Netskope

AWS Entities supported in DSL

Compute

Configuration Management

Database

Identity

Management

Messaging

Network

Networking

Security

Storage

Attribute Type Description
id string Account Number
Name string Account Display Name
AccountName string Account Name
AccountId string Account ID
Status string Account status
Attribute Type Description
id string Bucket name
Name string Bucket name
RegionName string Name of region in which the Bucket resides
RegionId string ID of region in which the Bucket resides
AccountName string Name of account containing the Bucket
AccountId string ID of account containing the Bucket
Size number Size of the bucket in Bytes.
Owner string S3 Resource owner.
RBACOwner list RBACOwner
LoggingEnabled boolean Whether access logging is enabled
ACL list Access control policies for the Bucket
 Permission string Permission. Possible values are 'FULL_CONTROL', 'WRITE', 'WRITE_ACP', 'READ' and 'READ_ACP'
 Grantee sequence Grantee
  DisplayName string Screen name of the grantee
  EmailAddress string Email address of the grantee
  ID string The canonical user ID of the grantee
  Type string Type of grantee
  URI string URI of the grantee group
BucketVersioning sequence Versioning state of the Bucket
 Status string Versioning state of the Bucket. Possible value 'Enabled' and 'Suspended'
 MFADelete string Whether MFA required on Bucket deletion
DefaultEncryption string Whether Server Side Encrption has been configured for the Bucket
CreationDate number Creation date
EncryptionType string Type of Encryption
Access string Public or Private
BlockPublicAccess sequence BlockPublicAccess
 IgnorePublicAcls string IgnorePublicAcl
 BlockPublicPolicy string BlockPublicPolicy
 BlockPublicAcls string BlockPublicAcls
 RestrictPublicBuckets string IgnorePublicAcl
BucketPolicyAccess string BucketPolicyAccess
BucketAclAccess string BucketAclAccess
Tags list Tags assigned to the Bucket
 Name string Tag key
 Value string Tag value
BucketPolicy list Bucket Policy
 Id string Id of the policy
 Version string Policy version
 Statement list statements of policy
  Sid string Id of statement
  Action list Policy action
  Effect string Effect. Possible values are 'Allow' and 'Deny'
  Principal list Policy principal
  Conditions list Condition for owner or ARN
   Condition string Conditon type
   Name string Key name
   Value list Key Value
CORS list CORS of the Bucket
 CORSRules list CORS Rules for Bucket
  AllowedHeaders list Allowed Headers for Rules
  AllowedMethods list Allowed Methods for Rules
  AllowedOrigins list Allowed origins for Rules
LifeCycleConfigRules list Lifecycle configuration information set on the bucket
 ID string Unique identifier for the rule. The value cannot be longer than 255 characters
 Filter sequence The Filter is used to identify objects that a Lifecycle Rule applies to. A Filter must have exactly one of Prefix , Tag , or And specified. Filter is required if the LifecycleRule does not containt a Prefix element
  Prefix string Prefix identifying one or more objects to which the rule applies
  Tag sequence This tag must exist in the object's tag set in order for the rule to apply
   Key string Name of the object key
   Value string Value of the tag
  And sequence This is used in a Lifecycle Rule Filter to apply a logical AND to two or more predicates. The Lifecycle Rule will apply to any object matching all of the predicates configured inside the And operator
   Prefix string Prefix identifying one or more objects to which the rule applies
   Tags list This tag must exist in the object's tag set in order for the rule to apply
    Key string Name of the object key
    Value string Value of the tag
 Status string If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
 Transitions list Specifies when an Amazon S3 object transitions to a specified storage class
  Days number Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
  StorageClass string The storage class to which you want the object to transition
  Date number Indicates when objects are transitioned to the specified storage class.
 NoncurrentVersionTransitions list Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
  NoncurrentDays number Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action.
  StorageClass string The class of storage used to store the object.
 NoncurrentVersionExpiration sequence Specifies when noncurrent object versions expire. Upon expiration, Amazon S3 permanently deletes the noncurrent object versions.
  NoncurrentDays number Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action.
 AbortIncompleteMultipartUpload sequence Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.
  DaysAfterInitiation number Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.
 Expiration sequence Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
  Days number Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
  ExpiredObjectDeleteMarker boolean Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired; if set to false the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy
  Date number Indicates at what date the object is to be moved or deleted.
Attribute Type Description
id string ID of the Instance
Name string ID of the Instance
RegionName string Name of region in which the Instance resides
RegionId string ID of region in which the Instance resides
AccountName string Name of account containing the Instance
AccountId string ID of account containing the Instance
Tags list Tags assigned to the Instance
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
AvailabilityZone string Availability zone of the Instance
Type string Instance Type
Status string Current state of the Instance
VPC Reference to VPC VPC in which the Instance is running
PrivateIPv4 list Private IPv4 addresses assigned to the network interfaces of the Instance
PrivateIPv6 list Private IPv6 addresses assigned to the network interfaces of the Instance
PublicIPv4 list Public IPv4 address assigned to the network interfaces of the Instance
PublicDNS list Public DNS Names
PrivateDNS list Private DNS Names
Subnets Reference to Subnet Subnets to which network interfaces of the Instance belong to
LaunchTime number Time the Instance was launched
NetworkInterfaces Reference to NetworkInterface Network Interfaces of the Instance
SecurityGroups Reference to SecurityGroup SecurityGroups to which network interfaces of the Instance are assigned to
Image Reference to Image Image used to launch the Instance
Volumes Reference to Volume Elastic Block Devices attached to the Instance
IAMInstanceProfile sequence IAM Instance profile associated with the Instance
 id string IAM Instance profile ARN
 Roles list Roles
  id string Role Arn
Monitoring boolean Whether monitoring enabled for the Instance
Platform string Value is Windows for Windows instances; otherwise blank
ReservationId string Reservation ID
Attribute Type Description
id string ID of the AMI
Name string Name of the AMI
RegionName string Name of region in which the AMI exists
RegionId string ID of region in which the AMI exists
AccountName string Name of account containing the AMI
AccountId string ID of account containing the AMI
Tags list Tags assigned to the Image
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
Type string Image Type
Status string Current state of the AMI
Public boolean Whether the Image has public launch permissions
Platform string Value is 'Windows' for Windows AMIs; otherwise blank
UnknownAccountExposure boolean Whether the Image has public launch permissions
Attribute Type Description
id string Volume ID
Name string Volume ID
RegionName string Name of region in which the Volume resides
RegionId string ID of region in which the Volume resides
AccountName string Name of account containing the Volume
AccountId string ID of account containing the Volume
Tags list Tags assigned to the Image
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
AvailabilityZone string Availability zone for the Volume
Type string Volume Type.
Status string State of Volume
Size number Size of Volume in GBs
Encrypted boolean Whether the Volume will be encrypted
Attachments list Attachments of the Volume
 AttachTime number Attach time
 Device string Device to which Volume is attached
 InstanceId string EC2Instance Id
 State string State of the Volume
 DeleteOnTermination boolean Whether delete on termination is enabled
SnapshotId string The ID of the snapshot for the volume. May reference a deleted snapshot.
Snapshot Reference to Snapshots Snapshot of the Volume. May be null if SnapshotId references a deleted snapshot.
Attribute Type Description
id string Identifier of the RDS Instance
Name string Name of the RDS Instance
RegionName string Name of region in which the RDS Instance resides
RegionId string ID of region in which the RDS Instance resides
AccountName string Name of account containing the RDS Instance
AccountId string ID of account containing the RDS Instance
Tags list Tags assigned to the RDS Instance
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
LatestRestorableTime number Specifies the latest time to which a database can be restored with point-in-time restore.
KMSKey Reference to KMSKey KMS key identifier for the encrypted DB instance.
Type string Database engine used for the RDS Instance
Status string Status of the RDS Instance
ComputeClass string Compute and memory capacity of the RDS Instance
VPC Reference to VPC VPC for the RDS Instance
Subnets Reference to Subnet Subnets for the RDS Instance
Access string Public or Private
AvailabilityZone string Availability Zone for RDS Instance
MultiAZ boolean Whether RDS Instance in available in multiple availability zones
AutoMinorVersionUpgrade boolean Whether minor engine upgrades are automatically applied to the RDS Instance
BackupRetentionPeriod number Retention period in days for backup of the RDS Instance
StorageEncrypted boolean Specifies whether the DB instance is encrypted
Snapshots list Snapshots of the RDS Instance
 DBSnapshotIdentifier string Name of the RDS Instance
 Encrypted boolean Whether the Snapshot is encrypted
 PubliclyAccessible boolean Whether the Snapshot is publicly accessible
MonitoringInterval number The interval in seconds for enhanced monitoring
SubnetGroups sequence DB Subnet Group
 DBSubnetGroupName string Subnet Group Name
 DBSubnetGroupDescription string Subnet Group Description
 VPC Reference to VPC VPC
 SubnetGroupStatus string Subnet Group Status
 Subnets list Subnets
  SubnetIdentifier string Subnet id
  SubnetAvailabilityZone string Subnet Availability Zone
  SubnetStatus string Subnet Status
 DBSubnetGroupArn string Subnet Group Arn
Attribute Type Description
id string Identifier of the Cluster
Name string Name of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
Tags list Tags assigned to the Cluster
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
Status string Status of the Cluster
ComputeClass string Compute Class for nodes in the Cluster
VPC Reference to VPC VPC for the Cluster
Subnets Reference to Subnet Subnets for the Cluster
Access string Public or Private
AvailabilityZone string Availability Zone of the Cluster
Encrypted boolean Whether encryption is enabled
AutomatedSnapshotRetentionPeriod number Retention period in days for automated snapshot for the Cluster
LoggingEnabled boolean Whether access logging is enabled
Port number port number
KMSKey Reference to KMSKey KMS key used for encryption
AllowVersionUpgrade boolean Whether major version upgrades are automatically applied to the Cluster
ClusterParameterGroups list Parameter Groups associated with the Cluster
 id string ID
 NumWlmConfigs number Number of WLM configs for this cluster parameter group
 ClusterParameterGroup list Cluster Parameter Group
  ParameterName string Name of the parameter
  ParameterValue string Value of the parameter
Attribute Type Description
id string vpc id
Name string vpc name
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
Tags list Tags properties
 Name string Key
 Value string Value
Status string State of VPC
NetworkACLs Reference to NetworkACL Network ACL
Subnets Reference to Subnet Subnets
InternetGateways list Internet Gateways
 id string Internet Gateways
NATGateways list NAT Gateways
 id string NAT Gateways
PeeringConnections list Peering Connections
 id string Peer Connections
RouteTables Reference to RouteTable Route Tables
FlowLogs Reference to VPCFlow Flow Logs
SecurityGroups Reference to SecurityGroup Security Groups
Endpoints list Endpoints
CidrBlock ip CidrBlock
IPv6CidrBlock list CidrBlock
DHCPOptions string DHCP Options
DnsHostnameEnabled boolean Enables public DNS hostnames in the VPC
DnsSupportEnabled boolean Enables DNS resolution in the VPC
IsDefault boolean Indicates whether the VPC is the default VPC
Attribute Type Description
id string ID of the Security Group
Name string Name of the Security Group
RegionName string Name of region in which the Security Group resides
RegionId string ID of region in which teh Security Group resides
AccountName string Name of account containing the Security Group
AccountId string ID of account containing the Security Group
Tags list Tags associated with the Security Group
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
VPC Reference to VPC VPC for the Security Group
EC2Instances Reference to EC2Instance EC2 Instances that the Security Group applies to
NetworkInterfaces Reference to NetworkInterface Network Interfaces that the Security Group applies to
InboundRules list Inbound rules of the Security Group
 FromPort number Starting port number
 ToPort number Ending port number
 Protocol string IP protocol name or number
 IPRanges list IPv4 ranges
  IP ip IPv4 CIDR range
  Description string Description for the Security Group rule that references this IPv4 address range
 IPv6Ranges list IPv6 ranges
  IPv6 ip IPv6 (cidr format)
  Description string Description for the security group rule that references this IPv6 address range
OutboundRules list Outbound rules of the Security Group
 FromPort number Starting port number
 ToPort number Ending port number
 Protocol string IP protocol name or number
 IPRanges list IPv4 ranges
  IP ip IPv4 CIDR range
  Description string Description for the security group rule that references this IPv4 address range
 IPv6Ranges list IPv6 ranges
  IPv6 ip IPv6 (cidr format)
  Description string Description for the security group rule that references this IPv6 address range
Attribute Type Description
id string ID of the Subnet
Name string Name
RegionName string Subnet Region Name
RegionId string Subnet Region ID
AccountName string AWS Account Name
AccountId string AWS Account ID
Tags list Tags associated with Subnet
 Name string Key
 Value string Value
CreationDate number Subnet creation timestamp
VPC Reference to VPC VPC id
Status string Status of the Subnet
AvailabilityZone string Availability Zone
CidrBlock ip Cidr Block
IPv6CidrBlock list CidrBlock
Attribute Type Description
id string ID of the Network Interface
Name string Name of the Network Interface
RegionName string Name of region in which the Network Interface resides
RegionId string ID of region in which the Network Interface resides
AccountName string Name of account containing the Network Interface
AccountId string ID of account containing the Network Interface
Type string Type of interface. Possible values are 'interface' and 'natGateway'
Tags list Tags associated with the Network Interface
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
VPC Reference to VPC VPC for the Network Interface
Subnet Reference to Subnet Subnet for the Network Interface
Status string State of the Network Interface
AvailabilityZone string Availability Zone for the Network Interface
SecurityGroups Reference to SecurityGroup Security Groups for the Network Interface
PrivateIpAddress list Private IPv4 addresses of the Network Interface
PrivateDnsName list Private DNS
Attribute Type Description
id string ID of the Route Table
Name string ID of the route table
RegionName string Name of region in which the Route Table resides
RegionId string ID of region in which the Route Table resides
AccountName string Name of account containing the Route Table
AccountId string ID of account containing the Route Table
Tags list Tags associated with the Route Table
 Name string Tag key
 Value string Tag value
VPC Reference to VPC VPC for the Route Table
Subnets Reference to Subnet Subnets for the Route Table
Routes list Routes in the Route Table
 DestinationCidrBlock ip IPv4 CIDR block for destination match
 DestinationIPv6CidrBlock ip IPv6 CIDR block for destination match
 State string State of the route entry
 VPCPeeringConnection sequence VPC peering connection for the route entry
  id string ID
Attribute Type Description
id string ID of the Network ACL
Name string Name of the Network ACL
RegionName string Name of region in which the Network ACL resides
RegionId string ID of region in which the Network ACL resides
AccountName string Name of account containing the Network ACL
AccountId string ID of account containing the Network ACL
Tags list Tags assigned to the Network ACL
 Name string Tag key
 Value string Tag value
VPC Reference to VPC VPC for the Network ACL
Subnets Reference to Subnet Subnets associated with theh Network ACL
IsDefault boolean Whether this is the default Network ACL for the VPC
Rules list Rule Entries in the Network ACL
 RuleNumber number Rule number of the entry
 Protocol string Protocol
 Egress boolean Whether egress rule
 CidrBlock ip IPV4 network range
 RuleAction string Action to take. Allow or Deny
 FromPort number Starting port number
 ToPort number Ending port number
Attribute Type Description
id string Amazon Resource Number of the Load Balancer
Name string Name of the Load Balancer
RegionName string Name of region in which the Load Balancer resides
RegionId string ID of region in which the Load Balancer resides
AccountName string Name of account containing the Load Balancer
AccountId string ID of account containing the Load Balancer
Tags list Tags assigned to the Load Balancer
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
Status string State of the Load Balancer
Scheme string Scheme of the Load Balancer
Type string Type of the Load Balancer. Possible values are 'application' and 'network'
VPC Reference to VPC VPC for the Load Balancer
Subnets Reference to Subnet Subnets for the Load Balancer
SecurityGroups Reference to SecurityGroup Security groups for the Load Balancer
AvailabilityZone list Availability Zones for the Load Balancer
DeletionProtection boolean Whether deletion protection is enabled for the Load Balancer
AccessLogsEnabled boolean Whether access log are enabled for the Load balancer
SslPolicy string Security policy that defines which ciphers and protocols are supported
Attribute Type Description
id string Flow Log ID
Name string Flow Log ID
RegionName string Name of region in which the Flow Log resides
RegionId string ID of region in which the Flow Log resides
AccountName string Name of account containing the Flow Log
AccountId string ID of account containing the Flow Log
CreationDate number Creation date
VPC Reference to VPC VPC on which Flow Log was created
TrafficType string Type of traffic captured for the Flow Log
Status string Status of the Flow Log
DeliverLogsStatus string The status of the logs delivery (SUCCESS | FAILED ).
DeliverLogsErrorMessage string Information about the error that occurred (Rate limited, Access error, Unknown error).
Attribute Type Description
id string Amazon Resource Number (ARN) of the Alarm
Name string Name of the Alarm
RegionName string Name of region in which the Alarm resides
RegionId string ID of region in which the Alarm resides
AccountName string Name of account containing the Alarm
AccountId string ID of account containing the Alarm
CreationDate number Creation date
Status string State of the Alarm
AlarmActions list Actions to take on alarm
 SNSTopic Reference to SNSTopic SNS Topic to notify on alarm
Attribute Type Description
id string Amazon resource number
Name string Trail name
RegionName string Name of region in which the Trail resides
RegionId string ID of region in which the Trail resides
AccountName string Name of account containing the Trail
AccountId string ID of account containing the Trail
Tags list Tags associated with the Trail
 Name string Tag key
 Value string Tag value
MultiRegionTrailEnabled boolean Whether the Trail applies to all regions
LogFileValidationEnabled boolean Whether Log file validation is enabled for the Trail
LoggingEnabled boolean Whether the Trail is currently logging API calls
LatestDeliveryError string S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket
LatestNotificationError string SNS error that CloudTrail encountered when attempting to send a notification
S3Bucket Reference to S3Bucket S3 bucket to which CloudTrail delivers the Trail files
S3KeyPrefix string Prefix to the log file stored by the Trail in S3 bucket
SNSTopic Reference to SNSTopic SNS topic that the Trail uses to send notifications on log file delivery
LogGroup Reference to CloudWatchLogGroup CloudWatch Log Group to which the Trail logs are delivered
KMSKey Reference to KMSKey KMS key to encrypt the Trail logs delivered by CloudTrail
GlobalServiceEvents boolean Whether API calls from AWS global services such as IAM are included
Attribute Type Description
id string Amazon resource name of the Log Group
Name string Name of the Log Group
RegionName string Name of region in which the Log Group resides
RegionId string ID of region in which the Log Group resides
AccountName string Name of account containing the Log Group
AccountId string ID of account containing the Log Group
CreationDate number Creation Date of the Log Group
Tags list Tags associated with the Log Group
 Name string Tag key
 Value string Tag value
Retention number Number of days to retain the log events in the Log Group
StoredBytes number Number of bytes stored in the Log Group
MetricFilters list Metric Filters for the Log Group
 Name string Name of the Metric Filter
 FilterPattern string Filter pattern
 Transformations list Metric transformations to transform ingested log events in to metric data
  MetricName string Name of the Cloudwatch Metric
  MetricValue string Value to publish to the Cloudwatch Metric
  DefaultValue string Value to emit when a filter pattern does not match a log event
  MetricAlarms Reference to MetricAlarm Metric Alarms
Attribute Type Description
id string Unique identifier of the Stack
Name string Name associated with the Stack
RegionName string Name of region in which the Stack resides
RegionId string ID of region in which the Stack resides
AccountName string Name of account containing the Stack
AccountId string ID of account containing the Stack
Tags list Tags associated with the Stack
 Name string Tag key
 Value string Tag value
CreationDate number Creation Date
StackPolicy sequence Stack Policy
 Statements list Statement
  Action list Policy action
  Effect string Policy Effect. Can be 'Allow' or 'Deny'
  Principal list Principal
Status string Status of the Stack
StackRole Reference to IAMRole Role attached to Stack
Attribute Type Description
id string Key ID
Name string Key Name
Arn string Amazon resource number(ARN) of the Key
RegionName string Name of region in which the Key resides
RegionId string ID of region in which the Key resides
AccountName string Name of account containing the Key
AccountId string ID of account containing the Key
CreationDate number Creation date
Tags list Tags assigned to the Key
 Name string Tag key
 Value string Tag value
Status string State of the Key
Description string Key description
Enabled boolean Whether Key is enabled
RotationEnabled boolean Whether automatic key rotation is enabled
KeyManager string The manager of the CMK. CMKs in your AWS account are either customer managed or AWS managed
Attribute Type Description
id string Amazon resource number
Name string Topic display name
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
Owner string AWS account ID of the topic's owner
Subscriptions list Requester's subscriptions
 Arn string Amazon resource number
 Owner string Subscription's owner
 Protocol string Subscription's protocol
 Endpoint string Subscription's endpoint
Policy sequence Policies for SNS
 Id string Id of the policy
 Version string Policy version
 Statement list statements of policy
  Sid string Id of statement
  Action list Policy action
  Effect string Allow or Deny
  Principal list Policy action
  Conditions list Condition for owner or ARN
   Condition string Conditon type
   Name string Key name
   Value list Key Value
Attribute Type Description
id string Identity Name
Name string Identity Name
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
CreationDate number Creation Date
Policy list Policy for Identity
 Name string Id of the policy
 Version string Policy version
 Statement list Statements of policy
  Sid string Id of statement
  Action list Policy action
  Effect string Allow or Deny
  Principal list Policy action
  Conditions list Condition for owner or ARN
   Condition string Conditon type
   Name string Key name
   Value list Key Value
Attribute Type Description
id string Name of the Queue
Name string Name of the Queue
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
CreationDate number Creation Date
Tags list Tags properties
 Name string Key
 Value string Value
SQSPolicy list Policies for SQS
 Id string Id of the policy
 Version string Policy version
 Statement list statements of policy
  Sid string Id of statement
  Action list Policy action
  Effect string Allow or Deny
  Principal list Principal
  Conditions list Condition for owner or ARN
   Condition string Conditon type
   Name string Key name
   Value list Key Value
Attribute Type Description
id string Name of the user
Name string Name of the user
AccountName string Name of account containing the User
AccountId string ID of account containing the User
CreationDate number Creation date
MFAActive boolean Whether multi-factor authentication(MFA) device has been enabled for the User
RootUser boolean True if user is root
Tags list Tags assigned to the IAMUser
 Name string Tag key
 Value string Tag value
MFADevices sequence Multi-factor authentication(MFA) Devices
 id string ID
 Physical list Physical MFA devices
  SerialNumber string Serial number
  EnabledTime number Time when MFA device was enabled
 Virtual list Virtual MFA devices
  SerialNumber string Serial number
  EnabledTime number Time when MFA device was enabled
Password sequence User password settings
 Enabled boolean Password enabled for the User
 LastUsedTime number Password last used time
 LastChangedTime number Password last changed time
 NextRotationTime number Time when the password needs to be changed next
SSHPublicKeys list SSH public keys associated with the IAM user
 SSHPublicKeyId string The unique identifier for the SSH public key
 Status string The status of the SSH public key. (Active|Inactive)
 UploadTime number SSH public key uploaded time
ActiveSSHPublicKeysCount number Count of active SSH public keys associated with the IAM user
InactiveSSHPublicKeysCount number Count of inactive SSH public keys associated with the IAM user
AccessKey list User access key settings
 Active boolean Access key active for the User
 CreatedTime number Access key creation time
 CreatedByDefault boolean Access key created by default for the User
 LastRotatedTime number Access key last changed time
 LastUsedTime number Access key last used time
 LastUsedRegion string Access key last used region
 LastUsedService string Access key last used service
Policies sequence Policies attached to the User
 id string ID
 Managed Reference to IAMPolicy Managed policies attached to the User
 Inline list Inline policies for the User
Groups Reference to IAMGroup Groups the User belongs to
Attribute Type Description
id string ID of the Group
Name string Name of the Group
AccountName string Name of account containing the Group
AccountId string ID of account containing the Group
CreationDate number Creation date
Path string Path to the Group
GroupPolicy sequence Policies of groups
 id string ID
 InlinePolicies list Inline policies for the role
  PolicyName string Policy Name
  PolicyDocument sequence Policy document
   Version string Policy version
   Statement list statements of policy
    Action list Policy action
    Effect string Allow or Deny
    Principal list Policy action
    Conditions list Condition for owner or ARN
     Condition string Conditon type
     Name string Key name
     Value list Key Value
 ManagedPolicies Reference to IAMPolicy Managed policies for the role
Attribute Type Description
id string Role ID
Name string Role name
AccountName string Account name
AccountId string Account id
CreationDate number Time of role creation
LastUsedTime number Time of role last usage
Description string Description of the IAMRole
Tags list Tags assigned to the IAMRole
 Name string Tag key
 Value string Tag value
Policies sequence Policies attached to role
 id string Policy id - role name
 Managed Reference to IAMPolicy Managed policies attached to the role
 Inline list Inline policies for the role
  id string ID
  PolicyDocument sequence Policy document
   Version string Policy version
   Statements list Permission statements
    Effect string Effect of the statement
    Action list Actions affected by the statement
     value string Resource
    Resource list Resources affected by the statement
     value string Resource
    NotAction list Actions exempted by the statement
     value string Action
    NotResource list Resources exempted by the statement
     value string Resource
AssumeRolePolicy sequence Policy that grants entity to assume role
 Version string Document Version
 CrossAccountArn boolean True if it has Cross Account id in the principal else false
 Statement list Document Statement
  Action string Policy action
  Principal sequence Policy action
   Service list Service
   AWS list AWS
   Federated list Federated
  Effect string Policy effect
  SID string Policy service id (sid)
  Conditions list Condition for owner or ARN
   Condition string Conditon type
   Name string Key name
   Value list Key Value
InstanceProfile list Instance Profile for IAM Role
 Path string Path of profile
 InstanceProfileName string Name of the profile
 InstanceProfileId string Id of profile
 Arn string Path of profile
 InstanceCount number Count of EC2 Instances
TrustedIdentities list Trusted Identities of the IAMRole
Attribute Type Description
id string Amazon resource name (ARN) of the Policy
Name string Policy name
AccountName string Name of account containing the Policy
AccountId string ID of acocunt containing the Policy
CreationDate number Time of policy creation
Permissions sequence IAM Policy permissions
 id string ID
 Version string Policy version
 Statements list Permission statements
  Effect string Effect of the statement
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
AttachedEntities sequence List of entities the policy is attached to
 id string ID
 Users Reference to IAMUser IAM users the policy is attached to
 Roles Reference to IAMRole IAM roles the policy is attached to
 Groups Reference to IAMGroup IAM groups the policy is attached to
Attribute Type Description
id string Always 'PasswordPolicy'
Name string Always 'PasswordPolicy'
AccountName string Name of account containing the Password Policy
AccountId string ID of account containing the Password Policy
Configured boolean Whether Password Policy is configured
MinimumPasswordLength number Minimum length to require for IAM user passwords
RequireSymbols boolean Whether symbols are required in IAM user passwords
RequireNumbers boolean Whether numbers are required in IAM user passwords
RequireUppercaseCharacters boolean Whether Upper case characters are required in IAM user passwords
RequireLowercaseCharacters boolean Whether lower case characters are required in IAM user passwords
AllowUsersToChangePassword boolean Whether IAM users are allowed to change their own password
ExpirePasswords boolean Whether passwords are to expire
MaxPasswordAge number Number of days an IAM password is valid
PasswordReusePrevention number Number of previous passwords IAM users are prevented from reusing
HardExpiry boolean Whether IAM users are prevented from setting a new password after password expiry
Attribute Type Description
id string Name of Domain
Name string Name of Domain
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
CreationDate number Creation Date
Tags list Tags properties
 Name string Key
 Value string Value
AutoRenew boolean Whether the Domain registration is set to renew automatically
TransferLock boolean Whether the Domain is locked from unauthorized transfer to another party
Attribute Type Description
id string Name of Configuration Recorder
Name string Name of Configuration Recorder
RegionName string Name of region in which the Configuration Recorder resides
RegionId string ID of region in which the Configuration Recorder resides
AccountName string Name of account containing the Configuration Recorder
AccountId string ID of account containing the Configuration Recorder
Status boolean Recorder is recording or not
RecordingGroup sequence Types of resources for which AWS Config records configuration changes
 AllSupported boolean All resources supported by AWS Config
 IncludeGlobalResourceTypes boolean All global resources supported by AWS Config
 ResourceTypes list Types of resources being recorded
  Value string Resource type
Attribute Type Description
id string Delivery channel name
Name string Delivery channel name
RegionName string Name of region in which the channel resides
RegionId string ID of region in which the channel resides
AccountName string Name of account containing the channel
AccountId string ID of account containing the channel
S3Bucket Reference to S3Bucket S3 Bucket used by the delivery channel
SnapshotDelivery sequence Status of delivery of configuration snapshot
 LastSuccess boolean Last status was successful
HistoryDelivery sequence Status of delivery of configuration history
 LastSuccess boolean Last status was successful
StreamDelivery sequence Status of delivery of stream notification to SNS Topic
 LastSuccess boolean Last status was successful
Attribute Type Description
id string ARN of the function
Name string Name of the function
AdminPrivileges boolean Whether the lambda has administrative privileges
IAMRole Reference to IAMRole Role attached to the function
Environment list Environment variables for this lambda
 ParameterName string Name of the parameter
 ParameterValue string Value of the parameter
KMSKey Reference to KMSKey Key used to encrypt the environment variables
RegionName string Name of region in which the Function resides
RegionId string ID of region in which the Function resides
AccountName string Name of account containing the Function
AccountId string ID of account containing the Function
Tags list Tags assigned to the Function
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string ID of the table
Name string Name of the table
Arn string Arn of the table
SSEDescription sequence Server Side Encryption description for table
 Status string SSE status
 SSEType string SSE type
 KMSKey Reference to KMSKey Encryption key
PointInTimeRecovery string status of Point in Time Recovery for Table
BackedUp boolean Is the table backedup
CreationDateTime number Time of Table creation
RegionName string Name of region in which the Table resides
RegionId string ID of region in which the Table resides
AccountName string Name of account containing the Table
AccountId string ID of account containing the Table
Tags list Tags assigned to the Table
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string ID of the Cluster
Name string Name of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
CreationDate number Creation date
Type string Instance Type
Status string Current state of the Cluster
Role Reference to IAMRole IAMRole associated to Cluster
EndPoint string Endpoint of the Cluster
VPC Reference to VPC VPC associated with the Cluster
Subnets Reference to Subnet Subnets to which network interfaces of the Instance belong to
SecurityGroups Reference to SecurityGroup SecurityGroups to which Clusters are assigned to
PlatformVersion string Platform version of Cluster
Logging sequence Logging info of the cluster
 ClusterLogging list Cluster logging
  Type list Type of logging
  Enabled boolean True or False
EndPointPublicAccess boolean End Point Public Access
EndPointPrivateAccess boolean End Point Private Access
PublicAccessCidrs list The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
 CidrBlock ip A CIDR block
EncryptionConfig list The encryption configuration for the cluster.
 Resources list Specifies the resources to be encrypted.
 KeyArn Reference to KMSKey ARN or alias of the KMS key.
FargateProfileNames list A list of all of the Fargate profiles associated with the specified cluster.
Attribute Type Description
id string ID of the Cluster
Name string ID of the Cluster
Arn string Arn of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
Status string Current state of the Cluster
RegisteredContainerInstancesCount number Registered Container Instance Count
RunningTasksCount number Runnung task Count
PendingTasksCount number Pending task count
ActiveServicesCount number Active Service Count
Statistics list Statistics of the cluster
 Name string Statistics Name
 Value string Statistics value
Tags list Tags of Cluster
 Name string Key
 Value string value
Failures list Failures related to call
 Arn string ARN of the failed resource
 Reason string Reason of the failure
Attribute Type Description
id string ID of the Cluster
Name string Name of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
Status string Current state of the Cluster
CreationDate number Creation Date
ReadyDate number Ready Date
EndDate number Deletion Date
Tags list Tags of Cluster
 Name string Key
 Value string value
Ec2InstanceAttributes sequence EC2 Instance Attributes
 Ec2KeyName string EC2 KeyName
 Ec2Subnet Reference to Subnet EC2 Subnet ID
 RequestedEc2SubnetIds list Requested Subnet IDs
 Ec2AvailabilityZone string EC2 Availability Zone
 RequestedEc2AvailabilityZones list Requested EC2 Availability Zone
 IamInstanceProfile string IAM Instance Profile
 EmrManagedMasterSecurityGroup string EMR Managed Security Group
 EmrManagedSlaveSecurityGroup string EMR Managed Slave Security Group
 ServiceAccessSecurityGroup string Service Access Secuity Group
 AdditionalMasterSecurityGroups list Additional Master Security Group
 AdditionalSlaveSecurityGroups list Additional Slave Security Group
InstanceCollectionType string Instance Collection Type
LogUri string LogUri
RequestedAmiVersion string AMI Version
RunningAmiVersion string Running AMI Version
ReleaseLabel string Release Label
AutoTerminate boolean Auto Terminate is Enabled or not
TerminationProtected boolean Termination is protected or not
VisibleToAllUsers string Whether Cluster is visible to all users or not
Applications list Applications related to Cluster
 Name string Name of application
 Version string Version of application
 Args list Args of application
ServiceRole string Service Role
NormalizedInstanceHours number Normalized Instance Hours
MasterPublicDnsName string DNS Name
Configurations list Configurations of the Cluster
 Classification string Classification of the Configuration
 Properties list Properties of the Configuration
  Name string Name of the property
  Value string Value of the property
SecurityConfiguration string Security Configuration of the cluster
AutoScalingRole string AutoScaling Role of the Cluster
ScaleDownBehavior string ScaleDownBehavior
CustomAmiId string CustomAmiId
EbsRootVolumeSize number EBS Root Volume Size
RepoUpgradeOnBoot string Security or None
KerberosAttributes sequence Kerberos Attributes
 Realm string Realm
 KdcAdminPassword string KdcAdminPassword
 CrossRealmTrustPrincipalPassword string CrossRealmTrustPrincipalPassword
 ADDomainJoinUser string ADDomainJoinUser
 ADDomainJoinPassword string ADDomainJoinPassword
Attribute Type Description
id string ID of the Domain
Name string Name of the Domain
RegionName string Name of region in which the Domain resides
RegionId string ID of region in which the Domain resides
AccountName string Name of account containing the Domain
AccountId string ID of account containing the Domain
ARN string Arn of the domain
Created boolean Whether the domain has been created or not
Deleted boolean Whether the domain has been deleted or not
Endpoint string EndPoint of domain
Processing boolean Whether processing is enabled or not
UpgradeProcessing boolean Whether Upgrade Processing is enabled or not
ElasticsearchVersion string Elastic Search Version
ElasticsearchClusterConfig sequence Config of Elastic Search Cluster
 InstanceType string Instance Type of Cluster
 InstanceCount number Instance Count
 DedicatedMasterEnabled boolean Whether Dedicated Master is enabled or not
 ZoneAwarenessEnabled boolean Whether Zone Awareness is enabled or not
 ZoneAwarenessConfig sequence Zone Awareness Config
  AvailabilityZoneCount number Availability Zone Count
 DedicatedMasterType string Dedicated Master Type
 DedicatedMasterCount number Dedicated Master Count
EBSOptions sequence EBS Options
 EBSEnabled boolean Whether EBS is enabled or not
 VolumeType string VolumeType
 VolumeSize number Size of Volume
 Iops number Iops
SnapshotOptions sequence Snapshot Options
 AutomatedSnapshotStartHour number Automated Snapshot Start Hour
VPCOptions sequence VPC Options
 VPC Reference to VPC VPC
 Subnets Reference to Subnet Subnet
 AvailabilityZones list Availability Zones
 SecurityGroups Reference to SecurityGroup Security Groups
CognitoOptions sequence Cognito Options
 Enabled boolean Whether Cognito is enabled
 UserPoolId string UserPool id
 IdentityPoolId string Identity Pool Id
 RoleArn string Role ARN
EncryptionAtRestOptions sequence Encryption Options
 Enabled boolean Whether Encryption is Enabled or not
 KMSKey Reference to KMSKey KMS Key
NodeToNodeEncryptionOptions sequence Node to Node Encryption Options
 Enabled boolean Whether Encryption for Nodes is enabled
AdvancedOptions list Advanced Options for Domain
 Name string Name of the Option
 Value string Value of the Option
LogPublishingOptions list Log Publish Options of the domain
 Name string Name of the option
 CloudWatchLogsLogGroup Reference to CloudWatchLogGroup CloudWatchLogGroup
 Enabled boolean Whether the option is enabled
Status string Current state of the Cluster
CreationDate number Creation Date
Tags list Tags of Cluster
 Name string Key
 Value string value
AccessPolicies sequence Access Policy of the domain
 Version string Policy Version
 Statement list Statements of the Policy
  Action list Policy Actions
  Effect string Allow or Deny
  Principal list Policy principal
  Resource list Resouces affected by the statement
   value string Resource
Attribute Type Description
id string Snapshot Id
Name string Snapshot Id
Encrypted boolean Whether the Snapshot is encrypted
AccountName string Name of account containing the snapshot
AccountId string ID of account containing the snapshot
Description string Description of the Snapshot
KMSKey Reference to KMSKey KMSKey
OwnerId string AWS Owner Id
Progress string Progress of Snapshot
CreationTime number Creation time of Snapshot
Status string State of the Snapshot
StateMessage string State Mesaage
VolumeId string Volume to which the snapshot is attached
VolumeSize number Size of the Volume
Access string Value from an Amazon-maintained list
UnknownAccountExposure boolean Value from an Amazon-maintained list
Tags list Tags of Snapshots
 Name string Key of the Tag
 Value string Value of the Tag
Attribute Type Description
id string ID of the Organization
Arn string ARN of the Organization
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
FeatureSet string Specifies the functionality that currently is available to the organization. Set to "ALL" if all features are enabled else set to "CONSOLIDATED_BILLING" as only consolidated billing functionality is available.
MasterAccountArn string Master Account ARN
MasterAccountId string Master Account ID
MasterAccountEmail string Master Account Email
AvailablePolicyTypes list Available Policy Types
 Type string Type of Policy
 Status string Status of Policy
Attribute Type Description
id string The Amazon Resource Name (ARN) of the analyzer.
Name string The name of the analyzer
CreatedAt number A timestamp for the time at which the analyzer was created.
LastResourceAnalyzed string The resource that was most recently analyzed by the analyzer.
LastResourceAnalyzedAt number The time at which the most recently analyzed resource was analyzed.
Status string The status of the analyzer. (Creating|Active|Disabled|Failed)
Type string The type (zone of trust) of the analyzer. (ACCOUNT|ORGANIZATION)
Tags list The tags added to the analyzer.
 Name string Tag key
 Value string Tag value
RegionName string Name of region in which the Function resides
RegionId string ID of region in which the Function resides
AccountName string Name of account containing the Function
AccountId string ID of account containing the Function
Attribute Type Description
id string ID of the certificate
Name string Name of the certificate
Path string Path to the certificate
Arn string The Amazon Resource Name (ARN) specifying the server certificate.
UploadDate number The date when the server certificate was uploaded.
Expiration number The date on which the certificate is set to expire.
RegionName string Name of region in which the Function resides
RegionId string ID of region in which the Function resides
AccountName string Name of account containing the Function
AccountId string ID of account containing the Function
Attribute Type Description
id string The Amazon Resource Name (ARN) of the cloudfront distribution
Name string The name of the cloudfront distribution
Tags list The tags added to cloudfront distribution
 Name string Tag key
 Value string Tag value
Status string The current status of the distribution
DomainName string The domain name that corresponds to the distribution
Aliases sequence CNAMEs (alternate domain names), if any, for this distribution
 Quantity number The number of CNAME aliases, if any, that are associated with this distribution.
 Items list CNAME aliases, if any, that are associated with this distribution.
Origins sequence Origins for this distribution.
 Quantity number The number of origins for this distribution.
 Items list A list of origins.
  Id string A unique identifier for the origin.
  DomainName string The domain name for the origin
  OriginPath string An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.
  CustomHeaders list A list of HTTP header names and values that CloudFront adds to the requests that it sends to the origin.
   Quantity number The number of custom headers, if any, for this distribution.
   Items list A list that contains one OriginCustomHeader element for each custom header
    HeaderName string The name of a header for CloudFront to send to origin
    HeaderValue string The value for the header specified in the HeaderName field.
  S3OriginConfig sequence an origin that is an Amazon S3 bucket that is not configured with static website hosting
   OriginAccessIdentity string The CloudFront origin access identity to associate with the origin
  CustomOriginConfig sequence Type if the Amazon S3 bucket is configured with static website hosting
   HTTPPort number The HTTP port that CloudFront uses to connect to the origin.
   HTTPSPort number The HTTPS port that CloudFront uses to connect to the origin.
   OriginProtocolPolicy string Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin
   OriginSslProtocols sequence Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to rigin over HTTPS.
    Quantity number The number of SSL/TLS protocols to allow CloudFront to use when establishing an HTTPS connection with this origin.
    Items list A list that contains allowed SSL/TLS protocols for this distribution.
   OriginReadTimeout number Specifies how long, in seconds, CloudFront waits for a response from the origin.
   OriginKeepaliveTimeout number Specifies how long, in seconds, CloudFront persists its connection to the origin
  ConnectionAttempts number The number of times that CloudFront attempts to connect to the origin.
  ConnectionTimeout number The number of seconds that CloudFront waits when trying to establish a connection to the origin.
  OriginShield sequence CloudFront Origin Shield
   Enabled boolean A flag that specifies whether Origin Shield is enabled.
   OriginShieldRegion string The AWS Region for Origin Shield.
OriginGroups sequence Contains information about origin groups for this distribution.
 Quantity number The number of origin groups.
 Items list The items (origin groups) in a distribution.
DefaultCacheBehavior sequence Describes the default cache behavior
 TargetOriginId string The value of ID for the origin for CloudFront to route requests to when they use the default cache behavior.
 TrustedSigners sequence A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
  Enabled boolean if any of the AWS accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.
  Quantity number The number of AWS accounts in the list.
  Items list A list of AWS account identifiers.
 TrustedKeyGroups sequence A list of key groups that CloudFront can use to validate signed URLs or signed cookies.
  Enabled boolean if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.
  Quantity number The number of key groups in the list.
  Items list A list of key groups identifiers.
 ViewerProtocolPolicy string The protocol that viewers can use to access the files in the origin specified by TargetOriginId
 AllowedMethods sequence HTTP methods which CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
  Quantity number The number of HTTP methods for CloudFront to forward to origin.
  Items list HTTP methods for CloudFront to process and forward to origin.
  CachedMethods sequence If CloudFront caches the response to requests using the specified HTTP method.
   Quantity number The number of HTTP methods for CloudFront to cache responses.
   Items list HTTP methods for CloudFront to cache responses to.
 SmoothStreaming boolean Indicates whether to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior
 Compress boolean Whether CloudFront automatically compress certain files for this cache behavior
 LambdaFunctionAssociations sequence Contains zero or more Lambda function associations for a cache behavior.
  Quantity number The number of Lambda function associations for this cache behavior.
  Items list LambdaFunctionAssociation items for this cache behavior.
 FunctionAssociations sequence A list of CloudFront functions that are associated with this cache behavior.
  Quantity number The number of CloudFront functions in the list.
  Items list The CloudFront functions that are associated with a cache behavior in a CloudFront distribution.
 FieldLevelEncryptionId string The value of ID for the field-level encryption configuration for CloudFront to use for encrypting specific fields of data for the default cache behavior.
 RealtimeLogConfigArn string The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior.
 CachePolicyId string The unique identifier of the cache policy that is attached to the default cache behavior.
 OriginRequestPolicyId string The unique identifier of the origin request policy that is attached to the default cache behavior.
CustomErrorResponses sequence Error responses
 Quantity number The number of HTTP status codes that specify a custom error page and/or a caching duration
 Items list CustomErrorResponse element for each HTTP status
Comment string An optional comment to describe the distribution
PriceClass string Information about price class for this streaming distribution.
Enabled boolean Whether the distribution is enabled to accept user requests for content.
ViewerCertificate sequence Determines the distributions SSL/TLS configuration for communicating with viewers.
 CloudFrontDefaultCertificate boolean If the distribution uses the CloudFront domain name
 IAMCertificateId string the ID of the IAM certificate.
 ACMCertificateArn string Amazon Resource Name (ARN) of the ACM certificate
 SSLSupportMethod string which viewers the distribution accepts HTTPS connections from.
 MinimumProtocolVersion string security policy for CloudFront to use for HTTPS connections with viewers.
Restrictions sequence Ways in which to restrict distribution of your content.
 GeoRestriction sequence Controls the countries in which your content is distributed.
  RestrictionType string The method to use to restrict distribution of your content by country
  Quantity number When geo restriction is enabled , this is the number of countries in your whitelist or blacklist .
  Items list Country in which CloudFront can either distribute your content (whitelist ) or not distribute your content (blacklist).
WebACLId string The Web ACL Id (if any) associated with the distribution.
HttpVersion string Specify the maximum HTTP version for viewers to use to communicate with CloudFront.
IsIPV6Enabled boolean Whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution.
AliasICPRecordals list AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions
 CNAME string A domain name associated with a distribution.
 ICPRecordalStatus string The Internet Content Provider (ICP) recordal status for a CNAME
RegionName string Name of region in which the cloudfront distribution resides
RegionId string ID of region in which the cloudfront distribution resides
AccountName string Name of account containing the cloudfront distribution
AccountId string ID of account containing the cloudfront distribution
Attribute Type Description
id string VPN Gateway ID
Name string VPN Gateway Name
RegionName string Name of region in which the virtual private gateway resides
RegionId string ID of region in which the virtual private gateway resides
AccountName string Name of account containing the virtual private gateway
AccountId string ID of account containing the virtual private gateway
AvailabilityZone string The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
State string The current state of the virtual private gateway
Type string The type of VPN connection the virtual private gateway supports
VpcAttachments list Any VPCs attached to the virtual private gateway
 State string The current state of the attachment
 VpcId string The ID of the VPC
AmazonSideAsn string The private Autonomous System Number (ASN) for the Amazon side of a BGP session
Tags list The tags added to the virtual private gateway.
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string Customer Gateway ID
Name string Customer Gateway Name
RegionName string Name of region in which the Customer Gateway resides
RegionId string ID of region in which the Customer Gateway resides
AccountName string Name of account containing the Customer Gateway
AccountId string ID of account containing the Customer Gateway
BgpAsn string The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)
IpAddress string The Internet-routable IP address of the customer gateway's outside interface
CertificateArn string The Amazon Resource Name (ARN) for the customer gateway certificate
State string The current state of the customer gateway
Type string The type of VPN connection the customer gateway supports (ipsec.1 )
DeviceName string The name of customer gateway device
Tags list The tags added to the Customer Gateway.
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string Elastic IP ID
Name string Elastic IP Name
RegionName string Name of region in which the Elastic IP resides
RegionId string ID of region in which the Elastic IP resides
AccountName string Name of account containing the Elastic IP
AccountId string ID of account containing the Elastic IP
InstanceId string The ID of the instance that the address is associated with (if any)
PublicIp string The Elastic IP address
AssociationId string The ID representing the association of the address with an instance in a VPC
Domain string Indicates whether this Elastic IP address is for use with instances in EC2-Classic (standard ) or instances in a VPC (vpc )
NetworkInterfaceId string The ID of the network interface
NetworkInterfaceOwnerId string The ID of the account that owns the network interface
PrivateIpAddress string The private IP address associated with the Elastic IP address
Tags list The tags assigned to the Elastic IP address.
 Name string Tag key
 Value string Tag value
PublicIpv4Pool string The ID of an address pool
NetworkBorderGroup string The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses
CustomerOwnedIp string The customer-owned IP address
CustomerOwnedIpv4Pool string The ID of the customer-owned address pool
CarrierIp string The carrier IP address associated. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance)
Attribute Type Description
id string Detector ID.
Name string ID of the Detector
RegionName string Name of region in which the Detector resides
RegionId string ID of region in which the Detector resides
AccountName string Name of account containing the Detector
AccountId string ID of account containing the Detector
CreatedAt number The timestamp of when the detector was created.
FindingPublishingFrequency string The publishing frequency of the finding. (FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS)
ServiceRole Reference to IAMRole The GuardDuty service role.
Status string The detector status. (ENABLED|DISABLED)
UpdatedAt number The last-updated timestamp for the detector.
Tags list The tags of the detector resource.
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string ID of the ECR Repository
Name string Name of the Repository
RegionName string Name of region in which the ECR Repository resides
RegionId string ID of region in which the ECR Repository resides
AccountName string Name of account containing the Repository
AccountId string ID of account containing the Repository
RepositoryUri string The URI for the repository. You can use this URI for container image push and pull operations.
CreatedAt number A timestamp for the date when the repository was created.
ImageTagMutability string The tag mutability setting for the repository. (MUTABLE|IMMUTABLE)
ImageScanningConfiguration sequence The image scanning configuration for a repository.
 ScanOnPush boolean The setting that determines whether images are scanned after being pushed to a repository.
Attribute Type Description
id string The ID of the file system, assigned by Amazon EFS
RegionName string Name of region in which the File System resides
RegionId string ID of region in which the File System resides
AccountName string Name of account containing the File System
AccountId string ID of account containing the File System
AvailabilityZoneId string The unique and consistent identifier of the Availability Zone in which the file system's One Zone storage classes exist
AvailabilityZoneName string Describes the AWS Availability Zone in which the file system is located, and is valid only for file systems using One Zone storage classes
CreationTime number The time that the file system was created
CreationToken string The opaque string specified in the request
Encrypted boolean True, if the file system is encrypted, else False
FileSystemArn string The Amazon Resource Name (ARN) for the EFS file system
KMSKey Reference to KMSKey An AWS Key Management Service (AWS KMS) customer master key (CMK)
LifeCycleState string The lifecycle phase of the file system. (creating|available|updating|deleting|deleted|error)
Name string The name of the File System
NumberOfMountTargets number The current number of mount targets that the file system has
OwnerId string The AWS IAM account user that created the file system
PerformanceMode string The performance mode of the file system. (generalPurpose|maxIO)
ProvisionedThroughputInMibps number The amount of provisioned throughput, measured in MiB/s, for the file system
SizeInBytes sequence The latest known metered size (in bytes) of data stored in the file system
 Timestamp number The time at which the size of data was determined
 Value number The latest known metered size (in bytes) of data stored in the file system
 ValueInIA number The latest known metered size (in bytes) of data stored in the Infrequent Access storage class
 ValueInStandard number The latest known metered size (in bytes) of data stored in the Standard storage class.
Tags list The tags associated with the file system
 Name string The tag key
 Value string The value of the tag key
ThroughputMode string Displays the file system's throughput mode. (bursting|provisioned)
Attribute Type Description
id string The ID of the internet gateway.
Name string The Name of the Internet Gateway
RegionName string Name of region in which the Internet Gateway resides
RegionId string ID of region in which the Internet Gateway resides
AccountName string Name of account containing the Internet Gateway
AccountId string ID of account containing the Internet Gateway
Attachments list Any VPCs attached to the internet gateway. Each item describes the attachment of a VPC to an internet gateway or an egress-only internet gateway.
 State string The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.(available|attaching|attached|detaching|detached)
 VPC Reference to VPC Amazon Virtual Private Cloud (VPC)
OwnerId string The ID of the Amazon Web Services account that owns the internet gateway.
Tags list Any tags assigned to the internet gateway.
 Name string The key of the tag. (Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws)
 Value string The value of the tag. (Tag values are case-sensitive and accept a maximum of 255 Unicode characters)
Attribute Type Description
id string The Amazon Resource Name (ARN) for the DB cluster.
Name string A unique key that identifies a DB cluster
AccountId string ID of account containing the RDS Cluster
AccountName string Name of account containing the RDS Cluster
RegionId string ID of region in which the RDS Cluster resides
RegionName string Name of region in which the RDS Cluster resides
ActivityStreamKMSKey Reference to KMSKey The Amazon Web Services KMS key used for encrypting messages in the database activity stream.
ActivityStreamStatus string The status of the database activity stream. (stopped|starting|started|stopping)
AllocatedStorage number For all database engines except Amazon Aurora, it specifies the allocated storage size in gibibytes (GiB). For Aurora, it returns 1, since Aurora DB cluster storage size is dynamically adjusted.
AssociatedRoles list List of the Amazon Web Services Identity and Access Management (IAM) roles that are associated with the DB cluster.
 RoleArn Reference to IAMRole The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster.
 Status string Describes the state of association between the IAM role and the DB cluster. (ACTIVE|PENDING|INVALID)
 FeatureName string The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role.
AvailabilityZones list List of Availability Zones (AZs) where instances in the DB cluster can be created.
BackupRetentionPeriod number Number of days for which automatic DB snapshots are retained.
ClusterCreateTime number Time when the DB cluster was created,
CopyTagsToSnapshot boolean Specifies whether tags are copied from the DB cluster to snapshots of the DB cluster.
CrossAccountClone boolean Specifies whether the DB cluster is a clone of a DB cluster owned by a different Amazon Web Services account.
DBClusterMembers list Provides the list of instances that make up the DB cluster.
 DBInstance Reference to RDSInstance Instance for this member of the DB cluster.
 IsClusterWriter boolean Value that is true if the cluster member is the primary instance for the DB cluster and false otherwise.
 DBClusterParameterGroupStatus string Status of the DB cluster parameter group for this member of the DB cluster.
 PromotionTier integer Specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance.
DBClusterParameterGroup string Name of the DB cluster parameter group for the DB cluster
DBSubnetGroup string Name, description, and subnets in the subnet group associated with the DB cluster.
DatabaseName string Name of the initial database of this DB cluster that was provided at create time
DbClusterResourceId string Identifier for the DB cluster.
DeletionProtection boolean Indicates if the DB cluster has deletion protection enabled.
DomainMemberships list The Active Directory Domain membership records associated with the DB cluster.
 Domain string The identifier of the Active Directory Domain.
 Status string The status of the Active Directory Domain membership for the DB instance or cluster. (joined|pending-join|failed)
 FQDN string The fully qualified domain name of the Active Directory Domain.
 IAMRoleName string The name of the IAM role to be used when making API calls to the Directory Service.
EarliestRestorableTime number The earliest time to which a database can be restored with point-in-time restore.
EnabledCloudwatchLogsExports list A list of log types that this DB cluster is configured to export to CloudWatch Logs.
Endpoint string Specifies the connection endpoint for the primary instance of the DB cluster.
Engine string The name of the database engine to be used for this DB cluster.
EngineMode string The DB engine mode of the DB cluster. (provisioned|serverless|parallelquery|global|multimaster)
EngineVersion string Indicates the database engine version.
HostedZoneId string Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.
HttpEndpointEnabled boolean Indicates whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled.
IAMDatabaseAuthenticationEnabled boolean Indicates whether the mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.
KMSKey Reference to KMSKey AWS KMS key identifier for the encrypted DB
LatestRestorableTime number Specifies the latest time to which a database can be restored with point-in-time restore.
MasterUsername string Contains the master username for the DB cluster.
MultiAZ boolean Specifies whether the DB cluster has instances in multiple Availability Zones.
PendingModifiedValues sequence A value that specifies that changes to the DB cluster are pending.
 PendingCloudwatchLogsExports sequence A list of the log types whose configuration is in the process of being activated or deactivated.
  LogTypesToEnable list Log types that are in the process of being deactivated.
  LogTypesToDisable list Log types that are in the process of being enabled.
 DBClusterIdentifier string The DBClusterIdentifier value for the DB cluster.
 MasterUserPassword string The master credentials for the DB cluster.
 IAMDatabaseAuthenticationEnabled boolean Indicates whether mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.
 EngineVersion string The database engine version.
Port number Specifies the port that the database engine is listening on.
PreferredBackupWindow string Specifies the daily time range during which automated backups are created
PreferredMaintenanceWindow string Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
ReadReplicaIdentifiers list Contains list of identifiers of the read replicas associated with this DB cluster.
ReaderEndpoint string The reader endpoint for the DB cluster that load-balances connections across available Aurora Replicas.
ScalingConfigurationInfo sequence Information about scaling configuration for an Aurora DB cluster in serverless DB engine mode.
 MinCapacity number The minimum capacity for the Aurora DB cluster in serverless DB engine mode.
 MaxCapacity number The maximum capacity for an Aurora DB cluster in serverless DB engine mode.
 AutoPause boolean Indicates whether automatic pause is allowed for the Aurora DB cluster in serverless DB engine mode.
 SecondsUntilAutoPause number The remaining amount of time, in seconds, before the Aurora DB cluster in serverless mode is paused.
 TimeoutAction string The action that occurs when Aurora times out while attempting to change the capacity of an Aurora Serverless cluster. (ForceApplyCapacityChange|RollbackCapacityChange )
 SecondsBeforeTimeout number The number of seconds before scaling times out.
Status string Current state of this DB cluster.
StorageEncrypted boolean Specifies whether the DB cluster is encrypted.
VpcSecurityGroups list Provides a list of VPC security groups that the DB cluster belongs to.
 SecurityGroup Reference to SecurityGroup VPC security group.
 Status string The status of the VPC security group.
CharacterSetName string Name of the character set that this cluster is associated with.
AutomaticRestartTime number The time when a stopped DB cluster is restarted automatically.
PercentProgress string The progress of the current operation as a percentage.
CustomEndpoints list Identifies all custom endpoints associated with the cluster.
DBClusterOptionGroupMemberships list Provides the list of option group memberships for this DB cluster.
 DBClusterOptionGroupName string Specifies the name of the DB cluster option group.
 Status string Specifies the status of the DB cluster option group.
ReplicationSourceIdentifier string Contains the identifier of the source DB cluster for the read replica.
CloneGroupId string Identifies the clone group to which the DB cluster is associated.
EarliestBacktrackTime number The earliest time to which a DB cluster can be backtracked.
BacktrackWindow number The target backtrack window, in seconds. If this value is set to 0, backtracking is disabled for the DB cluster. Otherwise, backtracking is enabled.
BacktrackConsumedChangeRecords number The number of change records stored for Backtrack.
Capacity number The current capacity of an Aurora Serverless DB cluster.
ActivityStreamMode string The mode of the database activity stream. (sync|async)
ActivityStreamKinesisStreamName string The name of the Amazon Kinesis data stream used for the database activity stream.
GlobalWriteForwardingStatus string Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, not enabled, or is in the process of enabling it. (enabled|disabled|enabling|disabling|unknown)
GlobalWriteForwardingRequested boolean Specifies whether you have requested to enable write forwarding for a secondary cluster in an Aurora global database.