Netskope

AWS Entities supported in DSL

Compute

Configuration Management

Database

Developer Tools

Identity

Management

Messaging

Network

Security

Storage

Attribute Type Description
id string Account Number
Name string Account Display Name
AccountName string Account Name
AccountId string Account ID
Status string Account status
Attribute Type Description
id string Bucket name
Name string Bucket name
RegionName string Name of region in which the Bucket resides
RegionId string ID of region in which the Bucket resides
AccountName string Name of account containing the Bucket
AccountId string ID of account containing the Bucket
Size number Size of the bucket in Bytes.
Owner string S3 Resource owner.
RBACOwner list RBACOwner
LoggingEnabled boolean Whether access logging is enabled
ACL list Access control policies for the Bucket
 Permission string Permission. Possible values are 'FULL_CONTROL', 'WRITE', 'WRITE_ACP', 'READ' and 'READ_ACP'
 Grantee sequence Grantee
  DisplayName string Screen name of the grantee
  EmailAddress string Email address of the grantee
  ID string The canonical user ID of the grantee
  Type string Type of grantee
  URI string URI of the grantee group
BucketVersioning sequence Versioning state of the Bucket
 Status string Versioning state of the Bucket. Possible value 'Enabled' and 'Suspended'
 MFADelete string Whether MFA required on Bucket deletion
DefaultEncryption string Whether Server Side Encrption has been configured for the Bucket
CreationDate number Creation date
EncryptionType string Type of Encryption
Access string Public or Private
BlockPublicAccess sequence BlockPublicAccess
 IgnorePublicAcls string IgnorePublicAcl
 BlockPublicPolicy string BlockPublicPolicy
 BlockPublicAcls string BlockPublicAcls
 RestrictPublicBuckets string IgnorePublicAcl
BucketPolicyAccess string BucketPolicyAccess
BucketAclAccess string BucketAclAccess
Tags list Tags assigned to the Bucket
 Name string Tag key
 Value string Tag value
BucketPolicy list Bucket Policy
 Id string Id of the policy
 Version string Policy version
 Statement list statements of policy
  Sid string Id of statement
  Effect string Effect. Possible values are 'Allow' and 'Deny'
  Action list Policy action
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
CORS list CORS of the Bucket
 CORSRules list CORS Rules for Bucket
  AllowedHeaders list Allowed Headers for Rules
  AllowedMethods list Allowed Methods for Rules
  AllowedOrigins list Allowed origins for Rules
LifeCycleConfigRules list Lifecycle configuration information set on the bucket
 ID string Unique identifier for the rule. The value cannot be longer than 255 characters
 Filter sequence The Filter is used to identify objects that a Lifecycle Rule applies to. A Filter must have exactly one of Prefix , Tag , or And specified. Filter is required if the LifecycleRule does not containt a Prefix element
  Prefix string Prefix identifying one or more objects to which the rule applies
  Tag sequence This tag must exist in the object's tag set in order for the rule to apply
   Key string Name of the object key
   Value string Value of the tag
  And sequence This is used in a Lifecycle Rule Filter to apply a logical AND to two or more predicates. The Lifecycle Rule will apply to any object matching all of the predicates configured inside the And operator
   Prefix string Prefix identifying one or more objects to which the rule applies
   Tags list This tag must exist in the object's tag set in order for the rule to apply
    Key string Name of the object key
    Value string Value of the tag
 Status string If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not currently being applied.
 Transitions list Specifies when an Amazon S3 object transitions to a specified storage class
  Days number Indicates the number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer.
  StorageClass string The storage class to which you want the object to transition
  Date number Indicates when objects are transitioned to the specified storage class.
 NoncurrentVersionTransitions list Specifies the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to a specific storage class at a set period in the object's lifetime.
  NoncurrentDays number Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action.
  StorageClass string The class of storage used to store the object.
 NoncurrentVersionExpiration sequence Specifies when noncurrent object versions expire. Upon expiration, Amazon S3 permanently deletes the noncurrent object versions.
  NoncurrentDays number Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action.
 AbortIncompleteMultipartUpload sequence Specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload.
  DaysAfterInitiation number Specifies the number of days after which Amazon S3 aborts an incomplete multipart upload.
 Expiration sequence Specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker.
  Days number Indicates the lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer.
  ExpiredObjectDeleteMarker boolean Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired; if set to false the policy takes no action. This cannot be specified with Days or Date in a Lifecycle Expiration Policy
  Date number Indicates at what date the object is to be moved or deleted.
Attribute Type Description
id string ID of the Instance
Name string ID of the Instance
RegionName string Name of region in which the Instance resides
RegionId string ID of region in which the Instance resides
AccountName string Name of account containing the Instance
AccountId string ID of account containing the Instance
Tags list Tags assigned to the Instance
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
AvailabilityZone string Availability zone of the Instance
Type string Instance Type
Status string Current state of the Instance
VPC Reference to VPC VPC in which the Instance is running
PrivateIPv4 list Private IPv4 addresses assigned to the network interfaces of the Instance
PrivateIPv6 list Private IPv6 addresses assigned to the network interfaces of the Instance
PublicIPv4 list Public IPv4 address assigned to the network interfaces of the Instance
PublicDNS list Public DNS Names
PrivateDNS list Private DNS Names
Subnets Reference to Subnet Subnets to which network interfaces of the Instance belong to
LaunchTime number Time the Instance was launched
NetworkInterfaces Reference to NetworkInterface Network Interfaces of the Instance
SecurityGroups Reference to SecurityGroup SecurityGroups to which network interfaces of the Instance are assigned to
Image Reference to Image Image used to launch the Instance
Volumes Reference to Volume Elastic Block Devices attached to the Instance
IAMInstanceProfile sequence IAM Instance profile associated with the Instance
 id string IAM Instance profile ARN
 Roles list Roles
  id string Role Arn
Monitoring boolean Whether monitoring enabled for the Instance
Platform string Value is Windows for Windows instances; otherwise blank
EbsOptimized boolean Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance
EnaSupport boolean Specifies whether enhanced networking with ENA is enabled
Hypervisor string The hypervisor type of the instance. The value xen is used for both Xen and Nitro hypervisors
InstanceLifecycle string Indicates whether this is a Spot Instance or a Scheduled Instance
StateTransitionReason string The reason for the most recent state transition. This might be an empty string
StateTransitionTime number The epoch time for the most recent state transition. This might be None if no recent state transition.
RootDeviceType string The root device type used by the AMI. The AMI can use an EBS volume or an instance store volume
SourceDestCheck boolean Indicates whether source/destination checking is enabled
SpotInstanceRequestId string If the request is a Spot Instance request, the ID of the request
VirtualizationType string The virtualization type of the instance
CpuOptions sequence The CPU options for the instance
 CoreCount number The number of CPU cores for the instance
 ThreadsPerCore number The number of threads per CPU core
HibernationOptionsConfigured boolean If this parameter is set to true , your instance is enabled for hibernation; otherwise, it is not enabled for hibernation
MetadataOptions sequence The metadata options for the instance
 State string The state of the metadata option changes.
 HttpTokens string The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is optional
 HttpPutResponseHopLimit number The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Default valus is 1 and Possible values are Integers from 1 to 64
 HttpEndpoint string Indicates whether the HTTP metadata endpoint on your instances is enabled or disabled
 HttpProtocolIpv6 string Indicates whether the IPv6 endpoint for the instance metadata service is enabled or disabled
EnclaveOptionsEnabled boolean Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves
ReservationId string Reservation ID
IsImageAlive boolean Is an AMI image of the Instance has been available or not
RootDeviceVolume Reference to Volume Root device volume attached to the Instance
SSMInformation list Describes information list of an SSM managed node.
 PingStatus string Connection status of SSM Agent. (Online | ConnectionLost | Inactive)
 LastPingDateTime number The date and time when the agent last pinged the Systems Manager service.
 AgentVersion string The version of SSM Agent running on your Linux managed node.
 IsLatestVersion boolean Indicates whether the latest version of SSM Agent is running on your Linux managed node.
 PlatformType string The operating system platform type. (Windows | Linux | MacOS)
 PlatformName string The name of the operating system platform running on your managed node.
 PlatformVersion string The version of the OS platform running on your managed node.
 ActivationId string The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.
 IamRole string The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed node.
 RegistrationDate number The date the server or VM was registered with Amazon Web Services as a managed node.
 ResourceType string The type of instance. (ManagedInstance | Document | EC2Instance)
 IPAddress ip The IP address of the managed node.
 ComputerName string The fully qualified host name of the managed node.
 AssociationStatus string The status of the association.
 LastAssociationExecutionDate number The date the association was last run.
 LastSuccessfulAssociationExecutionDate number The last date the association was successfully run.
 AssociationOverview sequence Information about the association.
  DetailedStatus string Detailed status information about the aggregated associations.
  InstanceAssociationStatusAggregatedCount number The number of associations for the managed node(s).
 SourceId string The ID of the source resource. For IoT Greengrass devices, SourceId is the Thing name.
 SourceType string The type of the source resource. (AWS::EC2::Instance | AWS::IoT::Thing | AWS::SSM::ManagedInstance)
ComplianceSummaryItems list A list of compliant and non-compliant summary counts based on compliance types.
 ComplianceType string The type of compliance item.
 CompliantSummary sequence A list of COMPLIANT items for the compliance type.
  CompliantCount number The total number of resources that are compliant.
  SeveritySummary sequence A summary of the compliance severity by compliance type.
   CriticalCount number The total number of resources or compliance items that have a severity level of critical.
   HighCount number The total number of resources or compliance items that have a severity level of high.
   MediumCount number The total number of resources or compliance items that have a severity level of medium.
   LowCount number The total number of resources or compliance items that have a severity level of low.
   InformationalCount number The total number of resources or compliance items that have a severity level of informational.
   UnspecifiedCount number The total number of resources or compliance items that have a severity level of unspecified.
 NonCompliantSummary sequence A list of NON_COMPLIANT items for the specified compliance type.
  NonCompliantCount number The total number of compliance items that aren't compliant.
  SeveritySummary sequence A summary of the non-compliance severity by compliance type.
   CriticalCount number The total number of resources or compliance items that have a severity level of critical.
   HighCount number The total number of resources or compliance items that have a severity level of high.
   MediumCount number The total number of resources or compliance items that have a severity level of medium.
   LowCount number The total number of resources or compliance items that have a severity level of low.
   InformationalCount number The total number of resources or compliance items that have a severity level of informational.
   UnspecifiedCount number The total number of resources or compliance items that have a severity level of unspecified.
Attribute Type Description
id string ID of the AMI
Name string Name of the AMI
RegionName string Name of region in which the AMI exists
RegionId string ID of region in which the AMI exists
AccountName string Name of account containing the AMI
AccountId string ID of account containing the AMI
Tags list Tags assigned to the Image
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
Type string Image Type
Status string Current state of the AMI
Public boolean Whether the Image has public launch permissions
Platform string Value is 'Windows' for Windows AMIs; otherwise blank
UnknownAccountExposure boolean Whether the Image has public launch permissions
Attribute Type Description
id string Volume ID
Name string Volume ID
RegionName string Name of region in which the Volume resides
RegionId string ID of region in which the Volume resides
AccountName string Name of account containing the Volume
AccountId string ID of account containing the Volume
Tags list Tags assigned to the Image
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
AvailabilityZone string Availability zone for the Volume
Type string Volume Type.
Status string State of Volume
Size number Size of Volume in GBs
Encrypted boolean Whether the Volume will be encrypted
Attachments list Attachments of the Volume
 AttachTime number Attach time
 Device string Device to which Volume is attached
 InstanceId string EC2Instance Id
 State string State of the Volume
 DeleteOnTermination boolean Whether delete on termination is enabled
SnapshotId string The ID of the snapshot from which the volume was created. Will be null if this volume was not created from a snapshot. The snapshot may have subsequently been deleted, in which case it will still be recorded here. To reference the snapshots created from this volume, instead use BackupSnapshots
Snapshot Reference to Snapshots The snapshot from which the volume was created. May be null if the snapshot has been deleted since the volume was created.
BackupSnapshots Reference to Snapshots List of shapshots created from this volume.
EbsEncryptionByDefault boolean Indicates whether encryption by default is enabled
Attribute Type Description
id string Identifier of the RDS Instance
Name string Name of the RDS Instance
RegionName string Name of region in which the RDS Instance resides
RegionId string ID of region in which the RDS Instance resides
AccountName string Name of account containing the RDS Instance
AccountId string ID of account containing the RDS Instance
Tags list Tags assigned to the RDS Instance
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
LatestRestorableTime number Specifies the latest time to which a database can be restored with point-in-time restore.
KMSKey Reference to KMSKey KMS key identifier for the encrypted DB instance.
Type string Database engine used for the RDS Instance
Status string Status of the RDS Instance
ComputeClass string Compute and memory capacity of the RDS Instance
VPC Reference to VPC VPC for the RDS Instance
Subnets Reference to Subnet Subnets for the RDS Instance
Access string Public or Private
AvailabilityZone string Availability Zone for RDS Instance
MultiAZ boolean Whether RDS Instance in available in multiple availability zones
AutoMinorVersionUpgrade boolean Whether minor engine upgrades are automatically applied to the RDS Instance
BackupRetentionPeriod number Retention period in days for backup of the RDS Instance
StorageEncrypted boolean Specifies whether the DB instance is encrypted
Snapshots list Snapshots of the RDS Instance
 DBSnapshotIdentifier string Name of the RDS Instance
 Encrypted boolean Whether the Snapshot is encrypted
 PubliclyAccessible boolean Whether the Snapshot is publicly accessible
MonitoringInterval number The interval in seconds for enhanced monitoring
SubnetGroups sequence DB Subnet Group
 DBSubnetGroupName string Subnet Group Name
 DBSubnetGroupDescription string Subnet Group Description
 VPC Reference to VPC VPC
 SubnetGroupStatus string Subnet Group Status
 Subnets list Subnets
  SubnetIdentifier string Subnet id
  SubnetAvailabilityZone string Subnet Availability Zone
  SubnetStatus string Subnet Status
 DBSubnetGroupArn string Subnet Group Arn
Endpoint sequence Specifies the connection endpoint
 Address string Specifies the DNS address of the DB instance
 Port number Specifies the port that the database engine is listening on
 HostedZoneId string Specifies the ID that Amazon Route 53 assigns when you create a hosted zone
AllocatedStorage number Specifies the allocated storage size specified in gibibytes
DBSecurityGroups list A list of DB security group elements containing DBSecurityGroup.Name and DBSecurityGroup.Status subelements
 DBSecurityGroupName string The name of the DB security group
 Status string The status of the DB security group
VpcSecurityGroups list Provides a list of VPC security group elements that the DB instance belongs to.
 SecurityGroup Reference to SecurityGroup VPC security group.
 Status string The status of the VPC security group.
DBParameterGroups list Provides the list of DB parameter groups applied to this DB instance
 DBParameterGroupName string The name of the DB parameter group
 ParameterApplyStatus string The status of parameter updates
EngineVersion string Indicates the database engine version
ReadReplicaSourceDBInstanceIdentifier string Contains the identifier of the source DB instance if this DB instance is a read replica
ReadReplicaDBInstanceIdentifiers list Contains one or more identifiers of the read replicas associated with this DB instance
ReadReplicaDBClusterIdentifiers list Contains one or more identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica. For example, when you create an Aurora read replica of an RDS MySQL DB instance, the Aurora MySQL DB cluster for the Aurora read replica is shown. This output does not contain information about cross region Aurora read replicas
ReplicaMode string The open mode of an Oracle read replica. The default is open-read-only
LicenseModel string License model information for this DB instance. This setting doesn't apply to RDS Custom
Iops number Specifies the Provisioned IOPS (I/O operations per second) value
OptionGroupMemberships list Provides the list of option group memberships for this DB instance
 OptionGroupName string The name of the option group that the instance belongs to
 Status string The status of the DB instance's option group membership. (in-sync | pending-apply | pending-removal | pending-maintenance-apply | pending-maintenance-removal | applying | removing | failed )
CharacterSetName string If present, specifies the name of the character set that this instance is associated with
NcharCharacterSetName string The name of the NCHAR character set for the Oracle DB instance. This character set specifies the Unicode encoding for data stored in table columns of type NCHAR, NCLOB, or NVARCHAR2
SecondaryAvailabilityZone string If present, specifies the name of the secondary Availability Zone for a DB instance with multi-AZ support
StatusInfos list The status of a read replica. May be null If the instance isn't a read replica
 StatusType string This value is currently "read replication"
 Normal boolean Boolean value that is true if the instance is operating normally, or false if the instance is in an error state
 Status string Status of the DB instance. For a StatusType of read replica, the values can be replicating, replication stop point set, replication stop point reached, error, stopped, or terminated
 Message string Details of the error if there is an error for the instance. If the instance isn't in an error state, this value is blank
StorageType string Specifies the storage type associated with DB instance
TdeCredentialArn string The ARN from the key store with which the instance is associated for TDE encryption
DbInstancePort number Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this can be a different port than the DB cluster port
DBClusterIdentifier string If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of
DbiResourceId string The Amazon Web Services Region-unique, immutable identifier for the DB instance. This identifier is found in Amazon Web Services CloudTrail log entries whenever the Amazon Web Services KMS key for the DB instance is accessed
CACertificateIdentifier string The identifier of the CA certificate for this DB instance
DomainMemberships list The Active Directory Domain membership records associated with the DB instance
 Domain string The identifier of the Active Directory Domain
 Status string The status of the Active Directory Domain membership for the DB instance or cluster. (joined|pending-join|failed)
 FQDN string The fully qualified domain name of the Active Directory Domain
 IAMRoleName sequence The name of the IAM role to be used when making API calls to the Directory Service
CopyTagsToSnapshot boolean Specifies whether tags are copied from the DB instance to snapshots of the DB instance. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.
EnhancedMonitoringResourceArn string The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that receives the Enhanced Monitoring metrics data for the DB instance
MonitoringRoleArn Reference to IAMRole The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs
PromotionTier number A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance
DBInstanceArn string The Amazon Resource Name (ARN) for the DB instance
Timezone string The time zone of the DB instance. In most cases, the Timezone element is empty. Timezone content appears only for Microsoft SQL Server DB instances that were created with a time zone specified
IAMDatabaseAuthenticationEnabled boolean rue if mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.
PerformanceInsightsEnabled boolean True if Performance Insights is enabled for the DB instance, and otherwise false
PerformanceInsightsKMSKeyId string The Amazon Web Services KMS key identifier for encryption of Performance Insights data. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key
PerformanceInsightsRetentionPeriod number The amount of time, in days, to retain Performance Insights data.
EnabledCloudwatchLogsExports list A list of log types that this DB instance is configured to export to CloudWatch Logs. Log types vary by DB engine.
ProcessorFeatures list The number of CPU cores and the number of threads per core for the DB instance class of the DB instance
 Name string The name of the processor feature. ( coreCount | threadsPerCore )
 Value string The value of a processor feature name
DeletionProtection boolean Indicates if the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled
AssociatedRoles list The Amazon Web Services Identity and Access Management (IAM) roles associated with the DB instance
 RoleArn Reference to IAMRole The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance
 FeatureName string The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role
 Status string Describes the state of association between the IAM role and the DB instance. ( ACTIVE | PENDING | INVALID )
ListenerEndpoint sequence Specifies the listener connection endpoint for SQL Server Always On
 Address string Specifies the DNS address of the DB instance
 Port number Specifies the port that the database engine is listening on
 HostedZoneId string Specifies the ID that Amazon Route 53 assigns when you create a hosted zone
MaxAllocatedStorage number The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance
DBInstanceAutomatedBackupsReplications list The list of replicated automated backups associated with the DB instance
 DBInstanceAutomatedBackupsArn string The Amazon Resource Name (ARN) of the replicated automated backups
CustomerOwnedIpEnabled boolean Specifies whether a customer-owned IP address (CoIP) is enabled for an RDS on Outposts DB instance
AwsBackupRecoveryPointArn string The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services Backup
ActivityStreamStatus string The status of the database activity stream
ActivityStreamKmsKeyId string The Amazon Web Services KMS key identifier used for encrypting messages in the database activity stream. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key
ActivityStreamKinesisStreamName string The name of the Amazon Kinesis data stream used for the database activity stream
ActivityStreamMode string The mode of the database activity stream. Database events such as a change or access generate an activity stream event. RDS for Oracle always handles these events asynchronously
ActivityStreamEngineNativeAuditFieldsIncluded boolean Indicates whether engine-native audit fields are included in the database activity stream
AutomationMode string The automation mode of the RDS Custom DB instance is full or all paused . If full , the DB instance automates monitoring and instance recovery. If all paused , the instance pauses automation for the duration set by --resume-full-automation-mode-minutes
ResumeFullAutomationModeTime number The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440
CustomIamInstanceProfile string The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance
Attribute Type Description
id string Identifier of the Cluster
Name string Name of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
Tags list Tags assigned to the Cluster
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
Status string Status of the Cluster
ComputeClass string Compute Class for nodes in the Cluster
VPC Reference to VPC VPC for the Cluster
Subnets Reference to Subnet Subnets for the Cluster
Access string Public or Private
AvailabilityZone string Availability Zone of the Cluster
Encrypted boolean Whether encryption is enabled
AutomatedSnapshotRetentionPeriod number Retention period in days for automated snapshot for the Cluster
LoggingEnabled boolean Whether access logging is enabled
Port number port number
KMSKey Reference to KMSKey KMS key used for encryption
AllowVersionUpgrade boolean Whether major version upgrades are automatically applied to the Cluster
ClusterParameterGroups list Parameter Groups associated with the Cluster
 id string ID
 NumWlmConfigs number Number of WLM configs for this cluster parameter group
 ClusterParameterGroup list Cluster Parameter Group
  ParameterName string Name of the parameter
  ParameterValue string Value of the parameter
EnhancedVpcRouting boolean An option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. If this option is true , enhanced VPC routing is enabled.
Attribute Type Description
id string vpc id
Name string vpc name
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
Tags list Tags properties
 Name string Key
 Value string Value
Status string State of VPC
NetworkACLs Reference to NetworkACL Network ACL
Subnets Reference to Subnet Subnets
InternetGateways list Internet Gateways
 id string Internet Gateways
NATGateways list NAT Gateways
 id string NAT Gateways
PeeringConnections list Peering Connections
 id string Peer Connections
RouteTables Reference to RouteTable Route Tables
FlowLogs Reference to VPCFlow Flow Logs
SecurityGroups Reference to SecurityGroup Security Groups
Endpoints list Endpoints
CidrBlock ip CidrBlock
IPv6CidrBlock list CidrBlock
DHCPOptions string DHCP Options
DnsHostnameEnabled boolean Enables public DNS hostnames in the VPC
DnsSupportEnabled boolean Enables DNS resolution in the VPC
IsDefault boolean Indicates whether the VPC is the default VPC
Attribute Type Description
id string Identifier of the Endpoint
Name string Name of the Endpoint
RegionName string Name of region in which the Endpoint resides
RegionId string ID of region in which the Endpoint resides
AccountName string Name of account containing the Endpoint
AccountId string ID of account containing the Endpoint
Tags list Tags assigned to the Endpoint
 Name string Tag key
 Value string Tag value
Type string The type of endpoint. ( Interface | Gateway | GatewayLoadBalancer )
VPC Reference to VPC The VPC to which the endpoint is associated
ServiceName string The name of the service to which the endpoint is associated
State string The state of the VPC endpoint
PolicyDocument string The policy document associated with the endpoint, if applicable
RouteTables Reference to RouteTable (Gateway endpoint) One or more route tables associated with the endpoint
Subnets Reference to Subnet (Interface endpoint) One or more subnets in which the endpoint is located
SecurityGroups Reference to SecurityGroup (Interface endpoint) Information about the security groups that are associated with the network interface
PrivateDnsEnabled boolean (Interface endpoint) Indicates whether the VPC is associated with a private hosted zone
RequesterManaged boolean Indicates whether the VPC endpoint is being managed by its service
NetworkInterfaces Reference to NetworkInterface (Interface endpoint) One or more network interfaces for the endpoint
DnsEntries list (Interface endpoint) The DNS entries for the endpoint
 DnsName string The DNS name
 HostedZoneId string The ID of the private hosted zone
CreationTime number VPC endpoint created time in epoch
LastErrorMessage string The last error that occurred for VPC endpoint
Attribute Type Description
id string ID of the Security Group
Name string Name of the Security Group
RegionName string Name of region in which the Security Group resides
RegionId string ID of region in which teh Security Group resides
AccountName string Name of account containing the Security Group
AccountId string ID of account containing the Security Group
Tags list Tags associated with the Security Group
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
VPC Reference to VPC VPC for the Security Group
EC2Instances Reference to EC2Instance EC2 Instances that the Security Group applies to
NetworkInterfaces Reference to NetworkInterface Network Interfaces that the Security Group applies to
InboundRules list Inbound rules of the Security Group
 FromPort number Starting port number
 ToPort number Ending port number
 Protocol string IP protocol name or number
 IPRanges list IPv4 ranges
  IP ip IPv4 CIDR range
  Description string Description for the Security Group rule that references this IPv4 address range
 IPv6Ranges list IPv6 ranges
  IPv6 ip IPv6 (cidr format)
  Description string Description for the security group rule that references this IPv6 address range
OutboundRules list Outbound rules of the Security Group
 FromPort number Starting port number
 ToPort number Ending port number
 Protocol string IP protocol name or number
 IPRanges list IPv4 ranges
  IP ip IPv4 CIDR range
  Description string Description for the security group rule that references this IPv4 address range
 IPv6Ranges list IPv6 ranges
  IPv6 ip IPv6 (cidr format)
  Description string Description for the security group rule that references this IPv6 address range
Attribute Type Description
id string ID of the Subnet
Name string Name
RegionName string Subnet Region Name
RegionId string Subnet Region ID
AccountName string AWS Account Name
AccountId string AWS Account ID
Tags list Tags associated with Subnet
 Name string Key
 Value string Value
CreationDate number Subnet creation timestamp
VPC Reference to VPC VPC id
Status string Status of the Subnet
MapPublicIpOnLaunch boolean Indicates whether instances launched in this subnet receive a public IPv4 address
DefaultForAz boolean Indicates whether this is the default subnet for the Availability Zone
AvailableIpAddressCount number The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any stopped instances are considered unavailable
AssignIpv6AddressOnCreation boolean Indicates whether a network interface created in this subnet (including a network interface created by RunInstances ) receives an IPv6 address
AvailabilityZone string Availability Zone
CidrBlock ip Cidr Block
IPv6CidrBlock list CidrBlock
Attribute Type Description
id string ID of the Network Interface
Name string Name of the Network Interface
RegionName string Name of region in which the Network Interface resides
RegionId string ID of region in which the Network Interface resides
AccountName string Name of account containing the Network Interface
AccountId string ID of account containing the Network Interface
Type string Type of interface. Possible values are 'interface' and 'natGateway'
Tags list Tags associated with the Network Interface
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
VPC Reference to VPC VPC for the Network Interface
Subnet Reference to Subnet Subnet for the Network Interface
Status string State of the Network Interface
AvailabilityZone string Availability Zone for the Network Interface
SecurityGroups Reference to SecurityGroup Security Groups for the Network Interface
PrivateIpAddress list Private IPv4 addresses of the Network Interface
PrivateDnsName list Private DNS
PrivateIpAddressPrimary ip The IPv4 address of the network interface within the subnet.
PrivateDnsNamePrimary string Private DNS
PrivateIpAddresses list The private IPv4 addresses associated with the network interface.
 Association sequence The association information for an Elastic IP address (IPv4) associated with the network interface.
  AllocationId string The allocation ID.
  AssociationId string The association ID.
  IpOwnerId string The ID of the Elastic IP address owner.
  PublicDnsName string The public DNS name.
  PublicIp ip The address of the Elastic IP address bound to the network interface.
  CustomerOwnedIp ip The customer-owned IP address associated with the network interface.
  CarrierIp ip The carrier IP address associated with the network interface.
 Primary boolean Indicates whether this IPv4 address is the primary private IPv4 address of the network interface.
 PrivateDnsName string The private DNS name.
 PrivateIpAddress ip The private IPv4 address.
Association sequence The association information for an Elastic IP address (IPv4) associated with the network interface.
 AllocationId string The allocation ID.
 AssociationId string The association ID.
 IpOwnerId string The ID of the Elastic IP address owner.
 PublicDnsName string The public DNS name.
 PublicIp ip The address of the Elastic IP address bound to the network interface.
 CustomerOwnedIp ip The customer-owned IP address associated with the network interface.
 CarrierIp ip The carrier IP address associated with the network interface.
Attachment sequence The network interface attachment.
 AttachTime number The timestamp indicating when the attachment initiated.
 AttachmentId string The ID of the network interface attachment.
 DeleteOnTermination boolean Indicates whether the network interface is deleted when the instance is terminated.
 DeviceIndex number The device index of the network interface attachment on the instance.
 NetworkCardIndex number The index of the network card.
 InstanceId string The ID of the instance.
 InstanceOwnerId string The Amazon Web Services account ID of the owner of the instance.
 Status string The attachment state (attaching | attached | detaching | detached)
Description string A description.
Ipv6Addresses list The IPv6 addresses associated with the network interface.
 Ipv6Address ip The IPv6 address.
MacAddress string The MAC address.
OutpostArn string The Amazon Resource Name (ARN) of the Outpost.
OwnerId string The Amazon Web Services account ID of the owner of the network interface.
Ipv4Prefixes list The IPv4 prefixes that are assigned to the network interface.
 Ipv4Prefix string The IPv4 prefix.
Ipv6Prefixes list The IPv6 prefixes that are assigned to the network interface.
 Ipv6Prefix string The IPv6 prefix.
RequesterId string The alias or Amazon Web Services account ID of the principal or service that created the network interface.
RequesterManaged boolean Indicates whether the network interface is being managed by Amazon Web Services.
SourceDestCheck boolean Indicates whether source/destination checking is enabled.
DenyAllIgwTraffic string Indicates whether a network interface with an IPv6 address is unreachable from the public internet.
Ipv6Native boolean Indicates whether this is an IPv6 only network interface.
Ipv6Address ip The IPv6 globally unique address associated with the network interface.
Attribute Type Description
id string ID of the Route Table
Name string ID of the route table
RegionName string Name of region in which the Route Table resides
RegionId string ID of region in which the Route Table resides
AccountName string Name of account containing the Route Table
AccountId string ID of account containing the Route Table
Tags list Tags associated with the Route Table
 Name string Tag key
 Value string Tag value
VPC Reference to VPC VPC for the Route Table
Subnets Reference to Subnet Subnets for the Route Table
Routes list Routes in the Route Table
 DestinationCidrBlock ip IPv4 CIDR block for destination match
 DestinationIPv6CidrBlock ip IPv6 CIDR block for destination match
 State string State of the route entry
 VPCPeeringConnection sequence VPC peering connection for the route entry
  id string ID
Attribute Type Description
id string ID of the Network ACL
Name string Name of the Network ACL
RegionName string Name of region in which the Network ACL resides
RegionId string ID of region in which the Network ACL resides
AccountName string Name of account containing the Network ACL
AccountId string ID of account containing the Network ACL
Tags list Tags assigned to the Network ACL
 Name string Tag key
 Value string Tag value
VPC Reference to VPC VPC for the Network ACL
Subnets Reference to Subnet Subnets associated with theh Network ACL
IsDefault boolean Whether this is the default Network ACL for the VPC
Rules list Rule Entries in the Network ACL
 RuleNumber number Rule number of the entry
 Protocol string Protocol
 Egress boolean Whether egress rule
 CidrBlock ip IPV4 network range
 RuleAction string Action to take. Allow or Deny
 FromPort number Starting port number
 ToPort number Ending port number
Attribute Type Description
id string Amazon Resource Number of the Load Balancer
Name string Name of the Load Balancer
RegionName string Name of region in which the Load Balancer resides
RegionId string ID of region in which the Load Balancer resides
AccountName string Name of account containing the Load Balancer
AccountId string ID of account containing the Load Balancer
Tags list Tags assigned to the Load Balancer
 Name string Tag key
 Value string Tag value
CreationDate number Creation date
Status string State of the Load Balancer
Scheme string Scheme of the Load Balancer
Type string Type of the Load Balancer. ( 'application' | 'network' | 'gateway')
VPC Reference to VPC VPC for the Load Balancer
Subnets Reference to Subnet Subnets for the Load Balancer
SecurityGroups Reference to SecurityGroup Security groups for the Load Balancer
AvailabilityZone list Availability Zones for the Load Balancer
IpAddressType string The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses)
DeletionProtection boolean (Application, Network, Gateway) Whether deletion protection is enabled for the Load Balancer
AccessLogsEnabled boolean (Application, Network) Whether access log are enabled for the Load balancer
AccessLogsS3Bucket Reference to S3Bucket (Application, Network) The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket
AccessLogsS3Prefix string (Application, Network) The prefix for the location in the S3 bucket for the access logs
Ipv6DenyAllIgwTraffic boolean (Application, Network) Blocks internet gateway (IGW) access to the load balancer. It is set to false for internet-facing load balancers and true for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway
IdleTimeoutInSeconds number (Application) The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds
RoutingHttpDesyncMitigationMode string (Application) Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor , defensive , and strictest . The default is defensive
RoutingHttpDropInvalidHeaderFieldsEnabled boolean (Application) Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true ) or routed to targets (false )
RoutingHttpXAmznTlsVersionAndCipherSuiteEnabled boolean (Application) Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are true and false . The default is false
RoutingHttpXffClientPortEnabled boolean (Application) Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false . The default is false
RoutingHttp2Enabled boolean (Application) Indicates whether HTTP/2 is enabled. The possible values are true and false . The default is true . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens
WafFailOpenEnabled boolean (Application) Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are true and false . The default is false
LoadBalancingCrossZoneEnabled boolean (Gateway) Indicates whether cross-zone load balancing is enabled. The possible values are true and false . The default is false
SslPolicy string (HTTPS or TLS listener) Security policy that defines which ciphers and protocols are supported
Listeners list Information about the listeners
 ListenerArn string The Amazon Resource Name (ARN) of the listener
 Port number The port on which the load balancer is listening
 Protocol string The protocol for connections from clients to the load balancer
 Certificates list (HTTPS or TLS listener) The default certificate for the listener
  CertificateArn string The Amazon Resource Name (ARN) of the certificate
  IsDefault boolean Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates
 DefaultActions list The default actions for the listener.
  Type string The type of action.
  TargetGroupArn string The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead
  AuthenticateOidcConfig sequence (HTTPS listeners) Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc
   Issuer string The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path
   AuthorizationEndpoint string The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path
   TokenEndpoint string The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path
   UserInfoEndpoint string The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path
   ClientId string The OAuth 2.0 client identifier
   ClientSecret string The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
   SessionCookieName string The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie
   Scope string The set of user claims to be requested from the IdP. The default is openid
   SessionTimeout number The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days)
   AuthenticationRequestExtraParams sequence The query parameters (up to 10) to include in the redirect request to the authorization endpoint
   OnUnauthenticatedRequest string The behavior if the user is not authenticated. ( deny | allow | authenticate )
   UseExistingClientSecret boolean Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false
  AuthenticateCognitoConfig sequence (HTTPS listeners) Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito
   UserPoolArn string The Amazon Resource Name (ARN) of the Amazon Cognito user pool
   UserPoolClientId string The ID of the Amazon Cognito user pool client
   UserPoolDomain string The domain prefix or fully-qualified domain name of the Amazon Cognito user pool
   SessionCookieName string The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie
   Scope string The set of user claims to be requested from the IdP. The default is openid
   SessionTimeout number The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days)
   AuthenticationRequestExtraParams sequence The query parameters (up to 10) to include in the redirect request to the authorization endpoint
   OnUnauthenticatedRequest string The behavior if the user is not authenticated. ( deny | allow | authenticate )
  Order number The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first
  RedirectConfig sequence (Application Load Balancer) Information for creating a redirect action. Specify only when Type is redirect .
   Protocol string The protocol. You can specify HTTP, HTTPS, or {protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
   Port number The port. You can specify a value from 1 to 65535 or {port}.
   Host string The hostname. This component is not percent-encoded. The hostname can contain {host}.
   Path string The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain {host}, {path}, and {port}
   Query string The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords
   StatusCode string The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302)
  FixedResponseConfig sequence (Application Load Balancer) Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response
   MessageBody string The message
   StatusCode string The HTTP response code (2XX, 4XX, or 5XX)
   ContentType string The content type.( text/plain | text/css | text/html | application/javascript | application/json )
  ForwardConfig sequence Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward . If you specify both ForwardConfig and TargetGroupArn , you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn
   TargetGroups list One or more target groups. For Network Load Balancers, you can specify a single target group
    TargetGroupArn string The Amazon Resource Name (ARN) of the target group
    Weight number The weight. The range is 0 to 999
   TargetGroupStickinessConfig sequence The target group stickiness for the rule
    Enabled boolean Indicates whether target group stickiness is enabled
    DurationSeconds number The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days)
 AlpnPolicy list (TLS listener) The name of the Application-Layer Protocol Negotiation (ALPN) policy
Attribute Type Description
id string Flow Log ID
Name string Flow Log ID
RegionName string Name of region in which the Flow Log resides
RegionId string ID of region in which the Flow Log resides
AccountName string Name of account containing the Flow Log
AccountId string ID of account containing the Flow Log
CreationDate number Creation date
VPC Reference to VPC VPC on which Flow Log was created
TrafficType string Type of traffic captured for the Flow Log
Status string Status of the Flow Log
DeliverLogsStatus string The status of the logs delivery (SUCCESS | FAILED ).
DeliverLogsErrorMessage string Information about the error that occurred (Rate limited, Access error, Unknown error).
Attribute Type Description
id string Amazon Resource Number (ARN) of the Alarm
Name string Name of the Alarm
RegionName string Name of region in which the Alarm resides
RegionId string ID of region in which the Alarm resides
AccountName string Name of account containing the Alarm
AccountId string ID of account containing the Alarm
CreationDate number Creation date
Status string State of the Alarm
AlarmActions list Actions to take on alarm
 SNSTopic Reference to SNSTopic SNS Topic to notify on alarm
Attribute Type Description
id string Amazon resource number
Name string Trail name
RegionName string Name of region in which the Trail resides
RegionId string ID of region in which the Trail resides
AccountName string Name of account containing the Trail
AccountId string ID of account containing the Trail
Tags list Tags associated with the Trail
 Name string Tag key
 Value string Tag value
MultiRegionTrailEnabled boolean Whether the Trail applies to all regions
LogFileValidationEnabled boolean Whether Log file validation is enabled for the Trail
LoggingEnabled boolean Whether the Trail is currently logging API calls
LatestDeliveryError string S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket
LatestNotificationError string SNS error that CloudTrail encountered when attempting to send a notification
S3Bucket Reference to S3Bucket S3 bucket to which CloudTrail delivers the Trail files
S3KeyPrefix string Prefix to the log file stored by the Trail in S3 bucket
SNSTopic Reference to SNSTopic SNS topic that the Trail uses to send notifications on log file delivery
LogGroup Reference to CloudWatchLogGroup CloudWatch Log Group to which the Trail logs are delivered
KMSKey Reference to KMSKey KMS key to encrypt the Trail logs delivered by CloudTrail
GlobalServiceEvents boolean Whether API calls from AWS global services such as IAM are included
Attribute Type Description
id string Amazon resource name of the Log Group
Name string Name of the Log Group
RegionName string Name of region in which the Log Group resides
RegionId string ID of region in which the Log Group resides
AccountName string Name of account containing the Log Group
AccountId string ID of account containing the Log Group
CreationDate number Creation Date of the Log Group
Tags list Tags associated with the Log Group
 Name string Tag key
 Value string Tag value
Retention number Number of days to retain the log events in the Log Group
StoredBytes number Number of bytes stored in the Log Group
MetricFilters list Metric Filters for the Log Group
 Name string Name of the Metric Filter
 FilterPattern string Filter pattern
 Transformations list Metric transformations to transform ingested log events in to metric data
  MetricName string Name of the Cloudwatch Metric
  MetricValue string Value to publish to the Cloudwatch Metric
  DefaultValue string Value to emit when a filter pattern does not match a log event
  MetricAlarms Reference to MetricAlarm Metric Alarms
Attribute Type Description
id string Identifier of the Code Build
Name string Name of the Code Build
RegionName string Name of region in which the Code Build resides
RegionId string ID of region in which the Code Build resides
AccountName string Name of account containing the Code Build
AccountId string ID of account containing the Code Build
Tags list Tags assigned to the Code Build
 Name string Tag key
 Value string Tag value
Description string A description that makes the build project easy to identify
Source sequence Information about the build input source code for this build project
 Type string The type of repository that contains the source code to be built. ( BITBUCKET | CODECOMMIT | CODEPIPELINE | GITHUB | GITHUB_ENTERPRISE | NO_SOURCE | S3 )
 Location string Information about the location of the source code to be built.
 GitCloneDepth number Information about the Git clone depth for the build project
 IsFetchGitSubmodulesConfigured boolean Information about the Git submodules configuration for the build project
 Buildspec string The buildspec file declaration to use for the builds in this build project. If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket
 Auth sequence Information about the authorization settings for CodeBuild to access the source code to be built.
  Type string The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
  Resource string The resource value that applies to the specified authorization type
 ReportBuildStatus boolean Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket.
 BuildStatusConfig sequence Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
  Context string Specifies the context of the build status CodeBuild sends to the source provider.
  TargetUrl string Specifies the target url of the build status CodeBuild sends to the source provider
 InsecureSsl boolean Enable this flag to ignore SSL warnings while connecting to the project source code
 SourceIdentifier string An identifier for this project source
SecondarySources list An array of ProjectSource objects.
 Type string The type of repository that contains the source code to be built. ( BITBUCKET | CODECOMMIT | CODEPIPELINE | GITHUB | GITHUB_ENTERPRISE | NO_SOURCE | S3 )
 Location string Information about the location of the source code to be built.
 GitCloneDepth number Information about the Git clone depth for the build project
 IsFetchGitSubmodulesConfigured boolean Information about the Git submodules configuration for the build project
 Buildspec string The buildspec file declaration to use for the builds in this build project. If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket
 Auth sequence Information about the authorization settings for CodeBuild to access the source code to be built.
  Type string The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
  Resource string The resource value that applies to the specified authorization type
 ReportBuildStatus boolean Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket.
 BuildStatusConfig sequence Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
  Context string Specifies the context of the build status CodeBuild sends to the source provider.
  TargetUrl string Specifies the target url of the build status CodeBuild sends to the source provider
 InsecureSsl boolean Enable this flag to ignore SSL warnings while connecting to the project source code
 SourceIdentifier string An identifier for this project source
SourceVersion string A version of the build input to be built for this project.
SecondarySourceVersions list An array of ProjectSourceVersion objects.
 SourceIdentifier string An identifier for a source in the build project
 SourceVersion string The source version for the corresponding source identifier.
Artifacts sequence Information about the build output artifacts for the build project
 Type string The type of build output artifact ( CODEPIPELINE | NO_ARTIFACTS | S3 )
 Location string Information about the build output artifact location.
 Path string Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact. For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
 NamespaceType string Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact. For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts//MyArtifact.zip . ( BUILD_ID | NONE )
 Name string Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact. For example, a) If path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , then the output artifact is stored in MyArtifacts//MyArtifact.zip. b) If path is empty, namespaceType is set to NONE , and name is set to "/ ", the output artifact is stored in the root of the output bucket. c) If path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to "/ ", the output artifact is stored in MyArtifacts/
 Packaging string The type of build output artifact. (NONE | ZIP)
 OverrideArtifactName boolean If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique
 EncryptionDisabled boolean Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3.
 ArtifactIdentifier string An identifier for this artifact definition
 BucketOwnerAccess string Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. ( NONE | READ_ONLY | FULL )
SecondaryArtifacts list An array of ProjectArtifacts objects
 Type string The type of build output artifact ( CODEPIPELINE | NO_ARTIFACTS | S3 )
 Location string Information about the build output artifact location.
 Path string Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact. For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
 NamespaceType string Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact. For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts//MyArtifact.zip . ( BUILD_ID | NONE )
 Name string Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact. For example, a) If path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , then the output artifact is stored in MyArtifacts//MyArtifact.zip. b) If path is empty, namespaceType is set to NONE , and name is set to "/ ", the output artifact is stored in the root of the output bucket. c) If path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to "/ ", the output artifact is stored in MyArtifacts/
 Packaging string The type of build output artifact. (NONE | ZIP)
 OverrideArtifactName boolean If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique
 EncryptionDisabled boolean Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3.
 ArtifactIdentifier string An identifier for this artifact definition
 BucketOwnerAccess string Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. ( NONE | READ_ONLY | FULL )
Cache sequence Information about the cache for the build project
 Type string The type of cache used by the build project. ( NO_CACHE | S3 | LOCAL)
 Location string Information about the cache location
 Modes list An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types. ( LOCAL_SOURCE_CACHE | LOCAL_DOCKER_LAYER_CACHE )
Environment sequence Information about the build environment for this build project
 Type string The type of build environment to use for related builds.
 Image string The image tag or image digest that identifies the Docker image to use for this build project
 ComputeType string Information about the compute resources the build project uses.
 EnvironmentVariables list A set of environment variables to make available to builds for this build project
  Name string The name or key of the environment variable
  Value string The value of the environment variable
  Type string The type of environment variable. ( PARAMETER_STORE | PLAINTEXT | SECRETS_MANAGER )
 PrivilegedMode boolean Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
 Certificate string The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project
 RegistryCredential sequence The credentials for access to a private registry
  Credential string The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager
  CredentialProvider string The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager
 ImagePullCredentialsType string The type of credentials CodeBuild uses to pull images in your build. ( CODEBUILD | SERVICE_ROLE )
ServiceRole Reference to IAMRole The IAM role that enables CodeBuild to interact with dependent Amazon Web Services services on behalf of the Amazon Web Services account
TimeoutInMinutes number How long, in minutes, from 5 to 480 (8 hours), for CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes
QueuedTimeoutInMinutes number The number of minutes a build is allowed to be queued before it times out
EncryptionKey string The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts. You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/ ). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).
Created number When the build project was created
LastModified number When the build project's settings were last modified
Webhook sequence Information about a webhook that connects repository events to a build project in CodeBuild
 URL string The URL to the webhook
 PayloadUrl string The CodeBuild endpoint where webhook events are sent
 Secret string The secret token of the associated repository. A Bitbucket webhook does not support secret
 BranchFilter string A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built
 FilterGroups list An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type. For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
  Type string The type of webhook filter. ( EVENT | ACTOR_ACCOUNT_ID | HEAD_REF | BASE_REF | FILE_PATH | COMMIT_MESSAGE )
  Pattern string For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build. For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name
  ExcludeMatchedPattern boolean Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
 BuildType string Specifies the type of build this webhook will trigger
 LastModifiedSecret number A timestamp that indicates the last time a repository's secret token was modified
VPC Reference to VPC VPC on which CodeBuild was associated
Subnets Reference to Subnet Subnets on which CodeBuild was associated
SecurityGroups Reference to SecurityGroup Security Group on which CodeBuild was associated
Badge sequence Information about the build badge for the build project
 BadgeEnabled boolean Set this to true to generate a publicly accessible URL for your project's build badge
 BadgeRequestUrl string The publicly-accessible URL through which you can access the build badge for your project
LogsConfig sequence Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both
 CloudWatchLogs sequence Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default
  Status string The current status of the logs in CloudWatch Logs for a build project. ( ENABLED | DISABLED )
  GroupName string The group name of the logs in CloudWatch Logs
  StreamName string The prefix of the stream name of the CloudWatch Logs
 S3Logs sequence Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default
  Status string The current status of the S3 build logs. ( ENABLED | DISABLED )
  Location string The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log
  EncryptionDisabled boolean Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted
  BucketOwnerAccess string Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. ( NONE | READ_ONLY | FULL )
FileSystemLocations list An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System
 Type string The type of the file system. The one supported type is EFS
 Location string A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory
 MountPoint string The location in the container where you mount the file system
 Identifier string The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS. The identifier is used to mount your file system.
 MountOptions string The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2
BuildBatchConfig sequence A ProjectBuildBatchConfig object that defines the batch build options for the project
 ServiceRole string Specifies the service role ARN for the batch build project
 CombineArtifacts boolean Specifies if the build artifacts for the batch build should be combined into a single artifact location
 Restrictions sequence A BatchRestrictions object that specifies the restrictions for the batch build
  MaximumBuildsAllowed number Specifies the maximum number of builds allowed
  ComputeTypesAllowed list An array of strings that specify the compute types that are allowed for the batch build
 TimeoutInMins number Specifies the maximum amount of time, in minutes, that the batch build must be completed in
 BatchReportMode string Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider. ( REPORT_AGGREGATED_BATCH | REPORT_INDIVIDUAL_BUILDS )
 ConcurrentBuildLimit number The maximum number of concurrent builds that are allowed for this project.
 ProjectVisibility string Specifies the visibility of the project's builds. ( PUBLIC_READ | PRIVATE )
 PublicProjectAlias string Contains the project identifier used with the public build APIs
 ResourceAccessRole string The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds
Attribute Type Description
id string Identifier of the Source Credentials
Name string Name of the Source Credentials
RegionName string Name of region in which the Source Credentials resides
RegionId string ID of region in which the Source Credentials resides
AccountName string Name of account containing the Source Credentials
AccountId string ID of account containing the Source Credentials
ServerType string The type of source provider. ( GITHUB | GITHUB_ENTERPRISE | BITBUCKET )
AuthType string The type of authentication used by the credentials. ( OAUTH | BASIC_AUTH | PERSONAL_ACCESS_TOKEN )
Attribute Type Description
id string Unique identifier of the Stack
Name string Name associated with the Stack
RegionName string Name of region in which the Stack resides
RegionId string ID of region in which the Stack resides
AccountName string Name of account containing the Stack
AccountId string ID of account containing the Stack
Tags list Tags associated with the Stack
 Name string Tag key
 Value string Tag value
CreationDate number Creation Date
StackPolicy sequence Stack Policy
 Statements list Statement
  Effect string Policy Effect. Can be 'Allow' or 'Deny'
  Action list Policy Actions
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
Status string Status of the Stack
StackRole Reference to IAMRole Role attached to Stack
Attribute Type Description
id string Key ID
Name string Key Name
Arn string Amazon resource number(ARN) of the Key
RegionName string Name of region in which the Key resides
RegionId string ID of region in which the Key resides
AccountName string Name of account containing the Key
AccountId string ID of account containing the Key
CreationDate number Creation date
Tags list Tags assigned to the Key
 Name string Tag key
 Value string Tag value
Status string State of the Key
Description string Key description
Enabled boolean Whether Key is enabled
RotationEnabled boolean Whether automatic key rotation is enabled
KeyManager string The manager of the CMK. CMKs in your AWS account are either customer managed or AWS managed
Attribute Type Description
id string Amazon resource number
Name string Topic display name
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
Owner string AWS account ID of the topic's owner
Subscriptions list Requester's subscriptions
 Arn string Amazon resource number
 Owner string Subscription's owner
 Protocol string Subscription's protocol
 Endpoint string Subscription's endpoint
Policy sequence Policies for SNS
 Id string Id of the policy
 Version string Policy version
 Statement list statements of policy
  Sid string Id of statement
  Effect string Allow or Deny
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
KmsMasterKeyId string The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK
Attribute Type Description
id string Identity Name
Name string Identity Name
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
CreationDate number Creation Date
Policy list Policy for Identity
 Name string Id of the policy
 Version string Policy version
 Statement list Statements of policy
  Sid string Id of statement
  Effect string Effect of the statement
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
ProductionAccessEnabled boolean Indicates whether or not the account has production access in the current Amazon Web Services Region.
DedicatedIpAutoWarmupEnabled boolean Indicates whether or not the automatic warm-up feature is enabled for dedicated IP addresses that are associated with the current account.
EnforcementStatus string The reputation status of the current Amazon SES account (HEALTHY | PROBATION | SHUTDOWN).
SendQuota sequence Contains information about the per-day and per-second sending limits for the current Amazon SES account in the current Amazon Web Services Region.
 Max24HourSend number The maximum number of emails that you can send in the current Amazon Web Services Region over a 24-hour period.
 MaxSendRate number The maximum number of emails that can be sent per second in the current Amazon Web Services Region.
 SentLast24Hours number The number of emails sent from the current Amazon SES account in the current Amazon Web Services Region over the past 24 hours.
SendingEnabled boolean Indicates whether or not email sending is enabled for the current Amazon SES account in the current Amazon Web Services Region.
SuppressionAttributes sequence Contains information about the email address suppression preferences for the current account in the current Amazon Web Services Region.
 SuppressedReasons list A list that contains the reasons that email addresses will be automatically added to the suppression list for the current account (BOUNCE | COMPLAINT).
Details sequence Defines the current account details.
 MailType string The type of email the current account is sending (MARKETING | TRANSACTIONAL).
 WebsiteURL string The URL of the current website.
 ContactLanguage string The language you would prefer for the case (EN|JA).
 UseCaseDescription string A description of the types of email that you plan to send.
 AdditionalContactEmailAddresses list Additional email addresses where updates are sent about the current account review process.
 ReviewDetails sequence Information about the review of the latest details you submitted.
  Status string The status of the latest review of the current account (PENDING | FAILED | GRANTED | DENIED).
  CaseId string The associated support center case ID.
Attribute Type Description
id string Name of the Queue
Name string Name of the Queue
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
CreationDate number Creation Date
Tags list Tags properties
 Name string Key
 Value string Value
SQSPolicy list Policies for SQS
 Id string Id of the policy
 Version string Policy version
 Statement list statements of policy
  Sid string Id of statement
  Effect string Allow or Deny
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
KmsMasterKeyId string The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK
SqsManagedSseEnabled boolean Returns information about whether the queue is using SSE-SQS encryption using SQS owned encryption keys
Attribute Type Description
id string Name of the user
Name string Name of the user
AccountName string Name of account containing the User
AccountId string ID of account containing the User
CreationDate number Creation date
MFAActive boolean Whether multi-factor authentication(MFA) device has been enabled for the User
RootUser boolean True if user is root
Tags list Tags assigned to the IAMUser
 Name string Tag key
 Value string Tag value
MFADevices sequence Multi-factor authentication(MFA) Devices
 id string ID
 Physical list Physical MFA devices
  SerialNumber string Serial number
  EnabledTime number Time when MFA device was enabled
 Virtual list Virtual MFA devices
  SerialNumber string Serial number
  EnabledTime number Time when MFA device was enabled
Password sequence User password settings
 Enabled boolean Password enabled for the User
 LastUsedTime number Password last used time
 LastChangedTime number Password last changed time
 NextRotationTime number Time when the password needs to be changed next
SSHPublicKeys list SSH public keys associated with the IAM user
 SSHPublicKeyId string The unique identifier for the SSH public key
 Status string The status of the SSH public key. (Active|Inactive)
 UploadTime number SSH public key uploaded time
ActiveSSHPublicKeysCount number Count of active SSH public keys associated with the IAM user
InactiveSSHPublicKeysCount number Count of inactive SSH public keys associated with the IAM user
AccessKey list User access key settings
 Active boolean Access key active for the User
 CreatedTime number Access key creation time
 CreatedByDefault boolean Access key created by default for the User
 LastRotatedTime number Access key last changed time
 LastUsedTime number Access key last used time
 LastUsedRegion string Access key last used region
 LastUsedService string Access key last used service
Policies sequence Policies attached to the User
 id string ID
 Managed Reference to IAMPolicy Managed policies attached to the User
 Inline list Inline policies for the User
  id string ID
  PolicyDocument sequence Policy document
   Version string Policy version
   Statements list Permission statements
    Effect string Effect of the statement
    Action list Actions affected by the statement
     value string Resource
    Resource list Resources affected by the statement
     value string Resource
    NotAction list Actions exempted by the statement
     value string Action
    NotResource list Resources exempted by the statement
     value string Resource
    Conditions list Condition for statement
     Condition string Conditon type
     Name string Key name
     Value list Key Value
Groups Reference to IAMGroup Groups the User belongs to
Attribute Type Description
id string ID of the Group
Name string Name of the Group
AccountName string Name of account containing the Group
AccountId string ID of account containing the Group
CreationDate number Creation date
Path string Path to the Group
GroupPolicy sequence Policies of groups
 id string ID
 InlinePolicies list Inline policies for the role
  PolicyName string Policy Name
  PolicyDocument sequence Policy document
   Version string Policy version
   Statement list statements of policy
    Effect string Allow or Deny
    Action list Actions affected by the statement
     value string Resource
    Resource list Resources affected by the statement
     value string Resource
    NotAction list Actions exempted by the statement
     value string Action
    NotResource list Resources exempted by the statement
     value string Resource
    Conditions list Condition for owner or ARN
     Condition string Conditon type
     Name string Key name
     Value list Key Value
 ManagedPolicies Reference to IAMPolicy Managed policies for the role
Attribute Type Description
id string Role ID
Name string Role name
AccountName string Account name
AccountId string Account id
CreationDate number Time of role creation
LastUsedTime number Time of role last usage
Description string Description of the IAMRole
Tags list Tags assigned to the IAMRole
 Name string Tag key
 Value string Tag value
Policies sequence Policies attached to role
 id string Policy id - role name
 Managed Reference to IAMPolicy Managed policies attached to the role
 Inline list Inline policies for the role
  id string ID
  PolicyDocument sequence Policy document
   Version string Policy version
   Statements list Permission statements
    Effect string Effect of the statement
    Action list Actions affected by the statement
     value string Resource
    Resource list Resources affected by the statement
     value string Resource
    NotAction list Actions exempted by the statement
     value string Action
    NotResource list Resources exempted by the statement
     value string Resource
    Conditions list Condition for statement
     Condition string Conditon type
     Name string Key name
     Value list Key Value
AssumeRolePolicy sequence Policy that grants entity to assume role
 Version string Document Version
 CrossAccountArn boolean True if it has Cross Account id in the principal else false
 Statement list Document Statement
  Action string Policy action
  Principal sequence Policy action
   Service list Service
   AWS list AWS
   Federated list Federated
  Effect string Policy effect
  SID string Policy service id (sid)
  Conditions list Condition for owner or ARN
   Condition string Conditon type
   Name string Key name
   Value list Key Value
InstanceProfile list Instance Profile for IAM Role
 Path string Path of profile
 InstanceProfileName string Name of the profile
 InstanceProfileId string Id of profile
 Arn string Path of profile
 InstanceCount number Count of EC2 Instances
TrustedIdentities list Trusted Identities of the IAMRole
Attribute Type Description
id string Amazon resource name (ARN) of the Policy
Name string Policy name
AccountName string Name of account containing the Policy
AccountId string ID of acocunt containing the Policy
CreationDate number Time of policy creation
Type string Type of the policy ( "AWS Managed" | "Customer Managed" )
Permissions sequence IAM Policy permissions
 id string ID
 Version string Policy version
 Statements list Permission statements
  Effect string Effect of the statement
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
AttachedEntities sequence List of entities the policy is attached to
 id string ID
 Users Reference to IAMUser IAM users the policy is attached to
 Roles Reference to IAMRole IAM roles the policy is attached to
 Groups Reference to IAMGroup IAM groups the policy is attached to
Attribute Type Description
id string Always 'PasswordPolicy'
Name string Always 'PasswordPolicy'
AccountName string Name of account containing the Password Policy
AccountId string ID of account containing the Password Policy
Configured boolean Whether Password Policy is configured
MinimumPasswordLength number Minimum length to require for IAM user passwords
RequireSymbols boolean Whether symbols are required in IAM user passwords
RequireNumbers boolean Whether numbers are required in IAM user passwords
RequireUppercaseCharacters boolean Whether Upper case characters are required in IAM user passwords
RequireLowercaseCharacters boolean Whether lower case characters are required in IAM user passwords
AllowUsersToChangePassword boolean Whether IAM users are allowed to change their own password
ExpirePasswords boolean Whether passwords are to expire
MaxPasswordAge number Number of days an IAM password is valid
PasswordReusePrevention number Number of previous passwords IAM users are prevented from reusing
HardExpiry boolean Whether IAM users are prevented from setting a new password after password expiry
Attribute Type Description
id string Name of Domain
Name string Name of Domain
RegionName string Region name
RegionId string Region id
AccountName string Account name
AccountId string Account id
CreationDate number Creation Date
Tags list Tags properties
 Name string Key
 Value string Value
AutoRenew boolean Whether the Domain registration is set to renew automatically
TransferLock boolean Whether the Domain is locked from unauthorized transfer to another party
Attribute Type Description
id string Name of Configuration Recorder
Name string Name of Configuration Recorder
RegionName string Name of region in which the Configuration Recorder resides
RegionId string ID of region in which the Configuration Recorder resides
AccountName string Name of account containing the Configuration Recorder
AccountId string ID of account containing the Configuration Recorder
Status boolean Recorder is recording or not
RecordingGroup sequence Types of resources for which AWS Config records configuration changes
 AllSupported boolean All resources supported by AWS Config
 IncludeGlobalResourceTypes boolean All global resources supported by AWS Config
 ResourceTypes list Types of resources being recorded
  Value string Resource type
Attribute Type Description
id string Delivery channel name
Name string Delivery channel name
RegionName string Name of region in which the channel resides
RegionId string ID of region in which the channel resides
AccountName string Name of account containing the channel
AccountId string ID of account containing the channel
S3Bucket Reference to S3Bucket S3 Bucket used by the delivery channel
SnapshotDelivery sequence Status of delivery of configuration snapshot
 LastSuccess boolean Last status was successful
HistoryDelivery sequence Status of delivery of configuration history
 LastSuccess boolean Last status was successful
StreamDelivery sequence Status of delivery of stream notification to SNS Topic
 LastSuccess boolean Last status was successful
Attribute Type Description
id string ARN of the function
Name string Name of the function
AdminPrivileges boolean Whether the lambda has administrative privileges
IAMRole Reference to IAMRole Role attached to the function
Environment list Environment variables for this lambda
 ParameterName string Name of the parameter
 ParameterValue string Value of the parameter
KMSKey Reference to KMSKey Key used to encrypt the environment variables
RegionName string Name of region in which the Function resides
RegionId string ID of region in which the Function resides
AccountName string Name of account containing the Function
AccountId string ID of account containing the Function
Tags list Tags assigned to the Function
 Name string Tag key
 Value string Tag value
Runtime string The runtime environment for the Lambda function
VpcConfig sequence The function's networking configuration
 Subnets Reference to Subnet A list of VPC subnets
 SecurityGroups Reference to SecurityGroup A list of VPC security groups
 VPC Reference to VPC VPC
DeadLetterConfig sequence The function's dead letter queue
 TargetArn string The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic
TracingConfigMode string The function's X-Ray tracing configuration mode ( Active | PassThrough )
RevisionId string The latest updated revision of the function or alias
Layers list None
 Arn string None
 CodeSize number None
 SigningProfileVersionArn string None
 SigningJobArn string None
State string The current state of the function. ( 'Pending' | 'Active' | 'Inactive' | 'Failed' )
LastUpdateStatus string The status of the last update that was performed on the function. This is first set to Successful after function creation completes
FileSystemConfigs list Details about the connection between a Lambda function and an Amazon EFS file system
 Arn string The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system
 LocalMountPath string The path where the function can access the file system, starting with /mnt/
PackageType string The type of deployment package. Set to Image for container image and set Zip for .zip file archive
SigningProfileVersionArn string The ARN of the signing profile version
SigningJobArn string The ARN of the signing job
Architectures list The instruction set architecture that the function supports. Architecture is a string array with one of the valid values. The default architecture value is x86_64
ResourceBasedIAMPolicy sequence The resource-based policy
 Version string Policy version
 Id string ID of the policy
 Statements list Permission statements
  Sid string Sid of the policy statement
  Effect string Effect of the statement
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
MultiAZ boolean Indicates whether the function is in multiple availability zones.
Attribute Type Description
id string ID of the table
Name string Name of the table
Arn string Arn of the table
SSEDescription sequence Server Side Encryption description for table
 Status string SSE status
 SSEType string SSE type
 KMSKey Reference to KMSKey Encryption key
PointInTimeRecovery string status of Point in Time Recovery for Table
BackedUp boolean Is the table backedup
CreationDateTime number Time of Table creation
RegionName string Name of region in which the Table resides
RegionId string ID of region in which the Table resides
AccountName string Name of account containing the Table
AccountId string ID of account containing the Table
Tags list Tags assigned to the Table
 Name string Tag key
 Value string Tag value
ScalableTargets list List of Application Auto Scaling scalable targets for DynamoDB.
 ServiceNamespace string The namespace of the Amazon Web Services service that provides the resource
 ResourceId string The identifier of the resource associated with the scalable target.
 ScalableDimension string The scalable dimension associated with the scalable target.
 MinCapacity number The minimum value to scale to in response to a scale-in activity.
 MaxCapacity number The maximum value to scale to in response to a scale-out activity.
 RoleARN Reference to IAMRole The ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf.
 CreationTime number The Unix timestamp for when the scalable target was created.
 SuspendedState sequence Specifies whether the scaling activities for a scalable target are in a suspended state.
  DynamicScalingInSuspended boolean Specified whether scale in by a target tracking scaling policy or a step scaling policy is suspended.
  DynamicScalingOutSuspended boolean Specified whether scale out by a target tracking scaling policy or a step scaling policy is suspended.
  ScheduledScalingSuspended boolean Specified whether scheduled scaling is suspended.
Attribute Type Description
id string ID of the Cluster
Name string Name of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
CreationDate number Creation date
Type string Instance Type
Status string Current state of the Cluster
Role Reference to IAMRole IAMRole associated to Cluster
EndPoint string Endpoint of the Cluster
VPC Reference to VPC VPC associated with the Cluster
Subnets Reference to Subnet Subnets to which network interfaces of the Instance belong to
SecurityGroups Reference to SecurityGroup SecurityGroups to which Clusters are assigned to
PlatformVersion string Platform version of Cluster
Logging sequence Logging info of the cluster
 ClusterLogging list Cluster logging
  Type list Type of logging
  Enabled boolean True or False
EndPointPublicAccess boolean End Point Public Access
EndPointPrivateAccess boolean End Point Private Access
PublicAccessCidrs list The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint.
 CidrBlock ip A CIDR block
EncryptionConfig list The encryption configuration for the cluster.
 Resources list Specifies the resources to be encrypted.
 KeyArn Reference to KMSKey ARN or alias of the KMS key.
FargateProfileNames list A list of all of the Fargate profiles associated with the specified cluster.
Attribute Type Description
id string ID of the Task Definition
Name string ID of the Task Definition
RegionName string Name of region in which the Task Definition resides
RegionId string ID of region in which the Task Definition resides
AccountName string Name of account containing the Task Definition
AccountId string ID of account containing the Task Definition
Tags list Tags properties
 Name string Key
 Value string Value
ContainerDefinitions list A list of container definitions in JSON format that describe the different containers that make up your task
 Name string The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers.
 Image string he image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either " repository-url /image :tag " or " repository-url /image @*digest* "
 RepositoryCredentialsParameter string The Amazon Resource Name (ARN) of the secret containing the private repository credentials
 CPU number The number of cpu units reserved for the container
 Memory number The amount (in MiB) of memory to present to the container.
 MemoryReservation number The soft limit (in MiB) of memory to reserve for the container
 Links list The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge . The name:internalName construct is analogous to name:alias in Docker links
 PortMappings list The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic. For task definitions that use the awsvpc network mode, only specify the containerPort . The hostPort can be left blank or it must be the same value as the containerPort. Port mappings on Windows use the NetNAT gateway address rather than localhost . There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself
  ContainerPort number The port number on the container that's bound to the user-specified or automatically assigned host port. If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort
  HostPort number The port number on the container instance to reserve for your container. If you use containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort
  Protocol string The protocol used for the port mapping. The default is tcp. ( 'tcp' | 'udp' )
 Essential boolean If the essential parameter of a container is marked as true , and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false , its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential
 EntryPoint list The entry point that's passed to the container
 Command list The command that's passed to the container
 Environment list The environment variables to pass to a container
  Name string The name of the key-value pair. For environment variables, this is the name of the environment variable
  Value string The value of the key-value pair. For environment variables, this is the value of the environment variable
 EnvironmentFiles list A list of files containing the environment variables to pass to a container
  Value string The Amazon Resource Name (ARN) of the Amazon S3 object containing the environment variable file
  Type string The file type to use. The only supported value is s3
 MountPoints list The mount points for data volumes in your container
  SourceVolume string The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume
  ContainerPath string The path on the container to mount the host volume at
  ReadOnly boolean If this value is true , the container has read-only access to the volume. If this value is false , then the container can write to the volume. The default value is false
 VolumesFrom list Data volumes to mount from another container
  SourceContainer string The name of another container within the same task definition to mount volumes from
  ReadOnly boolean If this value is true , the container has read-only access to the volume. If this value is false , then the container can write to the volume. The default value is false
 LinuxParameters sequence Linux-specific modifications that are applied to the container, such as Linux kernel capabilities. Note - This parameter is not supported for Windows containers
  Capabilities sequence The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker
   Add list The Linux capabilities for the container that have been added to the default configuration provided by Docker. ( "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM" )
   Drop list The Linux capabilities for the container that have been removed from the default configuration provided by Docker. ( "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM" )
  Devices list Any host devices to expose to the container
   HostPath string The path for the device on the host container instance
   ContainerPath string The path inside the container at which to expose the host device
   Permissions list The explicit permissions to provide to the container for the device. By default, the container has permissions for read , write , and mknod for the device
  InitProcessEnabled boolean Run an init process inside the container that forwards signals and reaps processes
  SharedMemorySize number The value for the size (in MiB) of the /dev/shm volume. Note - If you are using tasks that use the Fargate launch type, the sharedMemorySize parameter is not supported
  Tmpfs list The container path, mount options, and size (in MiB) of the tmpfs mount
   ContainerPath string The absolute file path where the tmpfs volume is to be mounted
   Size number The maximum size (in MiB) of the tmpfs volume
   MountOptions list The list of tmpfs volume mount options. ( "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol" )
  MaxSwap number The total amount of swap memory (in MiB) a container can use. Note - If you're using tasks that use the Fargate launch type, the maxSwap parameter isn't supported
  Swappiness number This allows you to tune a container's memory swappiness behavior. A swappiness value of 0 will cause swapping to not happen unless absolutely necessary. A swappiness value of 100 will cause pages to be swapped very aggressively. Accepted values are whole numbers between 0 and 100 . If the swappiness parameter is not specified, a default value of 60 is used. If a value is not specified for maxSwap then this parameter is ignored. Note - If you're using tasks that use the Fargate launch type, the swappiness parameter isn't supported
 Secrets list The secrets to pass to the container
  Name string The name of the secret
  ValueFrom string The secret to expose to the container. The supported values are either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store
 DependsOn list The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed
  ContainerName string The name of a container
  Condition string The dependency condition of the container. ( START | COMPLETE | SUCCESS | HEALTHY )
 StartTimeout number Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a COMPLETE , SUCCESS , or HEALTHY status. If a startTimeout value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a STOPPED state
 StopTimeout number Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
 Hostname string The hostname to use for your container. Note - The hostname parameter is not supported if you're using the awsvpc network mode
 User string The user to use inside the container. Note - This parameter is not supported for Windows containers
 WorkingDirectory string The working directory to run commands inside the container in
 DisableNetworking boolean When this parameter is true, networking is disabled within the container. Note - This parameter is not supported for Windows containers
 Privileged boolean When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). Note - This parameter is not supported for Windows containers or tasks run on Fargate
 ReadonlyRootFilesystem boolean When this parameter is true, the container is given read-only access to its root file system. Note - This parameter is not supported for Windows containers
 DnsServers list A list of DNS servers that are presented to the container. Note - This parameter is not supported for Windows containers
 DnsSearchDomains list A list of DNS search domains that are presented to the container. Note - This parameter is not supported for Windows containers
 ExtraHosts list A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. Note - This parameter isn't supported for Windows containers or tasks that use the awsvpc network mode
  Hostname string The hostname to use in the /etc/hosts entry
  IpAddress ip The IP address to use in the /etc/hosts entry
 DockerSecurityOptions list A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field isn't valid for containers in tasks using the Fargate launch type. Note - The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. ( "no-new-privileges" | "apparmor:PROFILE" | "label:value" | "credentialspec:CredentialSpecFilePath" )
 Interactive boolean When this parameter is true , you can deploy containerized applications that require stdin or a tty to be allocated
 PseudoTerminal boolean When this parameter is true , a TTY is allocated
 DockerLabels list A key/value map of labels to add to the container
  Key string Key
  Value string Value
 Ulimits list A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. Note - This parameter is not supported for Windows containers
  Name string The type of the ulimit. ( 'core' | 'cpu' | 'data' | 'fsize' | 'locks' | 'memlock' | 'msgqueue' | 'nice' | 'nofile' | 'nproc' | 'rss' | 'rtprio' | 'rttime' | 'sigpending' | 'stack' )
  SoftLimit number The soft limit for the ulimit type
  HardLimit number The hard limit for the ulimit type
 LogConfiguration sequence The log configuration specification for the container.
  LogDriver string The log driver to use for the container. For tasks on Fargate, the supported log drivers are awslogs , splunk , and awsfirelens. For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs , fluentd , gelf , json-file , journald , logentries ,``syslog`` , splunk , and awsfirelens
  Options list The configuration options to send to the log driver.
   Key string Key
   Value string Value
  SecretOptions list The secrets to pass to the log configuration
   Name string The name of the secret
   ValueFrom string The secret to expose to the container. The supported values are either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.
 HealthCheck sequence The container health check command and associated configuration parameters for the container
  Command list A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to execute the command arguments directly, or CMD-SHELL to run the command with the container's default shell
  Interval number The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds
  Timeout number The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5.
  Retries number The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3
  StartPeriod number The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is disabled. Note - If a health check succeeds within the startPeriod , then the container is considered healthy and any subsequent failures count toward the maximum number of retries
 SystemControls list A list of namespaced kernel parameters to set in the container. Note - We don't recommended that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network modes. For tasks that use the awsvpc network mode, the container that's started last determines which systemControls parameters take effect. For tasks that use the host network mode, it changes the container instance's namespaced kernel parameters as well as the containers
  Namespace string The namespaced kernel parameter to set a value for
  Value string The value for the namespaced kernel parameter that's specified in namespace
 ResourceRequirements list The type and amount of a resource to assign to a container. The only supported resource is a GPU
  Value string The value for the specified resource type.
  Type string The type of resource to assign to a container. The supported values are GPU or InferenceAccelerator
 FirelensConfiguration sequence The FireLens configuration for the container. This is used to specify and configure a log router for container logs
  Type string The log router to use. The valid values are fluentd or fluentbit
  Options list The options to use when configuring the log router. This field is optional and can be used to specify a custom configuration file or to add additional metadata, such as the task, task definition, cluster, and container instance details to the log event. If specified, the syntax to use is "options":{"enable-ecs-log-metadata":"true|false","config-file-type:"s3|file","config-file-value":"arn:aws:s3:::mybucket/fluent.conf|filepath"} . Note - Tasks hosted on Fargate only support the file configuration file type
   Key string Key
   Value string Value
Family string The name of a family that this task definition is registered to
TaskRole Reference to IAMRole The short name or full Amazon Resource Name (ARN) of the Identity and Access Management role that grants containers in the task permission to call Amazon Web Services APIs on your behalf. IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature
ExecutionRole Reference to IAMRole The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf. The task execution IAM role is required depending on the requirements of your task.
NetworkMode string The Docker networking mode to use for the containers in the task. The valid values are none , bridge , awsvpc , and host . If no network mode is specified, the default is bridge
Revision number The revision of the task in a particular family. The revision is a version number of a task definition in a family. When you register a task definition for the first time, the revision is 1 . Each time that you register a new revision of a task definition in the same family, the revision value always increases by one. This is even if you deregistered previous revisions in this family
Volumes list The list of data volume definitions for the task. Note - The host and sourcePath parameters aren't supported for tasks run on Fargate
 Name string The name of the volume. This name is referenced in the sourceVolume parameter of container definition mountPoints
 Host sequence This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the host parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. Windows containers can mount whole directories on the same drive as $env:ProgramData . Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount C:\my\path:C:\my\path and D:\:D:\ , but not D:\my\path:C:\my\path or D:\:C:\my\path
  SourcePath string When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the host parameter contains a sourcePath file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the sourcePath value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported. If you're using the Fargate launch type, the sourcePath parameter is not supported
 DockerVolumeConfiguration sequence This parameter is specified when you use Docker volumes. Note - Docker volumes aren't supported by tasks run on Fargate
  Scope string The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a task are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as shared persist after the task stops
  Autoprovision boolean If this value is true , the Docker volume is created if it doesn't already exist. Note - This field is only used if the scope is shared
  Driver string The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name
  DriverOpts list A map of Docker driver-specific options passed through
   Key string Key
   Value string Value
  Labels list Custom metadata to add to your Docker volume
   Key string Key
   Value string Value
 EfsVolumeConfiguration sequence This parameter is specified when you use an Amazon Elastic File System file system for task storage
  FileSystem Reference to ElasticFileSystem The Amazon EFS file system to use
  RootDirectory string The directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter
  TransitEncryption string Determines whether to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of DISABLED is used
  TransitEncryptionPort number The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses
  AuthorizationConfig sequence The authorization configuration details for the Amazon EFS file system
   AccessPointId string The Amazon EFS access point ID to use. If an access point is specified, the root directory value specified in the EFSVolumeConfiguration must either be omitted or set to / which will enforce the path set on the EFS access point. If an access point is used, transit encryption must be enabled in the EFSVolumeConfiguration
   IAM string Determines whether to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration . If this parameter is omitted, the default value of DISABLED is used. ( 'ENABLED' | 'DISABLED' )
 FsxWindowsFileServerVolumeConfiguration sequence This parameter is specified when you use Amazon FSx for Windows File Server file system for task storage
  FileSystemId string The Amazon FSx for Windows File Server file system ID to use
  RootDirectory string The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host
  AuthorizationConfig sequence The authorization configuration details for the Amazon FSx for Windows File Server file system
   CredentialsParameter string The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an Secrets Manager secret or SSM Parameter Store parameter. The ARNs refer to the stored credentials
   Domain string A fully qualified domain name hosted by an Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2
Status string The status of the task definition
RequiresAttributes list The container instance attributes required by your task. When an Amazon EC2 instance is registered to your cluster, the Amazon ECS container agent assigns some standard attributes to the instance. You can apply custom attributes. These are specified as key-value pairs using the Amazon ECS console or the PutAttributes API. These attributes are used when determining task placement for tasks hosted on Amazon EC2 instances. Note - This parameter isn't supported for tasks run on Fargate
 Name string The name of the attribute.
 Value string The value of the attribute
 TargetType string The type of the target to attach the attribute with. This parameter is required if you use the short form ID for a resource instead of the full ARN
 TargetId string The ID of the target. You can specify the short form ID for a resource or the full Amazon Resource Name (ARN)
PlacementConstraints list An array of placement constraint objects to use for tasks. Note - This parameter isn't supported for tasks run on Fargate
 Type string The type of constraint. The MemberOf constraint restricts selection to be from a group of valid candidates
 Expression string A cluster query language expression to apply to the constraint
Compatibilities list The task launch types the task definition validated against during task definition registration. ( 'EC2' | 'FARGATE' | 'EXTERNAL' )
RuntimePlatform sequence The operating system that your task definitions are running on. A platform family is specified only for tasks using the Fargate launch type
 CPUArchitecture string The CPU architecture. This option is avaiable for tasks that run on Linuc Amazon EC2 instance or Linux containers on Fargate. ( 'X86_64' | 'ARM64' )
 OperatingSystemFamily string The operating system. ( 'WINDOWS_SERVER_2019_FULL' | 'WINDOWS_SERVER_2019_CORE' | 'WINDOWS_SERVER_2016_FULL' | 'WINDOWS_SERVER_2004_CORE' | 'WINDOWS_SERVER_2022_CORE' | 'WINDOWS_SERVER_2022_FULL' | 'WINDOWS_SERVER_20H2_CORE' | 'LINUX' )
RequiresCompatibilities list The task launch types the task definition was validated against. ( 'EC2' | 'FARGATE' | 'EXTERNAL' )
CPU number The number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter
Memory number The amount (in MiB) of memory used by the task
InferenceAccelerators list The Elastic Inference accelerator that's associated with the task
 DeviceName string The Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement
 DeviceType string The Elastic Inference accelerator type to use
PidMode string The process namespace to use for the containers in the task. The valid values are host or task . If host is specified, then all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace. Note - This parameter is not supported for Windows containers or tasks run on Fargate
IpcMode string The IPC resource namespace to use for the containers in the task. The valid values are host , task , or none
ProxyConfiguration sequence The configuration details for the App Mesh proxy
 Type string The proxy type. The only supported value is APPMESH
 ContainerName string The name of the container that will serve as the App Mesh proxy
 Properties list The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs
  Name string The name of the key-value pair. For environment variables, this is the name of the environment variable
  Value string The value of the key-value pair. For environment variables, this is the value of the environment variable
RegisteredAt number The time when the task definition was registered
DeregisteredAt number The time when the task definition was deregistered
RegisteredBy string The principal that registered the task definition
EphemeralStorageSizeInGiB number The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB
Attribute Type Description
id string ID of the Cluster
Name string ID of the Cluster
Arn string Arn of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
Status string Current state of the Cluster
RegisteredContainerInstancesCount number Registered Container Instance Count
RunningTasksCount number Runnung task Count
PendingTasksCount number Pending task count
ActiveServicesCount number Active Service Count
Statistics list Statistics of the cluster
 Name string Statistics Name
 Value string Statistics value
Tags list Tags of Cluster
 Name string Key
 Value string value
Failures list Failures related to call
 Arn string ARN of the failed resource
 Reason string Reason of the failure
Settings list The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is enabled or disabled for a cluster
 Name string The name of the cluster setting. The only supported value is containerInsights
 Value string The value to set for the cluster setting. The supported values are enabled and disabled . If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be disabled unless the containerInsights account setting is enabled. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault
CapacityProviders list The capacity providers associated with the cluster
DefaultCapacityProviderStrategy list The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
 CapacityProvider string The short name of the capacity provider
 Weight number The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied
 Base number The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used
Services list Details on a service within a cluster
 ServiceArn string The ARN that identifies the service. The ARN contains the arn:aws:ecs namespace, followed by the Region of the service, the Amazon Web Services account ID of the service owner, the service namespace, and then the service name. For example, arn:aws:ecs:region:012345678910:service/my-service
 ServiceName string The name of your service
 LoadBalancers list A list of Elastic Load Balancing load balancer objects. It contains the load balancer name, the container name, and the container port to access from the load balancer. The container name is as it appears in a container definition
  TargetGroupArn string The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set
  LoadBalancerName string The name of the load balancer to associate with the Amazon ECS service or task set. A load balancer name is only specified when using a Classic Load Balancer. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted
  ContainerName string The name of the container (as it appears in a container definition) to associate with the load balancer
  ContainerPort number The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the hostPort of the port mapping
 ServiceRegistries list The details for the service discovery registries to assign to this service
  RegistryArn string The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is Cloud Map
  Port number The port value used if your service discovery service specified an SRV record. This field might be used if both the awsvpc network mode and SRV records are used
  ContainerName string The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both
  ContainerPort number The port value to be used for your service discovery service. It's already specified in the task definition. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both
 Status string The status of the service. ( ACTIVE | DRAINING | INACTIVE )
 DesiredCount number The desired number of instantiations of the task definition to keep running on the service. This value is specified when the service is created with CreateService , and it can be modified with UpdateService
 RunningCount number The number of tasks in the cluster that are in the RUNNING state.
 PendingCount number The number of tasks in the cluster that are in the PENDING state.
 LaunchType string The launch type the service is using. When using the DescribeServices API, this field is omitted if the service was created using a capacity provider strategy
 CapacityProviderStrategy list The capacity provider strategy the service uses. When using the DescribeServices API, this field is omitted if the service was created using a launch type
  CapacityProvider string The short name of the capacity provider
  Weight number The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied
  Base number The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used
 PlatformVersion string The platform version to run your service on. A platform version is only specified for tasks that are hosted on Fargate. If one isn't specified, the LATEST platform version is used
 PlatformFamily string The operating system that your tasks in the service run on. A platform family is specified only for tasks using the Fargate launch type
 TaskDefinition Reference to ECSTaskDefinition The task definition to use for tasks in the service. This value is specified when the service is created with CreateService , and it can be modified with UpdateService
 DeploymentConfiguration sequence Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks
  DeploymentCircuitBreaker sequence The deployment circuit breaker determines whether a service deployment will fail if the service can't reach a steady state. If deployment circuit breaker is enabled, a service deployment will transition to a failed state and stop launching new tasks. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully
   Enable boolean Determines whether to enable the deployment circuit breaker logic for the service
   Rollback boolean Determines whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully
  MaximumPercent number If a service is using the rolling update (ECS ) deployment type, the maximum percent parameter represents an upper limit on the number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desired number of tasks (rounded down to the nearest integer), and while any container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. This parameter enables you to define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%. If a service is using the blue/green (CODE_DEPLOY ) or EXTERNAL deployment types and tasks that use the EC2 launch type, the maximum percent value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service
  MinimumHealthyPercent number If a service is using the rolling update (ECS ) deployment type, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the RUNNING state during a deployment, as a percentage of the desired number of tasks (rounded up to the nearest integer), and while any container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desired number of four tasks and a minimum healthy percent of 50%, the scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. Tasks for services that do not use a load balancer are considered healthy if they're in the RUNNING state; tasks for services that do use a load balancer are considered healthy if they're in the RUNNING state and they're reported as healthy by the load balancer. The default value for minimum healthy percent is 100%. If a service is using the blue/green (CODE_DEPLOY ) or EXTERNAL deployment types and tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service
 TaskSets list Information about a set of Amazon ECS tasks in either an CodeDeploy or an EXTERNAL deployment. An Amazon ECS task set includes details such as the desired number of tasks, how many tasks are running, and whether the task set serves production traffic
  Id string The ID of the task set
  TaskSetArn string The Amazon Resource Name (ARN) of the task set
  StartedBy string The tag specified when a task set is started. If an CodeDeploy deployment created the task set, the startedBy parameter is CODE_DEPLOY . If an external deployment created the task set, the startedBy field isn't used
  ExternalId string The external ID associated with the task set. If an CodeDeploy deployment created a task set, the externalId parameter contains the CodeDeploy deployment ID. If a task set is created for an external deployment and is associated with a service discovery registry, the externalId parameter contains the ECS_TASK_SET_EXTERNAL_ID Cloud Map attribute
  Status string The status of the task set. ( PRIMARY | ACTIVE | DRAINING )
  TaskDefinition Reference to ECSTaskDefinition The task definition that the task set is using
  ComputedDesiredCount number The computed desired count for the task set. This is calculated by multiplying the service's desiredCount by the task set's scale percentage. The result is always rounded up. For example, if the computed desired count is 1.2, it rounds up to 2 tasks
  PendingCount number The number of tasks in the task set that are in the PENDING status during a deployment. A task in the PENDING state is preparing to enter the RUNNING state. A task set enters the PENDING status when it launches for the first time or when it's restarted after being in the STOPPED state
  RunningCount number The number of tasks in the task set that are in the RUNNING status during a deployment. A task in the RUNNING state is running and ready for use
  CreatedAt number The time when the task set was created
  UpdatedAt number The time when the task set was last updated
  LaunchType string The launch type the tasks in the task set are using
  CapacityProviderStrategy list The details of a capacity provider strategy. A capacity provider strategy can be set when using the RunTask or CreateCluster APIs or as the default capacity provider strategy for a cluster with the CreateCluster API
   CapacityProvider string The short name of the capacity provider
   Weight number The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied
   Base number The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used
  PlatformVersion string The platform version to run your service on. A platform version is only specified for tasks that are hosted on Fargate. If one isn't specified, the LATEST platform version is used
  PlatformFamily string The operating system that your tasks in the service run on. A platform family is specified only for tasks using the Fargate launch type
  NetworkConfiguration sequence The network configuration for the task set
   AwsVPCConfiguration sequence The VPC subnets and security groups that are associated with a task
    Subnets Reference to Subnet The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per AwsVPCConfiguration
    SecurityGroups Reference to SecurityGroup The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per AwsVPCConfiguration
    AssignPublicIp string Whether the task's elastic network interface receives a public IP address. The default value is DISABLED
   LoadBalancers list A list of Elastic Load Balancing load balancer objects. It contains the load balancer name, the container name, and the container port to access from the load balancer. The container name is as it appears in a container definition
    TargetGroupArn string The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set
    LoadBalancerName string The name of the load balancer to associate with the Amazon ECS service or task set. A load balancer name is only specified when using a Classic Load Balancer. If you are using an Application Load Balancer or a Network Load Balancer the load balancer name parameter should be omitted
    ContainerName string The name of the container (as it appears in a container definition) to associate with the load balancer
    ContainerPort number The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the hostPort of the port mapping
   ServiceRegistries list The details for the service discovery registries to assign to this service
    RegistryArn string The Amazon Resource Name (ARN) of the service registry. The currently supported service registry is Cloud Map
    Port number The port value used if your service discovery service specified an SRV record. This field might be used if both the awsvpc network mode and SRV records are used
    ContainerName string The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both
    ContainerPort number The port value to be used for your service discovery service. It's already specified in the task definition. If the task definition your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both
  Scale sequence A floating-point percentage of your desired number of tasks to place and keep running in the task set
   Value number The value, specified as a percent total of a service's desiredCount , to scale the task set. Accepted values are numbers between 0 and 100
   Unit string The unit of measure for the scale value
  StabilityStatus string The stability status. This indicates whether the task set has reached a steady state.
  stabilityStatusAt number The time when the task set stability status was retrieved
  Tags list The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value
   Name string One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values
   Value string The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key)
 Deployments list The current state of deployments for the service
  Id string The ID of the deployment
  Status string The status of the deployment. ( PRIMARY | ACTIVE | INACTIVE )
  TaskDefinition Reference to ECSTaskDefinition The most recent task definition that was specified for the tasks in the service to use
  DesiredCount number The most recent desired count of tasks that was specified for the service to deploy or maintain
  PendingCount number The number of tasks in the deployment that are in the PENDING status
  RunningCount number The number of tasks in the deployment that are in the RUNNING status
  CreatedAt number The time when the service deployment was created
  UpdatedAt number The time when the service deployment was last updated
  CapacityProviderStrategy list The details of a capacity provider strategy. A capacity provider strategy can be set when using the RunTask or CreateCluster APIs or as the default capacity provider strategy for a cluster with the CreateCluster API
   CapacityProvider string The short name of the capacity provider
   Weight number The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied
   Base number The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used
  LaunchType string The launch type the tasks in the task set are using
  PlatformVersion string The platform version to run your service on. A platform version is only specified for tasks that are hosted on Fargate. If one isn't specified, the LATEST platform version is used
  PlatformFamily string The operating system that your tasks in the service run on. A platform family is specified only for tasks using the Fargate launch type
  AwsVPCConfiguration sequence The VPC subnets and security groups that are associated with a task
   Subnets Reference to Subnet The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per AwsVPCConfiguration
   SecurityGroups Reference to SecurityGroup The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per AwsVPCConfiguration
   AssignPublicIp string Whether the task's elastic network interface receives a public IP address. The default value is DISABLED
  RolloutState string The rollout state of the deployment. When a service deployment is started, it begins in an IN_PROGRESS state. When the service reaches a steady state, the deployment transitions to a COMPLETED state. If the service fails to reach a steady state and circuit breaker is enabled, the deployment transitions to a FAILED state. A deployment in FAILED state doesn't launch any new tasks
  RolloutStateReason string A description of the rollout state of a deployment
 RoleArn Reference to IAMRole The ARN of the IAM role that's associated with the service. It allows the Amazon ECS container agent to register container instances with an Elastic Load Balancing load balancer
 Events list The event stream for your service. A maximum of 100 of the latest events are displayed.
  Id string The ID string for the event
  CreatedAt number The Unix timestamp for the time when the event was triggered
  Message string The event message
 CreatedAt number The time when the service was created
 PlacementConstraints list The placement constraints for the tasks in the service
  Type string The type of constraint. Use distinctInstance to ensure that each task in a particular group is running on a different container instance. Use memberOf to restrict the selection to a group of valid candidates
  Expression string A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is distinctInstance
 PlacementStrategy list The placement strategy that determines how tasks for the service are placed
  Type string The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that's specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory but still enough to run the task
  Field string The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host , which has the same effect), or any platform or custom attribute that's applied to a container instance, such as attribute:ecs.availability-zone . For the binpack placement strategy, valid values are cpu and memory . For the random placement strategy, this field is not used
 AwsVPCConfiguration sequence The VPC subnets and security groups that are associated with a task
  Subnets Reference to Subnet The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per AwsVPCConfiguration
  SecurityGroups Reference to SecurityGroup The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per AwsVPCConfiguration
  AssignPublicIp string Whether the task's elastic network interface receives a public IP address. The default value is DISABLED
 HealthCheckGracePeriodSeconds number The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started
 SchedulingStrategy string The scheduling strategy to use for the service. ( REPLICA | DAEMON )
 DeploymentControllerType string The deployment controller type the service is using. When using the DescribeServices API, this field is omitted if the service uses the ECS deployment controller type. ( ECS | CODE_DEPLOY | EXTERNAL )
 Tags list The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value
  Name string One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values
  Value string The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key)
 CreatedBy string The principal that created the service
 PropagateTags string Determines whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated
 EnableECSManagedTags boolean Determines whether to enable Amazon ECS managed tags for the tasks in the service
 EnableExecuteCommand boolean Determines whether the execute command functionality is enabled for the service. If true , the execute command functionality is enabled for all containers in tasks as part of the service
Attribute Type Description
id string ID of the Cluster
Name string Name of the Cluster
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
Status string Current state of the Cluster
CreationDate number Creation Date
ReadyDate number Ready Date
EndDate number Deletion Date
Tags list Tags of Cluster
 Name string Key
 Value string value
Ec2InstanceAttributes sequence EC2 Instance Attributes
 Ec2KeyName string EC2 KeyName
 Ec2Subnet Reference to Subnet EC2 Subnet ID
 RequestedEc2SubnetIds list Requested Subnet IDs
 Ec2AvailabilityZone string EC2 Availability Zone
 RequestedEc2AvailabilityZones list Requested EC2 Availability Zone
 IamInstanceProfile string IAM Instance Profile
 EmrManagedMasterSecurityGroup string EMR Managed Security Group
 EmrManagedSlaveSecurityGroup string EMR Managed Slave Security Group
 ServiceAccessSecurityGroup string Service Access Secuity Group
 AdditionalMasterSecurityGroups list Additional Master Security Group
 AdditionalSlaveSecurityGroups list Additional Slave Security Group
InstanceCollectionType string Instance Collection Type
LogUri string LogUri
RequestedAmiVersion string AMI Version
RunningAmiVersion string Running AMI Version
ReleaseLabel string Release Label
AutoTerminate boolean Auto Terminate is Enabled or not
TerminationProtected boolean Termination is protected or not
VisibleToAllUsers string Whether Cluster is visible to all users or not
Applications list Applications related to Cluster
 Name string Name of application
 Version string Version of application
 Args list Args of application
ServiceRole string Service Role
NormalizedInstanceHours number Normalized Instance Hours
MasterPublicDnsName string DNS Name
Configurations list Configurations of the Cluster
 Classification string Classification of the Configuration
 Properties list Properties of the Configuration
  Name string Name of the property
  Value string Value of the property
SecurityConfiguration string Security Configuration of the cluster
AutoScalingRole string AutoScaling Role of the Cluster
ScaleDownBehavior string ScaleDownBehavior
CustomAmiId string CustomAmiId
EbsRootVolumeSize number EBS Root Volume Size
RepoUpgradeOnBoot string Security or None
KerberosAttributes sequence Kerberos Attributes
 Realm string Realm
 KdcAdminPassword string KdcAdminPassword
 CrossRealmTrustPrincipalPassword string CrossRealmTrustPrincipalPassword
 ADDomainJoinUser string ADDomainJoinUser
 ADDomainJoinPassword string ADDomainJoinPassword
Instances list List of instances
 InstanceId string The unique identifier for the instance in Amazon EMR.
 Ec2Instance Reference to EC2Instance The unique identifier of the instance in Amazon EC2.
 PublicDnsName string The public DNS name of the instance.
 PublicIpAddress ip The public IP address of the instance.
 PrivateDnsName string The private DNS name of the instance.
 PrivateIpAddress ip The private IP address of the instance.
 Status sequence The current status of the instance ('AWAITING_FULFILLMENT'|'PROVISIONING'|'BOOTSTRAPPING'|'RUNNING'|'TERMINATED').
  State string The current state of the instance.
  StateChangeReason sequence The details of the status change reason for the instance.
   Code string The programmable code for the state change reason ('INTERNAL_ERROR'|'VALIDATION_ERROR'|'INSTANCE_FAILURE'|'BOOTSTRAP_FAILURE'|'CLUSTER_TERMINATED').
   Message string The status change reason description.
  Timeline sequence The timeline of the instance status over time.
   CreationDateTime number The creation date and time of the instance.
   ReadyDateTime number The date and time when the instance was ready to perform tasks.
   EndDateTime number The date and time when the instance was terminated.
 InstanceGroupId string The identifier of the instance group to which this instance belongs.
 InstanceFleetId string The unique identifier of the instance fleet to which an EC2 instance belongs.
 Market string The instance purchasing option ('ON_DEMAND'|'SPOT').
 InstanceType string The EC2 instance type, for example m3.xlarge .
 EbsVolumes list The list of Amazon EBS volumes that are attached to this instance.
  Device string The device name that is exposed to the instance, such as /dev/sdh.
  Volume Reference to Volume The volume identifier of the EBS volume.
Attribute Type Description
id string ID of the Domain
Name string Name of the Domain
RegionName string Name of region in which the Domain resides
RegionId string ID of region in which the Domain resides
AccountName string Name of account containing the Domain
AccountId string ID of account containing the Domain
ARN string Arn of the domain
Created boolean Whether the domain has been created or not
Deleted boolean Whether the domain has been deleted or not
Endpoint string EndPoint of domain
Processing boolean Whether processing is enabled or not
UpgradeProcessing boolean Whether Upgrade Processing is enabled or not
ElasticsearchVersion string Elastic Search Version
ElasticsearchClusterConfig sequence Config of Elastic Search Cluster
 InstanceType string Instance Type of Cluster
 InstanceCount number Instance Count
 DedicatedMasterEnabled boolean Whether Dedicated Master is enabled or not
 ZoneAwarenessEnabled boolean Whether Zone Awareness is enabled or not
 ZoneAwarenessConfig sequence Zone Awareness Config
  AvailabilityZoneCount number Availability Zone Count
 DedicatedMasterType string Dedicated Master Type
 DedicatedMasterCount number Dedicated Master Count
EBSOptions sequence EBS Options
 EBSEnabled boolean Whether EBS is enabled or not
 VolumeType string VolumeType
 VolumeSize number Size of Volume
 Iops number Iops
SnapshotOptions sequence Snapshot Options
 AutomatedSnapshotStartHour number Automated Snapshot Start Hour
VPCOptions sequence VPC Options
 VPC Reference to VPC VPC
 Subnets Reference to Subnet Subnet
 AvailabilityZones list Availability Zones
 SecurityGroups Reference to SecurityGroup Security Groups
CognitoOptions sequence Cognito Options
 Enabled boolean Whether Cognito is enabled
 UserPoolId string UserPool id
 IdentityPoolId string Identity Pool Id
 RoleArn string Role ARN
EncryptionAtRestOptions sequence Encryption Options
 Enabled boolean Whether Encryption is Enabled or not
 KMSKey Reference to KMSKey KMS Key
NodeToNodeEncryptionOptions sequence Node to Node Encryption Options
 Enabled boolean Whether Encryption for Nodes is enabled
AdvancedOptions list Advanced Options for Domain
 Name string Name of the Option
 Value string Value of the Option
LogPublishingOptions list Log Publish Options of the domain
 Name string Name of the option
 CloudWatchLogsLogGroup Reference to CloudWatchLogGroup CloudWatchLogGroup
 Enabled boolean Whether the option is enabled
Status string Current state of the Cluster
CreationDate number Creation Date
Tags list Tags of Cluster
 Name string Key
 Value string value
AccessPolicies sequence Access Policy of the domain
 Version string Policy Version
 Statement list Statements of the Policy
  Effect string Allow or Deny
  Action list Policy Actions
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
DomainEndpointOptions sequence The current status of the Elasticsearch domain's endpoint options.
 EnforceHTTPS boolean Specify if only HTTPS endpoint should be enabled for the Elasticsearch domain.
 TLSSecurityPolicy string Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain. (Policy-Min-TLS-1-0-2019-07 | Policy-Min-TLS-1-2-2019-07)
 CustomEndpointEnabled boolean Specify if custom endpoint should be enabled for the Elasticsearch domain.
 CustomEndpoint string Specify the fully qualified domain for your custom endpoint.
 CustomEndpointCertificateArn string Specify ACM certificate ARN for your custom endpoint.
Attribute Type Description
id string Snapshot Id
Name string Snapshot Id
Encrypted boolean Whether the Snapshot is encrypted
AccountName string Name of account containing the snapshot
AccountId string ID of account containing the snapshot
RegionName string Name of region in which the channel resides
RegionId string ID of region in which the channel resides
Description string Description of the Snapshot
KMSKey Reference to KMSKey KMSKey
OwnerId string AWS Owner Id
Progress string Progress of Snapshot
CreationTime number Creation time of Snapshot
Status string State of the Snapshot
StateMessage string State Mesaage
VolumeId string Volume to which the snapshot is attached
VolumeSize number Size of the Volume
Access string Whether the snapshot is Public or Private. In AWS Console this is seen in the Permissions tab.
UnknownAccountExposure boolean Value from an Amazon-maintained list
Tags list Tags of Snapshots
 Name string Key of the Tag
 Value string Value of the Tag
Attribute Type Description
id string ID of the Organization
Arn string ARN of the Organization
RegionName string Name of region in which the Cluster resides
RegionId string ID of region in which the Cluster resides
AccountName string Name of account containing the Cluster
AccountId string ID of account containing the Cluster
FeatureSet string Specifies the functionality that currently is available to the organization. Set to "ALL" if all features are enabled else set to "CONSOLIDATED_BILLING" as only consolidated billing functionality is available.
MasterAccountArn string Master Account ARN
MasterAccountId string Master Account ID
MasterAccountEmail string Master Account Email
AvailablePolicyTypes list Available Policy Types
 Type string Type of Policy
 Status string Status of Policy
Attribute Type Description
id string The Amazon Resource Name (ARN) of the analyzer.
Name string The name of the analyzer
CreatedAt number A timestamp for the time at which the analyzer was created.
LastResourceAnalyzed string The resource that was most recently analyzed by the analyzer.
LastResourceAnalyzedAt number The time at which the most recently analyzed resource was analyzed.
Status string The status of the analyzer. (Creating|Active|Disabled|Failed)
Type string The type (zone of trust) of the analyzer. (ACCOUNT|ORGANIZATION)
Tags list The tags added to the analyzer.
 Name string Tag key
 Value string Tag value
RegionName string Name of region in which the Function resides
RegionId string ID of region in which the Function resides
AccountName string Name of account containing the Function
AccountId string ID of account containing the Function
Attribute Type Description
id string ID of the certificate
Name string Name of the certificate
Path string Path to the certificate
Arn string The Amazon Resource Name (ARN) specifying the server certificate.
UploadDate number The date when the server certificate was uploaded.
Expiration number The date on which the certificate is set to expire.
RegionName string Name of region in which the Function resides
RegionId string ID of region in which the Function resides
AccountName string Name of account containing the Function
AccountId string ID of account containing the Function
Attribute Type Description
id string The Amazon Resource Name (ARN) of the cloudfront distribution
Name string The name of the cloudfront distribution
Tags list The tags added to cloudfront distribution
 Name string Tag key
 Value string Tag value
Status string The current status of the distribution
DomainName string The domain name that corresponds to the distribution
Aliases sequence CNAMEs (alternate domain names), if any, for this distribution
 Quantity number The number of CNAME aliases, if any, that are associated with this distribution.
 Items list CNAME aliases, if any, that are associated with this distribution.
Origins sequence Origins for this distribution.
 Quantity number The number of origins for this distribution.
 Items list A list of origins.
  Id string A unique identifier for the origin.
  DomainName string The domain name for the origin
  OriginPath string An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.
  CustomHeaders list A list of HTTP header names and values that CloudFront adds to the requests that it sends to the origin.
   Quantity number The number of custom headers, if any, for this distribution.
   Items list A list that contains one OriginCustomHeader element for each custom header
    HeaderName string The name of a header for CloudFront to send to origin
    HeaderValue string The value for the header specified in the HeaderName field.
  S3OriginConfig sequence an origin that is an Amazon S3 bucket that is not configured with static website hosting
   OriginAccessIdentity string The CloudFront origin access identity to associate with the origin
  CustomOriginConfig sequence Type if the Amazon S3 bucket is configured with static website hosting
   HTTPPort number The HTTP port that CloudFront uses to connect to the origin.
   HTTPSPort number The HTTPS port that CloudFront uses to connect to the origin.
   OriginProtocolPolicy string Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin
   OriginSslProtocols sequence Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to rigin over HTTPS.
    Quantity number The number of SSL/TLS protocols to allow CloudFront to use when establishing an HTTPS connection with this origin.
    Items list A list that contains allowed SSL/TLS protocols for this distribution.
   OriginReadTimeout number Specifies how long, in seconds, CloudFront waits for a response from the origin.
   OriginKeepaliveTimeout number Specifies how long, in seconds, CloudFront persists its connection to the origin
  ConnectionAttempts number The number of times that CloudFront attempts to connect to the origin.
  ConnectionTimeout number The number of seconds that CloudFront waits when trying to establish a connection to the origin.
  OriginShield sequence CloudFront Origin Shield
   Enabled boolean A flag that specifies whether Origin Shield is enabled.
   OriginShieldRegion string The AWS Region for Origin Shield.
OriginGroups sequence Contains information about origin groups for this distribution.
 Quantity number The number of origin groups.
 Items list The items (origin groups) in a distribution.
DefaultCacheBehavior sequence Describes the default cache behavior
 TargetOriginId string The value of ID for the origin for CloudFront to route requests to when they use the default cache behavior.
 TrustedSigners sequence A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
  Enabled boolean if any of the AWS accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.
  Quantity number The number of AWS accounts in the list.
  Items list A list of AWS account identifiers.
 TrustedKeyGroups sequence A list of key groups that CloudFront can use to validate signed URLs or signed cookies.
  Enabled boolean if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.
  Quantity number The number of key groups in the list.
  Items list A list of key groups identifiers.
 ViewerProtocolPolicy string The protocol that viewers can use to access the files in the origin specified by TargetOriginId
 AllowedMethods sequence HTTP methods which CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
  Quantity number The number of HTTP methods for CloudFront to forward to origin.
  Items list HTTP methods for CloudFront to process and forward to origin.
  CachedMethods sequence If CloudFront caches the response to requests using the specified HTTP method.
   Quantity number The number of HTTP methods for CloudFront to cache responses.
   Items list HTTP methods for CloudFront to cache responses to.
 SmoothStreaming boolean Indicates whether to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior
 Compress boolean Whether CloudFront automatically compress certain files for this cache behavior
 LambdaFunctionAssociations sequence Contains zero or more Lambda function associations for a cache behavior.
  Quantity number The number of Lambda function associations for this cache behavior.
  Items list LambdaFunctionAssociation items for this cache behavior.
 FunctionAssociations sequence A list of CloudFront functions that are associated with this cache behavior.
  Quantity number The number of CloudFront functions in the list.
  Items list The CloudFront functions that are associated with a cache behavior in a CloudFront distribution.
 FieldLevelEncryptionId string The value of ID for the field-level encryption configuration for CloudFront to use for encrypting specific fields of data for the default cache behavior.
 RealtimeLogConfigArn string The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior.
 CachePolicyId string The unique identifier of the cache policy that is attached to the default cache behavior.
 OriginRequestPolicyId string The unique identifier of the origin request policy that is attached to the default cache behavior.
CustomErrorResponses sequence Error responses
 Quantity number The number of HTTP status codes that specify a custom error page and/or a caching duration
 Items list CustomErrorResponse element for each HTTP status
Comment string An optional comment to describe the distribution
PriceClass string Information about price class for this streaming distribution.
Enabled boolean Whether the distribution is enabled to accept user requests for content.
ViewerCertificate sequence Determines the distributions SSL/TLS configuration for communicating with viewers.
 CloudFrontDefaultCertificate boolean If the distribution uses the CloudFront domain name
 IAMCertificateId string the ID of the IAM certificate.
 ACMCertificateArn string Amazon Resource Name (ARN) of the ACM certificate
 SSLSupportMethod string which viewers the distribution accepts HTTPS connections from.
 MinimumProtocolVersion string security policy for CloudFront to use for HTTPS connections with viewers.
Restrictions sequence Ways in which to restrict distribution of your content.
 GeoRestriction sequence Controls the countries in which your content is distributed.
  RestrictionType string The method to use to restrict distribution of your content by country
  Quantity number When geo restriction is enabled , this is the number of countries in your whitelist or blacklist .
  Items list Country in which CloudFront can either distribute your content (whitelist ) or not distribute your content (blacklist).
WebACLId string The Web ACL Id (if any) associated with the distribution.
HttpVersion string Specify the maximum HTTP version for viewers to use to communicate with CloudFront.
IsIPV6Enabled boolean Whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution.
AliasICPRecordals list AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions
 CNAME string A domain name associated with a distribution.
 ICPRecordalStatus string The Internet Content Provider (ICP) recordal status for a CNAME
RegionName string Name of region in which the cloudfront distribution resides
RegionId string ID of region in which the cloudfront distribution resides
AccountName string Name of account containing the cloudfront distribution
AccountId string ID of account containing the cloudfront distribution
DefaultRootObject string The object that CloudFront will request from the origin when a viewer requests the root URL for this distribution instead of a specific object.
Logging sequence A control that checks whether access logs are written for the distribution.
 Enabled boolean Specifies whether the CloudFront saves access logs to an Amazon S3 bucket.
 IncludeCookies boolean Specifies whether the CloudFront includes cookies in access logs
 Bucket Reference to S3Bucket The Amazon S3 bucket to store the access logs in.
 Prefix string An optional string that CloudFront prefixes to the access log filenames for this distribution.
CacheBehaviors sequence Describes CacheBehavior elements
 Quantity number The number of cache behaviors for this distribution.
 Items list List of cache behaviors for this distribution.
  PathPattern string The pattern (for example, images/*.jpg ) that specifies which requests to apply the behavior to.
  TargetOriginId string The value of ID for the origin that you want CloudFront to route requests to when they match this cache behavior.
  TrustedSigners sequence A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
   Enabled boolean Checks if any of the AWS accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.
   Quantity number The number of AWS accounts in the list.
   Items list A list of AWS account identifiers.
  TrustedKeyGroups sequence A list of key groups that CloudFront can use to validate signed URLs or signed cookies.
   Enabled boolean Checks if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.
   Quantity number The number of key groups in the list.
   Items list A list of key groups identifiers.
  ViewerProtocolPolicy string The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern (allow-all | https-only | redirect-to-https)
  AllowedMethods sequence HTTP methods which CloudFront processes and forwards to your Amazon S3 bucket or your custom origin (GET and HEAD | GET , HEAD , and OPTIONS | GET, HEAD, OPTIONS, PUT, PATCH, POST , and DELETE).
   Quantity number The number of HTTP methods for CloudFront to forward to origin (2 | 3 | 7).
   Items list HTTP methods for CloudFront to process and forward to origin.
   CachedMethods sequence If CloudFront caches the response to requests using the specified HTTP method (GET and HEAD | GET , HEAD , and OPTIONS).
    Quantity number The number of HTTP methods for CloudFront to cache responses (2 | 3).
    Items list HTTP methods for CloudFront to cache responses to.
  SmoothStreaming boolean Indicates whether to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior
  Compress boolean Whether CloudFront automatically compress certain files for this cache behavior
  LambdaFunctionAssociations sequence Contains zero or more Lambda@Edge function associations for a cache behavior.
   Quantity number The number of Lambda@Edge function associations for this cache behavior.
   Items list LambdaFunctionAssociation items for this cache behavior.
  FunctionAssociations sequence A list of CloudFront functions that are associated with this cache behavior.
   Quantity number The number of CloudFront functions in the list.
   Items list The CloudFront functions that are associated with a cache behavior in a CloudFront distribution.
  FieldLevelEncryptionId string The value of ID for the field-level encryption configuration for CloudFront to use for encrypting specific fields of data for this cache behavior.
  RealtimeLogConfigArn string The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior.
  CachePolicyId string The unique identifier of the cache policy that is attached to this cache behavior.
  OriginRequestPolicyId string The unique identifier of the origin request policy that is attached to the default cache behavior.
  ResponseHeadersPolicyId string The identifier for a response headers policy.
Attribute Type Description
id string VPN Gateway ID
Name string VPN Gateway Name
RegionName string Name of region in which the virtual private gateway resides
RegionId string ID of region in which the virtual private gateway resides
AccountName string Name of account containing the virtual private gateway
AccountId string ID of account containing the virtual private gateway
AvailabilityZone string The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
State string The current state of the virtual private gateway
Type string The type of VPN connection the virtual private gateway supports
VpcAttachments list Any VPCs attached to the virtual private gateway
 State string The current state of the attachment
 VpcId string The ID of the VPC
AmazonSideAsn string The private Autonomous System Number (ASN) for the Amazon side of a BGP session
Tags list The tags added to the virtual private gateway.
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string Customer Gateway ID
Name string Customer Gateway Name
RegionName string Name of region in which the Customer Gateway resides
RegionId string ID of region in which the Customer Gateway resides
AccountName string Name of account containing the Customer Gateway
AccountId string ID of account containing the Customer Gateway
BgpAsn string The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN)
IpAddress string The Internet-routable IP address of the customer gateway's outside interface
CertificateArn string The Amazon Resource Name (ARN) for the customer gateway certificate
State string The current state of the customer gateway
Type string The type of VPN connection the customer gateway supports (ipsec.1 )
DeviceName string The name of customer gateway device
Tags list The tags added to the Customer Gateway.
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string Elastic IP ID
Name string Elastic IP Name
RegionName string Name of region in which the Elastic IP resides
RegionId string ID of region in which the Elastic IP resides
AccountName string Name of account containing the Elastic IP
AccountId string ID of account containing the Elastic IP
InstanceId string The ID of the instance that the address is associated with (if any)
PublicIp string The Elastic IP address
AssociationId string The ID representing the association of the address with an instance in a VPC
Domain string Indicates whether this Elastic IP address is for use with instances in EC2-Classic (standard ) or instances in a VPC (vpc )
NetworkInterfaceId string The ID of the network interface
NetworkInterfaceOwnerId string The ID of the account that owns the network interface
PrivateIpAddress string The private IP address associated with the Elastic IP address
Tags list The tags assigned to the Elastic IP address.
 Name string Tag key
 Value string Tag value
PublicIpv4Pool string The ID of an address pool
NetworkBorderGroup string The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses
CustomerOwnedIp string The customer-owned IP address
CustomerOwnedIpv4Pool string The ID of the customer-owned address pool
CarrierIp string The carrier IP address associated. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance)
Attribute Type Description
id string Detector ID.
Name string ID of the Detector
RegionName string Name of region in which the Detector resides
RegionId string ID of region in which the Detector resides
AccountName string Name of account containing the Detector
AccountId string ID of account containing the Detector
CreatedAt number The timestamp of when the detector was created.
FindingPublishingFrequency string The publishing frequency of the finding. (FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS)
ServiceRole Reference to IAMRole The GuardDuty service role.
Status string The detector status. (ENABLED|DISABLED)
UpdatedAt number The last-updated timestamp for the detector.
Tags list The tags of the detector resource.
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string ID of the ECR Repository
Name string Name of the Repository
RegionName string Name of region in which the ECR Repository resides
RegionId string ID of region in which the ECR Repository resides
AccountName string Name of account containing the Repository
AccountId string ID of account containing the Repository
RepositoryUri string The URI for the repository. You can use this URI for container image push and pull operations.
CreatedAt number A timestamp for the date when the repository was created.
ImageTagMutability string The tag mutability setting for the repository. (MUTABLE|IMMUTABLE)
ImageScanningConfiguration sequence The image scanning configuration for a repository.
 ScanOnPush boolean The setting that determines whether images are scanned after being pushed to a repository.
Attribute Type Description
id string The ID of the file system, assigned by Amazon EFS
RegionName string Name of region in which the File System resides
RegionId string ID of region in which the File System resides
AccountName string Name of account containing the File System
AccountId string ID of account containing the File System
AvailabilityZoneId string The unique and consistent identifier of the Availability Zone in which the file system's One Zone storage classes exist
AvailabilityZoneName string Describes the AWS Availability Zone in which the file system is located, and is valid only for file systems using One Zone storage classes
CreationTime number The time that the file system was created
CreationToken string The opaque string specified in the request
Encrypted boolean True, if the file system is encrypted, else False
FileSystemArn string The Amazon Resource Name (ARN) for the EFS file system
KMSKey Reference to KMSKey An AWS Key Management Service (AWS KMS) customer master key (CMK)
LifeCycleState string The lifecycle phase of the file system. (creating|available|updating|deleting|deleted|error)
Name string The name of the File System
NumberOfMountTargets number The current number of mount targets that the file system has
OwnerId string The AWS IAM account user that created the file system
PerformanceMode string The performance mode of the file system. (generalPurpose|maxIO)
ProvisionedThroughputInMibps number The amount of provisioned throughput, measured in MiB/s, for the file system
SizeInBytes sequence The latest known metered size (in bytes) of data stored in the file system
 Timestamp number The time at which the size of data was determined
 Value number The latest known metered size (in bytes) of data stored in the file system
 ValueInIA number The latest known metered size (in bytes) of data stored in the Infrequent Access storage class
 ValueInStandard number The latest known metered size (in bytes) of data stored in the Standard storage class.
Tags list The tags associated with the file system
 Name string The tag key
 Value string The value of the tag key
ThroughputMode string Displays the file system's throughput mode. (bursting|provisioned)
Attribute Type Description
id string The ID of the internet gateway.
Name string The Name of the Internet Gateway
RegionName string Name of region in which the Internet Gateway resides
RegionId string ID of region in which the Internet Gateway resides
AccountName string Name of account containing the Internet Gateway
AccountId string ID of account containing the Internet Gateway
Attachments list Any VPCs attached to the internet gateway. Each item describes the attachment of a VPC to an internet gateway or an egress-only internet gateway.
 State string The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.(available|attaching|attached|detaching|detached)
 VPC Reference to VPC Amazon Virtual Private Cloud (VPC)
OwnerId string The ID of the Amazon Web Services account that owns the internet gateway.
Tags list Any tags assigned to the internet gateway.
 Name string The key of the tag. (Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws)
 Value string The value of the tag. (Tag values are case-sensitive and accept a maximum of 255 Unicode characters)
Attribute Type Description
id string The Amazon Resource Name (ARN) for the DB cluster.
Name string A unique key that identifies a DB cluster
AccountId string ID of account containing the RDS Cluster
AccountName string Name of account containing the RDS Cluster
RegionId string ID of region in which the RDS Cluster resides
RegionName string Name of region in which the RDS Cluster resides
Tags list Tags assigned to the RDS cluster
 Name string Tag key
 Value string Tag value
ActivityStreamKMSKey Reference to KMSKey The Amazon Web Services KMS key used for encrypting messages in the database activity stream.
ActivityStreamStatus string The status of the database activity stream. (stopped|starting|started|stopping)
AllocatedStorage number For all database engines except Amazon Aurora, it specifies the allocated storage size in gibibytes (GiB). For Aurora, it returns 1, since Aurora DB cluster storage size is dynamically adjusted.
AssociatedRoles list List of the Amazon Web Services Identity and Access Management (IAM) roles that are associated with the DB cluster.
 RoleArn Reference to IAMRole The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster.
 Status string Describes the state of association between the IAM role and the DB cluster. (ACTIVE|PENDING|INVALID)
 FeatureName string The name of the feature associated with the Amazon Web Services Identity and Access Management (IAM) role.
AvailabilityZones list List of Availability Zones (AZs) where instances in the DB cluster can be created.
BackupRetentionPeriod number Number of days for which automatic DB snapshots are retained.
ClusterCreateTime number Time when the DB cluster was created,
CopyTagsToSnapshot boolean Specifies whether tags are copied from the DB cluster to snapshots of the DB cluster.
CrossAccountClone boolean Specifies whether the DB cluster is a clone of a DB cluster owned by a different Amazon Web Services account.
DBClusterMembers list Provides the list of instances that make up the DB cluster.
 DBInstance Reference to RDSInstance Instance for this member of the DB cluster.
 IsClusterWriter boolean Value that is true if the cluster member is the primary instance for the DB cluster and false otherwise.
 DBClusterParameterGroupStatus string Status of the DB cluster parameter group for this member of the DB cluster.
 PromotionTier integer Specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance.
DBClusterParameterGroup string Name of the DB cluster parameter group for the DB cluster
DBSubnetGroup string Name, description, and subnets in the subnet group associated with the DB cluster.
DatabaseName string Name of the initial database of this DB cluster that was provided at create time
DbClusterResourceId string Identifier for the DB cluster.
DeletionProtection boolean Indicates if the DB cluster has deletion protection enabled.
DomainMemberships list The Active Directory Domain membership records associated with the DB cluster.
 Domain string The identifier of the Active Directory Domain.
 Status string The status of the Active Directory Domain membership for the DB instance or cluster. (joined|pending-join|failed)
 FQDN string The fully qualified domain name of the Active Directory Domain.
 IAMRoleName string The name of the IAM role to be used when making API calls to the Directory Service.
EarliestRestorableTime number The earliest time to which a database can be restored with point-in-time restore.
EnabledCloudwatchLogsExports list A list of log types that this DB cluster is configured to export to CloudWatch Logs.
Endpoint string Specifies the connection endpoint for the primary instance of the DB cluster.
Engine string The name of the database engine to be used for this DB cluster.
EngineMode string The DB engine mode of the DB cluster. (provisioned|serverless|parallelquery|global|multimaster)
EngineVersion string Indicates the database engine version.
HostedZoneId string Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.
HttpEndpointEnabled boolean Indicates whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled.
IAMDatabaseAuthenticationEnabled boolean Indicates whether the mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.
KMSKey Reference to KMSKey AWS KMS key identifier for the encrypted DB
LatestRestorableTime number Specifies the latest time to which a database can be restored with point-in-time restore.
MasterUsername string Contains the master username for the DB cluster.
MultiAZ boolean Specifies whether the DB cluster has instances in multiple Availability Zones.
PendingModifiedValues sequence A value that specifies that changes to the DB cluster are pending.
 PendingCloudwatchLogsExports sequence A list of the log types whose configuration is in the process of being activated or deactivated.
  LogTypesToEnable list Log types that are in the process of being deactivated.
  LogTypesToDisable list Log types that are in the process of being enabled.
 DBClusterIdentifier string The DBClusterIdentifier value for the DB cluster.
 MasterUserPassword string The master credentials for the DB cluster.
 IAMDatabaseAuthenticationEnabled boolean Indicates whether mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts is enabled.
 EngineVersion string The database engine version.
Port number Specifies the port that the database engine is listening on.
PreferredBackupWindow string Specifies the daily time range during which automated backups are created
PreferredMaintenanceWindow string Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
ReadReplicaIdentifiers list Contains list of identifiers of the read replicas associated with this DB cluster.
ReaderEndpoint string The reader endpoint for the DB cluster that load-balances connections across available Aurora Replicas.
ScalingConfigurationInfo sequence Information about scaling configuration for an Aurora DB cluster in serverless DB engine mode.
 MinCapacity number The minimum capacity for the Aurora DB cluster in serverless DB engine mode.
 MaxCapacity number The maximum capacity for an Aurora DB cluster in serverless DB engine mode.
 AutoPause boolean Indicates whether automatic pause is allowed for the Aurora DB cluster in serverless DB engine mode.
 SecondsUntilAutoPause number The remaining amount of time, in seconds, before the Aurora DB cluster in serverless mode is paused.
 TimeoutAction string The action that occurs when Aurora times out while attempting to change the capacity of an Aurora Serverless cluster. (ForceApplyCapacityChange|RollbackCapacityChange )
 SecondsBeforeTimeout number The number of seconds before scaling times out.
Status string Current state of this DB cluster.
StorageEncrypted boolean Specifies whether the DB cluster is encrypted.
VpcSecurityGroups list Provides a list of VPC security groups that the DB cluster belongs to.
 SecurityGroup Reference to SecurityGroup VPC security group.
 Status string The status of the VPC security group.
CharacterSetName string Name of the character set that this cluster is associated with.
AutomaticRestartTime number The time when a stopped DB cluster is restarted automatically.
PercentProgress string The progress of the current operation as a percentage.
CustomEndpoints list Identifies all custom endpoints associated with the cluster.
DBClusterOptionGroupMemberships list Provides the list of option group memberships for this DB cluster.
 DBClusterOptionGroupName string Specifies the name of the DB cluster option group.
 Status string Specifies the status of the DB cluster option group.
ReplicationSourceIdentifier string Contains the identifier of the source DB cluster for the read replica.
CloneGroupId string Identifies the clone group to which the DB cluster is associated.
EarliestBacktrackTime number The earliest time to which a DB cluster can be backtracked.
BacktrackWindow number The target backtrack window, in seconds. If this value is set to 0, backtracking is disabled for the DB cluster. Otherwise, backtracking is enabled.
BacktrackConsumedChangeRecords number The number of change records stored for Backtrack.
Capacity number The current capacity of an Aurora Serverless DB cluster.
ActivityStreamMode string The mode of the database activity stream. (sync|async)
ActivityStreamKinesisStreamName string The name of the Amazon Kinesis data stream used for the database activity stream.
GlobalWriteForwardingStatus string Specifies whether a secondary cluster in an Aurora global database has write forwarding enabled, not enabled, or is in the process of enabling it. (enabled|disabled|enabling|disabling|unknown)
GlobalWriteForwardingRequested boolean Specifies whether you have requested to enable write forwarding for a secondary cluster in an Aurora global database.
Attribute Type Description
id string Identifier of the RDS Event Subscription
Name string Name of the RDS Event Subscription
RegionName string Name of region in which the RDS Event Subscription resides
RegionId string ID of region in which the RDS Event Subscription resides
AccountName string Name of account containing the RDS Event Subscription
AccountId string ID of account containing the RDS Event Subscription
Tags list Tags assigned to the RDS Event Subscription
 Name string Tag key
 Value string Tag value
SnsTopic Reference to SNSTopic The topic ARN of the RDS event notification subscription
Status string The status of the RDS event notification subscription. The status "no-permission" indicates that RDS no longer has permission to post to the SNS topic. The status "topic-not-exist" indicates that the topic was deleted after the subscription was created. ( creating | modifying | deleting | active | no-permission | topic-not-exist )
SubscriptionCreationTime string The time the RDS event notification subscription was created
SourceType string The source type for the RDS event notification subscription. ( db-instance | db-cluster | db-parameter-group | db-security-group | db-snapshot | db-cluster-snapshot )
SourceIdsList list A list of source IDs for the RDS event notification subscription
EventCategoriesList list A list of event categories for the RDS event notification subscription
Enabled boolean A Boolean value indicating if the subscription is enabled. True indicates the subscription is enabled
Attribute Type Description
id string The Amazon Resource Name (ARN) of the Auto Scaling group.
Name string The name of the Auto Scaling group.
AccountId string ID of account containing the Auto Scaling Group
AccountName string Name of account containing the Auto Scaling Group
RegionId string ID of region in which the Auto Scaling Group resides
RegionName string Name of region in which the Auto Scaling Groupy resides
LaunchConfigurationName string The name of the associated launch configuration.
LaunchTemplate sequence The launch template for the group.
 LaunchTemplateId string The ID of the launch template.
 LaunchTemplateName string The name of the launch template.
 Version string The version number.
MixedInstancesPolicy sequence The mixed instances policy for the group.
 LaunchTemplate sequence Launch template used when creating a mixed instances policy.
  LaunchTemplateSpecification sequence The launch template to use.
   LaunchTemplateId string The ID of the launch template.
   LaunchTemplateName string The name of the launch template.
   Version string The version number
  Overrides list Describes an override for a launch template.
   InstanceType string The instance type
   WeightedCapacity string The number of capacity units provided by the instance type specified in InstanceType in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic.
   LaunchTemplateSpecification sequence Provides the launch template to be used when launching the instance type specified in InstanceType .
    LaunchTemplateId string The ID of the launch template.
    LaunchTemplateName string The name of the launch template.
    Version string The version number
   InstanceRequirements sequence The instance requirements.
    VCpuCount sequence The minimum and maximum number of vCPUs for an instance type.
     Min number The minimum number of vCPUs.
     Max number The maximum number of vCPUs.
    MemoryMiB sequence The minimum and maximum instance memory size for an instance type, in MiB.
     Min number The memory minimum in MiB.
     Max number The memory maximum in MiB.
    CpuManufacturers list Lists of CPU manufacturers (intel | amd | amazon-web-services)
    MemoryGiBPerVCpu sequence The minimum and maximum amount of memory per vCPU for an instance type, in GiB.
     Min number The memory minimum in GiB.
     Max number The memory maximum in GiB.
    ExcludedInstanceTypes list Lists of instance types to exclude.
    InstanceGenerations list Indicates whether current or previous generation instance types are included. (current | previous)
    SpotMaxPricePercentageOverLowestPrice number The price protection threshold for Spot Instances.
    OnDemandMaxPricePercentageOverLowestPrice number The price protection threshold for On-Demand Instances.
    BareMetal string Indicates whether bare metal instance types are included, excluded, or required. (included|excluded|required)
    BurstablePerformance string Indicates whether burstable performance instance types are included, excluded, or required.
    RequireHibernateSupport boolean Indicates whether instance types must provide On-Demand Instance hibernation support.
    NetworkInterfaceCount sequence The minimum and maximum number of network interfaces for an instance type.
     Min number The minimum number of network interfaces.
     Max number The maximum number of network interfaces.
    LocalStorage string Indicates whether instance types with instance store volumes are included, excluded, or required. (included|excluded|required)
    LocalStorageTypes list Indicates the type of local storage that is required. (hdd|ssd)
    TotalLocalStorageGB sequence The minimum and maximum total local storage size for an instance type, in GB.
     Min number The storage minimum in GB.
     Max number The storage maximum in GB.
    BaselineEbsBandwidthMbps sequence The minimum and maximum baseline bandwidth performance for an instance type, in Mbps.
     Min number The minimum value in Mbps.
     Max number The maximum value in Mbps.
    AcceleratorTypes list Lists the accelerator types that must be on an instance type. (gpu|fpga|inference)
    AcceleratorCount sequence The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) for an instance type.
     Min number The minimum value.
     Max number The maximum value.
    AcceleratorManufacturers list Indicates whether instance types must have accelerators by specific manufacturers. (nvidia|amd|amazon-web-services|xilinx)
    AcceleratorNames list Lists the accelerators that must be on an instance type. (a100|v100|k80|t4|m60|radeon-pro-v520|vu9p)
    AcceleratorTotalMemoryMiB sequence The minimum and maximum total memory size for the accelerators on an instance type, in MiB.
     Min number The memory minimum in MiB.
     Max number The memory maximum in MiB.
 InstancesDistribution sequence Specifies the instances distribution.
  OnDemandAllocationStrategy string The order of the launch template overrides to use in fulfilling On-Demand capacity. (lowest-price | prioritized)
  OnDemandBaseCapacity number The minimum amount of the Auto Scaling groups capacity that must be fulfilled by On-Demand Instances.
  OnDemandPercentageAboveBaseCapacity number Controls the percentages of On-Demand Instances and Spot Instances for your additional capacity beyond OnDemandBaseCapacity .
  SpotAllocationStrategy string Indicates how to allocate instances across Spot Instance pools. (lowest-price | capacity-optimized | capacity-optimized-prioritized)
  SpotInstancePools number The number of Spot Instance pools across which to allocate your Spot Instances.
  SpotMaxPrice string The maximum price per unit hour that you are willing to pay for a Spot Instance.
MinSize number The minimum size of the group.
MaxSize number The maximum size of the group.
DesiredCapacity number The desired size of the group.
PredictedCapacity number The predicted capacity of the group when it has a predictive scaling policy.
DefaultCooldown number The duration of the default cooldown period, in seconds.
AvailabilityZones list One or more Availability Zones for the group.
LoadBalancerNames list One or more load balancers associated with the group.
TargetGroupARNs list The Amazon Resource Names (ARN) of the target groups for your load balancer.
HealthCheckType string The service to use for the health checks.
HealthCheckGracePeriod number The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service.
Instances list The EC2 instances associated with the group.
 InstanceId string The ID of the instance.
 InstanceType string The instance type of the EC2 instance.
 AvailabilityZone string The Availability Zone in which the instance is running.
 LifecycleState string A description of the current lifecycle state. (Pending|Pending:Wait|Pending:Proceed|Quarantined|InService|Terminating|Terminating:Wait|Terminating:Proceed|Terminated|Detaching|Detached|EnteringStandby|Standby|Warmed:Pending|Warmed:Pending:Wait|Warmed:Pending:Proceed|Warmed:Terminating|Warmed:Terminating:Wait|Warmed:Terminating:Proceed|Warmed:Terminated|Warmed:Stopped|Warmed:Running)
 HealthStatus string The last reported health status of the instance.
 LaunchConfigurationName string The launch configuration associated with the instance.
 LaunchTemplate sequence The launch template for the instance.
  LaunchTemplateId string The ID of the launch template.
  LaunchTemplateName string The name of the launch template.
  Version string The version number.
 ProtectedFromScaleIn boolean Indicates whether the instance is protected from termination by Amazon EC2 Auto Scaling when scaling in.
 WeightedCapacity string The number of capacity units contributed by the instance based on its instance type.
CreatedTime number The date and time the group was created.
SuspendedProcesses list The suspended processes associated with the group.
 ProcessName string The name of the suspended process.
 SuspensionReason string The reason that the process was suspended.
PlacementGroup string The name of the placement group into which to launch your instances, if any.
VPCZoneIdentifier string One or more subnet IDs, if applicable, separated by commas.
EnabledMetrics list The metrics enabled for the group.
 Metric string Name of the metric.
 Granularity string The granularity of the metric.
Status string The current state of the group when the DeleteAutoScalingGroup operation is in progress.
Tags list The tags for the group.
 ResourceId string The name of the group.
 ResourceType string The type of resource.
 Name string The tag key.
 Value string The tag value.
 PropagateAtLaunch boolean Determines whether the tag is added to new instances as they are launched in the group.
TerminationPolicies list The termination policies for the group.
NewInstancesProtectedFromScaleIn boolean Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in.
ServiceLinkedRoleARN string The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other Amazon Web Services on your behalf.
MaxInstanceLifetime number The maximum amount of time, in seconds, that an instance can be in service.
CapacityRebalance boolean Indicates whether Capacity Rebalancing is enabled.
WarmPoolConfiguration sequence The warm pool for the group.
 MaxGroupPreparedCapacity number The maximum number of instances that are allowed to be in the warm pool or in any state except Terminated for the Auto Scaling group.
 MinSize number The minimum number of instances to maintain in the warm pool.
 PoolState string The instance state to transition to after the lifecycle actions are complete. (Stopped|Running)
 Status string The status of a warm pool that is marked for deletion.
WarmPoolSize number The current size of the warm pool.
Context string Reserved.
DesiredCapacityType string The unit of measurement for the value specified for desired capacity. (units | vcpu | memory-mib)
Attribute Type Description
id string Identifier of the DMS Replication instance
Name string Name of the DMS Replication instance
RegionName string Name of region in which the DMS Replication instance resides
RegionId string ID of region in which the DMS Replication instance resides
AccountName string Name of account containing the DMS Replication instance
AccountId string ID of account containing the DMS Replication instance
Tags list Tags assigned to the DMS Replication instance
 Name string Tag key
 Value string Tag value
ReplicationInstanceClass string The compute and memory capacity of the replication instance as defined for the specified replication instance class. It is a required parameter, although a default value is pre-selected in the DMS console
State string The status of the replication instance. ( "available" | "creating" | "deleted" | "deleting" | "failed" | "modifying" | "upgrading" | "rebooting" | "resetting-master-credentials" | "storage-full" | "incompatible-credentials" | "incompatible-network" | "maintenance" )
AllocatedStorage number The amount of storage (in gigabytes) that is allocated for the replication instance
CreationDate number The time the replication instance was created
SecurityGroups Reference to SecurityGroup The VPC security group for the instance
AvailabilityZone string The Availability Zone for the instance
VPC Reference to VPC VPC on which DMS Replication instance was associated
Subnets Reference to Subnet Subnets on which DMS Replication instance was associated
PreferredMaintenanceWindow string The maintenance window times for the replication instance. Any pending upgrades to the replication instance are performed during this time
PendingModifiedValues sequence The pending modification values
 ReplicationInstanceClass string The compute and memory capacity of the replication instance as defined for the specified replication instance class
 AllocatedStorage number The amount of storage (in gigabytes) that is allocated for the replication instance
 MultiAZ boolean Specifies whether the replication instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the Multi-AZ parameter is set to true
 EngineVersion string The engine version number of the replication instance
MultiAZ boolean Specifies whether the replication instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the Multi-AZ parameter is set to true
EngineVersion string The engine version number of the replication instance
AutoMinorVersionUpgrade boolean Boolean value indicating if minor version upgrades will be automatically applied to the instance
KmsKey Reference to KMSKey An KMS key that is used to encrypt the data on the replication instance.
ReplicationInstancePublicIpAddress ip The public IP address of the replication instance
ReplicationInstancePrivateIpAddress ip The private IP address of the replication instance
ReplicationInstancePublicIpAddresses list One or more public IP addresses for the replication instance
 IpAddress ip The public IP address for the replication instance
ReplicationInstancePrivateIpAddresses list One or more private IP addresses for the replication instance
 IpAddress ip The private IP address for the replication instance
PubliclyAccessible boolean Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address. The default value is true
SecondaryAvailabilityZone string The Availability Zone of the standby replication instance in a Multi-AZ deployment
FreeUntil number The expiration date of the free replication instance that is part of the Free DMS program.
DnsNameServers string The DNS name servers supported for the replication instance to access your on-premise source or target database
Attribute Type Description
id string The API's identifier.
Name string The API's name.
AccountId string ID of account containing the API Gateway
AccountName string Name of account containing the API Gateway
RegionId string ID of region in which the API Gateway resides
RegionName string Name of region in which the API Gateway resides
Description string The API's description.
CreatedDate number The timestamp when the API was created.
Version string A version identifier for the API.
Warnings list The warning messages reported when failonwarnings is turned on during API import.
BinaryMediaTypes list The list of binary media types supported by the RestApi.
MinimumCompressionSize number Used to enable compression or disable compression on an API.
ApiKeySource string The source of the API key for metering requests according to a usage plan. (HEADER | AUTHORIZER)
EndpointConfiguration sequence The endpoint configuration of this RestApi showing the endpoint types of the API.
 Types list A list of endpoint types of an API ( RestApi ) or its custom domain name. (EDGE | REGIONAL | PRIVATE)
 VpcEndpointIds list A list of VpcEndpointIds of an API ( RestApi ) against which to create Route53 ALIASes.
DisableExecuteApiEndpoint boolean Specifies whether clients can invoke your API by using the default execute-api endpoint.
Tags list Tags assigned to the RDS cluster
 Name string Tag key
 Value string Tag value
Policy sequence A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.
 Version string Policy version
 Id string ID of the policy
 Statements list Permission statements
  Sid string Sid of the policy statement
  Effect string Effect of the statement
  Action list Actions affected by the statement
   value string Action
  Resource list Resources affected by the statement
   value string Resource
  Principal list Policy principal
   value string Principal
  NotAction list Actions exempted by the statement
   value string Action
  NotResource list Resources exempted by the statement
   value string Resource
  NotPrincipal list Policy principal
   value string Principal
  Conditions list Condition for statement
   Condition string Conditon type
   Name string Key name
   Value list Key Value
Stages list A list of Stage resources that are associated with the ApiKey resource.
 DeploymentId string The identifier of the Deployment that the stage points to.
 ClientCertificateId string The identifier of a client certificate for an API stage.
 StageName string The name of the stage is the first path segment in the Uniform Resource Identifier (URI) of a call to API Gateway.
 Description string The stage's description.
 CacheClusterEnabled boolean Specifies whether a cache cluster is enabled for the stage.
 CacheClusterSize string The size of the cache cluster for the stage, if enabled ('0.5'|'1.6'|'6.1'|'13.5'|'28.4'|'58.2'|'118'|'237')
 CacheClusterStatus string The status of the cache cluster for the stage, if enabled ('CREATE_IN_PROGRESS'|'AVAILABLE'|'DELETE_IN_PROGRESS'|'NOT_AVAILABLE'|'FLUSH_IN_PROGRESS')
 MethodSettings list A list that defines the method settings for a Stage resource.
  MethodName string The Key that defines an individual method override
  MethodValue sequence Specifies the method setting properties for the Key.
   MetricsEnabled boolean Specifies whether Amazon CloudWatch metrics are enabled for this method.
   LoggingLevel string Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs.
   DataTraceEnabled boolean Specifies whether full requests and responses are logged for this method, which affects the log entries pushed to Amazon CloudWatch Logs.
   ThrottlingBurstLimit number Specifies the throttling burst limit.
   ThrottlingRateLimit number Specifies the throttling rate limit.
   CachingEnabled boolean Specifies whether responses should be cached and returned for requests.
   CacheTtlInSeconds number Specifies the time to live (TTL), in seconds, for cached responses.
   CacheDataEncrypted boolean Specifies whether the cached responses are encrypted.
   RequireAuthorizationForCacheControl boolean Specifies whether authorization is required for a cache invalidation request.
   UnauthorizedCacheControlHeaderStrategy string Specifies how to handle unauthorized requests for cache invalidation ('FAIL_WITH_403'|'SUCCEED_WITH_RESPONSE_HEADER'|'SUCCEED_WITHOUT_RESPONSE_HEADER')
 Variables list A list that defines the stage variables for a Stage resource.
  VariableName string The Name of the variable.
  VariableValue string The Value of the variable.
 DocumentationVersion string The version of the associated API documentation.
 AccessLogSettings sequence Settings for logging access in this stage.
  Format string A single line format of the access logs of data.
  CloudWatchDestination Reference to CloudWatchLogGroup CloudWatch Log Group delivery stream to receive access logs.
 CanarySettings sequence Settings for the canary deployment in this stage.
  PercentTraffic number The percent (0-100) of traffic diverted to a canary deployment.
  DeploymentId string The ID of the canary deployment.
  StageVariableOverrides list Stage variables overridden for a canary release deployment, including new stage variables introduced in the canary.
   VariableName string The Name of the variable.
   VariableValue string The Value of the variable.
  UseStageCache boolean A Boolean flag to indicate whether the canary deployment uses the stage cache or not.
 TracingEnabled boolean Specifies whether active tracing with X-ray is enabled for the Stage.
 WebAclArn string The ARN of the WebAcl associated with the Stage.
 Tags list The tags associated with a given resource.
  Name string Tag key
  Value string Tag value
 CreatedDate number The timestamp when the stage was created.
 LastUpdatedDate number The timestamp when the stage last updated.
Attribute Type Description
id string The Amazon Resource Name (ARN) of the certificate.
Name string The fully qualified domain name for the certificate.
RegionName string Name of region in which the Certificate resides
RegionId string ID of region in which the Certificate resides
AccountName string Name of account containing the Certificate
AccountId string ID of account containing the Certificate
SubjectAlternativeNames list List of one or more domain names included in the certificate.
DomainValidationOptions list Contains information about the initial validation of each domain name that occurs as a result of the RequestCertificate request.
 DomainName string A fully qualified domain name (FQDN) in the certificate.
 ValidationEmails list A list of email addresses that ACM used to send domain validation emails.
 ValidationDomain string The domain name that ACM used to send domain validation emails.
 ValidationStatus string The validation status of the domain name. (PENDING_VALIDATION | SUCCESS | FAILED)
 ResourceRecord sequence Contains the CNAME record that you add to your DNS database for domain validation.
  Name string The name of the DNS record to create in your domain.
  Type string The type of DNS record.
  Value string The value of the CNAME record to add to your DNS database.
 ValidationMethod string Specifies the domain validation method.
Serial string The serial number of the certificate.
Subject string The name of the entity that is associated with the public key contained in the certificate.
Issuer string The name of the certificate authority that issued and signed the certificate.
CreatedAt number The time at which the certificate was requested.
IssuedAt number The time at which the certificate was issued.
ImportedAt number The date and time at which the certificate was imported.
Status string The status of the certificate (PENDING_VALIDATION|ISSUED|INACTIVE|EXPIRED|VALIDATION_TIMED_OUT|REVOKED|FAILED)
RevokedAt number The time at which the certificate was revoked.
RevocationReason string The reason the certificate was revoked (UNSPECIFIED|KEY_COMPROMISE|CA_COMPROMISE|AFFILIATION_CHANGED|SUPERCEDED|CESSATION_OF_OPERATION|CERTIFICATE_HOLD|REMOVE_FROM_CRL|PRIVILEGE_WITHDRAWN|A_A_COMPROMISE)
NotBefore number The time before which the certificate is not valid.
NotAfter number The time after which the certificate is not valid.
KeyAlgorithm string The algorithm that was used to generate the public-private key pair (RSA_1024|RSA_2048|RSA_3072|RSA_4096|EC_prime256v1|EC_secp384r1|EC_secp521r1)
SignatureAlgorithm string The algorithm that was used to sign the certificate.
InUseBy list A list of ARNs for the Amazon Web Services resources that are using the certificate.
FailureReason string The reason the certificate request failed (NO_AVAILABLE_CONTACTS|ADDITIONAL_VERIFICATION_REQUIRED|DOMAIN_NOT_ALLOWED|INVALID_PUBLIC_DOMAIN|DOMAIN_VALIDATION_DENIED|CAA_ERROR|PCA_LIMIT_EXCEEDED|PCA_INVALID_ARN|PCA_INVALID_STATE|PCA_REQUEST_FAILED|PCA_NAME_CONSTRAINTS_VALIDATION|PCA_RESOURCE_NOT_FOUND|PCA_INVALID_ARGS|PCA_INVALID_DURATION|PCA_ACCESS_DENIED|SLR_NOT_FOUND|OTHER)
Type string The source of the certificate (IMPORTED|AMAZON_ISSUED|PRIVATE)
RenewalSummary sequence Contains information about the status of ACM's managed renewal for the certificate.
 RenewalStatus string The status of ACM's managed renewal of the certificate.
 DomainValidationOptions list Contains information about the validation of each domain name in the certificate.
  DomainName string A fully qualified domain name (FQDN) in the certificate.
  ValidationEmails list A list of email addresses that ACM used to send domain validation emails.
  ValidationDomain string The domain name that ACM used to send domain validation emails.
  ValidationStatus string The validation status of the domain name (PENDING_VALIDATION | SUCCESS | FAILED)
  ResourceRecord sequence Contains the CNAME record that is added to the DNS database for domain validation.
   Name string The name of the DNS record to create in your domain.
   Type string The type of DNS record.
   Value string The value of the CNAME record to add to your DNS database.
  ValidationMethod string Specifies the domain validation method.
 RenewalStatusReason string The reason that a renewal request was unsuccessful.
 UpdatedAt number The time at which the renewal summary was last updated.
KeyUsages list A list of Key Usage X.509 v3 extension objects.
 Name string A string value that contains a Key Usage extension name (DIGITAL_SIGNATURE|NON_REPUDIATION|KEY_ENCIPHERMENT|DATA_ENCIPHERMENT|KEY_AGREEMENT|CERTIFICATE_SIGNING|CRL_SIGNING|ENCIPHER_ONLY|DECIPHER_ONLY|ANY|CUSTOM)
ExtendedKeyUsages list List of Extended Key Usage X.509 v3 extension objects.
 Name string The name of an Extended Key Usage value (TLS_WEB_SERVER_AUTHENTICATION|TLS_WEB_CLIENT_AUTHENTICATION|CODE_SIGNING|EMAIL_PROTECTION|TIME_STAMPING|OCSP_SIGNING|IPSEC_END_SYSTEM|IPSEC_TUNNEL|IPSEC_USER|ANY|NONE|CUSTOM)
 OID string An object identifier (OID) for the extension value.
CertificateAuthorityArn string The Amazon Resource Name (ARN) of the ACM PCA private certificate authority (CA) that issued the certificate.
RenewalEligibility string Specifies whether the certificate is eligible for renewal (ELIGIBLE|INELIGIBLE)
Options sequence Value that specifies whether to add the certificate to a transparency log.
 CertificateTransparencyLoggingPreference string You can opt out of certificate transparency logging by specifying the DISABLED option (ENABLED|DISABLED)
Tags list The key-value pairs that define the applied tags.
 Name string The key of the tag.
 Value string The value of the tag.
Attribute Type Description
id string The environments Amazon Resource Name (ARN), which can be used in other API requests that require an ARN.
Name string The name of this environment.
AccountId string ID of account containing the Elastic Beanstalk
AccountName string Name of account containing the Elastic Beanstalk
RegionId string ID of region in which the Elastic Beanstalk resides
RegionName string Name of region in which the Elastic Beanstalk resides
ApplicationName string The name of the application associated with this environment.
VersionLabel string The application version deployed in this environment.
SolutionStackName string The name of the SolutionStack deployed with this environment.
PlatformArn string The ARN of the platform version.
TemplateName string The name of the configuration template used to originally launch this environment.
Description string Describes this environment.
EndpointURL string For load-balanced, autoscaling environments, the URL to the LoadBalancer.
CNAME string The URL to the CNAME for this environment.
DateCreated number The creation date for this environment.
DateUpdated number The last modified date for this environment.
Status string The current operational status of the environment (Aborting|Launching|Updating|LinkingFrom|LinkingTo|Ready|Terminating|Terminated)
AbortableOperationInProgress boolean Indicates if there is an in-progress environment configuration update or application version deployment that you can cancel.
Health string Describes the health status of the environment. (Green|Yellow|Red|Grey)
HealthStatus string Returns the health status of the application running in your environment. (NoData|Unknown|Pending|Ok|Info|Warning|Degraded|Severe|Suspended)
Resources sequence The description of the AWS resources used by this environment.
 LoadBalancer sequence Describes the LoadBalancer.
  LoadBalancerName string The name of the LoadBalancer.
  Domain string The domain name of the LoadBalancer.
  Listeners list A list of Listeners used by the LoadBalancer.
   Protocol string The protocol that is used by the Listener.
   Port number The port that is used by the Listener.
Tier sequence Describes the current tier of this environment.
 Name string The name of this environment tier. (WebServer | Worker)
 Type string The type of this environment tier. (Standard | SQS/HTTP)
 Version string The version of this environment tier.
EnvironmentLinks list A list of links to other environments in the same group.
 LinkName string The name of the link.
 EnvironmentName string The name of the linked environment (the dependency).
EnvironmentId string The ID of this environment.
OperationsRole string The Amazon Resource Name (ARN) of the environments operations role.
ConfigurationSettings list A list of Configuration Settings for this Beanstalk environment.
 SolutionStackName string The name of the solution stack this configuration set uses.
 PlatformArn string The ARN of the platform version.
 TemplateName string The name of the configuration template for this configuration.
 Description string Describes this configuration set.
 DeploymentStatus string Indicates the deployment status of this configuration. (null|deployed|pending|failed)
 DateCreated number The date (in UTC time) when this configuration set was created.
 DateUpdated number The date (in UTC time) when this configuration set was last modified.
 OptionSettings list A list of the configuration options and their values in this configuration.
  ResourceName string A unique resource name for the option setting.
  Namespace string A unique namespace that identifies the options associated AWS resource.
  OptionName string The name of the configuration option.
  Value string The current value for the configuration option.
Attribute Type Description
id string The Amazon Resource Name (ARN) that uniquely identifies the cluster.
Name string The name of the DAX cluster.
AccountId string ID of account containing the Amazon DynamoDB Accelerator (DAX)
AccountName string Name of account containing the Amazon DynamoDB Accelerator (DAX)
RegionId string ID of region in which the Amazon DynamoDB Accelerator (DAX) resides
RegionName string Name of region in which the Amazon DynamoDB Accelerator (DAX) resides
Description string The description of the cluster.
TotalNodes number The total number of nodes in the cluster.
ActiveNodes number The number of nodes in the cluster that are active.
NodeType string The node type for the nodes in the cluster.
Status string The current status of the cluster.
ClusterDiscoveryEndpoint sequence The endpoint for this DAX cluster, consisting of a DNS name, a port number, and a URL.
 Address string The DNS hostname of the endpoint.
 Port number The port number that applications should use to connect to the endpoint.
 URL string The URL that applications should use to connect to the endpoint.
NodeIdsToRemove list A list of nodes to be removed from the cluster.
Nodes list A list of nodes that are currently in the cluster.
 NodeId string A system-generated identifier for the node.
 Endpoint sequence The endpoint for the node, consisting of a DNS name and a port number.
  Address string The DNS hostname of the endpoint.
  Port number The port number that applications should use to connect to the endpoint.
  URL string The URL that applications should use to connect to the endpoint.
 NodeCreateTime number The date and time when the node was launched.
 AvailabilityZone string The Availability Zone (AZ) in which the node has been deployed.
 NodeStatus string The current status of the node.
 ParameterGroupStatus string The status of the parameter group associated with this node.
PreferredMaintenanceWindow string A range of time when maintenance of DAX cluster software will be performed.
NotificationConfiguration sequence Describes a notification topic and its status.
 SNSTopic Reference to SNSTopic Notification topics using Amazon Simple Notification Service (SNS).
 TopicStatus string The current state of the topic.
SubnetGroup string The subnet group where the DAX cluster is running.
SecurityGroups list A list of security groups, and the status of each, for the nodes in the cluster.
 SecurityGroup Reference to SecurityGroup Security Group for the nodes in the Cluster
 Status string The status of this security group.
IamRoleArn string A valid Amazon Resource Name (ARN) that identifies an IAM role.
ParameterGroup sequence The parameter group being used by nodes in the cluster.
 ParameterGroupName string The name of the parameter group.
 ParameterApplyStatus string The status of parameter updates.
 NodeIdsToReboot list The node IDs of one or more nodes to be rebooted.
SSEDescription sequence The description of the server-side encryption status on the specified DAX cluster.
 Status string The current state of server-side encryption ('ENABLING'|'ENABLED'|'DISABLING'|'DISABLED')
ClusterEndpointEncryptionType string The type of encryption supported by the cluster's endpoint.
Tags list A list of tags currently associated with the DAX cluster.
 Name string The key for the tag.
 Value string The value of the tag.
Attribute Type Description
id string The ARN (Amazon Resource Name) of the cache cluster.
Name string The user-supplied identifier of the cluster.
AccountId string ID of account containing the ElastiCache Cluster.
AccountName string Name of account containing the ElastiCache Cluster.
RegionId string ID of region in which the ElastiCache Cluster resides.
RegionName string Name of region in which the ElastiCache Cluster resides.
ConfigurationEndpoint sequence Represents a Memcached cluster endpoint which can be used by an application to connect to any node in the cluster.
 Address string The DNS hostname of the cache node.
 Port number The port number that the cache engine is listening on.
ClientDownloadLandingPage string The URL of the web page where you can download the latest ElastiCache client library.
CacheNodeType string The name of the compute and memory capacity node type for the cluster.
Engine string The name of the cache engine to be used for this cluster (memcached | redis).
EngineVersion string The version of the cache engine that is used in this cluster.
CacheClusterStatus string The current state of this cluster (available | creating | deleted | deleting | incompatible-network | modifying | rebooting cluster nodes | restore-failed | snapshotting).
NumCacheNodes number The number of cache nodes in the cluster.
PreferredAvailabilityZone string The name of the Availability Zone in which the cluster is located or "Multiple" if the cache nodes are located in different Availability Zones.
PreferredOutpostArn string The outpost ARN in which the cache cluster is created.
CacheClusterCreateTime number The date and time when the cluster was created.
PreferredMaintenanceWindow string Specifies the weekly time range during which maintenance on the cluster is performed.
PendingModifiedValues sequence A group of settings that are applied to the cluster.
 NumCacheNodes number The new number of cache nodes for the cluster.
 CacheNodeIdsToRemove list A list of cache node IDs that are being removed (or will be removed) from the cluster.
 EngineVersion string The new cache engine version that the cluster runs.
 CacheNodeType string The cache node type that this cluster or replication group is scaled to.
 AuthTokenStatus string The auth token status (SETTING | ROTATING)
 LogDeliveryConfigurations list List of log delivery configurations being modified.
  LogType string Refers to slow-log
  DestinationType string Returns the destination type (cloudwatch-logs | kinesis-firehose).
  DestinationDetails sequence Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.
   CloudWatchLogsDetails sequence The configuration details of the CloudWatch Logs destination.
    LogGroup string The name of the CloudWatch Logs log group.
   KinesisFirehoseDetails sequence The configuration details of the Kinesis Data Firehose destination.
    DeliveryStream string The name of the Kinesis Data Firehose delivery stream.
  LogFormat string Returns the log format (JSON | TEXT).
NotificationConfiguration sequence Describes a notification topic and its status.
 TopicArn Reference to SNSTopic The Amazon Resource Name (ARN) that identifies the topic.
 TopicStatus string The current state of the topic.
CacheSecurityGroups list A list of cache security group elements, composed of name and status sub-elements.
 CacheSecurityGroupName string The name of the cache security group.
 Status string The membership status in the cache security group.
CacheParameterGroup sequence Status of the cache parameter group.
 CacheParameterGroupName string The name of the cache parameter group.
 ParameterApplyStatus string The status of parameter updates.
 CacheNodeIdsToReboot list A list of the cache node IDs which need to be rebooted for parameter changes to be applied.
CacheSubnetGroupName string The name of the cache subnet group associated with the cluster.
CacheNodes list A list of cache nodes that are members of the cluster.
 CacheNodeId string The cache node identifier.
 CacheNodeStatus string The current state of this cache node (available | creating | rebooting | deleting)
 CacheNodeCreateTime number The date and time when the cache node was created.
 Endpoint sequence The hostname for connecting to this cache node.
  Address string The DNS hostname of the cache node.
  Port number The port number that the cache engine is listening on.
 ParameterGroupStatus string The status of the parameter group applied to this cache node.
 SourceCacheNodeId string The ID of the primary node to which this read replica node is synchronized.
 CustomerAvailabilityZone string The Availability Zone where this node was created and now resides.
 CustomerOutpostArn string The Availability Zone where this node was created and now resides.
AutoMinorVersionUpgrade boolean Checks if the running Redis engine version is 6.0 or later and the next auto minor version upgrade campaign is opted for.
SecurityGroups list A list of VPC Security Groups associated with the cluster.
 SecurityGroup Reference to SecurityGroup The identifier of the cache security group.
 Status string The status of the cache security group membership.
ReplicationGroupId string The replication group to which this cluster belongs.
SnapshotRetentionLimit number The number of days for which ElastiCache retains automatic cluster snapshots before deleting them.
SnapshotWindow string The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your cluster.
AuthTokenEnabled boolean A flag that enables using an AuthToken (password) when issuing Redis commands.
AuthTokenLastModifiedDate number The date the auth token was last modified.
TransitEncryptionEnabled boolean A flag that enables in-transit encryption when set to true.
AtRestEncryptionEnabled boolean A flag that enables encryption at-rest when set to true.
ReplicationGroupLogDeliveryEnabled boolean Indicates whether log delivery is enabled for the replication group.
LogDeliveryConfigurations list Returns the destination, format and type of the logs.
 LogType string Refers to slow-log .
 DestinationType string Returns the destination type (cloudwatch-logs | kinesis-firehose).
 DestinationDetails sequence Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.
  CloudWatchLogsDetails sequence The configuration details of the CloudWatch Logs destination.
   LogGroup string The name of the CloudWatch Logs log group.
  KinesisFirehoseDetails sequence The configuration details of the Kinesis Data Firehose destination.
   DeliveryStream string The name of the Kinesis Data Firehose delivery stream.
 LogFormat string Returns the log format (JSON | TEXT).
 Status string Returns the log delivery configuration status (enabling | disabling | modifying | active | error).
 Message string Returns an error message for the log delivery configuration.
CacheEngineVersions list A list of cache engine version details.
 Engine string The name of the cache engine.
 EngineVersion string The version number of the cache engine.
 CacheParameterGroupFamily string The name of the cache parameter group family associated with this cache engine (memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.0 | redis6.2).
 CacheEngineDescription string The description of the cache engine.
 CacheEngineVersionDescription string The description of the cache engine version.
Tags list Tags added to an ElastiCache cluster
 Name string Tag key
 Value string Tag value
Attribute Type Description
id string Amazon Resource Number of the Load Balancer
Name string Name of the Load Balancer
RegionName string Name of region in which the Load Balancer resides
RegionId string ID of region in which the Load Balancer resides
AccountName string Name of account containing the Load Balancer
AccountId string ID of account containing the Load Balancer
Tags list Tags assigned to the Load Balancer
 Name string Tag key
 Value string Tag value
DNSName string The DNS name of the load balancer
CanonicalHostedZoneNameID string The ID of the Amazon Route 53 hosted zone for the load balancer
ListenerDescriptions list The listeners for the load balancer
 Listener sequence The listener
  Protocol string The load balancer transport protocol to use for routing.
  LoadBalancerPort number The port on which the load balancer is listening. On EC2-VPC, you can specify any port from the range 1-65535. On EC2-Classic, you can specify any port from the following list - 25, 80, 443, 465, 587, 1024-65535
  InstanceProtocol string The protocol to use for routing traffic to instances. ( HTTP | HTTPS | TCP | SSL )
  InstancePort number The port on which the instance is listening
  SSLCertificateId string The Amazon Resource Name (ARN) of the server certificate
 PolicyNames list The policies. If there are no policies enabled, the list is empty
  Value string PolicyName
Policies sequence The policies defined for the load balancer
 AppCookieStickinessPolicies list The stickiness policies created using CreateAppCookieStickinessPolicy
  PolicyName string The mnemonic name for the policy being created. The name must be unique within a set of policies for this load balancer
  CookieName string The name of the application cookie used for stickiness
 LBCookieStickinessPolicies list The stickiness policies created using CreateLBCookieStickinessPolicy
  PolicyName string The name of the policy
  CookieExpirationPeriod number The time period, in seconds, after which the cookie should be considered stale. If this parameter is not specified, the stickiness session lasts for the duration of the browser session
 OtherPolicies list The policies other than the stickiness policies
  Name string Policy name
BackendServerDescriptions list Information about your EC2 instances
 InstancePort number The port on which the EC2 instance is listening
 PolicyNames list The names of the policies enabled for the EC2 instance
  Name string Policy Name
AvailabilityZones list The Availability Zones for the load balancer
Subnets Reference to Subnet Subnets for the Load Balancer
VPC Reference to VPC The VPC for the load balancer
Instances Reference to EC2Instance The IDs of the instances for the load balancer.
HealthCheck sequence Information about the health checks conducted on the load balancer
 Target string The instance being checked. The protocol is either TCP, HTTP, HTTPS, or SSL. The range of valid ports is one (1) through 65535. TCP is the default, specified as a TCP:portpair , for example "TCP:5000". SSL is also specified as SSL:portpair, for example, SSL:5000. For HTTP/HTTPS, you must include a ping path in the string. HTTP is specified as a HTTP:port;/;PathToPing; grouping, for example "HTTP:80/weather/us/wa/seattle"
 Interval number The approximate interval, in seconds, between health checks of an individual instance
 Timeout number The amount of time, in seconds, during which no response means a failed health check. This value must be less than the Interval value
 UnhealthyThreshold number The number of consecutive health check failures required before moving the instance to the Unhealthy state
 HealthyThreshold number The number of consecutive health checks successes required before moving the instance to the Healthy state
SourceSecurityGroup sequence The security group for the load balancer, which you can use as part of your inbound rules for your registered instances. To only allow traffic from load balancers, add a security group rule that specifies this source security group as the inbound source
 OwnerAlias string The owner of the security group
 GroupName string The name of the security group
SecurityGroups Reference to SecurityGroup The security groups for the load balancer. Valid only for load balancers in a VPC
CreatedTime number The date and time the load balancer was created in Epoch
Scheme string The type of load balancer. Valid only for load balancers in a VPC. ( internet-facing | internal )
Attributes sequence Information about the load balancer attributes
 CrossZoneLoadBalancingEnabled boolean Specifies whether cross-zone load balancing is enabled for the load balancer
 AccessLog sequence If enabled, the load balancer captures detailed information of all requests and delivers the information to the Amazon S3 bucket that you specify
  Enabled boolean Specifies whether access logs are enabled for the load balancer
  S3Bucket Reference to S3Bucket The name of the Amazon S3 bucket where the access logs are stored
  EmitInterval number The interval for publishing the access logs. You can specify an interval of either 5 minutes or 60 minutes. Default is 60 minutes
  S3BucketPrefix string The logical hierarchy you created for your Amazon S3 bucket, for example my-bucket-prefix/prod . If the prefix is not provided, the log is placed at the root level of the bucket
 ConnectionDraining sequence If enabled, the load balancer allows existing requests to complete before the load balancer shifts traffic away from a deregistered or unhealthy instance
  Enabled boolean Specifies whether connection draining is enabled for the load balancer
  Timeout number The maximum time, in seconds, to keep the existing connections open before deregistering the instances
 ConnectionSettingsIdleTimeout number The time, in seconds, that the connection is allowed to be idle (no data has been sent over the connection) before it is closed by the load balancer
 AdditionalAttributes list Information about additional load balancer attributes
  Key string The name of the attribute. Supported attribute - "elb.http.desyncmitigationmode" determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor , defensive , and strictest . The default is defensive
  Value string The value of the attribute
Attribute Type Description
id string ID of the Secret
Name string Name of the Secret
RegionName string Name of region in which the Secret resides
RegionId string ID of region in which the Secret resides
AccountName string Name of account containing the Secret
AccountId string ID of account containing the Secret
Tags list Tags properties
 Name string Key
 Value string Value
Description string The user-provided description of the secret
KmsKey Reference to KMSKey The KMS key that Secrets Manager uses to encrypt the secret value. If the secret is encrypted with the Amazon Web Services managed key aws/secretsmanager , this field is omitted.
RotationEnabled boolean Indicates whether automatic, scheduled rotation is enabled for this secret
RotationLambda Reference to Lambda The Amazon Web Services Lambda function invoked by Secrets Manager to rotate and expire the secret either automatically per the schedule or manually by a call to RotateSecret
AutomaticScheduledRotationDays number Specifies the number of days between automatic scheduled rotations of the secret
LastRotatedDate number The most recent date and time that the Secrets Manager rotation process was successfully completed. This value is null if the secret hasn't ever rotated
LastChangedDate number The last date and time that this secret was modified in any way
LastAccessedDate number The last date that this secret was accessed. This value is truncated to midnight of the date and therefore shows only the date, not the time
DeletedDate number The epoch time the deletion of the secret occurred. Not present on active secrets. The secret can be recovered until the number of days in the recovery window has passed, as specified in the RecoveryWindowInDays parameter of the DeleteSecret operation
OwningService string Returns the name of the service that created the secret
CreatedDate number The epoch time when a secret was created
PrimaryRegion string The Region where Secrets Manager originated the secret
RotationOccurringAsScheduled boolean Indicates whether an AWS Secrets Manager secret rotated successfully based on the rotation schedule
Attribute Type Description
id string ID of the Notebook Instance
Name string Name of the Notebook Instance
RegionName string Name of region in which the Notebook Instance resides
RegionId string ID of region in which the Notebook Instance resides
AccountName string Name of account containing the Notebook Instance
AccountId string ID of account containing the Notebook Instance
Tags list Tags properties
 Name string Key
 Value string Value
State string The status of the notebook instance ('Pending'|'InService'|'Stopping'|'Stopped'|'Failed'|'Deleting'|'Updating')
FailureReason string If status is Failed , the reason it failed
URL string The URL that you use to connect to the Jupyter notebook that is running in your notebook instance
InstanceType string The type of ML compute instance running on the notebook instance
Subnet Reference to Subnet VPC Subnet associated with the instance
SecurityGroups Reference to SecurityGroup VPC security groups associated with the instance
Role Reference to IAMRole IAM role associated with the instance
KmsKey Reference to KMSKey The Amazon Web Services KMS key Amazon SageMaker uses to encrypt data when storing it on the ML storage volume attached to the instance
NetworkInterface Reference to NetworkInterface The network interface that Amazon SageMaker created at the time of creating the instance
LastModifiedTime number A timestamp that shows when the notebook instance was last modified
CreationTime number A timestamp that shows when the notebook instance was created
NotebookInstanceLifecycleConfigName string Returns the name of a notebook instance lifecycle configuration
DirectInternetAccess string Describes whether Amazon SageMaker provides internet access to the notebook instance. If this value is set to Disabled , the notebook instance does not have internet access, and cannot connect to Amazon SageMaker training and endpoint services. ('Enabled'|'Disabled')
VolumeSizeInGB number The size, in GB, of the ML storage volume attached to the notebook instance
AcceleratorTypes list A list of the Elastic Inference (EI) instance types associated with this notebook instance. Currently only one EI instance type can be associated with a notebook instance
DefaultCodeRepository string The Git repository associated with the notebook instance as its default code repository. This can be either the name of a Git repository stored as a resource in your account, or the URL of a Git repository in Amazon Web Services CodeCommit or in any other Git repository
AdditionalCodeRepositories list An array of up to three Git repositories associated with the notebook instance
RootAccess string Whether root access is enabled or disabled for users of the notebook instance
PlatformIdentifier string The platform identifier of the notebook instance runtime environment
Attribute Type Description
id string The unique identifier for the web ACL.
Name string The name of the web ACL.
AccountId string ID of account containing the AWS WebACL
AccountName string Name of account containing the AWS WebACL
RegionId string ID of region in which the AWS WebACL resides
RegionName string Name of region in which the AWS WebACL resides
Description string A description of the web ACL that helps with identification.
LockToken string A token used for optimistic locking that marks the state of the entity at the time of the request.
ARN string The Amazon Resource Name (ARN) of the entity.
LoggingConfiguration sequence The LoggingConfiguration for the specified web ACL.
 LogDestinationConfigs list List of Amazon Resource Names (ARNs) of the logging destinations that are associated with the web ACL.
 RedactedFields list The parts of the WebACL entries that you want to keep out of the logs. (UriPath | QueryString | SingleHeader | Method | JsonBody)
  SingleHeader sequence Inspect a single header.
   Name string The name of the query header to inspect.
  SingleQueryArgument sequence Inspect a single query argument.
   Name string The name of the query argument to inspect.
  AllQueryArguments sequence Inspect all query arguments.
  UriPath sequence Inspect the request URI path.
  QueryString sequence Inspect the query string.
  Body sequence Inspect the request body as plain text.
  Method sequence Inspect the HTTP method.
  JsonBody sequence Inspect the request body as JSON.
   MatchPattern sequence The patterns to look for in the JSON body.
    All sequence Match all of the elements.
    IncludedPaths list Match only the specified include paths.
   MatchScope string The parts of the JSON to match against using the MatchPattern (ALL | KEY | VALUE)
   InvalidFallbackBehavior string Describes what WAF should do if it fails to completely parse the JSON body (MATCH | NO_MATCH | EVALUATE_AS_STRING)
 ManagedByFirewallManager boolean Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy configuration.
 LoggingFilter sequence Filtering that specifies which web requests are kept in the logs and which are dropped.
  Filters list The filters that are applied to the logs.
   Behavior string Shows how to handle logs that satisfy the filter's conditions and requirement (KEEP | DROP)
   Requirement string Logic to apply to the filtering conditions (MEETS_ALL | MEETS_ANY)
   Conditions list Match conditions for the filter.
    ActionCondition sequence A single action condition.
     Action string The action setting that a log record must contain in order to meet the condition (ALLOW | BLOCK | COUNT | CAPTCHA | EXCLUDED_AS_COUNT)
    LabelNameCondition sequence A single label name condition.
     LabelName string The label name that a log record must contain in order to meet the condition.
   DefaultBehavior string Default handling for logs that don't match any of the specified filtering conditions (KEEP | DROP)
Tags list Tags associated with the AWS WebACL resource
 Name string Tag key
 Value string Tag value