@pulumi/aws-native
Version:
The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)
1,007 lines • 5.21 MB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as enums from "../types/enums";
/**
* Auto-naming specification for the resource.
*/
export interface AutoNamingArgs {
/**
* The maximum length of the name.
*/
maxLength?: pulumi.Input<number>;
/**
* The minimum length of the name.
*/
minLength?: pulumi.Input<number>;
/**
* The name of the property in the Cloud Control payload that is used to set the name of the resource.
*/
propertyName?: pulumi.Input<string>;
}
/**
* A set of tags to apply to the resource.
*/
export interface CreateOnlyTagArgs {
/**
* The key name of the tag
*/
key: pulumi.Input<string>;
/**
* The value of the tag
*/
value: pulumi.Input<string>;
}
/**
* The configuration for a Provider to assume a role.
*/
export interface ProviderAssumeRoleArgs {
/**
* Number of seconds to restrict the assume role session duration.
*/
durationSeconds?: pulumi.Input<number>;
/**
* External identifier to use when assuming the role.
*/
externalId?: pulumi.Input<string>;
/**
* IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
*/
policy?: pulumi.Input<string>;
/**
* Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
*/
policyArns?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Amazon Resource Name (ARN) of the IAM Role to assume.
*/
roleArn?: pulumi.Input<string>;
/**
* Session name to use when assuming the role.
*/
sessionName?: pulumi.Input<string>;
/**
* Map of assume role session tags.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
*/
transitiveTagKeys?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* The configuration for automatically naming resources.
*/
export interface ProviderAutoNamingArgs {
/**
* Automatically trim the auto-generated name to meet the maximum length constraint.
*/
autoTrim?: pulumi.Input<boolean>;
/**
* The minimum length of the random suffix to append to the auto-generated name.
*/
randomSuffixMinLength?: pulumi.Input<number>;
}
/**
* providerAutoNamingArgsProvideDefaults sets the appropriate defaults for ProviderAutoNamingArgs
*/
export declare function providerAutoNamingArgsProvideDefaults(val: ProviderAutoNamingArgs): ProviderAutoNamingArgs;
/**
* The configuration with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource `tags` configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the `tags` argument within a resource to configure new tag values for matching keys.
*/
export interface ProviderDefaultTagsArgs {
/**
* A group of tags to set across all resources.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
/**
* The configuration for for customizing service endpoints.
*/
export interface ProviderEndpointArgs {
/**
* Override the default endpoint for AWS CloudControl
*/
cloudcontrol?: pulumi.Input<string>;
/**
* Override the default endpoint for AWS CloudFormation
*/
cloudformation?: pulumi.Input<string>;
/**
* Override the default endpoint for AWS Elastic Compute Cloud (EC2)
*/
ec2?: pulumi.Input<string>;
/**
* Override the default endpoint for AWS Systems Manager
*/
ssm?: pulumi.Input<string>;
/**
* Override the default endpoint for AWS Security Token Service (STS)
*/
sts?: pulumi.Input<string>;
}
/**
* The configuration with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as `ec2.Tag`) for situations where external systems are managing certain resource tags.
*/
export interface ProviderIgnoreTagsArgs {
/**
* List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any `tags` attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the `tags` argument, it will display a perpetual difference until the tag is removed from the argument or `ignoreChanges` is also used.
*/
keyPrefixes?: pulumi.Input<pulumi.Input<string>[]>;
/**
* List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any `tags` attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the `tags` argument, it will display a perpetual difference until the tag is removed from the argument or `ignoreChanges` is also used.
*/
keys?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* A set of tags to apply to the resource.
*/
export interface TagArgs {
/**
* The key name of the tag
*/
key: pulumi.Input<string>;
/**
* The value of the tag
*/
value: pulumi.Input<string>;
}
export declare namespace accessanalyzer {
/**
* The criteria for an analysis rule for an analyzer.
*/
interface AnalyzerAnalysisRuleCriteriaArgs {
/**
* A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
*/
accountIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
*
* For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.
*
* For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
*/
resourceTags?: pulumi.Input<pulumi.Input<pulumi.Input<inputs.accessanalyzer.AnalyzerTagArgs>[]>[]>;
}
/**
* An Access Analyzer archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
*/
interface AnalyzerArchiveRuleArgs {
/**
* The criteria for the rule.
*/
filter: pulumi.Input<pulumi.Input<inputs.accessanalyzer.AnalyzerFilterArgs>[]>;
/**
* The archive rule name
*/
ruleName: pulumi.Input<string>;
}
/**
* The configuration for the analyzer
*/
interface AnalyzerConfigurationPropertiesArgs {
/**
* Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
*/
internalAccessConfiguration?: pulumi.Input<inputs.accessanalyzer.AnalyzerInternalAccessConfigurationArgs>;
/**
* Specifies the configuration of an unused access analyzer for an AWS organization or account.
*/
unusedAccessConfiguration?: pulumi.Input<inputs.accessanalyzer.AnalyzerUnusedAccessConfigurationArgs>;
}
interface AnalyzerFilterArgs {
/**
* A "contains" condition to match for the rule.
*/
contains?: pulumi.Input<pulumi.Input<string>[]>;
/**
* An "equals" condition to match for the rule.
*/
eq?: pulumi.Input<pulumi.Input<string>[]>;
/**
* An "exists" condition to match for the rule.
*/
exists?: pulumi.Input<boolean>;
/**
* A "not equal" condition to match for the rule.
*/
neq?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The property used to define the criteria in the filter for the rule.
*/
property: pulumi.Input<string>;
}
/**
* The criteria for an analysis rule for an internal access analyzer.
*/
interface AnalyzerInternalAccessAnalysisRuleCriteriaArgs {
/**
* A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
*/
accountIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
*/
resourceArns?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
*/
resourceTypes?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
* Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates internal access within your AWS environment.
*/
interface AnalyzerInternalAccessConfigurationArgs {
/**
* Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
*/
internalAccessAnalysisRule?: pulumi.Input<inputs.accessanalyzer.AnalyzerInternalAccessConfigurationInternalAccessAnalysisRulePropertiesArgs>;
}
/**
* Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
*/
interface AnalyzerInternalAccessConfigurationInternalAccessAnalysisRulePropertiesArgs {
/**
* A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
*/
inclusions?: pulumi.Input<pulumi.Input<inputs.accessanalyzer.AnalyzerInternalAccessAnalysisRuleCriteriaArgs>[]>;
}
/**
* A key-value pair to associate with a resource.
*/
interface AnalyzerTagArgs {
/**
* The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
*/
key: pulumi.Input<string>;
/**
* The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
*/
value?: pulumi.Input<string>;
}
/**
* The Configuration for Unused Access Analyzer
*/
interface AnalyzerUnusedAccessConfigurationArgs {
/**
* Contains information about rules for the analyzer.
*/
analysisRule?: pulumi.Input<inputs.accessanalyzer.AnalyzerUnusedAccessConfigurationAnalysisRulePropertiesArgs>;
/**
* The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
*/
unusedAccessAge?: pulumi.Input<number>;
}
/**
* Contains information about rules for the analyzer.
*/
interface AnalyzerUnusedAccessConfigurationAnalysisRulePropertiesArgs {
/**
* A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
*/
exclusions?: pulumi.Input<pulumi.Input<inputs.accessanalyzer.AnalyzerAnalysisRuleCriteriaArgs>[]>;
}
}
export declare namespace acmpca {
/**
* Contains X.509 certificate information to be placed in an issued certificate. An ``APIPassthrough`` or ``APICSRPassthrough`` template variant must be selected, or else this parameter is ignored.
* If conflicting or duplicate certificate information is supplied from other sources, AWS Private CA applies [order of operation rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.
*/
interface CertificateApiPassthroughArgs {
/**
* Specifies X.509 extension information for a certificate.
*/
extensions?: pulumi.Input<inputs.acmpca.CertificateExtensionsArgs>;
/**
* Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
*/
subject?: pulumi.Input<inputs.acmpca.CertificateSubjectArgs>;
}
/**
* Structure that contains X.509 AccessDescription information.
*/
interface CertificateAuthorityAccessDescriptionArgs {
accessLocation: pulumi.Input<inputs.acmpca.CertificateAuthorityGeneralNameArgs>;
accessMethod: pulumi.Input<inputs.acmpca.CertificateAuthorityAccessMethodArgs>;
}
/**
* Structure that contains X.509 AccessMethod information. Assign one and ONLY one field.
*/
interface CertificateAuthorityAccessMethodArgs {
accessMethodType?: pulumi.Input<string>;
customObjectIdentifier?: pulumi.Input<string>;
}
/**
* Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.
*/
interface CertificateAuthorityCrlConfigurationArgs {
/**
* Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
*/
crlDistributionPointExtensionConfiguration?: pulumi.Input<inputs.acmpca.CertificateAuthorityCrlDistributionPointExtensionConfigurationArgs>;
/**
* Specifies the type of CRL. This setting determines the maximum number of certificates that the certificate authority can issue and revoke. For more information, see [AWS Private CA quotas](https://docs.aws.amazon.com/general/latest/gr/pca.html#limits_pca) .
*
* - `COMPLETE` - The default setting. AWS Private CA maintains a single CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that AWS Private CA issues is bound to a specific CRL through the CRL distribution point (CDP) defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
* - `PARTITIONED` - Compared to complete CRLs, partitioned CRLs dramatically increase the number of certificates your private CA can issue.
*
* > When using partitioned CRLs, you must validate that the CRL's associated issuing distribution point (IDP) URI matches the certificate's CDP URI to ensure the right CRL has been fetched. AWS Private CA marks the IDP extension as critical, which your client must be able to process.
*/
crlType?: pulumi.Input<string>;
/**
* Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
*
* > The content of a Canonical Name (CNAME) record must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
*/
customCname?: pulumi.Input<string>;
/**
* Designates a custom file path in S3 for CRL(s). For example, `http://<CustomName>/<CustomPath>/<CrlPartition_GUID>.crl` .
*/
customPath?: pulumi.Input<string>;
/**
* Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the `CreateCertificateAuthority` operation or for an existing CA when you call the `UpdateCertificateAuthority` operation.
*/
enabled: pulumi.Input<boolean>;
/**
* Validity period of the CRL in days.
*/
expirationInDays?: pulumi.Input<number>;
/**
* Name of the S3 bucket that contains the CRL. If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) operation. You must specify a [bucket policy](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies) that allows AWS Private CA to write the CRL to your bucket.
*
* > The `S3BucketName` parameter must conform to the [S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) .
*/
s3BucketName?: pulumi.Input<string>;
/**
* Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.
*
* If no value is specified, the default is PUBLIC_READ.
*
* *Note:* This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as `BUCKET_OWNER_FULL_CONTROL` , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either `BUCKET_OWNER_FULL_CONTROL` or `PUBLIC_READ` as the value.
*
* For more information, see [Blocking public access to the S3 bucket](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa) .
*/
s3ObjectAcl?: pulumi.Input<string>;
}
/**
* Configures the default behavior of the CRL Distribution Point extension for certificates issued by your certificate authority
*/
interface CertificateAuthorityCrlDistributionPointExtensionConfigurationArgs {
/**
* Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to `true` , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.
*
* > Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.
* >
* > This configuration cannot be enabled with a custom CNAME set.
*/
omitExtension: pulumi.Input<boolean>;
}
/**
* Structure that contains CSR pass though extensions information.
*/
interface CertificateAuthorityCsrExtensionsArgs {
/**
* Indicates the purpose of the certificate and of the key contained in the certificate.
*/
keyUsage?: pulumi.Input<inputs.acmpca.CertificateAuthorityKeyUsageArgs>;
/**
* For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see [Subject Information Access](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2) in RFC 5280.
*/
subjectInformationAccess?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificateAuthorityAccessDescriptionArgs>[]>;
}
/**
* Structure that contains X.500 attribute type and value.
*/
interface CertificateAuthorityCustomAttributeArgs {
objectIdentifier: pulumi.Input<string>;
value: pulumi.Input<string>;
}
/**
* Structure that contains X.509 EdiPartyName information.
*/
interface CertificateAuthorityEdiPartyNameArgs {
nameAssigner?: pulumi.Input<string>;
partyName: pulumi.Input<string>;
}
/**
* Structure that contains X.509 GeneralName information. Assign one and ONLY one field.
*/
interface CertificateAuthorityGeneralNameArgs {
directoryName?: pulumi.Input<inputs.acmpca.CertificateAuthoritySubjectArgs>;
dnsName?: pulumi.Input<string>;
ediPartyName?: pulumi.Input<inputs.acmpca.CertificateAuthorityEdiPartyNameArgs>;
ipAddress?: pulumi.Input<string>;
otherName?: pulumi.Input<inputs.acmpca.CertificateAuthorityOtherNameArgs>;
registeredId?: pulumi.Input<string>;
rfc822Name?: pulumi.Input<string>;
uniformResourceIdentifier?: pulumi.Input<string>;
}
/**
* Structure that contains X.509 KeyUsage information.
*/
interface CertificateAuthorityKeyUsageArgs {
/**
* Key can be used to sign CRLs.
*/
crlSign?: pulumi.Input<boolean>;
/**
* Key can be used to decipher data.
*/
dataEncipherment?: pulumi.Input<boolean>;
/**
* Key can be used only to decipher data.
*/
decipherOnly?: pulumi.Input<boolean>;
/**
* Key can be used for digital signing.
*/
digitalSignature?: pulumi.Input<boolean>;
/**
* Key can be used only to encipher data.
*/
encipherOnly?: pulumi.Input<boolean>;
/**
* Key can be used in a key-agreement protocol.
*/
keyAgreement?: pulumi.Input<boolean>;
/**
* Key can be used to sign certificates.
*/
keyCertSign?: pulumi.Input<boolean>;
/**
* Key can be used to encipher data.
*/
keyEncipherment?: pulumi.Input<boolean>;
/**
* Key can be used for non-repudiation.
*/
nonRepudiation?: pulumi.Input<boolean>;
}
/**
* Helps to configure online certificate status protocol (OCSP) responder for your certificate authority
*/
interface CertificateAuthorityOcspConfigurationArgs {
/**
* Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
*/
enabled: pulumi.Input<boolean>;
/**
* By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.
*
* > The content of a Canonical Name (CNAME) record must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
*/
ocspCustomCname?: pulumi.Input<string>;
}
/**
* Structure that contains X.509 OtherName information.
*/
interface CertificateAuthorityOtherNameArgs {
typeId: pulumi.Input<string>;
value: pulumi.Input<string>;
}
/**
* Certificate Authority revocation information.
*/
interface CertificateAuthorityRevocationConfigurationArgs {
/**
* Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
*/
crlConfiguration?: pulumi.Input<inputs.acmpca.CertificateAuthorityCrlConfigurationArgs>;
/**
* Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
*/
ocspConfiguration?: pulumi.Input<inputs.acmpca.CertificateAuthorityOcspConfigurationArgs>;
}
/**
* Structure that contains X.500 distinguished name information for your CA.
*/
interface CertificateAuthoritySubjectArgs {
commonName?: pulumi.Input<string>;
country?: pulumi.Input<string>;
customAttributes?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificateAuthorityCustomAttributeArgs>[]>;
distinguishedNameQualifier?: pulumi.Input<string>;
generationQualifier?: pulumi.Input<string>;
givenName?: pulumi.Input<string>;
initials?: pulumi.Input<string>;
locality?: pulumi.Input<string>;
organization?: pulumi.Input<string>;
organizationalUnit?: pulumi.Input<string>;
pseudonym?: pulumi.Input<string>;
serialNumber?: pulumi.Input<string>;
state?: pulumi.Input<string>;
surname?: pulumi.Input<string>;
title?: pulumi.Input<string>;
}
/**
* Defines the X.500 relative distinguished name (RDN).
*/
interface CertificateCustomAttributeArgs {
/**
* Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
*/
objectIdentifier: pulumi.Input<string>;
/**
* Specifies the attribute value of relative distinguished name (RDN).
*/
value: pulumi.Input<string>;
}
/**
* Specifies the X.509 extension information for a certificate.
* Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough`` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).
*/
interface CertificateCustomExtensionArgs {
/**
* Specifies the critical flag of the X.509 extension.
*/
critical?: pulumi.Input<boolean>;
/**
* Specifies the object identifier (OID) of the X.509 extension. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29)
*/
objectIdentifier: pulumi.Input<string>;
/**
* Specifies the base64-encoded value of the X.509 extension.
*/
value: pulumi.Input<string>;
}
/**
* Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
*/
interface CertificateEdiPartyNameArgs {
/**
* Specifies the name assigner.
*/
nameAssigner: pulumi.Input<string>;
/**
* Specifies the party name.
*/
partyName: pulumi.Input<string>;
}
/**
* Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the ``KeyUsage`` extension.
*/
interface CertificateExtendedKeyUsageArgs {
/**
* Specifies a custom ``ExtendedKeyUsage`` with an object identifier (OID).
*/
extendedKeyUsageObjectIdentifier?: pulumi.Input<string>;
/**
* Specifies a standard ``ExtendedKeyUsage`` as defined as in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12).
*/
extendedKeyUsageType?: pulumi.Input<string>;
}
/**
* Contains X.509 extension information for a certificate.
*/
interface CertificateExtensionsArgs {
/**
* Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
* In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
*/
certificatePolicies?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificatePolicyInformationArgs>[]>;
/**
* Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29)
*/
customExtensions?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificateCustomExtensionArgs>[]>;
/**
* Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the ``KeyUsage`` extension.
*/
extendedKeyUsage?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificateExtendedKeyUsageArgs>[]>;
/**
* Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
*/
keyUsage?: pulumi.Input<inputs.acmpca.CertificateKeyUsageArgs>;
/**
* The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
*/
subjectAlternativeNames?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificateGeneralNameArgs>[]>;
}
/**
* Describes an ASN.1 X.400 ``GeneralName`` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280). Only one of the following naming options should be provided. Providing more than one option results in an ``InvalidArgsException`` error.
*/
interface CertificateGeneralNameArgs {
/**
* Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
*/
directoryName?: pulumi.Input<inputs.acmpca.CertificateSubjectArgs>;
/**
* Represents ``GeneralName`` as a DNS name.
*/
dnsName?: pulumi.Input<string>;
/**
* Represents ``GeneralName`` as an ``EdiPartyName`` object.
*/
ediPartyName?: pulumi.Input<inputs.acmpca.CertificateEdiPartyNameArgs>;
/**
* Represents ``GeneralName`` as an IPv4 or IPv6 address.
*/
ipAddress?: pulumi.Input<string>;
/**
* Represents ``GeneralName`` using an ``OtherName`` object.
*/
otherName?: pulumi.Input<inputs.acmpca.CertificateOtherNameArgs>;
/**
* Represents ``GeneralName`` as an object identifier (OID).
*/
registeredId?: pulumi.Input<string>;
/**
* Represents ``GeneralName`` as an [RFC 822](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc822) email address.
*/
rfc822Name?: pulumi.Input<string>;
/**
* Represents ``GeneralName`` as a URI.
*/
uniformResourceIdentifier?: pulumi.Input<string>;
}
/**
* Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
*/
interface CertificateKeyUsageArgs {
/**
* Key can be used to sign CRLs.
*/
crlSign?: pulumi.Input<boolean>;
/**
* Key can be used to decipher data.
*/
dataEncipherment?: pulumi.Input<boolean>;
/**
* Key can be used only to decipher data.
*/
decipherOnly?: pulumi.Input<boolean>;
/**
* Key can be used for digital signing.
*/
digitalSignature?: pulumi.Input<boolean>;
/**
* Key can be used only to encipher data.
*/
encipherOnly?: pulumi.Input<boolean>;
/**
* Key can be used in a key-agreement protocol.
*/
keyAgreement?: pulumi.Input<boolean>;
/**
* Key can be used to sign certificates.
*/
keyCertSign?: pulumi.Input<boolean>;
/**
* Key can be used to encipher data.
*/
keyEncipherment?: pulumi.Input<boolean>;
/**
* Key can be used for non-repudiation.
*/
nonRepudiation?: pulumi.Input<boolean>;
}
/**
* Defines a custom ASN.1 X.400 ``GeneralName`` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
*/
interface CertificateOtherNameArgs {
/**
* Specifies an OID.
*/
typeId: pulumi.Input<string>;
/**
* Specifies an OID value.
*/
value: pulumi.Input<string>;
}
/**
* Defines the X.509 ``CertificatePolicies`` extension.
*/
interface CertificatePolicyInformationArgs {
/**
* Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
*/
certPolicyId: pulumi.Input<string>;
/**
* Modifies the given ``CertPolicyId`` with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
*/
policyQualifiers?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificatePolicyQualifierInfoArgs>[]>;
}
/**
* Modifies the ``CertPolicyId`` of a ``PolicyInformation`` object with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
*/
interface CertificatePolicyQualifierInfoArgs {
/**
* Identifies the qualifier modifying a ``CertPolicyId``.
*/
policyQualifierId: pulumi.Input<string>;
/**
* Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
*/
qualifier: pulumi.Input<inputs.acmpca.CertificateQualifierArgs>;
}
/**
* Defines a ``PolicyInformation`` qualifier. AWS Private CA supports the [certification practice statement (CPS) qualifier](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280.
*/
interface CertificateQualifierArgs {
/**
* Contains a pointer to a certification practice statement (CPS) published by the CA.
*/
cpsUri: pulumi.Input<string>;
}
/**
* Contains information about the certificate subject. The ``Subject`` field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The ``Subject``must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
*/
interface CertificateSubjectArgs {
/**
* For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.
* Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
*/
commonName?: pulumi.Input<string>;
/**
* Two-digit code that specifies the country in which the certificate subject located.
*/
country?: pulumi.Input<string>;
/**
* Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
* Custom attributes cannot be used in combination with standard attributes.
*/
customAttributes?: pulumi.Input<pulumi.Input<inputs.acmpca.CertificateCustomAttributeArgs>[]>;
/**
* Disambiguating information for the certificate subject.
*/
distinguishedNameQualifier?: pulumi.Input<string>;
/**
* Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
*/
generationQualifier?: pulumi.Input<string>;
/**
* First name.
*/
givenName?: pulumi.Input<string>;
/**
* Concatenation that typically contains the first letter of the *GivenName*, the first letter of the middle name if one exists, and the first letter of the *Surname*.
*/
initials?: pulumi.Input<string>;
/**
* The locality (such as a city or town) in which the certificate subject is located.
*/
locality?: pulumi.Input<string>;
/**
* Legal name of the organization with which the certificate subject is affiliated.
*/
organization?: pulumi.Input<string>;
/**
* A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
*/
organizationalUnit?: pulumi.Input<string>;
/**
* Typically a shortened version of a longer *GivenName*. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
*/
pseudonym?: pulumi.Input<string>;
/**
* The certificate serial number.
*/
serialNumber?: pulumi.Input<string>;
/**
* State in which the subject of the certificate is located.
*/
state?: pulumi.Input<string>;
/**
* Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
*/
surname?: pulumi.Input<string>;
/**
* A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
*/
title?: pulumi.Input<string>;
}
/**
* Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years. You can issue a certificate by calling the ``IssueCertificate`` operation.
*/
interface CertificateValidityArgs {
/**
* Specifies whether the ``Value`` parameter represents days, months, or years.
*/
type: pulumi.Input<string>;
/**
* A long integer interpreted according to the value of ``Type``, below.
*/
value: pulumi.Input<number>;
}
}
export declare namespace aiops {
interface InvestigationGroupChatbotNotificationChannelArgs {
/**
* Returns the Amazon Resource Name (ARN) of any third-party chat integrations configured for the account.
*/
chatConfigurationArns?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Returns the ARN of an Amazon SNS topic used for third-party chat integrations.
*/
snsTopicArn?: pulumi.Input<string>;
}
interface InvestigationGroupCrossAccountConfigurationArgs {
/**
* The ARN of an existing role which will be used to do investigations on your behalf.
*/
sourceRoleArn?: pulumi.Input<string>;
}
interface InvestigationGroupEncryptionConfigMapArgs {
/**
* Displays whether investigation data is encrypted by a customer managed key or an AWS owned key.
*/
encryptionConfigurationType?: pulumi.Input<string>;
/**
* If the investigation group uses a customer managed key for encryption, this field displays the ID of that key.
*/
kmsKeyId?: pulumi.Input<string>;
}
}
export declare namespace amazonmq {
}
export declare namespace amplify {
interface AppAutoBranchCreationConfigArgs {
/**
* Automated branch creation glob patterns for the Amplify app.
*/
autoBranchCreationPatterns?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Sets password protection for your auto created branch.
*/
basicAuthConfig?: pulumi.Input<inputs.amplify.AppBasicAuthConfigArgs>;
/**
* The build specification (build spec) for the autocreated branch.
*/
buildSpec?: pulumi.Input<string>;
/**
* Enables automated branch creation for the Amplify app.
*/
enableAutoBranchCreation?: pulumi.Input<boolean>;
/**
* Enables auto building for the auto created branch.
*/
enableAutoBuild?: pulumi.Input<boolean>;
/**
* Enables performance mode for the branch.
*
* Performance mode optimizes for faster hosting performance by keeping content cached at the edge for a longer interval. When performance mode is enabled, hosting configuration or code changes can take up to 10 minutes to roll out.
*/
enablePerformanceMode?: pulumi.Input<boolean>;
/**
* Sets whether pull request previews are enabled for each branch that Amplify Hosting automatically creates for your app. Amplify creates previews by deploying your app to a unique URL whenever a pull request is opened for the branch. Development and QA teams can use this preview to test the pull request before it's merged into a production or integration branch.
*
* To provide backend support for your preview, Amplify Hosting automatically provisions a temporary backend environment that it deletes when the pull request is closed. If you want to specify a dedicated backend environment for your previews, use the `PullRequestEnvironmentName` property.
*
* For more information, see [Web Previews](https://docs.aws.amazon.com/amplify/latest/userguide/pr-previews.html) in the *AWS Amplify Hosting User Guide* .
*/
enablePullRequestPreview?: pulumi.Input<boolean>;
/**
* The environment variables for the autocreated branch.
*/
environmentVariables?: pulumi.Input<pulumi.Input<inputs.amplify.AppEnvironmentVariableArgs>[]>;
/**
* The framework for the autocreated branch.
*/
framework?: pulumi.Input<string>;
/**
* If pull request previews are enabled, you can use this property to specify a dedicated backend environment for your previews. For example, you could specify an environment named `prod` , `test` , or `dev` that you initialized with the Amplify CLI.
*
* To enable pull request previews, set the `EnablePullRequestPreview` property to `true` .
*
* If you don't specify an environment, Amplify Hosting provides backend support for each preview by automatically provisioning a temporary backend environment. Amplify deletes this environment when the pull request is closed.
*
* For more information about creating backend environments, see [Feature Branch Deployments and Team Workflows](https://docs.aws.amazon.com/amplify/latest/userguide/multi-environments.html) in the *AWS Amplify Hosting User Guide* .
*/
pullRequestEnvironmentName?: pulumi.Input<string>;
/**
* Stage for the auto created branch.
*/
stage?: pulumi.Input<enums.amplify.AppAutoBranchCreationConfigStage>;
}
interface AppBasicAuthConfigArgs {
/**
* Enables basic authorization for the Amplify app's branches.
*/
enableBasicAuth?: pulumi.Input<boolean>;
/**
* The password for basic authorization.
*/
password?: pulumi.Input<string>;
/**
* The user name for basic authorization.
*/
username?: pulumi.Input<string>;
}
interface AppCacheConfigArgs {
/**
* The type of cache configuration to use for an Amplify app.
*
* The `AMPLIFY_MANAGED` cache configuration automatically applies an optimized cache configuration for your app based on its platform, routing rules, and rewrite rules.
*
* The `AMPLIFY_MANAGED_NO_COOKIES` cache configuration type is the same as `AMPLIFY_MANAGED` , except that it excludes all cookies from the cache key. This is the default setting.
*/
type?: pulumi.Input<enums.amplify.AppCacheConfigType>;
}
interface AppCustomRuleArgs {
/**
* The condition for a URL rewrite or redirect rule, such as a country code.
*/
condition?: pulumi.Input<string>;
/**
* The source pattern for a URL rewrite or redirect rule.
*/
source: pulumi.Input<string>;
/**
* The status code for a URL rewrite or redirect rule.
*
* - **200** - Represents a 200 rewrite rule.
* - **301** - Represents a 301 (moved pemanently) redirect rule. This and all future requests should be directed to the target URL.
* - **302** - Represents a 302 temporary redirect rule.
* - **404** - Represents a 404 redirect rule.
* - **404-200** - Represents a 404 rewrite rule.
*/
status?: pulumi.Input<string>;
/**
* The target pattern for a URL rewrite or redirect rule.
*/
target: pulumi.Input<string>;
}
interface AppEnvironmentVariableArgs {
/**
* The environment variable name.
*/
name: pulumi.Input<string>;
/**
* The environment variable value.
*/
value: pulumi.Input<string>;
}
interface AppJobConfigArgs {
/**
* Specifies the size of the build instance. Amplify supports three instance sizes: `STANDARD_8GB` , `LARGE_16GB` , and `XLARGE_72GB` . If you don't specify a value, Amplify uses the `STANDARD_8GB` default.
*
* The following list describes the CPU, memory, and storage capacity for each build instance type:
*
* - **STANDARD_8GB** - - vCPUs: 4
* - Memory: 8 GiB
* - Disk space: 128 GB
* - **LARGE_16GB** - - vCPUs: 8
* - Memory: 16 GiB
* - Disk space: 128 GB
* - **XLARGE_72GB** - - vCPUs: 36
* - Memory: 72 GiB
* - Disk space: 256 GB
*/
buildComputeType: pulumi.Input<enums.amplify.AppJobConfigBuildComputeType>;
}
interface BranchBackendArgs {
/**
* The Amazon Resource Name (ARN) for the AWS CloudFormation stack.
*/
stackArn?: pulumi.Input<string>;
}
interface BranchBasicAuthConfigArgs {
/**
* Enables basic authorization for the branch.
*/
enableBasicAuth?: pulumi.Input<boolean>;
/**
* The password for basic authorization.
*/
password: pulumi.Input<string>;
username: pulumi.Input<string>;
}
interface BranchEnvironmentVariableArgs {
/**
* The environment variable name.
*/
name: pulumi.Input<string>;
/**
* The environment variable value.
*/
value: pulumi.Input<string>;
}
interface DomainCertificateSettingsArgs {
/**
* The certificate type.
*
* Specify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.
*
* Specify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N