that allows Lattice to connect, secure, and monitor your service across multiple accounts and VPCs. See below.\n" + }, "waitForSteadyState": { "type": "boolean", "description": "If `true`, this provider will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.\n" @@ -253627,6 +253673,10 @@ "$ref": "#/types/aws:ecs/ServiceAlarms:ServiceAlarms", "description": "Information about the CloudWatch alarms. See below.\n" }, + "availabilityZoneRebalancing": { + "type": "string", + "description": "ECS automatically redistributes tasks within a service across Availability Zones (AZs) to mitigate the risk of impaired application availability due to underlying infrastructure failures and task lifecycle activities. The valid values are `ENABLED` and `DISABLED`. Defaults to `DISABLED`.\n" + }, "capacityProviderStrategies": { "type": "array", "items": { @@ -253762,6 +253812,13 @@ "$ref": "#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", "description": "Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. See below.\n" }, + "vpcLatticeConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" + }, + "description": "The VPC Lattice configuration for your service that allows Lattice to connect, secure, and monitor your service across multiple accounts and VPCs. See below.\n" + }, "waitForSteadyState": { "type": "boolean", "description": "If `true`, this provider will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.\n" @@ -253774,6 +253831,10 @@ "$ref": "#/types/aws:ecs/ServiceAlarms:ServiceAlarms", "description": "Information about the CloudWatch alarms. See below.\n" }, + "availabilityZoneRebalancing": { + "type": "string", + "description": "ECS automatically redistributes tasks within a service across Availability Zones (AZs) to mitigate the risk of impaired application availability due to underlying infrastructure failures and task lifecycle activities. The valid values are `ENABLED` and `DISABLED`. Defaults to `DISABLED`.\n" + }, "capacityProviderStrategies": { "type": "array", "items": { @@ -253917,6 +253978,13 @@ "$ref": "#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", "description": "Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. See below.\n" }, + "vpcLatticeConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" + }, + "description": "The VPC Lattice configuration for your service that allows Lattice to connect, secure, and monitor your service across multiple accounts and VPCs. See below.\n" + }, "waitForSteadyState": { "type": "boolean", "description": "If `true`, this provider will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.\n" @@ -268646,7 +268714,7 @@ }, "deploymentType": { "type": "string", - "description": "The filesystem deployment type. Valid values: `SINGLE_AZ_1`, `SINGLE_AZ_2` and `MULTI_AZ_1`.\n" + "description": "Filesystem deployment type. See the [AWS API documentation](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemOpenZFSConfiguration.html#FSx-Type-CreateFileSystemOpenZFSConfiguration-DeploymentType) for a list of valid values.\n" }, "diskIopsConfiguration": { "$ref": "#/types/aws:fsx/OpenZfsFileSystemDiskIopsConfiguration:OpenZfsFileSystemDiskIopsConfiguration", @@ -268810,7 +268878,7 @@ }, "deploymentType": { "type": "string", - "description": "The filesystem deployment type. Valid values: `SINGLE_AZ_1`, `SINGLE_AZ_2` and `MULTI_AZ_1`.\n", + "description": "Filesystem deployment type. See the [AWS API documentation](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemOpenZFSConfiguration.html#FSx-Type-CreateFileSystemOpenZFSConfiguration-DeploymentType) for a list of valid values.\n", "willReplaceOnChanges": true }, "diskIopsConfiguration": { @@ -268937,7 +269005,7 @@ }, "deploymentType": { "type": "string", - "description": "The filesystem deployment type. Valid values: `SINGLE_AZ_1`, `SINGLE_AZ_2` and `MULTI_AZ_1`.\n", + "description": "Filesystem deployment type. See the [AWS API documentation](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystemOpenZFSConfiguration.html#FSx-Type-CreateFileSystemOpenZFSConfiguration-DeploymentType) for a list of valid values.\n", "willReplaceOnChanges": true }, "diskIopsConfiguration": { @@ -278464,7 +278532,7 @@ } }, "aws:iam/groupPolicyAttachmentsExclusive:GroupPolicyAttachmentsExclusive": { - "description": "\n\n## Import\n\nUsing `pulumi import`, import exclusive management of customer managed policy assignments using the `group_name`. For example:\n\n```sh\n$ pulumi import aws:iam/groupPolicyAttachmentsExclusive:GroupPolicyAttachmentsExclusive example MyGroup\n```\n", + "description": "\n\n## Import\n\nUsing `pulumi import`, import exclusive management of managed IAM policy assignments using the `group_name`. For example:\n\n```sh\n$ pulumi import aws:iam/groupPolicyAttachmentsExclusive:GroupPolicyAttachmentsExclusive example MyGroup\n```\n", "properties": { "groupName": { "type": "string", @@ -278475,7 +278543,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the group. Policies attached to this group but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the group. Policies attached to this group but not configured in this argument will be removed.\n" } }, "required": [ @@ -278492,7 +278560,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the group. Policies attached to this group but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the group. Policies attached to this group but not configured in this argument will be removed.\n" } }, "requiredInputs": [ @@ -278511,7 +278579,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the group. Policies attached to this group but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the group. Policies attached to this group but not configured in this argument will be removed.\n" } }, "type": "object" @@ -279640,14 +279708,14 @@ } }, "aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive": { - "description": "\u003e **NOTE:**: To reliably detect drift between customer managed policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up`\n\nResource for maintaining exclusive management of customer managed policies assigned to an AWS IAM (Identity \u0026 Access Management) role.\n\n!\u003e This resource takes exclusive ownership over customer managed policies attached to a role. This includes removal of customer managed policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicyAttachment` resources managed alongside this resource are included in the `policy_arns` argument.\n\n\u003e Destruction of this resource means Pulumi will no longer manage reconciliation of the configured policy attachments. It __will not__ detach the configured policies from the role.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.RolePolicyAttachmentsExclusive(\"example\", {\n roleName: exampleAwsIamRole.name,\n policyArns: [exampleAwsIamPolicy.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.RolePolicyAttachmentsExclusive(\"example\",\n role_name=example_aws_iam_role[\"name\"],\n policy_arns=[example_aws_iam_policy[\"arn\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.RolePolicyAttachmentsExclusive(\"example\", new()\n {\n RoleName = exampleAwsIamRole.Name,\n PolicyArns = new[]\n {\n exampleAwsIamPolicy.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRolePolicyAttachmentsExclusive(ctx, \"example\", \u0026iam.RolePolicyAttachmentsExclusiveArgs{\n\t\t\tRoleName: pulumi.Any(exampleAwsIamRole.Name),\n\t\t\tPolicyArns: pulumi.StringArray{\n\t\t\t\texampleAwsIamPolicy.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RolePolicyAttachmentsExclusive(\"example\", RolePolicyAttachmentsExclusiveArgs.builder()\n .roleName(exampleAwsIamRole.name())\n .policyArns(exampleAwsIamPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:RolePolicyAttachmentsExclusive\n properties:\n roleName: ${exampleAwsIamRole.name}\n policyArns:\n - ${exampleAwsIamPolicy.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Disallow Customer Managed Policies\n\nTo automatically remove any configured customer managed policies, set the `policy_arns` argument to an empty list.\n\n\u003e This will not __prevent__ customer managed policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing customer managed policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.RolePolicyAttachmentsExclusive(\"example\", {\n roleName: exampleAwsIamRole.name,\n policyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.RolePolicyAttachmentsExclusive(\"example\",\n role_name=example_aws_iam_role[\"name\"],\n policy_arns=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.RolePolicyAttachmentsExclusive(\"example\", new()\n {\n RoleName = exampleAwsIamRole.Name,\n PolicyArns = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRolePolicyAttachmentsExclusive(ctx, \"example\", \u0026iam.RolePolicyAttachmentsExclusiveArgs{\n\t\t\tRoleName: pulumi.Any(exampleAwsIamRole.Name),\n\t\t\tPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RolePolicyAttachmentsExclusive(\"example\", RolePolicyAttachmentsExclusiveArgs.builder()\n .roleName(exampleAwsIamRole.name())\n .policyArns()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:RolePolicyAttachmentsExclusive\n properties:\n roleName: ${exampleAwsIamRole.name}\n policyArns: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import exclusive management of customer managed policy assignments using the `role_name`. For example:\n\n```sh\n$ pulumi import aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive example MyRole\n```\n", + "description": "\u003e **NOTE:**: To reliably detect drift between customer managed policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up`\n\nResource for maintaining exclusive management of managed IAM policies assigned to an AWS IAM (Identity \u0026 Access Management) role.\n\n!\u003e This resource takes exclusive ownership over managed IAM policies attached to a role. This includes removal of managed IAM policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicyAttachment` resources managed alongside this resource are included in the `policy_arns` argument.\n\n\u003e Destruction of this resource means Pulumi will no longer manage reconciliation of the configured policy attachments. It **will not** detach the configured policies from the role.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.RolePolicyAttachmentsExclusive(\"example\", {\n roleName: exampleAwsIamRole.name,\n policyArns: [exampleAwsIamPolicy.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.RolePolicyAttachmentsExclusive(\"example\",\n role_name=example_aws_iam_role[\"name\"],\n policy_arns=[example_aws_iam_policy[\"arn\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.RolePolicyAttachmentsExclusive(\"example\", new()\n {\n RoleName = exampleAwsIamRole.Name,\n PolicyArns = new[]\n {\n exampleAwsIamPolicy.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRolePolicyAttachmentsExclusive(ctx, \"example\", \u0026iam.RolePolicyAttachmentsExclusiveArgs{\n\t\t\tRoleName: pulumi.Any(exampleAwsIamRole.Name),\n\t\t\tPolicyArns: pulumi.StringArray{\n\t\t\t\texampleAwsIamPolicy.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RolePolicyAttachmentsExclusive(\"example\", RolePolicyAttachmentsExclusiveArgs.builder()\n .roleName(exampleAwsIamRole.name())\n .policyArns(exampleAwsIamPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:RolePolicyAttachmentsExclusive\n properties:\n roleName: ${exampleAwsIamRole.name}\n policyArns:\n - ${exampleAwsIamPolicy.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Disallow Managed IAM Policies\n\nTo automatically remove any configured managed IAM policies, set the `policy_arns` argument to an empty list.\n\n\u003e This will not **prevent** managed IAM policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing managed IAM policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.RolePolicyAttachmentsExclusive(\"example\", {\n roleName: exampleAwsIamRole.name,\n policyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.RolePolicyAttachmentsExclusive(\"example\",\n role_name=example_aws_iam_role[\"name\"],\n policy_arns=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.RolePolicyAttachmentsExclusive(\"example\", new()\n {\n RoleName = exampleAwsIamRole.Name,\n PolicyArns = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRolePolicyAttachmentsExclusive(ctx, \"example\", \u0026iam.RolePolicyAttachmentsExclusiveArgs{\n\t\t\tRoleName: pulumi.Any(exampleAwsIamRole.Name),\n\t\t\tPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;\nimport com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new RolePolicyAttachmentsExclusive(\"example\", RolePolicyAttachmentsExclusiveArgs.builder()\n .roleName(exampleAwsIamRole.name())\n .policyArns()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:RolePolicyAttachmentsExclusive\n properties:\n roleName: ${exampleAwsIamRole.name}\n policyArns: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import exclusive management of managed IAM policy assignments using the `role_name`. For example:\n\n```sh\n$ pulumi import aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive example MyRole\n```\n", "properties": { "policyArns": { "type": "array", "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.\n" }, "roleName": { "type": "string", @@ -279664,7 +279732,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.\n" }, "roleName": { "type": "string", @@ -279683,7 +279751,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.\n" }, "roleName": { "type": "string", @@ -280900,14 +280968,14 @@ } }, "aws:iam/userPolicyAttachmentsExclusive:UserPolicyAttachmentsExclusive": { - "description": "\n\n## Import\n\nUsing `pulumi import`, import exclusive management of customer managed policy assignments using the `user_name`. For example:\n\n```sh\n$ pulumi import aws:iam/userPolicyAttachmentsExclusive:UserPolicyAttachmentsExclusive example MyUser\n```\n", + "description": "\n\n## Import\n\nUsing `pulumi import`, import exclusive management of managed IAM policy assignments using the `user_name`. For example:\n\n```sh\n$ pulumi import aws:iam/userPolicyAttachmentsExclusive:UserPolicyAttachmentsExclusive example MyUser\n```\n", "properties": { "policyArns": { "type": "array", "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the user. Policies attached to this user but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the user. Policies attached to this user but not configured in this argument will be removed.\n" }, "userName": { "type": "string", @@ -280924,7 +280992,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the user. Policies attached to this user but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the user. Policies attached to this user but not configured in this argument will be removed.\n" }, "userName": { "type": "string", @@ -280943,7 +281011,7 @@ "items": { "type": "string" }, - "description": "A list of customer managed policy ARNs to be attached to the user. Policies attached to this user but not configured in this argument will be removed.\n" + "description": "A list of managed IAM policy ARNs to be attached to the user. Policies attached to this user but not configured in this argument will be removed.\n" }, "userName": { "type": "string", @@ -282410,7 +282478,7 @@ } }, "aws:imagebuilder/imagePipeline:ImagePipeline": { - "description": "Manages an Image Builder Image Pipeline.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.ImagePipeline(\"example\", {\n imageRecipeArn: exampleAwsImagebuilderImageRecipe.arn,\n infrastructureConfigurationArn: exampleAwsImagebuilderInfrastructureConfiguration.arn,\n name: \"example\",\n schedule: {\n scheduleExpression: \"cron(0 0 * * ? *)\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.ImagePipeline(\"example\",\n image_recipe_arn=example_aws_imagebuilder_image_recipe[\"arn\"],\n infrastructure_configuration_arn=example_aws_imagebuilder_infrastructure_configuration[\"arn\"],\n name=\"example\",\n schedule={\n \"schedule_expression\": \"cron(0 0 * * ? *)\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ImageBuilder.ImagePipeline(\"example\", new()\n {\n ImageRecipeArn = exampleAwsImagebuilderImageRecipe.Arn,\n InfrastructureConfigurationArn = exampleAwsImagebuilderInfrastructureConfiguration.Arn,\n Name = \"example\",\n Schedule = new Aws.ImageBuilder.Inputs.ImagePipelineScheduleArgs\n {\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewImagePipeline(ctx, \"example\", \u0026imagebuilder.ImagePipelineArgs{\n\t\t\tImageRecipeArn: pulumi.Any(exampleAwsImagebuilderImageRecipe.Arn),\n\t\t\tInfrastructureConfigurationArn: pulumi.Any(exampleAwsImagebuilderInfrastructureConfiguration.Arn),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tSchedule: \u0026imagebuilder.ImagePipelineScheduleArgs{\n\t\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.imagebuilder.ImagePipeline;\nimport com.pulumi.aws.imagebuilder.ImagePipelineArgs;\nimport com.pulumi.aws.imagebuilder.inputs.ImagePipelineScheduleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ImagePipeline(\"example\", ImagePipelineArgs.builder()\n .imageRecipeArn(exampleAwsImagebuilderImageRecipe.arn())\n .infrastructureConfigurationArn(exampleAwsImagebuilderInfrastructureConfiguration.arn())\n .name(\"example\")\n .schedule(ImagePipelineScheduleArgs.builder()\n .scheduleExpression(\"cron(0 0 * * ? *)\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:imagebuilder:ImagePipeline\n properties:\n imageRecipeArn: ${exampleAwsImagebuilderImageRecipe.arn}\n infrastructureConfigurationArn: ${exampleAwsImagebuilderInfrastructureConfiguration.arn}\n name: example\n schedule:\n scheduleExpression: cron(0 0 * * ? *)\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_imagebuilder_image_pipeline` resources using the Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:imagebuilder/imagePipeline:ImagePipeline example arn:aws:imagebuilder:us-east-1:123456789012:image-pipeline/example\n```\n", + "description": "Manages an Image Builder Image Pipeline.\n\n\u003e **NOTE:** Starting with version `5.74.0`, lifecycle meta-argument `replace_triggered_by` must be used in order to prevent a dependency error on destroy.\n\n## Import\n\nUsing `pulumi import`, import `aws_imagebuilder_image_pipeline` resources using the Amazon Resource Name (ARN). For example:\n\n```sh\n$ pulumi import aws:imagebuilder/imagePipeline:ImagePipeline example arn:aws:imagebuilder:us-east-1:123456789012:image-pipeline/example\n```\n", "properties": { "arn": { "type": "string", @@ -321814,7 +321882,7 @@ "items": { "type": "string" }, - "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `RESOURCE_CONTROL_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" }, "featureSet": { "type": "string", @@ -321874,7 +321942,7 @@ "items": { "type": "string" }, - "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `RESOURCE_CONTROL_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" }, "featureSet": { "type": "string", @@ -321907,7 +321975,7 @@ "items": { "type": "string" }, - "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g., `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `RESOURCE_CONTROL_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" }, "featureSet": { "type": "string", @@ -322064,7 +322132,7 @@ }, "content": { "type": "string", - "description": "The policy content to add to the new policy. For example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) and for more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" + "description": "The policy content to add to the new policy.\nFor example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles.\nFor more information about the RCP syntax, see the [Resource Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps_syntax.html).\nFor more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html).\nFor more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" }, "description": { "type": "string", @@ -322095,7 +322163,7 @@ }, "type": { "type": "string", - "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n" + "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `RESOURCE_CONTROL_POLICY` (RCP), `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n" } }, "required": [ @@ -322107,7 +322175,7 @@ "inputProperties": { "content": { "type": "string", - "description": "The policy content to add to the new policy. For example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) and for more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" + "description": "The policy content to add to the new policy.\nFor example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles.\nFor more information about the RCP syntax, see the [Resource Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps_syntax.html).\nFor more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html).\nFor more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" }, "description": { "type": "string", @@ -322130,7 +322198,7 @@ }, "type": { "type": "string", - "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n", + "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `RESOURCE_CONTROL_POLICY` (RCP), `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n", "willReplaceOnChanges": true } }, @@ -322146,7 +322214,7 @@ }, "content": { "type": "string", - "description": "The policy content to add to the new policy. For example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) and for more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" + "description": "The policy content to add to the new policy.\nFor example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles.\nFor more information about the RCP syntax, see the [Resource Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps_syntax.html).\nFor more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html).\nFor more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" }, "description": { "type": "string", @@ -322177,7 +322245,7 @@ }, "type": { "type": "string", - "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n", + "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `RESOURCE_CONTROL_POLICY` (RCP), `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n", "willReplaceOnChanges": true } }, @@ -330965,6 +331033,10 @@ "type": "boolean", "description": "If the Global Cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" }, + "endpoint": { + "type": "string", + "description": "Writer endpoint for the new global database cluster. This endpoint always points to the writer DB instance in the current primary cluster.\n" + }, "engine": { "type": "string", "description": "Name of the database engine to be used for this DB cluster. The provider will only perform drift detection if a configuration value is provided. Valid values: `aurora`, `aurora-mysql`, `aurora-postgresql`. Defaults to `aurora`. Conflicts with `source_db_cluster_identifier`.\n" @@ -331010,6 +331082,7 @@ }, "required": [ "arn", + "endpoint", "engine", "engineLifecycleSupport", "engineVersion", @@ -331082,6 +331155,10 @@ "type": "boolean", "description": "If the Global Cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" }, + "endpoint": { + "type": "string", + "description": "Writer endpoint for the new global database cluster. This endpoint always points to the writer DB instance in the current primary cluster.\n" + }, "engine": { "type": "string", "description": "Name of the database engine to be used for this DB cluster. The provider will only perform drift detection if a configuration value is provided. Valid values: `aurora`, `aurora-mysql`, `aurora-postgresql`. Defaults to `aurora`. Conflicts with `source_db_cluster_identifier`.\n", @@ -332326,6 +332403,60 @@ "type": "object" } }, + "aws:rds/instanceDesiredState:InstanceDesiredState": { + "description": "Resource for managing an AWS RDS (Relational Database) RDS Instance State.\n\n\u003e Destruction of this resource is a no-op and **will not** modify the instance state\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.rds.InstanceDesiredState(\"test\", {\n identifier: testAwsDbInstance.identifier,\n state: \"available\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.InstanceDesiredState(\"test\",\n identifier=test_aws_db_instance[\"identifier\"],\n state=\"available\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Rds.InstanceDesiredState(\"test\", new()\n {\n Identifier = testAwsDbInstance.Identifier,\n State = \"available\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstanceDesiredState(ctx, \"test\", \u0026rds.InstanceDesiredStateArgs{\n\t\t\tIdentifier: pulumi.Any(testAwsDbInstance.Identifier),\n\t\t\tState: pulumi.String(\"available\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.InstanceDesiredState;\nimport com.pulumi.aws.rds.InstanceDesiredStateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new InstanceDesiredState(\"test\", InstanceDesiredStateArgs.builder()\n .identifier(testAwsDbInstance.identifier())\n .state(\"available\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:rds:InstanceDesiredState\n properties:\n identifier: ${testAwsDbInstance.identifier}\n state: available\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS (Relational Database) RDS Instance State using the `example_id_arg`. For example:\n\n```sh\n$ pulumi import aws:rds/instanceDesiredState:InstanceDesiredState example rds_instance_state-id-12345678\n```\n", + "properties": { + "identifier": { + "type": "string", + "description": "DB Instance Identifier\n" + }, + "state": { + "type": "string", + "description": "Configured state of the DB Instance. Valid values are `available` and `stopped`.\n" + }, + "timeouts": { + "$ref": "#/types/aws:rds/InstanceDesiredStateTimeouts:InstanceDesiredStateTimeouts" + } + }, + "required": [ + "identifier", + "state" + ], + "inputProperties": { + "identifier": { + "type": "string", + "description": "DB Instance Identifier\n" + }, + "state": { + "type": "string", + "description": "Configured state of the DB Instance. Valid values are `available` and `stopped`.\n" + }, + "timeouts": { + "$ref": "#/types/aws:rds/InstanceDesiredStateTimeouts:InstanceDesiredStateTimeouts" + } + }, + "requiredInputs": [ + "identifier", + "state" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InstanceDesiredState resources.\n", + "properties": { + "identifier": { + "type": "string", + "description": "DB Instance Identifier\n" + }, + "state": { + "type": "string", + "description": "Configured state of the DB Instance. Valid values are `available` and `stopped`.\n" + }, + "timeouts": { + "$ref": "#/types/aws:rds/InstanceDesiredStateTimeouts:InstanceDesiredStateTimeouts" + } + }, + "type": "object" + } + }, "aws:rds/integration:Integration": { "description": "Resource for managing an AWS RDS (Relational Database) zero-ETL integration. You can refer to the [User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/zero-etl.setting-up.html).\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.redshiftserverless.Namespace(\"example\", {namespaceName: \"redshift-example\"});\nconst exampleWorkgroup = new aws.redshiftserverless.Workgroup(\"example\", {\n namespaceName: example.namespaceName,\n workgroupName: \"example-workspace\",\n baseCapacity: 8,\n publiclyAccessible: false,\n subnetIds: [\n example1.id,\n example2.id,\n example3.id,\n ],\n configParameters: [{\n parameterKey: \"enable_case_sensitive_identifier\",\n parameterValue: \"true\",\n }],\n});\nconst exampleIntegration = new aws.rds.Integration(\"example\", {\n integrationName: \"example\",\n sourceArn: exampleAwsRdsCluster.arn,\n targetArn: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.redshiftserverless.Namespace(\"example\", namespace_name=\"redshift-example\")\nexample_workgroup = aws.redshiftserverless.Workgroup(\"example\",\n namespace_name=example.namespace_name,\n workgroup_name=\"example-workspace\",\n base_capacity=8,\n publicly_accessible=False,\n subnet_ids=[\n example1[\"id\"],\n example2[\"id\"],\n example3[\"id\"],\n ],\n config_parameters=[{\n \"parameter_key\": \"enable_case_sensitive_identifier\",\n \"parameter_value\": \"true\",\n }])\nexample_integration = aws.rds.Integration(\"example\",\n integration_name=\"example\",\n source_arn=example_aws_rds_cluster[\"arn\"],\n target_arn=example.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.RedshiftServerless.Namespace(\"example\", new()\n {\n NamespaceName = \"redshift-example\",\n });\n\n var exampleWorkgroup = new Aws.RedshiftServerless.Workgroup(\"example\", new()\n {\n NamespaceName = example.NamespaceName,\n WorkgroupName = \"example-workspace\",\n BaseCapacity = 8,\n PubliclyAccessible = false,\n SubnetIds = new[]\n {\n example1.Id,\n example2.Id,\n example3.Id,\n },\n ConfigParameters = new[]\n {\n new Aws.RedshiftServerless.Inputs.WorkgroupConfigParameterArgs\n {\n ParameterKey = \"enable_case_sensitive_identifier\",\n ParameterValue = \"true\",\n },\n },\n });\n\n var exampleIntegration = new Aws.Rds.Integration(\"example\", new()\n {\n IntegrationName = \"example\",\n SourceArn = exampleAwsRdsCluster.Arn,\n TargetArn = example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshiftserverless\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := redshiftserverless.NewNamespace(ctx, \"example\", \u0026redshiftserverless.NamespaceArgs{\n\t\t\tNamespaceName: pulumi.String(\"redshift-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshiftserverless.NewWorkgroup(ctx, \"example\", \u0026redshiftserverless.WorkgroupArgs{\n\t\t\tNamespaceName: example.NamespaceName,\n\t\t\tWorkgroupName: pulumi.String(\"example-workspace\"),\n\t\t\tBaseCapacity: pulumi.Int(8),\n\t\t\tPubliclyAccessible: pulumi.Bool(false),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texample1.Id,\n\t\t\t\texample2.Id,\n\t\t\t\texample3.Id,\n\t\t\t},\n\t\t\tConfigParameters: redshiftserverless.WorkgroupConfigParameterArray{\n\t\t\t\t\u0026redshiftserverless.WorkgroupConfigParameterArgs{\n\t\t\t\t\tParameterKey: pulumi.String(\"enable_case_sensitive_identifier\"),\n\t\t\t\t\tParameterValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewIntegration(ctx, \"example\", \u0026rds.IntegrationArgs{\n\t\t\tIntegrationName: pulumi.String(\"example\"),\n\t\t\tSourceArn: pulumi.Any(exampleAwsRdsCluster.Arn),\n\t\t\tTargetArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshiftserverless.Namespace;\nimport com.pulumi.aws.redshiftserverless.NamespaceArgs;\nimport com.pulumi.aws.redshiftserverless.Workgroup;\nimport com.pulumi.aws.redshiftserverless.WorkgroupArgs;\nimport com.pulumi.aws.redshiftserverless.inputs.WorkgroupConfigParameterArgs;\nimport com.pulumi.aws.rds.Integration;\nimport com.pulumi.aws.rds.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Namespace(\"example\", NamespaceArgs.builder()\n .namespaceName(\"redshift-example\")\n .build());\n\n var exampleWorkgroup = new Workgroup(\"exampleWorkgroup\", WorkgroupArgs.builder()\n .namespaceName(example.namespaceName())\n .workgroupName(\"example-workspace\")\n .baseCapacity(8)\n .publiclyAccessible(false)\n .subnetIds( \n example1.id(),\n example2.id(),\n example3.id())\n .configParameters(WorkgroupConfigParameterArgs.builder()\n .parameterKey(\"enable_case_sensitive_identifier\")\n .parameterValue(\"true\")\n .build())\n .build());\n\n var exampleIntegration = new Integration(\"exampleIntegration\", IntegrationArgs.builder()\n .integrationName(\"example\")\n .sourceArn(exampleAwsRdsCluster.arn())\n .targetArn(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:redshiftserverless:Namespace\n properties:\n namespaceName: redshift-example\n exampleWorkgroup:\n type: aws:redshiftserverless:Workgroup\n name: example\n properties:\n namespaceName: ${example.namespaceName}\n workgroupName: example-workspace\n baseCapacity: 8\n publiclyAccessible: false\n subnetIds:\n - ${example1.id}\n - ${example2.id}\n - ${example3.id}\n configParameters:\n - parameterKey: enable_case_sensitive_identifier\n parameterValue: 'true'\n exampleIntegration:\n type: aws:rds:Integration\n name: example\n properties:\n integrationName: example\n sourceArn: ${exampleAwsRdsCluster.arn}\n targetArn: ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Use own KMS key\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst keyPolicy = current.then(current =\u003e aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"kms:*\"],\n resources: [\"*\"],\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${current.accountId}:root`],\n }],\n },\n {\n actions: [\"kms:CreateGrant\"],\n resources: [\"*\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"redshift.amazonaws.com\"],\n }],\n },\n ],\n}));\nconst example = new aws.kms.Key(\"example\", {\n deletionWindowInDays: 10,\n policy: keyPolicy.then(keyPolicy =\u003e keyPolicy.json),\n});\nconst exampleIntegration = new aws.rds.Integration(\"example\", {\n integrationName: \"example\",\n sourceArn: exampleAwsRdsCluster.arn,\n targetArn: exampleAwsRedshiftserverlessNamespace.arn,\n kmsKeyId: example.arn,\n additionalEncryptionContext: {\n example: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nkey_policy = aws.iam.get_policy_document(statements=[\n {\n \"actions\": [\"kms:*\"],\n \"resources\": [\"*\"],\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [f\"arn:aws:iam::{current.account_id}:root\"],\n }],\n },\n {\n \"actions\": [\"kms:CreateGrant\"],\n \"resources\": [\"*\"],\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"redshift.amazonaws.com\"],\n }],\n },\n])\nexample = aws.kms.Key(\"example\",\n deletion_window_in_days=10,\n policy=key_policy.json)\nexample_integration = aws.rds.Integration(\"example\",\n integration_name=\"example\",\n source_arn=example_aws_rds_cluster[\"arn\"],\n target_arn=example_aws_redshiftserverless_namespace[\"arn\"],\n kms_key_id=example.arn,\n additional_encryption_context={\n \"example\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var keyPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"kms:*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n $\"arn:aws:iam::{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:root\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"kms:CreateGrant\",\n },\n Resources = new[]\n {\n \"*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"redshift.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.Kms.Key(\"example\", new()\n {\n DeletionWindowInDays = 10,\n Policy = keyPolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleIntegration = new Aws.Rds.Integration(\"example\", new()\n {\n IntegrationName = \"example\",\n SourceArn = exampleAwsRdsCluster.Arn,\n TargetArn = exampleAwsRedshiftserverlessNamespace.Arn,\n KmsKeyId = example.Arn,\n AdditionalEncryptionContext = \n {\n { \"example\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkeyPolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:iam::%v:root\", current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:CreateGrant\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"redshift.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t\tPolicy: pulumi.String(keyPolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewIntegration(ctx, \"example\", \u0026rds.IntegrationArgs{\n\t\t\tIntegrationName: pulumi.String(\"example\"),\n\t\t\tSourceArn: pulumi.Any(exampleAwsRdsCluster.Arn),\n\t\t\tTargetArn: pulumi.Any(exampleAwsRedshiftserverlessNamespace.Arn),\n\t\t\tKmsKeyId: example.Arn,\n\t\t\tAdditionalEncryptionContext: pulumi.StringMap{\n\t\t\t\t\"example\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Integration;\nimport com.pulumi.aws.rds.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var keyPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions(\"kms:*\")\n .resources(\"*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(String.format(\"arn:aws:iam::%s:root\", current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions(\"kms:CreateGrant\")\n .resources(\"*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"redshift.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var example = new Key(\"example\", KeyArgs.builder()\n .deletionWindowInDays(10)\n .policy(keyPolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleIntegration = new Integration(\"exampleIntegration\", IntegrationArgs.builder()\n .integrationName(\"example\")\n .sourceArn(exampleAwsRdsCluster.arn())\n .targetArn(exampleAwsRedshiftserverlessNamespace.arn())\n .kmsKeyId(example.arn())\n .additionalEncryptionContext(Map.of(\"example\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n deletionWindowInDays: 10\n policy: ${keyPolicy.json}\n exampleIntegration:\n type: aws:rds:Integration\n name: example\n properties:\n integrationName: example\n sourceArn: ${exampleAwsRdsCluster.arn}\n targetArn: ${exampleAwsRedshiftserverlessNamespace.arn}\n kmsKeyId: ${example.arn}\n additionalEncryptionContext:\n example: test\nvariables:\n current:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n keyPolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - kms:*\n resources:\n - '*'\n principals:\n - type: AWS\n identifiers:\n - arn:aws:iam::${current.accountId}:root\n - actions:\n - kms:CreateGrant\n resources:\n - '*'\n principals:\n - type: Service\n identifiers:\n - redshift.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import RDS (Relational Database) Integration using the `arn`. For example:\n\n```sh\n$ pulumi import aws:rds/integration:Integration example arn:aws:rds:us-west-2:123456789012:integration:abcdefgh-0000-1111-2222-123456789012\n```\n", "properties": { @@ -345024,7 +345155,7 @@ }, "acl": { "type": "string", - "description": "Canned ACL to apply to the bucket.\n" + "description": "Specifies the Canned ACL to apply to the bucket. Valid values: `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, `bucket-owner-full-control`, `log-delivery-write`. Full details are available on the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl).\n" }, "bucket": { "type": "string", @@ -345046,7 +345177,7 @@ }, "acl": { "type": "string", - "description": "Canned ACL to apply to the bucket.\n" + "description": "Specifies the Canned ACL to apply to the bucket. Valid values: `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, `bucket-owner-full-control`, `log-delivery-write`. Full details are available on the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl).\n" }, "bucket": { "type": "string", @@ -345071,7 +345202,7 @@ }, "acl": { "type": "string", - "description": "Canned ACL to apply to the bucket.\n" + "description": "Specifies the Canned ACL to apply to the bucket. Valid values: `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, `bucket-owner-full-control`, `log-delivery-write`. Full details are available on the [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl).\n" }, "bucket": { "type": "string", @@ -399681,6 +399812,9 @@ "description": "ARN of the ECS Service\n", "type": "string" }, + "availabilityZoneRebalancing": { + "type": "string" + }, "clusterArn": { "type": "string" }, @@ -399717,6 +399851,7 @@ }, "required": [ "arn", + "availabilityZoneRebalancing", "clusterArn", "desiredCount", "launchType", @@ -415017,7 +415152,7 @@ "properties": { "filter": { "type": "string", - "description": "The type of policies to be returned in the response. Valid values are `SERVICE_CONTROL_POLICY | TAG_POLICY | BACKUP_POLICY | AISERVICES_OPT_OUT_POLICY`\n" + "description": "The type of policies to be returned in the response. Valid values are `AISERVICES_OPT_OUT_POLICY | BACKUP_POLICY | RESOURCE_CONTROL_POLICY | SERVICE_CONTROL_POLICY | TAG_POLICY`\n" } }, "type": "object", @@ -415058,7 +415193,7 @@ "properties": { "filter": { "type": "string", - "description": "Must supply one of the 4 different policy filters for a target (SERVICE_CONTROL_POLICY | TAG_POLICY | BACKUP_POLICY | AISERVICES_OPT_OUT_POLICY)\n" + "description": "Must supply one of the 5 different policy filters for a target (AISERVICES_OPT_OUT_POLICY | BACKUP_POLICY | RESOURCE_CONTROL_POLICY | SERVICE_CONTROL_POLICY | TAG_POLICY)\n" }, "targetId": { "type": "string", @@ -415147,7 +415282,7 @@ "type": "string" }, "type": { - "description": "The type of policy values can be `SERVICE_CONTROL_POLICY | TAG_POLICY | BACKUP_POLICY | AISERVICES_OPT_OUT_POLICY`\n", + "description": "The type of policy values can be `AISERVICES_OPT_OUT_POLICY | BACKUP_POLICY | RESOURCE_CONTROL_POLICY | SERVICE_CONTROL_POLICY | TAG_POLICY`\n", "type": "string" } },