@pulumi/aws-native
Version:
The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)
1,094 lines • 4.95 MB
TypeScript
import * as outputs from "../types/output";
import * as enums from "../types/enums";
/**
* A set of tags to apply to the resource.
*/
export interface CreateOnlyTag {
/**
* The key name of the tag
*/
key: string;
/**
* The value of the tag
*/
value: string;
}
/**
* A set of tags to apply to the resource.
*/
export interface Tag {
/**
* The key name of the tag
*/
key: string;
/**
* The value of the tag
*/
value: string;
}
export declare namespace accessanalyzer {
/**
* The criteria for an analysis rule for an analyzer.
*/
interface AnalyzerAnalysisRuleCriteria {
/**
* A list of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers.
*/
accountIds?: string[];
/**
* An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
*
* For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with aws:.
*
* For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.
*/
resourceTags?: outputs.accessanalyzer.AnalyzerTag[][];
}
/**
* An Access Analyzer archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
*/
interface AnalyzerArchiveRule {
/**
* The criteria for the rule.
*/
filter: outputs.accessanalyzer.AnalyzerFilter[];
/**
* The archive rule name
*/
ruleName: string;
}
/**
* The configuration for the analyzer
*/
interface AnalyzerConfigurationProperties {
/**
* Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment.
*/
internalAccessConfiguration?: outputs.accessanalyzer.AnalyzerInternalAccessConfiguration;
/**
* Specifies the configuration of an unused access analyzer for an AWS organization or account.
*/
unusedAccessConfiguration?: outputs.accessanalyzer.AnalyzerUnusedAccessConfiguration;
}
interface AnalyzerFilter {
/**
* A "contains" condition to match for the rule.
*/
contains?: string[];
/**
* An "equals" condition to match for the rule.
*/
eq?: string[];
/**
* An "exists" condition to match for the rule.
*/
exists?: boolean;
/**
* A "not equal" condition to match for the rule.
*/
neq?: string[];
/**
* The property used to define the criteria in the filter for the rule.
*/
property: string;
}
/**
* The criteria for an analysis rule for an internal access analyzer.
*/
interface AnalyzerInternalAccessAnalysisRuleCriteria {
/**
* A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.
*/
accountIds?: string[];
/**
* A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.
*/
resourceArns?: string[];
/**
* A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.
*/
resourceTypes?: string[];
}
/**
* Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates internal access within your AWS environment.
*/
interface AnalyzerInternalAccessConfiguration {
/**
* Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
*/
internalAccessAnalysisRule?: outputs.accessanalyzer.AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties;
}
/**
* Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.
*/
interface AnalyzerInternalAccessConfigurationInternalAccessAnalysisRuleProperties {
/**
* A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.
*/
inclusions?: outputs.accessanalyzer.AnalyzerInternalAccessAnalysisRuleCriteria[];
}
/**
* A key-value pair to associate with a resource.
*/
interface AnalyzerTag {
/**
* The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
*/
key: string;
/**
* The value for the tag. You can specify a value that is 0 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
*/
value?: string;
}
/**
* The Configuration for Unused Access Analyzer
*/
interface AnalyzerUnusedAccessConfiguration {
/**
* Contains information about rules for the analyzer.
*/
analysisRule?: outputs.accessanalyzer.AnalyzerUnusedAccessConfigurationAnalysisRuleProperties;
/**
* The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.
*/
unusedAccessAge?: number;
}
/**
* Contains information about rules for the analyzer.
*/
interface AnalyzerUnusedAccessConfigurationAnalysisRuleProperties {
/**
* A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.
*/
exclusions?: outputs.accessanalyzer.AnalyzerAnalysisRuleCriteria[];
}
}
export declare namespace acmpca {
/**
* Contains X.509 certificate information to be placed in an issued certificate. An ``APIPassthrough`` or ``APICSRPassthrough`` template variant must be selected, or else this parameter is ignored.
* If conflicting or duplicate certificate information is supplied from other sources, AWS Private CA applies [order of operation rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.
*/
interface CertificateApiPassthrough {
/**
* Specifies X.509 extension information for a certificate.
*/
extensions?: outputs.acmpca.CertificateExtensions;
/**
* Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
*/
subject?: outputs.acmpca.CertificateSubject;
}
/**
* Structure that contains X.509 AccessDescription information.
*/
interface CertificateAuthorityAccessDescription {
accessLocation: outputs.acmpca.CertificateAuthorityGeneralName;
accessMethod: outputs.acmpca.CertificateAuthorityAccessMethod;
}
/**
* Structure that contains X.509 AccessMethod information. Assign one and ONLY one field.
*/
interface CertificateAuthorityAccessMethod {
accessMethodType?: string;
customObjectIdentifier?: string;
}
/**
* Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.
*/
interface CertificateAuthorityCrlConfiguration {
/**
* Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
*/
crlDistributionPointExtensionConfiguration?: outputs.acmpca.CertificateAuthorityCrlDistributionPointExtensionConfiguration;
/**
* Specifies the type of CRL. This setting determines the maximum number of certificates that the certificate authority can issue and revoke. For more information, see [AWS Private CA quotas](https://docs.aws.amazon.com/general/latest/gr/pca.html#limits_pca) .
*
* - `COMPLETE` - The default setting. AWS Private CA maintains a single CRL file for all unexpired certificates issued by a CA that have been revoked for any reason. Each certificate that AWS Private CA issues is bound to a specific CRL through the CRL distribution point (CDP) defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
* - `PARTITIONED` - Compared to complete CRLs, partitioned CRLs dramatically increase the number of certificates your private CA can issue.
*
* > When using partitioned CRLs, you must validate that the CRL's associated issuing distribution point (IDP) URI matches the certificate's CDP URI to ensure the right CRL has been fetched. AWS Private CA marks the IDP extension as critical, which your client must be able to process.
*/
crlType?: string;
/**
* Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
*
* > The content of a Canonical Name (CNAME) record must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
*/
customCname?: string;
/**
* Designates a custom file path in S3 for CRL(s). For example, `http://<CustomName>/<CustomPath>/<CrlPartition_GUID>.crl` .
*/
customPath?: string;
/**
* Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the `CreateCertificateAuthority` operation or for an existing CA when you call the `UpdateCertificateAuthority` operation.
*/
enabled: boolean;
/**
* Validity period of the CRL in days.
*/
expirationInDays?: number;
/**
* Name of the S3 bucket that contains the CRL. If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) operation. You must specify a [bucket policy](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies) that allows AWS Private CA to write the CRL to your bucket.
*
* > The `S3BucketName` parameter must conform to the [S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) .
*/
s3BucketName?: string;
/**
* Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.
*
* If no value is specified, the default is PUBLIC_READ.
*
* *Note:* This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as `BUCKET_OWNER_FULL_CONTROL` , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either `BUCKET_OWNER_FULL_CONTROL` or `PUBLIC_READ` as the value.
*
* For more information, see [Blocking public access to the S3 bucket](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa) .
*/
s3ObjectAcl?: string;
}
/**
* Configures the default behavior of the CRL Distribution Point extension for certificates issued by your certificate authority
*/
interface CertificateAuthorityCrlDistributionPointExtensionConfiguration {
/**
* Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to `true` , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.
*
* > Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.
* >
* > This configuration cannot be enabled with a custom CNAME set.
*/
omitExtension: boolean;
}
/**
* Structure that contains CSR pass though extensions information.
*/
interface CertificateAuthorityCsrExtensions {
/**
* Indicates the purpose of the certificate and of the key contained in the certificate.
*/
keyUsage?: outputs.acmpca.CertificateAuthorityKeyUsage;
/**
* For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see [Subject Information Access](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2) in RFC 5280.
*/
subjectInformationAccess?: outputs.acmpca.CertificateAuthorityAccessDescription[];
}
/**
* Structure that contains X.500 attribute type and value.
*/
interface CertificateAuthorityCustomAttribute {
objectIdentifier: string;
value: string;
}
/**
* Structure that contains X.509 EdiPartyName information.
*/
interface CertificateAuthorityEdiPartyName {
nameAssigner?: string;
partyName: string;
}
/**
* Structure that contains X.509 GeneralName information. Assign one and ONLY one field.
*/
interface CertificateAuthorityGeneralName {
directoryName?: outputs.acmpca.CertificateAuthoritySubject;
dnsName?: string;
ediPartyName?: outputs.acmpca.CertificateAuthorityEdiPartyName;
ipAddress?: string;
otherName?: outputs.acmpca.CertificateAuthorityOtherName;
registeredId?: string;
rfc822Name?: string;
uniformResourceIdentifier?: string;
}
/**
* Structure that contains X.509 KeyUsage information.
*/
interface CertificateAuthorityKeyUsage {
/**
* Key can be used to sign CRLs.
*/
crlSign?: boolean;
/**
* Key can be used to decipher data.
*/
dataEncipherment?: boolean;
/**
* Key can be used only to decipher data.
*/
decipherOnly?: boolean;
/**
* Key can be used for digital signing.
*/
digitalSignature?: boolean;
/**
* Key can be used only to encipher data.
*/
encipherOnly?: boolean;
/**
* Key can be used in a key-agreement protocol.
*/
keyAgreement?: boolean;
/**
* Key can be used to sign certificates.
*/
keyCertSign?: boolean;
/**
* Key can be used to encipher data.
*/
keyEncipherment?: boolean;
/**
* Key can be used for non-repudiation.
*/
nonRepudiation?: boolean;
}
/**
* Helps to configure online certificate status protocol (OCSP) responder for your certificate authority
*/
interface CertificateAuthorityOcspConfiguration {
/**
* Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
*/
enabled: boolean;
/**
* By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.
*
* > The content of a Canonical Name (CNAME) record must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
*/
ocspCustomCname?: string;
}
/**
* Structure that contains X.509 OtherName information.
*/
interface CertificateAuthorityOtherName {
typeId: string;
value: string;
}
/**
* Certificate Authority revocation information.
*/
interface CertificateAuthorityRevocationConfiguration {
/**
* Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
*/
crlConfiguration?: outputs.acmpca.CertificateAuthorityCrlConfiguration;
/**
* Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
*/
ocspConfiguration?: outputs.acmpca.CertificateAuthorityOcspConfiguration;
}
/**
* Structure that contains X.500 distinguished name information for your CA.
*/
interface CertificateAuthoritySubject {
commonName?: string;
country?: string;
customAttributes?: outputs.acmpca.CertificateAuthorityCustomAttribute[];
distinguishedNameQualifier?: string;
generationQualifier?: string;
givenName?: string;
initials?: string;
locality?: string;
organization?: string;
organizationalUnit?: string;
pseudonym?: string;
serialNumber?: string;
state?: string;
surname?: string;
title?: string;
}
/**
* Defines the X.500 relative distinguished name (RDN).
*/
interface CertificateCustomAttribute {
/**
* Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
*/
objectIdentifier: string;
/**
* Specifies the attribute value of relative distinguished name (RDN).
*/
value: string;
}
/**
* Specifies the X.509 extension information for a certificate.
* Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough`` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).
*/
interface CertificateCustomExtension {
/**
* Specifies the critical flag of the X.509 extension.
*/
critical?: boolean;
/**
* Specifies the object identifier (OID) of the X.509 extension. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29)
*/
objectIdentifier: string;
/**
* Specifies the base64-encoded value of the X.509 extension.
*/
value: string;
}
/**
* Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
*/
interface CertificateEdiPartyName {
/**
* Specifies the name assigner.
*/
nameAssigner: string;
/**
* Specifies the party name.
*/
partyName: string;
}
/**
* Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the ``KeyUsage`` extension.
*/
interface CertificateExtendedKeyUsage {
/**
* Specifies a custom ``ExtendedKeyUsage`` with an object identifier (OID).
*/
extendedKeyUsageObjectIdentifier?: string;
/**
* Specifies a standard ``ExtendedKeyUsage`` as defined as in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12).
*/
extendedKeyUsageType?: string;
}
/**
* Contains X.509 extension information for a certificate.
*/
interface CertificateExtensions {
/**
* Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
* In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
*/
certificatePolicies?: outputs.acmpca.CertificatePolicyInformation[];
/**
* Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29)
*/
customExtensions?: outputs.acmpca.CertificateCustomExtension[];
/**
* Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the ``KeyUsage`` extension.
*/
extendedKeyUsage?: outputs.acmpca.CertificateExtendedKeyUsage[];
/**
* Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
*/
keyUsage?: outputs.acmpca.CertificateKeyUsage;
/**
* The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
*/
subjectAlternativeNames?: outputs.acmpca.CertificateGeneralName[];
}
/**
* Describes an ASN.1 X.400 ``GeneralName`` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280). Only one of the following naming options should be provided. Providing more than one option results in an ``InvalidArgsException`` error.
*/
interface CertificateGeneralName {
/**
* Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
*/
directoryName?: outputs.acmpca.CertificateSubject;
/**
* Represents ``GeneralName`` as a DNS name.
*/
dnsName?: string;
/**
* Represents ``GeneralName`` as an ``EdiPartyName`` object.
*/
ediPartyName?: outputs.acmpca.CertificateEdiPartyName;
/**
* Represents ``GeneralName`` as an IPv4 or IPv6 address.
*/
ipAddress?: string;
/**
* Represents ``GeneralName`` using an ``OtherName`` object.
*/
otherName?: outputs.acmpca.CertificateOtherName;
/**
* Represents ``GeneralName`` as an object identifier (OID).
*/
registeredId?: string;
/**
* Represents ``GeneralName`` as an [RFC 822](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc822) email address.
*/
rfc822Name?: string;
/**
* Represents ``GeneralName`` as a URI.
*/
uniformResourceIdentifier?: string;
}
/**
* Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
*/
interface CertificateKeyUsage {
/**
* Key can be used to sign CRLs.
*/
crlSign?: boolean;
/**
* Key can be used to decipher data.
*/
dataEncipherment?: boolean;
/**
* Key can be used only to decipher data.
*/
decipherOnly?: boolean;
/**
* Key can be used for digital signing.
*/
digitalSignature?: boolean;
/**
* Key can be used only to encipher data.
*/
encipherOnly?: boolean;
/**
* Key can be used in a key-agreement protocol.
*/
keyAgreement?: boolean;
/**
* Key can be used to sign certificates.
*/
keyCertSign?: boolean;
/**
* Key can be used to encipher data.
*/
keyEncipherment?: boolean;
/**
* Key can be used for non-repudiation.
*/
nonRepudiation?: boolean;
}
/**
* Defines a custom ASN.1 X.400 ``GeneralName`` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
*/
interface CertificateOtherName {
/**
* Specifies an OID.
*/
typeId: string;
/**
* Specifies an OID value.
*/
value: string;
}
/**
* Defines the X.509 ``CertificatePolicies`` extension.
*/
interface CertificatePolicyInformation {
/**
* Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
*/
certPolicyId: string;
/**
* Modifies the given ``CertPolicyId`` with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
*/
policyQualifiers?: outputs.acmpca.CertificatePolicyQualifierInfo[];
}
/**
* Modifies the ``CertPolicyId`` of a ``PolicyInformation`` object with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
*/
interface CertificatePolicyQualifierInfo {
/**
* Identifies the qualifier modifying a ``CertPolicyId``.
*/
policyQualifierId: string;
/**
* Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
*/
qualifier: outputs.acmpca.CertificateQualifier;
}
/**
* Defines a ``PolicyInformation`` qualifier. AWS Private CA supports the [certification practice statement (CPS) qualifier](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280.
*/
interface CertificateQualifier {
/**
* Contains a pointer to a certification practice statement (CPS) published by the CA.
*/
cpsUri: string;
}
/**
* Contains information about the certificate subject. The ``Subject`` field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The ``Subject``must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
*/
interface CertificateSubject {
/**
* For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.
* Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
*/
commonName?: string;
/**
* Two-digit code that specifies the country in which the certificate subject located.
*/
country?: string;
/**
* Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier).
* Custom attributes cannot be used in combination with standard attributes.
*/
customAttributes?: outputs.acmpca.CertificateCustomAttribute[];
/**
* Disambiguating information for the certificate subject.
*/
distinguishedNameQualifier?: string;
/**
* Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
*/
generationQualifier?: string;
/**
* First name.
*/
givenName?: string;
/**
* Concatenation that typically contains the first letter of the *GivenName*, the first letter of the middle name if one exists, and the first letter of the *Surname*.
*/
initials?: string;
/**
* The locality (such as a city or town) in which the certificate subject is located.
*/
locality?: string;
/**
* Legal name of the organization with which the certificate subject is affiliated.
*/
organization?: string;
/**
* A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
*/
organizationalUnit?: string;
/**
* Typically a shortened version of a longer *GivenName*. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
*/
pseudonym?: string;
/**
* The certificate serial number.
*/
serialNumber?: string;
/**
* State in which the subject of the certificate is located.
*/
state?: string;
/**
* Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
*/
surname?: string;
/**
* A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
*/
title?: string;
}
/**
* Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years. You can issue a certificate by calling the ``IssueCertificate`` operation.
*/
interface CertificateValidity {
/**
* Specifies whether the ``Value`` parameter represents days, months, or years.
*/
type: string;
/**
* A long integer interpreted according to the value of ``Type``, below.
*/
value: number;
}
}
export declare namespace aiops {
interface InvestigationGroupChatbotNotificationChannel {
/**
* Returns the Amazon Resource Name (ARN) of any third-party chat integrations configured for the account.
*/
chatConfigurationArns?: string[];
/**
* Returns the ARN of an Amazon SNS topic used for third-party chat integrations.
*/
snsTopicArn?: string;
}
interface InvestigationGroupCrossAccountConfiguration {
/**
* The ARN of an existing role which will be used to do investigations on your behalf.
*/
sourceRoleArn?: string;
}
interface InvestigationGroupEncryptionConfigMap {
/**
* Displays whether investigation data is encrypted by a customer managed key or an AWS owned key.
*/
encryptionConfigurationType?: string;
/**
* If the investigation group uses a customer managed key for encryption, this field displays the ID of that key.
*/
kmsKeyId?: string;
}
}
export declare namespace amazonmq {
}
export declare namespace amplify {
interface AppAutoBranchCreationConfig {
/**
* Automated branch creation glob patterns for the Amplify app.
*/
autoBranchCreationPatterns?: string[];
/**
* Sets password protection for your auto created branch.
*/
basicAuthConfig?: outputs.amplify.AppBasicAuthConfig;
/**
* The build specification (build spec) for the autocreated branch.
*/
buildSpec?: string;
/**
* Enables automated branch creation for the Amplify app.
*/
enableAutoBranchCreation?: boolean;
/**
* Enables auto building for the auto created branch.
*/
enableAutoBuild?: boolean;
/**
* Enables performance mode for the branch.
*
* Performance mode optimizes for faster hosting performance by keeping content cached at the edge for a longer interval. When performance mode is enabled, hosting configuration or code changes can take up to 10 minutes to roll out.
*/
enablePerformanceMode?: boolean;
/**
* Sets whether pull request previews are enabled for each branch that Amplify Hosting automatically creates for your app. Amplify creates previews by deploying your app to a unique URL whenever a pull request is opened for the branch. Development and QA teams can use this preview to test the pull request before it's merged into a production or integration branch.
*
* To provide backend support for your preview, Amplify Hosting automatically provisions a temporary backend environment that it deletes when the pull request is closed. If you want to specify a dedicated backend environment for your previews, use the `PullRequestEnvironmentName` property.
*
* For more information, see [Web Previews](https://docs.aws.amazon.com/amplify/latest/userguide/pr-previews.html) in the *AWS Amplify Hosting User Guide* .
*/
enablePullRequestPreview?: boolean;
/**
* The environment variables for the autocreated branch.
*/
environmentVariables?: outputs.amplify.AppEnvironmentVariable[];
/**
* The framework for the autocreated branch.
*/
framework?: string;
/**
* If pull request previews are enabled, you can use this property to specify a dedicated backend environment for your previews. For example, you could specify an environment named `prod` , `test` , or `dev` that you initialized with the Amplify CLI.
*
* To enable pull request previews, set the `EnablePullRequestPreview` property to `true` .
*
* If you don't specify an environment, Amplify Hosting provides backend support for each preview by automatically provisioning a temporary backend environment. Amplify deletes this environment when the pull request is closed.
*
* For more information about creating backend environments, see [Feature Branch Deployments and Team Workflows](https://docs.aws.amazon.com/amplify/latest/userguide/multi-environments.html) in the *AWS Amplify Hosting User Guide* .
*/
pullRequestEnvironmentName?: string;
/**
* Stage for the auto created branch.
*/
stage?: enums.amplify.AppAutoBranchCreationConfigStage;
}
interface AppBasicAuthConfig {
/**
* Enables basic authorization for the Amplify app's branches.
*/
enableBasicAuth?: boolean;
/**
* The password for basic authorization.
*/
password?: string;
/**
* The user name for basic authorization.
*/
username?: string;
}
interface AppCacheConfig {
/**
* The type of cache configuration to use for an Amplify app.
*
* The `AMPLIFY_MANAGED` cache configuration automatically applies an optimized cache configuration for your app based on its platform, routing rules, and rewrite rules.
*
* The `AMPLIFY_MANAGED_NO_COOKIES` cache configuration type is the same as `AMPLIFY_MANAGED` , except that it excludes all cookies from the cache key. This is the default setting.
*/
type?: enums.amplify.AppCacheConfigType;
}
interface AppCustomRule {
/**
* The condition for a URL rewrite or redirect rule, such as a country code.
*/
condition?: string;
/**
* The source pattern for a URL rewrite or redirect rule.
*/
source: string;
/**
* The status code for a URL rewrite or redirect rule.
*
* - **200** - Represents a 200 rewrite rule.
* - **301** - Represents a 301 (moved pemanently) redirect rule. This and all future requests should be directed to the target URL.
* - **302** - Represents a 302 temporary redirect rule.
* - **404** - Represents a 404 redirect rule.
* - **404-200** - Represents a 404 rewrite rule.
*/
status?: string;
/**
* The target pattern for a URL rewrite or redirect rule.
*/
target: string;
}
interface AppEnvironmentVariable {
/**
* The environment variable name.
*/
name: string;
/**
* The environment variable value.
*/
value: string;
}
interface AppJobConfig {
/**
* Specifies the size of the build instance. Amplify supports three instance sizes: `STANDARD_8GB` , `LARGE_16GB` , and `XLARGE_72GB` . If you don't specify a value, Amplify uses the `STANDARD_8GB` default.
*
* The following list describes the CPU, memory, and storage capacity for each build instance type:
*
* - **STANDARD_8GB** - - vCPUs: 4
* - Memory: 8 GiB
* - Disk space: 128 GB
* - **LARGE_16GB** - - vCPUs: 8
* - Memory: 16 GiB
* - Disk space: 128 GB
* - **XLARGE_72GB** - - vCPUs: 36
* - Memory: 72 GiB
* - Disk space: 256 GB
*/
buildComputeType: enums.amplify.AppJobConfigBuildComputeType;
}
interface BranchBackend {
/**
* The Amazon Resource Name (ARN) for the AWS CloudFormation stack.
*/
stackArn?: string;
}
interface BranchBasicAuthConfig {
/**
* Enables basic authorization for the branch.
*/
enableBasicAuth?: boolean;
/**
* The password for basic authorization.
*/
password: string;
username: string;
}
interface BranchEnvironmentVariable {
/**
* The environment variable name.
*/
name: string;
/**
* The environment variable value.
*/
value: string;
}
interface DomainCertificate {
/**
* The Amazon resource name (ARN) for a custom certificate that you have already added to AWS Certificate Manager in your AWS account .
*
* This field is required only when the certificate type is `CUSTOM` .
*/
certificateArn?: string;
/**
* The type of SSL/TLS certificate that you want to use.
*
* Specify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.
*
* Specify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .
*/
certificateType?: enums.amplify.DomainCertificateCertificateType;
/**
* The DNS record for certificate verification.
*/
certificateVerificationDnsRecord?: string;
}
interface DomainCertificateSettings {
/**
* The certificate type.
*
* Specify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.
*
* Specify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .
*/
certificateType?: enums.amplify.DomainCertificateSettingsCertificateType;
/**
* The Amazon resource name (ARN) for the custom certificate that you have already added to AWS Certificate Manager in your AWS account .
*
* This field is required only when the certificate type is `CUSTOM` .
*/
customCertificateArn?: string;
}
interface DomainSubDomainSetting {
/**
* The branch name setting for the subdomain.
*
* *Length Constraints:* Minimum length of 1. Maximum length of 255.
*
* *Pattern:* (?s).+
*/
branchName: string;
/**
* The prefix setting for the subdomain.
*/
prefix: string;
}
}
export declare namespace amplifyuibuilder {
interface ComponentActionParameters {
/**
* The HTML anchor link to the location to open. Specify this value for a navigation action.
*/
anchor?: outputs.amplifyuibuilder.ComponentProperty;
/**
* A dictionary of key-value pairs mapping Amplify Studio properties to fields in a data model. Use when the action performs an operation on an Amplify DataStore model.
*/
fields?: {
[key: string]: outputs.amplifyuibuilder.ComponentProperty;
};
/**
* Specifies whether the user should be signed out globally. Specify this value for an auth sign out action.
*/
global?: outputs.amplifyuibuilder.ComponentProperty;
/**
* The unique ID of the component that the `ActionParameters` apply to.
*/
id?: outputs.amplifyuibuilder.ComponentProperty;
/**
* The name of the data model. Use when the action performs an operation on an Amplify DataStore model.
*/
model?: string;
/**
* A key-value pair that specifies the state property name and its initial value.
*/
state?: outputs.amplifyuibuilder.ComponentMutationActionSetStateParameter;
/**
* The element within the same component to modify when the action occurs.
*/
target?: outputs.amplifyuibuilder.ComponentProperty;
/**
* The type of navigation action. Valid values are `url` and `anchor` . This value is required for a navigation action.
*/
type?: outputs.amplifyuibuilder.ComponentProperty;
/**
* The URL to the location to open. Specify this value for a navigation action.
*/
url?: outputs.amplifyuibuilder.ComponentProperty;
}
interface ComponentBindingPropertiesValue {
/**
* Describes the properties to customize with data at runtime.
*/
bindingProperties?: outputs.amplifyuibuilder.ComponentBindingPropertiesValueProperties;
/**
* The default value of the property.
*/
defaultValue?: string;
/**
* The property type.
*/
type?: string;
}
interface ComponentBindingPropertiesValueProperties {
/**
* An Amazon S3 bucket.
*/
bucket?: string;
/**
* The default value to assign to the property.
*/
defaultValue?: string;
/**
* The field to bind the data to.
*/
field?: string;
/**
* The storage key for an Amazon S3 bucket.
*/
key?: string;
/**
* An Amplify DataStore model.
*/
model?: string;
/**
* A list of predicates for binding a component's properties to data.
*/
predicates?: outputs.amplifyuibuilder.ComponentPredicate[];
/**
* The name of a component slot.
*/
slotName?: string;
/**
* An authenticated user attribute.
*/
userAttribute?: string;
}
interface ComponentChild {
/**
* The list of `ComponentChild` instances for this component.
*/
children?: outputs.amplifyuibuilder.ComponentChild[];
/**
* The type of the child component.
*/
componentType: string;
/**
* Describes the events that can be raised on the child component. Use for the workflow feature in Amplify Studio that allows you to bind events and actions to components.
*/
events?: {
[key: string]: outputs.amplifyuibuilder.ComponentEvent;
};
/**
* The name of the child component.
*/
name: string;
/**
* Describes the properties of the child component. You can't specify `tags` as a valid property for `properties` .
*/
properties: {
[key: string]: outputs.amplifyuibuilder.ComponentProperty;
};
/**
* The unique ID of the child component in its original source system, such as Figma.
*/
sourceId?: string;
}
interface ComponentConditionProperty {
/**
* The value to assign to the property if the condition is not met.
*/
else?: outputs.amplifyuibuilder.ComponentProperty;
/**
* The name of a field. Specify this when the property is a data model.
*/
field?: string;
/**
* The value of the property to evaluate.
*/
operand?: string;
/**
* The type of the property to evaluate.
*/
operandType?: string;
/**
* The operator to use to perform the evaluation, such as `eq` to represent equals.
*/
operator?: string;
/**
* The name of the conditional property.
*/
property?: string;
/**
* The value to assign to the property if the condition is met.
*/
then?: outputs.amplifyuibuilder.ComponentProperty;
}
interface ComponentDataConfiguration {
/**
* A list of IDs to use to bind data to a component. Use this property to bind specifically chosen data, rather than data retrieved from a query.
*/
identifiers?: string[];
/**
* The name of the data model to use to bind data to a component.
*/
model: string;
/**
* Represents the conditional logic to use when binding data to a component. Use this property to retrieve only a subset of the data in a collection.
*/
predicate?: outputs.amplifyuibuilder.ComponentPredicate;
/**
* Describes how to sort the component's properties.
*/
sort?: outputs.amplifyuibuilder.Compon