stackql
diff --git a/‎providers/src/aws/v00.00.00000/provider.yaml‎
Lines changed: 126 additions & 9 deletions b/‎providers/src/aws/v00.00.00000/provider.yaml‎
Lines changed: 126 additions & 9 deletions
diff --git a/‎providers/src/aws/v00.00.00000/services/accessanalyzer.yaml‎
Lines changed: 54 additions & 9 deletions b/‎providers/src/aws/v00.00.00000/services/accessanalyzer.yaml‎
Lines changed: 54 additions & 9 deletions
diff --git a/‎providers/src/aws/v00.00.00000/services/acmpca.yaml‎
Lines changed: 4 additions & 4 deletions b/‎providers/src/aws/v00.00.00000/services/acmpca.yaml‎
Lines changed: 4 additions & 4 deletions
@@ -20,6 +20,15 @@ providerServices:
     title: acmpca
     version: v00.00.00000
     description: acmpca
+  amazonmq:
+    id: amazonmq:v00.00.00000
+    name: amazonmq
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/amazonmq.yaml
+    title: amazonmq
+    version: v00.00.00000
+    description: amazonmq
   amplify:
     id: amplify:v00.00.00000
     name: amplify
@@ -101,6 +110,15 @@ providerServices:
     title: applicationinsights
     version: v00.00.00000
     description: applicationinsights
+  applicationsignals:
+    id: applicationsignals:v00.00.00000
+    name: applicationsignals
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/applicationsignals.yaml
+    title: applicationsignals
+    version: v00.00.00000
+    description: applicationsignals
   apprunner:
     id: apprunner:v00.00.00000
     name: apprunner
@@ -128,6 +146,15 @@ providerServices:
     title: appsync
     version: v00.00.00000
     description: appsync
+  apptest:
+    id: apptest:v00.00.00000
+    name: apptest
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/apptest.yaml
+    title: apptest
+    version: v00.00.00000
+    description: apptest
   aps:
     id: aps:v00.00.00000
     name: aps
@@ -461,6 +488,15 @@ providerServices:
     title: connectcampaigns
     version: v00.00.00000
     description: connectcampaigns
+  connectcampaignsv2:
+    id: connectcampaignsv2:v00.00.00000
+    name: connectcampaignsv2
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/connectcampaignsv2.yaml
+    title: connectcampaignsv2
+    version: v00.00.00000
+    description: connectcampaignsv2
   controltower:
     id: controltower:v00.00.00000
     name: controltower
@@ -911,6 +947,15 @@ providerServices:
     title: internetmonitor
     version: v00.00.00000
     description: internetmonitor
+  invoicing:
+    id: invoicing:v00.00.00000
+    name: invoicing
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/invoicing.yaml
+    title: invoicing
+    version: v00.00.00000
+    description: invoicing
   iot:
     id: iot:v00.00.00000
     name: iot
@@ -1100,6 +1145,15 @@ providerServices:
     title: lambda
     version: v00.00.00000
     description: lambda
+  launchwizard:
+    id: launchwizard:v00.00.00000
+    name: launchwizard
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/launchwizard.yaml
+    title: launchwizard
+    version: v00.00.00000
+    description: launchwizard
   lex:
     id: lex:v00.00.00000
     name: lex
@@ -1307,15 +1361,6 @@ providerServices:
     title: networkmanager
     version: v00.00.00000
     description: networkmanager
-  nimblestudio:
-    id: nimblestudio:v00.00.00000
-    name: nimblestudio
-    preferred: true
-    service:
-      $ref: aws/v00.00.00000/services/nimblestudio.yaml
-    title: nimblestudio
-    version: v00.00.00000
-    description: nimblestudio
   oam:
     id: oam:v00.00.00000
     name: oam
@@ -1406,6 +1451,24 @@ providerServices:
     title: pcaconnectorad
     version: v00.00.00000
     description: pcaconnectorad
+  pcaconnectorscep:
+    id: pcaconnectorscep:v00.00.00000
+    name: pcaconnectorscep
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/pcaconnectorscep.yaml
+    title: pcaconnectorscep
+    version: v00.00.00000
+    description: pcaconnectorscep
+  pcs:
+    id: pcs:v00.00.00000
+    name: pcs
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/pcs.yaml
+    title: pcs
+    version: v00.00.00000
+    description: pcs
   personalize:
     id: personalize:v00.00.00000
     name: personalize
@@ -1478,6 +1541,15 @@ providerServices:
     title: ram
     version: v00.00.00000
     description: ram
+  rbin:
+    id: rbin:v00.00.00000
+    name: rbin
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/rbin.yaml
+    title: rbin
+    version: v00.00.00000
+    description: rbin
   rds:
     id: rds:v00.00.00000
     name: rds
@@ -1658,6 +1730,15 @@ providerServices:
     title: s3outposts
     version: v00.00.00000
     description: s3outposts
+  s3tables:
+    id: s3tables:v00.00.00000
+    name: s3tables
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/s3tables.yaml
+    title: s3tables
+    version: v00.00.00000
+    description: s3tables
   sagemaker:
     id: sagemaker:v00.00.00000
     name: sagemaker
@@ -1802,6 +1883,15 @@ providerServices:
     title: ssmincidents
     version: v00.00.00000
     description: ssmincidents
+  ssmquicksetup:
+    id: ssmquicksetup:v00.00.00000
+    name: ssmquicksetup
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/ssmquicksetup.yaml
+    title: ssmquicksetup
+    version: v00.00.00000
+    description: ssmquicksetup
   sso:
     id: sso:v00.00.00000
     name: sso
@@ -1964,6 +2054,33 @@ providerServices:
     title: cloudhsm
     version: v00.00.00000
     description: cloudhsm
+  ec2_native:
+    id: ec2_native:v00.00.00000
+    name: ec2_native
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/ec2_native.yaml
+    title: ec2_native
+    version: v00.00.00000
+    description: ec2_native
+  iam_native:
+    id: iam_native:v00.00.00000
+    name: iam_native
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/iam_native.yaml
+    title: iam_native
+    version: v00.00.00000
+    description: iam_native
+  global_inventory:
+    id: global_inventory:v00.00.00000
+    name: global_inventory
+    preferred: true
+    service:
+      $ref: aws/v00.00.00000/services/global_inventory.yaml
+    title: global_inventory
+    version: v00.00.00000
+    description: global_inventory
 config:
   auth:
     type: aws_signing_v4
 
@@ -438,22 +438,61 @@ components:
           maxLength: 127
         Value:
           type: string
-          description: 'The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. '
-          minLength: 1
+          description: 'The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. '
+          minLength: 0
           maxLength: 255
       required:
         - Key
-        - Value
+      additionalProperties: false
+    Tags:
+      type: array
+      x-insertionOrder: false
+      uniqueItems: true
+      description: An array of key-value pairs to apply to this resource.
+      items:
+        $ref: '#/components/schemas/Tag'
+    AnalysisRuleCriteria:
+      description: The criteria for an analysis rule for an analyzer.
+      type: object
+      properties:
+        AccountIds:
+          description: A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
+          type: array
+          x-insertionOrder: false
+          items:
+            type: string
+        ResourceTags:
+          description: |-
+            An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
+
+            For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.
+
+            For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
+          type: array
+          x-insertionOrder: false
+          items:
+            $ref: '#/components/schemas/Tags'
       additionalProperties: false
     UnusedAccessConfiguration:
       description: The Configuration for Unused Access Analyzer
       type: object
       properties:
         UnusedAccessAge:
-          description: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
+          description: The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
           type: integer
           minimum: 1
-          maximum: 180
+          maximum: 365
+        AnalysisRule:
+          description: Contains information about rules for the analyzer.
+          type: object
+          properties:
+            Exclusions:
+              description: A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
+              type: array
+              x-insertionOrder: false
+              items:
+                $ref: '#/components/schemas/AnalysisRuleCriteria'
+          additionalProperties: false
       additionalProperties: false
     Analyzer:
       type: object
@@ -503,6 +542,7 @@ components:
       x-create-only-properties:
         - AnalyzerName
         - Type
+      x-conditional-create-only-properties:
         - AnalyzerConfiguration
       x-read-only-properties:
         - Arn
@@ -514,6 +554,10 @@ components:
         tagUpdatable: true
         cloudFormationSystemTags: true
         tagProperty: /properties/Tags
+        permissions:
+          - access-analyzer:UntagResource
+          - access-analyzer:TagResource
+          - access-analyzer:ListTagsForResource
       x-required-permissions:
         create:
           - access-analyzer:CreateAnalyzer
@@ -531,6 +575,7 @@ components:
           - access-analyzer:ListAnalyzers
           - access-analyzer:TagResource
           - access-analyzer:UntagResource
+          - access-analyzer:UpdateAnalyzer
           - access-analyzer:UpdateArchiveRule
         delete:
           - access-analyzer:DeleteAnalyzer
@@ -680,7 +725,7 @@ components:
                 JSON_EXTRACT(detail.Properties, '$.Type') as type,
                 JSON_EXTRACT(detail.Properties, '$.AnalyzerConfiguration') as analyzer_configuration
                 FROM aws.cloud_control.resources listing
-                LEFT OUTER JOIN aws.cloud_control.resource detail
+                INNER JOIN aws.cloud_control.resource detail
                 ON detail.data__Identifier = listing.Identifier
                 AND detail.region = listing.region
                 WHERE listing.data__TypeName = 'AWS::AccessAnalyzer::Analyzer'
@@ -713,7 +758,7 @@ components:
                     json_extract_path_text(detail.Properties, 'Type') as type,
                     json_extract_path_text(detail.Properties, 'AnalyzerConfiguration') as analyzer_configuration
                     FROM aws.cloud_control.resources listing
-                    LEFT OUTER JOIN aws.cloud_control.resource detail
+                    INNER JOIN aws.cloud_control.resource detail
                     ON detail.data__Identifier = listing.Identifier
                     AND detail.region = listing.region
                     WHERE listing.data__TypeName = 'AWS::AccessAnalyzer::Analyzer'
@@ -776,7 +821,7 @@ components:
               JSON_EXTRACT(detail.Properties, '$.Type') as type,
               JSON_EXTRACT(detail.Properties, '$.AnalyzerConfiguration') as analyzer_configuration
               FROM aws.cloud_control.resources listing
-              LEFT OUTER JOIN aws.cloud_control.resource detail
+              INNER JOIN aws.cloud_control.resource detail
               ON detail.data__Identifier = listing.Identifier
               AND detail.region = listing.region
               ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags'))
@@ -796,7 +841,7 @@ components:
                 json_extract_path_text(detail.Properties, 'Type') as type,
                 json_extract_path_text(detail.Properties, 'AnalyzerConfiguration') as analyzer_configuration
                 FROM aws.cloud_control.resources listing
-                LEFT OUTER JOIN aws.cloud_control.resource detail
+                INNER JOIN aws.cloud_control.resource detail
                 ON detail.data__Identifier = listing.Identifier
                 AND detail.region = listing.region
                 ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags'))
 
@@ -1399,7 +1399,7 @@ components:
                 JSON_EXTRACT(detail.Properties, '$.KeyStorageSecurityStandard') as key_storage_security_standard,
                 JSON_EXTRACT(detail.Properties, '$.UsageMode') as usage_mode
                 FROM aws.cloud_control.resources listing
-                LEFT OUTER JOIN aws.cloud_control.resource detail
+                INNER JOIN aws.cloud_control.resource detail
                 ON detail.data__Identifier = listing.Identifier
                 AND detail.region = listing.region
                 WHERE listing.data__TypeName = 'AWS::ACMPCA::CertificateAuthority'
@@ -1442,7 +1442,7 @@ components:
                     json_extract_path_text(detail.Properties, 'KeyStorageSecurityStandard') as key_storage_security_standard,
                     json_extract_path_text(detail.Properties, 'UsageMode') as usage_mode
                     FROM aws.cloud_control.resources listing
-                    LEFT OUTER JOIN aws.cloud_control.resource detail
+                    INNER JOIN aws.cloud_control.resource detail
                     ON detail.data__Identifier = listing.Identifier
                     AND detail.region = listing.region
                     WHERE listing.data__TypeName = 'AWS::ACMPCA::CertificateAuthority'
@@ -1510,7 +1510,7 @@ components:
               JSON_EXTRACT(detail.Properties, '$.KeyStorageSecurityStandard') as key_storage_security_standard,
               JSON_EXTRACT(detail.Properties, '$.UsageMode') as usage_mode
               FROM aws.cloud_control.resources listing
-              LEFT OUTER JOIN aws.cloud_control.resource detail
+              INNER JOIN aws.cloud_control.resource detail
               ON detail.data__Identifier = listing.Identifier
               AND detail.region = listing.region
               ,json_each(JSON_EXTRACT(detail.Properties, '$.Tags'))
@@ -1535,7 +1535,7 @@ components:
                 json_extract_path_text(detail.Properties, 'KeyStorageSecurityStandard') as key_storage_security_standard,
                 json_extract_path_text(detail.Properties, 'UsageMode') as usage_mode
                 FROM aws.cloud_control.resources listing
-                LEFT OUTER JOIN aws.cloud_control.resource detail
+                INNER JOIN aws.cloud_control.resource detail
                 ON detail.data__Identifier = listing.Identifier
                 AND detail.region = listing.region
                 ,json_array_elements_text(json_extract_path_text(detail.Properties, 'Tags'))