CloudFormation Template Schema upgrade

https://github.com/aws-cloudformation/cloudformation-template-schema/tree/main

Author: kddejong

server/schema/resources.schema.json

@@ -123,6 +123,17 @@
       "additionalProperties": false,
       "markdownDescription": "If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE-KMS or CSE-KMS) and key information.\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
     },
+    "ManagedStorageEncryptionConfiguration": {
+      "description": "Indicates the encryption configuration for Athena Managed Storage. If not setting this field, Managed Storage will encrypt the query results with Athena's encryption key",
+      "type": "object",
+      "properties": {
+        "KmsKey": {
+          "$ref": "#/definitions/KmsKey"
+        }
+      },
+      "additionalProperties": false,
+      "markdownDescription": "Indicates the encryption configuration for Athena Managed Storage. If not setting this field, Managed Storage will encrypt the query results with Athena's encryption key\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+    },
     "RemoveEncryptionConfiguration": {
       "type": "boolean",
       "markdownDescription": "\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption\n"
@@ -246,6 +257,21 @@
       "additionalProperties": false,
       "markdownDescription": "The result configuration information about the queries in this workgroup that will be updated. Includes the updated results location and an updated option for encrypting query results. \n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
     },
+    "ManagedQueryResultsConfiguration": {
+      "description": "The configuration for the managed query results and encryption option. ResultConfiguration and ManagedQueryResultsConfiguration cannot be set at the same time",
+      "type": "object",
+      "properties": {
+        "EncryptionConfiguration": {
+          "$ref": "#/definitions/ManagedStorageEncryptionConfiguration"
+        },
+        "Enabled": {
+          "type": "boolean",
+          "markdownDescription": "\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption\n"
+        }
+      },
+      "additionalProperties": false,
+      "markdownDescription": "The configuration for the managed query results and encryption option. ResultConfiguration and ManagedQueryResultsConfiguration cannot be set at the same time\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+    },
     "WorkGroupConfiguration": {
       "type": "object",
       "properties": {
@@ -275,6 +301,9 @@
         },
         "CustomerContentEncryptionConfiguration": {
           "$ref": "#/definitions/CustomerContentEncryptionConfiguration"
+        },
+        "ManagedQueryResultsConfiguration": {
+          "$ref": "#/definitions/ManagedQueryResultsConfiguration"
         }
       },
       "additionalProperties": false,
@@ -316,6 +345,9 @@
         },
         "RemoveCustomerContentEncryptionConfiguration": {
           "$ref": "#/definitions/RemoveCustomerContentEncryptionConfiguration"
+        },
+        "ManagedQueryResultsConfiguration": {
+          "$ref": "#/definitions/ManagedQueryResultsConfiguration"
         }
       },
       "additionalProperties": false,

server/schema/resources/aws-athena-workgroup.json

@@ -500,9 +500,9 @@
           "markdownDescription": "The name of the global secondary index. The name must be unique among all other indexes on this table.\n\n---\n\nRequired: Yes  \nType: String  \nUpdate requires: No interruption\n"
         },
         "OnDemandThroughput": {
-          "description": "The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify ``MaxReadRequestUnits``, ``MaxWriteRequestUnits``, or both.",
+          "description": "The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify ``MaxReadRequestUnits``, ``MaxWriteRequestUnits``, or both. You must use either ``OnDemandThroughput`` or ``ProvisionedThroughput`` based on your table's capacity mode.",
           "$ref": "#/definitions/OnDemandThroughput",
-          "markdownDescription": "The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify ``MaxReadRequestUnits``, ``MaxWriteRequestUnits``, or both.\n\n---\n\nRequired: No  \nType:   \nUpdate requires: No interruption\n"
+          "markdownDescription": "The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify ``MaxReadRequestUnits``, ``MaxWriteRequestUnits``, or both. You must use either ``OnDemandThroughput`` or ``ProvisionedThroughput`` based on your table's capacity mode.\n\n---\n\nRequired: No  \nType:   \nUpdate requires: No interruption\n"
         },
         "ContributorInsightsSpecification": {
           "description": "The settings used to enable or disable CloudWatch Contributor Insights for the specified global secondary index.",
@@ -515,9 +515,9 @@
           "markdownDescription": "Represents attributes that are copied (projected) from the table into the global secondary index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.\n\n---\n\nRequired: Yes  \nType:   \nUpdate requires: No interruption\n"
         },
         "ProvisionedThroughput": {
-          "description": "Represents the provisioned throughput settings for the specified global secondary index.\n For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*.",
+          "description": "Represents the provisioned throughput settings for the specified global secondary index. You must use either ``OnDemandThroughput`` or ``ProvisionedThroughput`` based on your table's capacity mode.\n For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*.",
           "$ref": "#/definitions/ProvisionedThroughput",
-          "markdownDescription": "Represents the provisioned throughput settings for the specified global secondary index.\n For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*.\n\n---\n\nRequired: No  \nType:   \nUpdate requires: No interruption\n"
+          "markdownDescription": "Represents the provisioned throughput settings for the specified global secondary index. You must use either ``OnDemandThroughput`` or ``ProvisionedThroughput`` based on your table's capacity mode.\n For current minimum and maximum provisioned throughput values, see [Service, Account, and Table Quotas](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the *Amazon DynamoDB Developer Guide*.\n\n---\n\nRequired: No  \nType:   \nUpdate requires: No interruption\n"
         },
         "KeySchema": {
           "uniqueItems": true,

server/schema/resources/aws-dynamodb-table.json

@@ -13,13 +13,52 @@
       "description": "The ID of the VPC for which to create the egress-only internet gateway.",
       "type": "string",
       "markdownDescription": "The ID of the VPC for which to create the egress-only internet gateway.\n\n---\n\nRequired: Yes  \nType: String  \nUpdate requires: Replacement\n"
+    },
+    "Tags": {
+      "type": "array",
+      "description": "Any tags assigned to the egress only internet gateway.",
+      "uniqueItems": false,
+      "insertionOrder": false,
+      "items": {
+        "$ref": "#/definitions/Tag"
+      },
+      "markdownDescription": "Any tags assigned to the egress only internet gateway.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+    }
+  },
+  "definitions": {
+    "Tag": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "Key": {
+          "type": "string",
+          "minLength": 1,
+          "maxLength": 128,
+          "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: String  \nMinimum Length: 1  \nMaximum Length: 128  \nUpdate requires: No interruption\n"
+        },
+        "Value": {
+          "type": "string",
+          "maxLength": 256,
+          "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: String  \nMaximum Length: 256  \nUpdate requires: No interruption\n"
+        }
+      },
+      "required": [
+        "Value",
+        "Key"
+      ],
+      "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
     }
   },
   "tagging": {
-    "taggable": false,
-    "tagOnCreate": false,
-    "tagUpdatable": false,
-    "cloudFormationSystemTags": false
+    "taggable": true,
+    "tagOnCreate": true,
+    "tagUpdatable": true,
+    "cloudFormationSystemTags": true,
+    "tagProperty": "/properties/Tags",
+    "permissions": [
+      "ec2:CreateTags",
+      "ec2:DeleteTags"
+    ]
   },
   "required": [
     "VpcId"
@@ -37,19 +76,29 @@
     "create": {
       "permissions": [
         "ec2:CreateEgressOnlyInternetGateway",
+        "ec2:CreateTags",
         "ec2:DescribeEgressOnlyInternetGateways"
       ]
     },
     "read": {
       "permissions": [
-        "ec2:DescribeEgressOnlyInternetGateways"
+        "ec2:DescribeEgressOnlyInternetGateways",
+        "ec2:DescribeTags"
       ]
     },
     "delete": {
       "permissions": [
         "ec2:DeleteEgressOnlyInternetGateway",
         "ec2:DescribeEgressOnlyInternetGateways",
-        "ec2:DescribeVpcs"
+        "ec2:DescribeVpcs",
+        "ec2:DeleteTags"
+      ]
+    },
+    "update": {
+      "permissions": [
+        "ec2:DeleteTags",
+        "ec2:CreateTags",
+        "ec2:DescribeEgressOnlyInternetGateways"
       ]
     },
     "list": {

server/schema/resources/aws-ec2-egressonlyinternetgateway.json

@@ -15,8 +15,8 @@
     },
     "MapPublicIpOnLaunch": {
       "type": "boolean",
-      "description": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is ``false``.\n  AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/).",
-      "markdownDescription": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is ``false``.\n  AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/).\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption\n"
+      "description": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is ``false``.\n AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/).",
+      "markdownDescription": "Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is ``false``.\n AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/).\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption\n"
     },
     "EnableLniAtDeviceIndex": {
       "type": "integer",
@@ -126,6 +126,19 @@
       "type": "integer",
       "description": "An IPv6 netmask length for the subnet.",
       "markdownDescription": "An IPv6 netmask length for the subnet.\n\n---\n\nRequired: No  \nType: Integer  \nUpdate requires: Replacement\n"
+    },
+    "BlockPublicAccessStates": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "",
+      "properties": {
+        "InternetGatewayBlockMode": {
+          "type": "string",
+          "description": "The mode of VPC BPA. Options here are off, block-bidirectional, block-ingress ",
+          "markdownDescription": "The mode of VPC BPA. Options here are off, block-bidirectional, block-ingress \n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\n"
+        }
+      },
+      "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption\nRead only property: Yes"
     }
   },
   "tagging": {
@@ -187,7 +200,8 @@
   "readOnlyProperties": [
     "/properties/NetworkAclAssociationId",
     "/properties/SubnetId",
-    "/properties/Ipv6CidrBlocks"
+    "/properties/Ipv6CidrBlocks",
+    "/properties/BlockPublicAccessStates"
   ],
   "writeOnlyProperties": [
     "/properties/EnableLniAtDeviceIndex",
@@ -254,6 +268,19 @@
       },
       "description": "",
       "markdownDescription": "\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\nRead only property: Yes"
+    },
+    "BlockPublicAccessStates": {
+      "type": "object",
+      "additionalProperties": false,
+      "description": "",
+      "properties": {
+        "InternetGatewayBlockMode": {
+          "type": "string",
+          "description": "The mode of VPC BPA. Options here are off, block-bidirectional, block-ingress ",
+          "markdownDescription": "The mode of VPC BPA. Options here are off, block-bidirectional, block-ingress \n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\n"
+        }
+      },
+      "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption\nRead only property: Yes"
     }
   }
 }

server/schema/resources/aws-ec2-subnet.json

@@ -1,38 +1,10 @@
 {
   "typeName": "AWS::EC2::TrafficMirrorFilter",
-  "description": "Resource Type definition for AWS::EC2::TrafficMirrorFilter",
-  "additionalProperties": false,
-  "properties": {
-    "Id": {
-      "type": "string",
-      "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\nRead only property: Yes"
-    },
-    "Description": {
-      "type": "string",
-      "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: Replacement\n"
-    },
-    "NetworkServices": {
-      "type": "array",
-      "uniqueItems": false,
-      "items": {
-        "type": "string",
-        "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\n"
-      },
-      "markdownDescription": "\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
-    },
-    "Tags": {
-      "type": "array",
-      "uniqueItems": false,
-      "items": {
-        "$ref": "#/definitions/Tag"
-      },
-      "markdownDescription": "\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
-    }
-  },
+  "description": "Resource schema for AWS::EC2::TrafficMirrorFilter",
+  "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git",
   "definitions": {
     "Tag": {
       "type": "object",
-      "additionalProperties": false,
       "properties": {
         "Key": {
           "type": "string",
@@ -44,12 +16,65 @@
         }
       },
       "required": [
-        "Value",
-        "Key"
+        "Key",
+        "Value"
       ],
+      "additionalProperties": false,
       "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+    },
+    "TrafficMirrorNetworkService": {
+      "description": "The network service traffic that is associated with the traffic mirror filter.",
+      "type": "string",
+      "enum": [
+        "amazon-dns"
+      ],
+      "markdownDescription": "The network service traffic that is associated with the traffic mirror filter.\n\n---\n\nRequired: No  \nType: String  \nAllowed Values: amazon-dns  \nUpdate requires: No interruption\n"
     }
   },
+  "properties": {
+    "Id": {
+      "description": "The ID of a traffic mirror filter.",
+      "type": "string",
+      "markdownDescription": "The ID of a traffic mirror filter.\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\nRead only property: Yes"
+    },
+    "NetworkServices": {
+      "description": "The network service that is associated with the traffic mirror filter.",
+      "type": "array",
+      "uniqueItems": true,
+      "insertionOrder": false,
+      "items": {
+        "$ref": "#/definitions/TrafficMirrorNetworkService"
+      },
+      "markdownDescription": "The network service that is associated with the traffic mirror filter.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+    },
+    "Description": {
+      "description": "The description of a traffic mirror filter.",
+      "type": "string",
+      "markdownDescription": "The description of a traffic mirror filter.\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: Replacement\n"
+    },
+    "Tags": {
+      "description": "The tags for a traffic mirror filter.",
+      "type": "array",
+      "uniqueItems": false,
+      "insertionOrder": false,
+      "items": {
+        "$ref": "#/definitions/Tag"
+      },
+      "markdownDescription": "The tags for a traffic mirror filter.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+    }
+  },
+  "tagging": {
+    "taggable": true,
+    "tagOnCreate": true,
+    "tagUpdatable": true,
+    "cloudFormationSystemTags": true,
+    "tagProperty": "/properties/Tags",
+    "permissions": [
+      "ec2:CreateTags",
+      "ec2:DeleteTags"
+    ]
+  },
+  "additionalProperties": false,
   "createOnlyProperties": [
     "/properties/Description"
   ],
@@ -59,10 +84,51 @@
   "primaryIdentifier": [
     "/properties/Id"
   ],
+  "handlers": {
+    "create": {
+      "permissions": [
+        "ec2:CreateTrafficMirrorFilter",
+        "ec2:DescribeTrafficMirrorFilters",
+        "ec2:CreateTags",
+        "ec2:ModifyTrafficMirrorFilterNetworkServices",
+        "ec2:DescribeTags"
+      ]
+    },
+    "read": {
+      "permissions": [
+        "ec2:DescribeTrafficMirrorFilters",
+        "ec2:DescribeTags"
+      ]
+    },
+    "update": {
+      "permissions": [
+        "ec2:ModifyTrafficMirrorFilterNetworkServices",
+        "ec2:DescribeTrafficMirrorFilters",
+        "ec2:CreateTags",
+        "ec2:DeleteTags",
+        "ec2:DescribeTags"
+      ]
+    },
+    "delete": {
+      "permissions": [
+        "ec2:DescribeTrafficMirrorFilters",
+        "ec2:DeleteTrafficMirrorFilter",
+        "ec2:DeleteTags",
+        "ec2:DescribeTags"
+      ]
+    },
+    "list": {
+      "permissions": [
+        "ec2:DescribeTrafficMirrorFilters",
+        "ec2:DescribeTags"
+      ]
+    }
+  },
   "attributes": {
     "Id": {
+      "description": "The ID of a traffic mirror filter.",
       "type": "string",
-      "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\nRead only property: Yes"
+      "markdownDescription": "The ID of a traffic mirror filter.\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\nRead only property: Yes"
     }
   }
 }