Merge pull request #1170 from hashicorp/f-08-23-2023-schema-updates

08/32/2023 CloudFormation schema refresh

CHANGELOG.md

@@ -1,4 +1,11 @@
 ## 0.59.0 (Unreleased)
+
+NOTES:
+
+* provider: Updates to Go 1.20, the last release that will run on any release of Windows 7, 8, Server 2008 and Server 2012. A future release will update to Go 1.21, and these platforms will no longer be supported
+* provider: Updates to Go 1.20, the last release that will run on macOS 10.13 High Sierra or 10.14 Mojave. A future release will update to Go 1.21, and these platforms will no longer be supported
+* provider: Updates to Go 1.20. The provider will now notice the `trust-ad` option in `/etc/resolv.conf` and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver
+
 ## 0.58.0 (August 10, 2023)
 
 FEATURES:

docs/data-sources/backup_backup_plan.md

@@ -57,6 +57,7 @@ Read-Only:
 - `recovery_point_tags` (Map of String)
 - `rule_name` (String)
 - `schedule_expression` (String)
+- `schedule_expression_timezone` (String)
 - `start_window_minutes` (Number)
 - `target_backup_vault` (String)
 

docs/data-sources/cleanrooms_configured_table.md

@@ -52,6 +52,7 @@ Read-Only:
 Read-Only:
 
 - `aggregation` (Attributes) (see [below for nested schema](#nestedatt--analysis_rules--policy--v1--aggregation))
+- `custom` (Attributes) (see [below for nested schema](#nestedatt--analysis_rules--policy--v1--custom))
 - `list` (Attributes) (see [below for nested schema](#nestedatt--analysis_rules--policy--v1--list))
 
 <a id="nestedatt--analysis_rules--policy--v1--aggregation"></a>
@@ -87,6 +88,15 @@ Read-Only:
 
 
 
+<a id="nestedatt--analysis_rules--policy--v1--custom"></a>
+### Nested Schema for `analysis_rules.policy.v1.list`
+
+Read-Only:
+
+- `allowed_analyses` (List of String)
+- `allowed_analysis_providers` (List of String)
+
+
 <a id="nestedatt--analysis_rules--policy--v1--list"></a>
 ### Nested Schema for `analysis_rules.policy.v1.list`
 

docs/data-sources/cloudformation_stack_set.md

@@ -93,6 +93,7 @@ Read-Only:
 
 - `account_filter_type` (String) The filter type you want to apply on organizational units and accounts.
 - `accounts` (Set of String) AWS accounts that you want to create stack instances in the specified Region(s) for.
+- `accounts_url` (String) Returns the value of the AccountsUrl property.
 - `organizational_unit_ids` (Set of String) The organization root ID or organizational unit (OU) IDs to which StackSets deploys.
 
 

docs/data-sources/ecr_repository.md

@@ -22,6 +22,7 @@ Data Source schema for AWS::ECR::Repository
 ### Read-Only
 
 - `arn` (String)
+- `empty_on_delete` (Boolean) If true, deleting the repository force deletes the contents of the repository. Without a force delete, you can only delete empty repositories.
 - `encryption_configuration` (Attributes) The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
 
 By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.

docs/data-sources/iam_managed_policy.md

@@ -21,10 +21,18 @@ Data Source schema for AWS::IAM::ManagedPolicy
 
 ### Read-Only
 
-- `description` (String)
-- `groups` (List of String)
-- `managed_policy_name` (String)
-- `path` (String)
-- `policy_document` (Map of String)
-- `roles` (List of String)
-- `users` (List of String)
+- `attachment_count` (Number) The number of entities (users, groups, and roles) that the policy is attached to.
+- `create_date` (String) The date and time, in ISO 8601 date-time format, when the policy was created.
+- `default_version_id` (String) The identifier for the version of the policy that is set as the default version.
+- `description` (String) A friendly description of the policy.
+- `groups` (Set of String) The name (friendly name, not ARN) of the group to attach the policy to.
+- `is_attachable` (Boolean) Specifies whether the policy can be attached to an IAM user, group, or role.
+- `managed_policy_name` (String) The friendly name of the policy.
+- `path` (String) The path for the policy.
+- `permissions_boundary_usage_count` (Number) The number of entities (users and roles) for which the policy is used to set the permissions boundary.
+- `policy_arn` (String) Amazon Resource Name (ARN) of the managed policy
+- `policy_document` (String) The JSON policy document that you want to use as the content for the new policy.
+- `policy_id` (String) The stable and unique string identifying the policy.
+- `roles` (Set of String) The name (friendly name, not ARN) of the role to attach the policy to.
+- `update_date` (String) The date and time, in ISO 8601 date-time format, when the policy was last updated.
+- `users` (Set of String) The name (friendly name, not ARN) of the IAM user to attach the policy to.

docs/data-sources/iot_policy.md

@@ -22,5 +22,5 @@ Data Source schema for AWS::IoT::Policy
 ### Read-Only
 
 - `arn` (String)
-- `policy_document` (Map of String)
+- `policy_document` (String)
 - `policy_name` (String)

docs/data-sources/resiliencehub_app.md

@@ -25,11 +25,34 @@ Data Source schema for AWS::ResilienceHub::App
 - `app_assessment_schedule` (String) Assessment execution schedule.
 - `app_template_body` (String) A string containing full ResilienceHub app template body.
 - `description` (String) App description.
+- `drift_status` (String) Indicates if compliance drifts (deviations) were detected while running an assessment for your application.
+- `event_subscriptions` (Attributes List) The list of events you would like to subscribe and get notification for. (see [below for nested schema](#nestedatt--event_subscriptions))
 - `name` (String) Name of the app.
+- `permission_model` (Attributes) Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. (see [below for nested schema](#nestedatt--permission_model))
 - `resiliency_policy_arn` (String) Amazon Resource Name (ARN) of the Resiliency Policy.
 - `resource_mappings` (Attributes List) An array of ResourceMapping objects. (see [below for nested schema](#nestedatt--resource_mappings))
 - `tags` (Map of String)
 
+<a id="nestedatt--event_subscriptions"></a>
+### Nested Schema for `event_subscriptions`
+
+Read-Only:
+
+- `event_type` (String) The type of event you would like to subscribe and get notification for.
+- `name` (String) Unique name to identify an event subscription.
+- `sns_topic_arn` (String) Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic.
+
+
+<a id="nestedatt--permission_model"></a>
+### Nested Schema for `permission_model`
+
+Read-Only:
+
+- `cross_account_role_arns` (List of String) Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.
+- `invoker_role_name` (String) Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.
+- `type` (String) Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.
+
+
 <a id="nestedatt--resource_mappings"></a>
 ### Nested Schema for `resource_mappings`
 

docs/resources/backup_backup_plan.md

@@ -58,6 +58,7 @@ Optional:
 - `lifecycle` (Attributes) (see [below for nested schema](#nestedatt--backup_plan--backup_plan_rule--lifecycle))
 - `recovery_point_tags` (Map of String)
 - `schedule_expression` (String)
+- `schedule_expression_timezone` (String)
 - `start_window_minutes` (Number)
 
 <a id="nestedatt--backup_plan--backup_plan_rule--copy_actions"></a>

docs/resources/cleanrooms_configured_table.md

@@ -72,6 +72,7 @@ Required:
 Optional:
 
 - `aggregation` (Attributes) (see [below for nested schema](#nestedatt--analysis_rules--policy--v1--aggregation))
+- `custom` (Attributes) (see [below for nested schema](#nestedatt--analysis_rules--policy--v1--custom))
 - `list` (Attributes) (see [below for nested schema](#nestedatt--analysis_rules--policy--v1--list))
 
 <a id="nestedatt--analysis_rules--policy--v1--aggregation"></a>
@@ -110,6 +111,18 @@ Required:
 
 
 
+<a id="nestedatt--analysis_rules--policy--v1--custom"></a>
+### Nested Schema for `analysis_rules.policy.v1.list`
+
+Required:
+
+- `allowed_analyses` (List of String)
+
+Optional:
+
+- `allowed_analysis_providers` (List of String)
+
+
 <a id="nestedatt--analysis_rules--policy--v1--list"></a>
 ### Nested Schema for `analysis_rules.policy.v1.list`
 

docs/resources/cloudformation_stack_set.md

@@ -99,6 +99,7 @@ Optional:
 
 - `account_filter_type` (String) The filter type you want to apply on organizational units and accounts.
 - `accounts` (Set of String) AWS accounts that you want to create stack instances in the specified Region(s) for.
+- `accounts_url` (String) Returns the value of the AccountsUrl property.
 - `organizational_unit_ids` (Set of String) The organization root ID or organizational unit (OU) IDs to which StackSets deploys.
 
 

docs/resources/ecr_repository.md

@@ -100,6 +100,7 @@ resource "awscc_ecr_repository" "repo_policy_example" {
 
 ### Optional
 
+- `empty_on_delete` (Boolean) If true, deleting the repository force deletes the contents of the repository. Without a force delete, you can only delete empty repositories.
 - `encryption_configuration` (Attributes) The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
 
 By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.

docs/resources/iam_managed_policy.md

@@ -17,20 +17,28 @@ Resource Type definition for AWS::IAM::ManagedPolicy
 
 ### Required
 
-- `policy_document` (Map of String)
+- `policy_document` (String) The JSON policy document that you want to use as the content for the new policy.
 
 ### Optional
 
-- `description` (String)
-- `groups` (List of String)
-- `managed_policy_name` (String)
-- `path` (String)
-- `roles` (List of String)
-- `users` (List of String)
+- `description` (String) A friendly description of the policy.
+- `groups` (Set of String) The name (friendly name, not ARN) of the group to attach the policy to.
+- `managed_policy_name` (String) The friendly name of the policy.
+- `path` (String) The path for the policy.
+- `roles` (Set of String) The name (friendly name, not ARN) of the role to attach the policy to.
+- `users` (Set of String) The name (friendly name, not ARN) of the IAM user to attach the policy to.
 
 ### Read-Only
 
-- `id` (String) The ID of this resource.
+- `attachment_count` (Number) The number of entities (users, groups, and roles) that the policy is attached to.
+- `create_date` (String) The date and time, in ISO 8601 date-time format, when the policy was created.
+- `default_version_id` (String) The identifier for the version of the policy that is set as the default version.
+- `id` (String) Uniquely identifies the resource.
+- `is_attachable` (Boolean) Specifies whether the policy can be attached to an IAM user, group, or role.
+- `permissions_boundary_usage_count` (Number) The number of entities (users and roles) for which the policy is used to set the permissions boundary.
+- `policy_arn` (String) Amazon Resource Name (ARN) of the managed policy
+- `policy_id` (String) The stable and unique string identifying the policy.
+- `update_date` (String) The date and time, in ISO 8601 date-time format, when the policy was last updated.
 
 ## Import
 

docs/resources/iot_policy.md

@@ -17,7 +17,7 @@ Resource Type definition for AWS::IoT::Policy
 
 ### Required
 
-- `policy_document` (Map of String)
+- `policy_document` (String)
 
 ### Optional
 

docs/resources/lambda_function.md

@@ -2,12 +2,12 @@
 page_title: "awscc_lambda_function Resource - terraform-provider-awscc"
 subcategory: ""
 description: |-
-  Resource Type definition for AWS::Lambda::Function
+  Resource Type definition for AWS::Lambda::Function in region
 ---
 
 # awscc_lambda_function (Resource)
 
-Resource Type definition for AWS::Lambda::Function
+Resource Type definition for AWS::Lambda::Function in region
 
 ## Example Usage
 

docs/resources/resiliencehub_app.md

@@ -25,12 +25,15 @@ Resource Type Definition for AWS::ResilienceHub::App.
 
 - `app_assessment_schedule` (String) Assessment execution schedule.
 - `description` (String) App description.
+- `event_subscriptions` (Attributes List) The list of events you would like to subscribe and get notification for. (see [below for nested schema](#nestedatt--event_subscriptions))
+- `permission_model` (Attributes) Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. (see [below for nested schema](#nestedatt--permission_model))
 - `resiliency_policy_arn` (String) Amazon Resource Name (ARN) of the Resiliency Policy.
 - `tags` (Map of String)
 
 ### Read-Only
 
 - `app_arn` (String) Amazon Resource Name (ARN) of the App.
+- `drift_status` (String) Indicates if compliance drifts (deviations) were detected while running an assessment for your application.
 - `id` (String) Uniquely identifies the resource.
 
 <a id="nestedatt--resource_mappings"></a>
@@ -61,6 +64,33 @@ Optional:
 - `aws_account_id` (String)
 - `aws_region` (String)
 
+
+
+<a id="nestedatt--event_subscriptions"></a>
+### Nested Schema for `event_subscriptions`
+
+Required:
+
+- `event_type` (String) The type of event you would like to subscribe and get notification for.
+- `name` (String) Unique name to identify an event subscription.
+
+Optional:
+
+- `sns_topic_arn` (String) Amazon Resource Name (ARN) of the Amazon Simple Notification Service topic.
+
+
+<a id="nestedatt--permission_model"></a>
+### Nested Schema for `permission_model`
+
+Required:
+
+- `type` (String) Defines how AWS Resilience Hub scans your resources. It can scan for the resources by using a pre-existing role in your AWS account, or by using the credentials of the current IAM user.
+
+Optional:
+
+- `cross_account_role_arns` (List of String) Defines a list of role Amazon Resource Names (ARNs) to be used in other accounts. These ARNs are used for querying purposes while importing resources and assessing your application.
+- `invoker_role_name` (String) Existing AWS IAM role name in the primary AWS account that will be assumed by AWS Resilience Hub Service Principle to obtain a read-only access to your application resources while running an assessment.
+
 ## Import
 
 Import is supported using the following syntax: