diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 27e4de56157a..b7721b70dc6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,6 +1,12 @@ name: TestNDeploy -on: [push, pull_request] +on: + push: + paths-ignore: + - 'README.md' + branches: + - localstack + pull_request: jobs: cache: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000000..730491a89fd7 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,195 @@ +# LocalStack specific workflow to implement a fully-integrated continuous integration pipeline for our fork +# - Rebase this fork based on the latest commit on `main` of upstream +# - Build a Python source and wheel distribution of moto-ext with deterministic versioning +# - Publish the distributions to PyPi +# - Tag the commit in this fork with the new version +# - Create a GitHub release for the new version + +name: Sync / Release moto-ext + +on: + schedule: + - cron: 0 5 * * MON + workflow_dispatch: + inputs: + dry_run: + description: 'Dry Run?' + default: true + required: true + type: boolean + +# limit concurrency to 1 +concurrency: + group: ${{ github.workflow }} + +jobs: + sync-build-release-moto-ext: + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/project/moto-ext/ + permissions: + contents: write + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: localstack + persist-credentials: false + + - name: Setup Python + uses: actions/setup-python@v6 + with: + python-version: '3.13' + + - name: Configure Git + run: | + # Configure git + git config --global user.name 'LocalStack Bot' + git config --global user.email 'localstack-bot@users.noreply.github.com' + git remote set-url origin https://git:${{ secrets.PRO_ACCESS_TOKEN }}@github.com/${{ github.repository }} + + # make sure to switch to the `localstack` branch (default / main branch of this fork) + git switch localstack + # add moto upstream as remote + git remote add upstream https://github.com/getmoto/moto.git + # rebase with latest changes + git pull + + # Create a custom merge driver which prefers everything from upstream _BUT_ the name and the URL + mkdir -p $HOME/.local/bin + cat > $HOME/.local/bin/git-prefer-theirs-name-url << EOF + #!/bin/bash + set -e + + base="\$1" + local="\$2" + remote="\$3" + + echo "Executing custom merge driver for base \$base, local \$local, remote \$remote." + + # Define keys to keep + KEYS=("name" "url") + + # Read files into arrays + mapfile -t REMOTE_LINES < "\$remote" + mapfile -t LOCAL_LINES < "\$local" + + echo "merging \$local + \$local + \$remote ..." + + # Function to check if a line should be kept (matches any key) + keep_line() { + local line="\$1" + for key in "\${KEYS[@]}"; do + [[ "\$line" == *"\$key"* ]] && return 0 + done + return 1 + } + + # keep key-matched lines from local, others from remote + for i in "\${!LOCAL_LINES[@]}"; do + if keep_line "\${REMOTE_LINES[i]}"; then + echo "\${REMOTE_LINES[i]}" + else + echo "\${LOCAL_LINES[i]}" + fi + done > "\$local" + + exit 0 + EOF + + # make the script executable and add it to the PATH + chmod +x $HOME/.local/bin/git-prefer-theirs-name-url + echo "$HOME/.local/bin" >> "$GITHUB_PATH" + + # add the merge driver to the git config + cat >> .git/config << EOF + + [merge "git-prefer-theirs-name-url"] + name = A driver which resolves merge conflicts on a setup.cfg such that it always takes the local name and url, and everything else from upstream + driver = git-prefer-theirs-name-url %O %A %B + EOF + + # define to use the custom merge driver for the setup.cfg + cat > .gitattributes << EOF + setup.cfg merge=git-prefer-theirs-name-url + EOF + + - name: Rebase localstack branch with latest master from upstream + run: | + git fetch upstream + git rebase -f upstream/master + + - name: Determine new version + run: | + echo "Determining new version..." + cat > setuptools.cfg << EOF + [tool.setuptools_scm] + local_scheme = "no-local-version" + version_scheme = "post-release" + EOF + python3 -m venv .venv + source .venv/bin/activate + python3 -m pip install setuptools_scm + NEW_VERSION=$(python3 -m setuptools_scm -c setuptools.cfg) + NEW_VERSION="${NEW_VERSION//dev/post}" + echo "New version is: $NEW_VERSION" + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + + - name: Build Python distributions + # FYI: Checks in this script only work because the -e flag is enabled by default in GitHub actions + run: | + python3 -m pip install build + + echo "Setting new version in setup.cfg": + # make sure setup.cfg is not dirty yet + git diff --exit-code setup.cfg + sed -i -E 's/^(version\s*=\s*)("?)[^"]+("?)/\1\2'"$NEW_VERSION"'\3/' setup.cfg + # make sure setup.cfg is dirty now + ! git diff --exit-code setup.cfg + + echo "Building new version and tagging commit..." + python3 -m build + + - name: Tag successful build + run: | + git tag -a $NEW_VERSION -m $NEW_VERSION + + - name: Clean up + run: | + git reset --hard + git clean -df + + - name: Store built distributions + uses: actions/upload-artifact@v4 + with: + name: moto-ext-dists + path: dist/*.* + + # publish the package before pushing the tag (this might fail if the version already exists on PyPI) + - name: Publish package distributions to PyPI + if: ${{ github.event.inputs.dry_run != 'true' }} + uses: pypa/gh-action-pypi-publish@release/v1 + + - name: Push + if: ${{ github.event.inputs.dry_run != 'true' }} + run: | + git push --force-with-lease + git push --atomic origin localstack $NEW_VERSION + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Add a retry to avoid issues where the GH CLI fails + # because it does not yet detect the pushed tag. + - name: Create Release + uses: nick-fields/retry@v3 + if: ${{ github.event.inputs.dry_run != 'true' }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + max_attempts: 5 + retry_wait_seconds: 120 + timeout_minutes: 5 + command: gh release create $NEW_VERSION --repo localstack/moto --notes "automatic rebase sync and release" \ No newline at end of file diff --git a/.github/workflows/data-update_config-managed-rules.yml b/.github/workflows/data-update_config-managed-rules.yml index 9d6d115d56fe..55338d18d507 100644 --- a/.github/workflows/data-update_config-managed-rules.yml +++ b/.github/workflows/data-update_config-managed-rules.yml @@ -16,7 +16,7 @@ jobs: update: name: Update Config Managed Rules runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write diff --git a/.github/workflows/data-update_ec2-instance-offerings.yml b/.github/workflows/data-update_ec2-instance-offerings.yml index c3922c3ff00f..db11141a95ff 100644 --- a/.github/workflows/data-update_ec2-instance-offerings.yml +++ b/.github/workflows/data-update_ec2-instance-offerings.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EC2 Instance Offerings runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EC2 instance types from AWS run: | diff --git a/.github/workflows/data-update_ec2-instance-types.yml b/.github/workflows/data-update_ec2-instance-types.yml index 27a47f7f179f..b519b615cd9f 100644 --- a/.github/workflows/data-update_ec2-instance-types.yml +++ b/.github/workflows/data-update_ec2-instance-types.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EC2 Instance Types runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EC2 instance types from AWS run: | diff --git a/.github/workflows/data-update_emr_instance_types.yml b/.github/workflows/data-update_emr_instance_types.yml index 099f39cf727b..f48ddab06ab6 100644 --- a/.github/workflows/data-update_emr_instance_types.yml +++ b/.github/workflows/data-update_emr_instance_types.yml @@ -16,7 +16,7 @@ jobs: update: name: Update EMR Instance Types runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull EMR instance types from AWS run: | diff --git a/.github/workflows/data-update_iam-managed-policies.yml b/.github/workflows/data-update_iam-managed-policies.yml index 10d2dab62850..3f699d69d41f 100644 --- a/.github/workflows/data-update_iam-managed-policies.yml +++ b/.github/workflows/data-update_iam-managed-policies.yml @@ -16,7 +16,7 @@ jobs: update: name: Update IAM Managed Policies runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull IAM managed policies from AWS run: | diff --git a/.github/workflows/data-update_ssm-default-amis.yml b/.github/workflows/data-update_ssm-default-amis.yml index 5e10c4f99f20..a34cd19077ef 100644 --- a/.github/workflows/data-update_ssm-default-amis.yml +++ b/.github/workflows/data-update_ssm-default-amis.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM default AMIs runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM default AMIs from AWS run: | diff --git a/.github/workflows/data-update_ssm-default-parameters.yml b/.github/workflows/data-update_ssm-default-parameters.yml index ca8a375662e2..c68f886c5068 100644 --- a/.github/workflows/data-update_ssm-default-parameters.yml +++ b/.github/workflows/data-update_ssm-default-parameters.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM default parameters runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM default Parameters from AWS run: | diff --git a/.github/workflows/data-update_ssm-optimized-amis.yml b/.github/workflows/data-update_ssm-optimized-amis.yml index e04fc12412ee..c759b49c026a 100644 --- a/.github/workflows/data-update_ssm-optimized-amis.yml +++ b/.github/workflows/data-update_ssm-optimized-amis.yml @@ -16,7 +16,7 @@ jobs: update: name: Update SSM Optimized AMIs runs-on: ubuntu-latest - if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }} + if: ${{ github.ref == 'refs/heads/localstack' && github.repository == 'localstack/moto' }} permissions: id-token: write contents: write @@ -35,7 +35,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-east-1 - role-to-assume: arn:aws:iam::682283128318:role/GithubActionsRole + role-to-assume: arn:aws:iam::385386232812:role/MotoExt-OIDC-Role - name: Pull SSM Optimized AMIs from AWS run: | diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 94ffb9ea0982..af70bcdc9613 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -1,6 +1,12 @@ name: DockerTests -on: [push, pull_request] +on: + push: + paths-ignore: + - 'README.md' + branches: + - localstack + pull_request: jobs: cache: diff --git a/Makefile b/Makefile index 299fac705636..41868ba87850 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,16 @@ test-only: test: lint test-only +terraformtests: + @echo "Make sure that the MotoServer is already running on port 4566 (moto_server -p 4566)" + @echo "USAGE: make terraformtests SERVICE_NAME=acm TEST_NAMES=TestAccACMCertificate" + @echo "" + cd tests/terraformtests && bin/run_go_test $(SERVICE_NAME) "$(TEST_NAMES)" + +publish: + python -m build + twine upload dist/* + test_server: @TEST_SERVER_MODE=true pytest -sv --cov=moto --cov-report xml ./tests/ diff --git a/README.md b/README.md index d28e681600a3..13db57a7863a 100644 --- a/README.md +++ b/README.md @@ -1,86 +1,3 @@ -# Moto - Mock AWS Services +# moto-ext -[![Join the chat at https://gitter.im/awsmoto/Lobby](https://badges.gitter.im/awsmoto/Lobby.svg)](https://gitter.im/awsmoto/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - -[![Build Status](https://github.com/getmoto/moto/workflows/TestNDeploy/badge.svg)](https://github.com/getmoto/moto/actions) -[![Coverage Status](https://codecov.io/gh/getmoto/moto/branch/master/graph/badge.svg)](https://codecov.io/gh/getmoto/moto) -[![Docs](https://readthedocs.org/projects/pip/badge/?version=stable)](http://docs.getmoto.org) -[![PyPI](https://img.shields.io/pypi/v/moto.svg)](https://pypi.org/project/moto/) -[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/moto.svg)](#) -[![PyPI - Downloads](https://img.shields.io/pypi/dw/moto.svg)](https://pypistats.org/packages/moto) -[![Code style: Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff) -[![Financial Contributors](https://opencollective.com/moto/tiers/badge.svg)](https://opencollective.com/moto) - - -## Install - -```console -$ pip install 'moto[ec2,s3,all]' -``` - -## In a nutshell - - -Moto is a library that allows your tests to easily mock out AWS Services. - -Imagine you have the following python code that you want to test: - -```python -import boto3 - - -class MyModel: - def __init__(self, name, value): - self.name = name - self.value = value - - def save(self): - s3 = boto3.client("s3", region_name="us-east-1") - s3.put_object(Bucket="mybucket", Key=self.name, Body=self.value) -``` - -Take a minute to think how you would have tested that in the past. - -Now see how you could test it with Moto: - -```python -import boto3 -from moto import mock_aws -from mymodule import MyModel - - -@mock_aws -def test_my_model_save(): - conn = boto3.resource("s3", region_name="us-east-1") - # We need to create the bucket since this is all in Moto's 'virtual' AWS account - conn.create_bucket(Bucket="mybucket") - model_instance = MyModel("steve", "is awesome") - model_instance.save() - body = conn.Object("mybucket", "steve").get()["Body"].read().decode("utf-8") - assert body == "is awesome" -``` - -With the decorator wrapping the test, all the calls to s3 are automatically mocked out. The mock keeps track of the state of the buckets and keys. - -For a full list of which services and features are covered, please see our [implementation coverage](https://github.com/getmoto/moto/blob/master/IMPLEMENTATION_COVERAGE.md). - - -### Documentation -The full documentation can be found here: - -[http://docs.getmoto.org/en/latest/](http://docs.getmoto.org/en/latest/) - - -### Financial Contributions -Support this project and its continued development, by sponsoring us! - -Click the `Sponsor`-button at the top of the page for more information. - -Our finances are managed by OpenCollective, which means you have full visibility into all our contributions and expenses: -https://opencollective.com/moto - -### Security contact information - -To report a security vulnerability, please use the -[Tidelift security contact](https://tidelift.com/security). -Tidelift will coordinate the fix and disclosure. +Fork of [Moto](https://github.com/getmoto/moto) with patches and fixes for [LocalStack](https://github.com/localstack/localstack). diff --git a/moto/config/resources/aws_managed_rules.json b/moto/config/resources/aws_managed_rules.json index 239a92efda73..709719926288 100644 --- a/moto/config/resources/aws_managed_rules.json +++ b/moto/config/resources/aws_managed_rules.json @@ -1,7 +1,7 @@ { "ManagedRules": { "ACCESS_KEYS_ROTATED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "90", @@ -14,7 +14,7 @@ "Trigger type": "Periodic" }, "ACCOUNT_PART_OF_ORGANIZATIONS": { - "AWS Region": "All supported AWS regions except China (Beijing), AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing) Region", "Parameters": [ { "Name": "MasterAccountId", @@ -37,7 +37,7 @@ "Trigger type": "Configuration changes" }, "ACM_CERTIFICATE_EXPIRATION_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "14", @@ -98,7 +98,7 @@ "Trigger type": "Configuration changes" }, "ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Trigger type": "Periodic" @@ -134,7 +134,7 @@ "Trigger type": "Configuration changes" }, "ALB_WAF_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "wafWebAclIds", @@ -242,7 +242,7 @@ "Trigger type": "Configuration changes" }, "API_GW_ASSOCIATED_WITH_WAF": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "WebAclArns", @@ -254,25 +254,25 @@ "Trigger type": "Configuration changes" }, "API_GW_CACHE_ENABLED_AND_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::ApiGateway::Stage", "Trigger type": "Configuration changes" }, "API_GW_ENDPOINT_TYPE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "endpointConfigurationTypes", "Optional": false, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::ApiGateway::RestApi", "Trigger type": "Configuration changes" }, "API_GW_EXECUTION_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Default": "ERROR,INFO", @@ -297,7 +297,7 @@ "Trigger type": "Configuration changes" }, "API_GW_SSL_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "CertificateIDs", @@ -628,7 +628,7 @@ "Trigger type": "Configuration changes" }, "APPROVED_AMIS_BY_ID": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "amiIds", @@ -640,7 +640,7 @@ "Trigger type": "Configuration changes" }, "APPROVED_AMIS_BY_TAG": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "tag-key:tag-value,other-tag-key", @@ -908,7 +908,7 @@ "Trigger type": "Periodic" }, "AURORA_MYSQL_BACKTRACKING_ENABLED": { - "AWS Region": "All supported AWS regions except Europe (Stockholm), Middle East (Bahrain), China (Beijing), Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), AWS Secret - West, South America (Sao Paulo), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain) Region", + "AWS Region": "Only available in Asia Pacific (Mumbai), Europe (Paris), US East (Ohio), Europe (Ireland), Europe (Frankfurt), US East (N. Virginia), Asia Pacific (Seoul), Asia Pacific (Osaka), Europe (London), Asia Pacific (Tokyo), US West (Oregon), US West (N. California), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central) Region", "Parameters": [ { "Name": "BacktrackWindowInHours", @@ -1021,7 +1021,7 @@ "Trigger type": "Configuration changes" }, "AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::AutoScaling::LaunchConfiguration", "Trigger type": "Configuration changes" @@ -1203,7 +1203,7 @@ "Trigger type": "Configuration changes" }, "BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::ElasticBeanstalk::Environment", "Trigger type": "Configuration changes" @@ -1245,7 +1245,7 @@ "Trigger type": "Configuration changes" }, "CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "cloudformationRoleArn", @@ -1257,20 +1257,20 @@ "Trigger type": "Configuration changes and Periodic" }, "CLOUDFORMATION_STACK_NOTIFICATION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { - "Name": "snsTopic1", + "Name": "snsTopic2", "Optional": true, "Type": "String" }, { - "Name": "snsTopic2", + "Name": "snsTopic1", "Optional": true, "Type": "String" }, { - "Name": "snsTopic3", + "Name": "snsTopic5", "Optional": true, "Type": "String" }, @@ -1280,7 +1280,7 @@ "Type": "String" }, { - "Name": "snsTopic5", + "Name": "snsTopic3", "Optional": true, "Type": "String" } @@ -1288,6 +1288,12 @@ "Resource Types": "AWS::CloudFormation::Stack", "Trigger type": "Configuration changes" }, + "CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFormation::Stack", + "Trigger type": "Configuration changes" + }, "CLOUDFORMATION_TERMINATION_PROTECTION_CHECK": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], @@ -1330,6 +1336,12 @@ "Resource Types": "AWS::CloudFront::Distribution", "Trigger type": "Configuration changes" }, + "CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED": { + "AWS Region": "Only available in US East (N. Virginia) Region", + "Parameters": [], + "Resource Types": "AWS::CloudFront::Distribution", + "Trigger type": "Configuration changes" + }, "CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS": { "AWS Region": "Only available in US East (N. Virginia) Region", "Parameters": [], @@ -1427,7 +1439,7 @@ "Trigger type": "Periodic" }, "CLOUDTRAIL_S3_DATAEVENTS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "S3BucketNames", @@ -1446,8 +1458,8 @@ "AWS Region": "All supported AWS regions", "Parameters": [ { - "Default": "true", - "Name": "alarmActionRequired", + "Default": "false", + "Name": "okActionRequired", "Optional": false, "Type": "String" }, @@ -1458,8 +1470,8 @@ "Type": "String" }, { - "Default": "false", - "Name": "okActionRequired", + "Default": "true", + "Name": "alarmActionRequired", "Optional": false, "Type": "String" }, @@ -1499,7 +1511,7 @@ "Trigger type": "Configuration changes" }, "CLOUDWATCH_ALARM_RESOURCE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "resourceType", @@ -1516,7 +1528,7 @@ "Trigger type": "Periodic" }, "CLOUDWATCH_ALARM_SETTINGS_CHECK": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "metricName", @@ -1524,37 +1536,37 @@ "Type": "String" }, { - "Name": "threshold", + "Default": "300", + "Name": "period", "Optional": true, "Type": "int" }, { - "Name": "evaluationPeriods", + "Name": "statistic", "Optional": true, - "Type": "int" + "Type": "String" }, { - "Default": "300", - "Name": "period", + "Name": "comparisonOperator", "Optional": true, - "Type": "int" + "Type": "String" }, { - "Name": "comparisonOperator", + "Name": "threshold", "Optional": true, - "Type": "String" + "Type": "int" }, { - "Name": "statistic", + "Name": "evaluationPeriods", "Optional": true, - "Type": "String" + "Type": "int" } ], "Resource Types": "AWS::CloudWatch::Alarm", "Trigger type": "Configuration changes" }, "CLOUDWATCH_LOG_GROUP_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "KmsKeyId", @@ -1578,7 +1590,7 @@ "Trigger type": "Configuration changes" }, "CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "expectedDeliveryWindowAge", @@ -1611,7 +1623,7 @@ "Trigger type": "Periodic" }, "CLOUD_TRAIL_ENCRYPTION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::CloudTrail::Trail", "Trigger type": "Periodic" @@ -1682,7 +1694,7 @@ "Trigger type": "Configuration changes" }, "CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::CodeBuild::Project", "Trigger type": "Configuration changes" @@ -1773,7 +1785,7 @@ "Trigger type": "Configuration changes" }, "CODEPIPELINE_DEPLOYMENT_COUNT_CHECK": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), AWS Secret - West, Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "deploymentLimit", @@ -1785,7 +1797,7 @@ "Trigger type": "Configuration changes" }, "CODEPIPELINE_REGION_FANOUT_CHECK": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), AWS Secret - West, Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Default": "3", @@ -2008,34 +2020,34 @@ "Trigger type": "Periodic" }, "DB_INSTANCE_BACKUP_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { - "Name": "backupRetentionPeriod", + "Name": "backupRetentionMinimum", "Optional": true, "Type": "int" }, { - "Name": "backupRetentionMinimum", + "Name": "backupRetentionPeriod", "Optional": true, "Type": "int" }, { - "Name": "preferredBackupWindow", + "Name": "checkReadReplicas", "Optional": true, - "Type": "String" + "Type": "boolean" }, { - "Name": "checkReadReplicas", + "Name": "preferredBackupWindow", "Optional": true, - "Type": "boolean" + "Type": "String" } ], "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" }, "DESIRED_INSTANCE_TENANCY": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "tenancy", @@ -2057,7 +2069,7 @@ "Trigger type": "Configuration changes" }, "DESIRED_INSTANCE_TYPE": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "instanceType", @@ -2117,7 +2129,7 @@ "Trigger type": "Configuration changes" }, "DMS_REPLICATION_NOT_PUBLIC": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::DMS::ReplicationInstance", "Trigger type": "Periodic" @@ -2238,7 +2250,7 @@ "Trigger type": "Periodic" }, "DYNAMODB_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::DynamoDB::Table", "Trigger type": "Periodic" @@ -2349,7 +2361,7 @@ "Trigger type": "Configuration changes" }, "DYNAMODB_TABLE_ENCRYPTED_KMS": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -2385,7 +2397,7 @@ "Trigger type": "Periodic" }, "EBS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::Volume", "Trigger type": "Periodic" @@ -2442,7 +2454,7 @@ "Trigger type": "Periodic" }, "EBS_OPTIMIZED_INSTANCE": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" @@ -2525,7 +2537,7 @@ "Trigger type": "Configuration changes" }, "EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Europe (Spain) Region", + "AWS Region": "All supported AWS regions except Europe (Spain) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -2613,13 +2625,13 @@ "Trigger type": "Configuration changes" }, "EC2_IMDSV2_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_DETAILED_MONITORING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" @@ -2637,13 +2649,13 @@ "Trigger type": "Configuration changes and Periodic" }, "EC2_INSTANCE_MANAGED_BY_SSM": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance, AWS::SSM::ManagedInstanceInventory", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_MULTIPLE_ENI_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "NetworkInterfaceIds", @@ -2655,13 +2667,13 @@ "Trigger type": "Configuration changes" }, "EC2_INSTANCE_NO_PUBLIC_IP": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::Instance", "Trigger type": "Configuration changes" }, "EC2_INSTANCE_PROFILE_ATTACHED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "IamInstanceProfileArnList", @@ -2738,7 +2750,7 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "applicationNames", @@ -2755,7 +2767,7 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "applicationNames", @@ -2772,13 +2784,13 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Africa (Cape Town), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Europe (Milan), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::SSM::AssociationCompliance", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "inventoryNames", @@ -2795,13 +2807,13 @@ "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Osaka), Europe (Milan), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Osaka), Europe (Milan), Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::SSM::PatchCompliance", "Trigger type": "Configuration changes" }, "EC2_MANAGEDINSTANCE_PLATFORM_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "platformType", @@ -2993,7 +3005,7 @@ "Trigger type": "Periodic" }, "EC2_SECURITY_GROUP_ATTACHED_TO_ENI": { - "AWS Region": "All supported AWS regions except Middle East (UAE), AWS Secret - West, Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except Middle East (UAE), Canada West (Calgary) Region", "Parameters": [], "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" @@ -3011,7 +3023,7 @@ "Trigger type": "Configuration changes" }, "EC2_STOPPED_INSTANCE": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "30", @@ -3108,7 +3120,7 @@ "Trigger type": "Configuration changes" }, "EC2_VOLUME_INUSE_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "deleteOnTermination", @@ -3197,6 +3209,12 @@ "Resource Types": "AWS::ECS::CapacityProvider", "Trigger type": "Configuration changes" }, + "ECS_CAPACITY_PROVIDER_TERMINATION_CHECK": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", + "Parameters": [], + "Resource Types": "AWS::ECS::CapacityProvider", + "Trigger type": "Configuration changes" + }, "ECS_CONTAINERS_NONPRIVILEGED": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [], @@ -3250,6 +3268,12 @@ "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, + "ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", + "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", + "Trigger type": "Configuration changes" + }, "ECS_TASK_DEFINITION_LOG_CONFIGURATION": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [], @@ -3292,6 +3316,12 @@ "Resource Types": "AWS::ECS::TaskDefinition", "Trigger type": "Configuration changes" }, + "ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN": { + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", + "Parameters": [], + "Resource Types": "AWS::ECS::TaskDefinition", + "Trigger type": "Configuration changes" + }, "EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY": { "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [ @@ -3328,7 +3358,7 @@ "Trigger type": "Configuration changes" }, "EFS_ENCRYPTED_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "KmsKeyId", @@ -3364,7 +3394,7 @@ "Trigger type": "Configuration changes" }, "EFS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EFS::FileSystem", "Trigger type": "Periodic" @@ -3498,7 +3528,7 @@ "Trigger type": "Periodic" }, "EIP_ATTACHED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::EIP", "Trigger type": "Configuration changes" @@ -3570,7 +3600,7 @@ "Trigger type": "Configuration changes" }, "EKS_ENDPOINT_NO_PUBLIC_ACCESS": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EKS::Cluster", "Trigger type": "Periodic" @@ -3588,7 +3618,7 @@ "Trigger type": "Configuration changes" }, "EKS_SECRETS_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "kmsKeyArns", @@ -3726,7 +3756,7 @@ "Trigger type": "Periodic" }, "ELASTICSEARCH_LOGS_TO_CLOUDWATCH": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "logTypes", @@ -3761,7 +3791,7 @@ "Trigger type": "Configuration changes" }, "ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Zurich) Region", "Parameters": [ { "Name": "UpdateLevel", @@ -3773,7 +3803,7 @@ "Trigger type": "Configuration changes" }, "ELBV2_ACM_CERTIFICATE_REQUIRED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "AcmCertificatesAllowed", @@ -3815,7 +3845,7 @@ "Trigger type": "Configuration changes" }, "ELB_ACM_CERTIFICATE_REQUIRED": { - "AWS Region": "All supported AWS regions except Africa (Cape Town), AWS Secret - West, Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", "Trigger type": "Configuration changes" @@ -3827,12 +3857,12 @@ "Trigger type": "Configuration changes" }, "ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "sslProtocolsAndCiphers", "Optional": false, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::ElasticLoadBalancing::LoadBalancer", @@ -3851,7 +3881,7 @@ "Trigger type": "Configuration changes" }, "ELB_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "s3BucketNames", @@ -3863,7 +3893,7 @@ "Trigger type": "Configuration changes" }, "ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "predefinedPolicyName", @@ -3899,7 +3929,7 @@ "Trigger type": "Periodic" }, "EMR_KERBEROS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "TicketLifetimeInHours", @@ -3931,7 +3961,7 @@ "Trigger type": "Periodic" }, "EMR_MASTER_NO_PUBLIC_IP": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EMR::Cluster, AWS::EC2::Instance", "Trigger type": "Periodic" @@ -3949,7 +3979,7 @@ "Trigger type": "Configuration changes" }, "ENCRYPTED_VOLUMES": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsId", @@ -4045,7 +4075,7 @@ "Trigger type": "Configuration changes" }, "FMS_SHIELD_RESOURCE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Jakarta), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [ { "Name": "webACLId", @@ -4082,7 +4112,7 @@ "Trigger type": "Configuration changes" }, "FMS_WEBACL_RESOURCE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [ { "Name": "webACLId", @@ -4114,7 +4144,7 @@ "Trigger type": "Configuration changes" }, "FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", "Parameters": [ { "Name": "ruleGroups", @@ -4421,7 +4451,7 @@ "Trigger type": "Periodic" }, "GUARDDUTY_ENABLED_CENTRALIZED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "CentralMonitoringAccount", @@ -4444,7 +4474,7 @@ "Trigger type": "Periodic" }, "GUARDDUTY_NON_ARCHIVED_FINDINGS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Default": "30", @@ -4486,7 +4516,7 @@ "Trigger type": "Periodic" }, "IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "blockedActionsPatterns", @@ -4509,13 +4539,13 @@ "Trigger type": "Periodic" }, "IAM_GROUP_HAS_USERS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::IAM::Group", "Trigger type": "Configuration changes" }, "IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "blockedActionsPatterns", @@ -4532,9 +4562,9 @@ "Trigger type": "Configuration changes" }, "IAM_NO_INLINE_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), US West (N. California), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], - "Resource Types": "AWS::IAM::User, AWS::IAM::Role, AWS::IAM::Group", + "Resource Types": "AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_OIDC_PROVIDER_TAGGED": { @@ -4550,7 +4580,7 @@ "Trigger type": "Configuration changes" }, "IAM_PASSWORD_POLICY": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "true", @@ -4598,7 +4628,7 @@ "Trigger type": "Periodic" }, "IAM_POLICY_BLACKLISTED_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "arn:aws:iam::aws:policy/AdministratorAccess", @@ -4616,7 +4646,7 @@ "Trigger type": "Configuration changes" }, "IAM_POLICY_IN_USE": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "policyARN", @@ -4633,7 +4663,7 @@ "Trigger type": "Periodic" }, "IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "excludePermissionBoundaryPolicy", @@ -4645,7 +4675,7 @@ "Trigger type": "Configuration changes" }, "IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Name": "excludePermissionBoundaryPolicy", @@ -4657,7 +4687,7 @@ "Trigger type": "Configuration changes" }, "IAM_ROLE_MANAGED_POLICY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "managedPolicyArns", @@ -4669,7 +4699,7 @@ "Trigger type": "Configuration changes" }, "IAM_ROOT_ACCESS_KEY_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -4704,19 +4734,19 @@ "Trigger type": "Configuration changes" }, "IAM_USER_GROUP_MEMBERSHIP_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [ { "Name": "groupNames", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::IAM::User", "Trigger type": "Configuration changes" }, "IAM_USER_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::IAM::User", "Trigger type": "Periodic" @@ -4728,7 +4758,7 @@ "Trigger type": "Configuration changes" }, "IAM_USER_UNUSED_CREDENTIALS_CHECK": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [ { "Default": "90", @@ -4741,7 +4771,7 @@ "Trigger type": "Periodic" }, "INCOMING_SSH_DISABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes and Periodic" @@ -4771,7 +4801,7 @@ "Trigger type": "Periodic" }, "INSTANCES_IN_VPC": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "vpcId", @@ -4783,12 +4813,12 @@ "Trigger type": "Configuration changes" }, "INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "AuthorizedVpcIds", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::EC2::InternetGateway", @@ -5137,7 +5167,7 @@ "Trigger type": "Configuration changes" }, "KMS_CMK_NOT_SCHEDULED_FOR_DELETION": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Europe (Milan), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Europe (Milan), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "kmsKeyIds", @@ -5167,15 +5197,15 @@ "Trigger type": "Configuration changes" }, "LAMBDA_CONCURRENCY_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { - "Name": "ConcurrencyLimitLow", + "Name": "ConcurrencyLimitHigh", "Optional": true, "Type": "String" }, { - "Name": "ConcurrencyLimitHigh", + "Name": "ConcurrencyLimitLow", "Optional": true, "Type": "String" } @@ -5184,12 +5214,12 @@ "Trigger type": "Configuration changes" }, "LAMBDA_DLQ_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Ningxia) Region", "Parameters": [ { "Name": "dlqArns", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::Lambda::Function", @@ -5202,13 +5232,13 @@ "Trigger type": "Configuration changes" }, "LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Europe (Spain), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except Europe (Spain), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::Lambda::Function", "Trigger type": "Configuration changes" }, "LAMBDA_FUNCTION_SETTINGS_CHECK": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "runtime", @@ -5221,14 +5251,14 @@ "Type": "String" }, { - "Default": "3", - "Name": "timeout", + "Default": "128", + "Name": "memorySize", "Optional": true, "Type": "int" }, { - "Default": "128", - "Name": "memorySize", + "Default": "3", + "Name": "timeout", "Optional": true, "Type": "int" } @@ -5243,12 +5273,12 @@ "Trigger type": "Configuration changes" }, "LAMBDA_INSIDE_VPC": { - "AWS Region": "All supported AWS regions except China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "subnetIds", "Optional": true, - "Type": "String" + "Type": "CSV" } ], "Resource Types": "AWS::Lambda::Function", @@ -5333,7 +5363,7 @@ "Trigger type": "Periodic" }, "MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region", "Parameters": [], "Resource Types": "AWS::IAM::User", "Trigger type": "Periodic" @@ -5658,7 +5688,7 @@ "Trigger type": "Configuration changes" }, "NO_UNRESTRICTED_ROUTE_TO_IGW": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "routeTableIds", @@ -5826,7 +5856,7 @@ "Trigger type": "Configuration changes" }, "RDS_ENHANCED_MONITORING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "monitoringInterval", @@ -5862,7 +5892,7 @@ "Trigger type": "Configuration changes" }, "RDS_INSTANCE_DELETION_PROTECTION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "databaseEngines", @@ -5874,7 +5904,7 @@ "Trigger type": "Configuration changes" }, "RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Configuration changes" @@ -5892,7 +5922,7 @@ "Trigger type": "Periodic" }, "RDS_IN_BACKUP_PLAN": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::RDS::DBInstance", "Trigger type": "Periodic" @@ -5927,7 +5957,7 @@ "Trigger type": "Periodic" }, "RDS_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "additionalLogs", @@ -6069,15 +6099,15 @@ "Trigger type": "Periodic" }, "RDS_SNAPSHOTS_PUBLIC_PROHIBITED": { - "AWS Region": "All supported AWS regions except Africa (Cape Town), AWS Secret - West, Asia Pacific (Melbourne), Europe (Milan), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Africa (Cape Town), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Europe (Spain), China (Ningxia), Europe (Zurich) Region", "Parameters": [], - "Resource Types": "AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot", + "Resource Types": "AWS::RDS::DBClusterSnapshot, AWS::RDS::DBSnapshot", "Trigger type": "Configuration changes" }, "RDS_SNAPSHOT_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], - "Resource Types": "AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot", + "Resource Types": "AWS::RDS::DBClusterSnapshot, AWS::RDS::DBSnapshot", "Trigger type": "Configuration changes" }, "RDS_SQLSERVER_ENCRYPTED_IN_TRANSIT": { @@ -6099,7 +6129,7 @@ "Trigger type": "Configuration changes" }, "RDS_STORAGE_ENCRYPTED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyId", @@ -6123,7 +6153,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_BACKUP_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [ { "Name": "MinRetentionPeriod", @@ -6140,17 +6170,17 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_CONFIGURATION_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [ { "Default": "true", - "Name": "clusterDbEncrypted", + "Name": "loggingEnabled", "Optional": false, "Type": "boolean" }, { "Default": "true", - "Name": "loggingEnabled", + "Name": "clusterDbEncrypted", "Optional": false, "Type": "boolean" }, @@ -6165,7 +6195,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_KMS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -6177,7 +6207,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [ { "Default": "true", @@ -6261,7 +6291,7 @@ "Trigger type": "Configuration changes" }, "REDSHIFT_REQUIRE_TLS_SSL": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Mexico (Central) Region", + "AWS Region": "All supported AWS regions except Mexico (Central) Region", "Parameters": [], "Resource Types": "AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup", "Trigger type": "Configuration changes" @@ -6395,7 +6425,7 @@ "Trigger type": "Configuration changes" }, "RESTRICTED_INCOMING_TRAFFIC": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Default": "20", @@ -6422,6 +6452,7 @@ "Type": "int" }, { + "Default": "4333", "Name": "blockedPort5", "Optional": true, "Type": "int" @@ -6436,12 +6467,12 @@ "Trigger type": "Configuration changes and Periodic" }, "ROOT_ACCOUNT_HARDWARE_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Trigger type": "Periodic" }, "ROOT_ACCOUNT_MFA_ENABLED": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), AWS Secret - West, Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [], "Trigger type": "Periodic" }, @@ -6572,11 +6603,11 @@ "Trigger type": "Configuration changes" }, "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), Asia Pacific (Malaysia), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), China (Ningxia) Region", "Parameters": [ { "Default": "True", - "Name": "IgnorePublicAcls", + "Name": "RestrictPublicBuckets", "Optional": true, "Type": "String" }, @@ -6594,7 +6625,7 @@ }, { "Default": "True", - "Name": "RestrictPublicBuckets", + "Name": "IgnorePublicAcls", "Optional": true, "Type": "String" } @@ -6636,7 +6667,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_BLACKLISTED_ACTIONS_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "blacklistedActionPattern", @@ -6654,7 +6685,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_DEFAULT_LOCK_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "mode", @@ -6666,7 +6697,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "excludedPublicBuckets", @@ -6678,15 +6709,15 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { - "Name": "targetBucket", + "Name": "targetPrefix", "Optional": true, "Type": "String" }, { - "Name": "targetPrefix", + "Name": "targetBucket", "Optional": true, "Type": "String" } @@ -6733,7 +6764,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "controlPolicy", @@ -6745,13 +6776,13 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_PUBLIC_READ_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes and Periodic" }, "S3_BUCKET_PUBLIC_WRITE_PROHIBITED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes and Periodic" @@ -6769,7 +6800,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::S3::Bucket", "Trigger type": "Configuration changes" @@ -6793,7 +6824,7 @@ "Trigger type": "Configuration changes" }, "S3_BUCKET_VERSIONING_ENABLED": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "isMfaDeleteEnabled", @@ -6813,7 +6844,7 @@ "Type": "CSV" } ], - "Resource Types": "AWS::S3::Bucket", + "Resource Types": "AWS::S3::Bucket, AWS::KMS::Key", "Trigger type": "Configuration changes" }, "S3_EVENT_NOTIFICATIONS_ENABLED": { @@ -7030,7 +7061,7 @@ "Trigger type": "Configuration changes" }, "SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -7102,7 +7133,7 @@ "Trigger type": "Configuration changes" }, "SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [ { "Name": "kmsKeyArns", @@ -7132,21 +7163,21 @@ "Trigger type": "Configuration changes" }, "SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS": { - "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), AWS Secret - West, Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::SageMaker::NotebookInstance", "Trigger type": "Periodic" }, "SECRETSMANAGER_ROTATION_ENABLED_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { - "Name": "maximumAllowedRotationFrequency", + "Name": "maximumAllowedRotationFrequencyInHours", "Optional": true, "Type": "int" }, { - "Name": "maximumAllowedRotationFrequencyInHours", + "Name": "maximumAllowedRotationFrequency", "Optional": true, "Type": "int" } @@ -7185,7 +7216,7 @@ "Trigger type": "Periodic" }, "SECRETSMANAGER_USING_CMK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "kmsKeyArns", @@ -7197,7 +7228,7 @@ "Trigger type": "Configuration changes" }, "SECURITYHUB_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Trigger type": "Periodic" }, @@ -7226,7 +7257,7 @@ "Trigger type": "Configuration changes" }, "SERVICE_VPC_ENDPOINT_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "serviceName", @@ -7260,7 +7291,7 @@ "Trigger type": "Periodic" }, "SNS_ENCRYPTED_KMS": { - "AWS Region": "All supported AWS regions", + "AWS Region": "All supported AWS regions except China (Beijing), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [ { "Name": "kmsKeyIds", @@ -7314,7 +7345,7 @@ "Trigger type": "Periodic" }, "SSM_DOCUMENT_NOT_PUBLIC": { - "AWS Region": "All supported AWS regions except AWS Secret - West, Asia Pacific (Taipei) Region", + "AWS Region": "All supported AWS regions except Asia Pacific (Taipei) Region", "Parameters": [], "Resource Types": "AWS::SSM::Document", "Trigger type": "Periodic" @@ -7461,7 +7492,7 @@ "Trigger type": "Periodic" }, "SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [], "Resource Types": "AWS::EC2::Subnet", "Trigger type": "Configuration changes" @@ -7657,7 +7688,7 @@ "Trigger type": "Periodic" }, "VPC_DEFAULT_SECURITY_GROUP_CLOSED": { - "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", + "AWS Region": "Only available in Middle East (Bahrain), US East (Ohio), Europe (Ireland), Europe (Frankfurt), US East (N. Virginia), US West (Oregon) Region", "Parameters": [], "Resource Types": "AWS::EC2::SecurityGroup", "Trigger type": "Configuration changes" @@ -7685,7 +7716,7 @@ "Trigger type": "Periodic" }, "VPC_FLOW_LOGS_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "trafficType", @@ -7697,7 +7728,7 @@ "Trigger type": "Periodic" }, "VPC_NETWORK_ACL_UNUSED_CHECK": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions except China (Beijing), Asia Pacific (Thailand), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Asia Pacific (Taipei), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::NetworkAcl", "Trigger type": "Configuration changes" @@ -7715,7 +7746,7 @@ "Trigger type": "Configuration changes" }, "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "authorizedTcpPorts", @@ -7759,13 +7790,13 @@ "Trigger type": "Periodic" }, "VPC_VPN_2_TUNNELS_UP": { - "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), AWS Secret - West, Asia Pacific (Osaka), Israel (Tel Aviv), China (Ningxia) Region", + "AWS Region": "All supported AWS regions except Middle East (Bahrain), China (Beijing), Asia Pacific (Osaka), Israel (Tel Aviv), China (Ningxia) Region", "Parameters": [], "Resource Types": "AWS::EC2::VPNConnection", "Trigger type": "Configuration changes" }, "WAFV2_LOGGING_ENABLED": { - "AWS Region": "All supported AWS regions except AWS Secret - West Region", + "AWS Region": "All supported AWS regions", "Parameters": [ { "Name": "KinesisFirehoseDeliveryStreamArns", diff --git a/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json new file mode 100644 index 000000000000..abf14dfcb2a8 --- /dev/null +++ b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-east-1.json @@ -0,0 +1,191 @@ +[ + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692759.417, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0388cfad0bfbabb99", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692760.492, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "Type": "String", + "Value": "ami-045a9bf9ced62bc2f", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692760.222, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0dbef5e1adb6e1abf", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692760.983, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "Type": "String", + "Value": "ami-06cfed33cc8526f2d", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012167.998, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0a4c808d4c1a4bd8b", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697389.518, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0ad9a80ec3dceacee", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697389.822, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0aeefe7aca43006af", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697390.713, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0dbbc1ffd92e9dc3a", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697391.321, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "Type": "String", + "Value": "ami-0f679fed2d6731f5e", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697391.614, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-00cedd6af9996d4d7", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692759.694, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0a5db8fbece0eb74b", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692760.743, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "Type": "String", + "Value": "ami-0de91fdcfc8d9f74e", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692759.96, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0cbbefdbb400bc3fa", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692761.237, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "Type": "String", + "Value": "ami-02225bbcc9e4f69ec", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012167.223, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0eabcdae6cabf6e70", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012167.616, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0654bf9da906daf8b", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012167.808, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0aea210be1a75b94e", + "Version": 67 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697390.123, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-01abf14eabdf9aade", + "Version": 114 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697390.421, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0cf49cd7abf721d78", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697391.015, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0db1e2b6da3a4ef84", + "Version": 73 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-east-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1703012167.428, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0a80c906edacd0e8b", + "Version": 67 + } +] \ No newline at end of file diff --git a/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json new file mode 100644 index 000000000000..9508646e0ba7 --- /dev/null +++ b/moto/ssm/resources/ami-amazon-linux-latest/us-gov-west-1.json @@ -0,0 +1,227 @@ +[ + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.09, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-011efb3cb2db23315", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.569, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64", + "Type": "String", + "Value": "ami-019ee724f2be51720", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.461, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0c74a4baed89bc2c8", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.795, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64", + "Type": "String", + "Value": "ami-01bdd33fcf8c3faaf", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.012, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-0bb609de40cb15fb0", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.337, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3", + "Type": "String", + "Value": "ami-0cdbe7f8dcc75fb7c", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.494, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0fccef3543f16dd9b", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697392.632, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-0eea2ae1689e53bef", + "Version": 119 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697392.995, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-06ba9aacc2eed0ff5", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697393.216, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs", + "Type": "String", + "Value": "ami-0549b0e03a35cad47", + "Version": 85 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.894, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64", + "Type": "String", + "Value": "ami-03e7ac6ecae00de4c", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012168.667, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-034c73ffbb74bb99c", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012168.841, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3", + "Type": "String", + "Value": "ami-08cdd8d24cc1709c7", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012168.934, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-00eea1719b6aae09e", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012169.106, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs", + "Type": "String", + "Value": "ami-0e3c8ed0bf77adcff", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3", + "DataType": "text", + "LastModifiedDate": 1703012169.187, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3", + "Type": "String", + "Value": "ami-07aeb19a8d919da02", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1703012169.262, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs", + "Type": "String", + "Value": "ami-0eb0af607aabfafff", + "Version": 68 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.88, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2", + "Type": "String", + "Value": "ami-0c2ed33fcbcc83ebe", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697393.114, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0e7f6bd7808f3f95f", + "Version": 74 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "DataType": "text", + "LastModifiedDate": 1721697393.321, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs", + "Type": "String", + "Value": "ami-05eb4d4349faed35c", + "Version": 119 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.216, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64", + "Type": "String", + "Value": "ami-0813aacedccabaaad", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "DataType": "text", + "LastModifiedDate": 1721692762.685, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64", + "Type": "String", + "Value": "ami-0f8c631fccd898fcc", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "DataType": "text", + "LastModifiedDate": 1721692762.348, + "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64", + "Type": "String", + "Value": "ami-0b2a6da8cb6b500ff", + "Version": 50 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1703012168.758, + "Name": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-0cfb8ee4baf66e51e", + "Version": 69 + }, + { + "ARN": "arn:aws-us-gov:ssm:us-gov-west-1::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "DataType": "text", + "LastModifiedDate": 1721697392.767, + "Name": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2", + "Type": "String", + "Value": "ami-03ebdb8bd059274a1", + "Version": 119 + } +] \ No newline at end of file diff --git a/setup.cfg b/setup.cfg index c64bf51805f9..9cb919c6fce6 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,12 +1,12 @@ [metadata] -name = moto +name = moto-ext version = 5.1.21.dev description = A library that allows you to easily mock out tests based on AWS infrastructure long_description = file:README.md long_description_content_type = text/markdown author = Steve Pulec author_email = spulec@gmail.com -url = https://github.com/getmoto/moto +url = https://github.com/localstack/moto license = Apache-2.0 test_suite = tests classifiers = @@ -19,10 +19,6 @@ classifiers = Programming Language :: Python :: 3.14 Topic :: Software Development :: Testing keywords = aws ec2 s3 boto3 mock -project_urls = - Documentation = http://docs.getmoto.org/en/latest/ - Issue tracker = https://github.com/getmoto/moto/issues - Changelog = https://github.com/getmoto/moto/blob/master/CHANGELOG.md [options] python_requires = >=3.9 @@ -46,7 +42,8 @@ moto = py.typed [options.extras_require] all = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=3.0.0 @@ -63,7 +60,8 @@ all = multipart proxy = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=2.5.1 @@ -79,7 +77,8 @@ proxy = multipart server = antlr4-python3-runtime - aws-sam-translator<=1.103.0 + aws-sam-translator<=1.103.0; python_version >= "3.14" + aws-sam-translator>=1.105.0; python_version < "3.14" joserfc>=0.9.0 jsonpath_ng docker>=3.0.0 diff --git a/tests/test_ssm/test_ssm_default_amis.py b/tests/test_ssm/test_ssm_default_amis.py index a3c286590dcc..419a49c42c6a 100644 --- a/tests/test_ssm/test_ssm_default_amis.py +++ b/tests/test_ssm/test_ssm_default_amis.py @@ -1,4 +1,5 @@ import boto3 +import pytest from moto import mock_aws @@ -6,8 +7,16 @@ @mock_aws -def test_ssm_get_latest_ami_by_path(): - client = boto3.client("ssm", region_name="us-west-1") +@pytest.mark.parametrize( + "partition,region", + [ + ("aws", "us-west-1"), + ("aws-us-gov", "us-gov-east-1"), + ("aws-us-gov", "us-gov-west-1"), + ], +) +def test_ssm_get_latest_ami_by_path(partition, region): + client = boto3.client("ssm", region_name=region) path = "/aws/service/ami-amazon-linux-latest" params = client.get_parameters_by_path(Path=path)["Parameters"] assert len(params) == 10 @@ -17,7 +26,7 @@ def test_ssm_get_latest_ami_by_path(): ) assert all(p["Type"] == "String" for p in params) assert all(p["DataType"] == "text" for p in params) - assert all(p["ARN"].startswith("arn:aws:ssm:us-west-1") for p in params) + assert all(p["ARN"].startswith(f"arn:{partition}:ssm:{region}") for p in params) @mock_aws diff --git a/tests/test_ssm/test_ssm_parameterstore.py b/tests/test_ssm/test_ssm_parameterstore.py index 1d0ebf01cd3f..77ff65a4e905 100644 --- a/tests/test_ssm/test_ssm_parameterstore.py +++ b/tests/test_ssm/test_ssm_parameterstore.py @@ -1,3 +1,5 @@ +import pytest + from moto.ssm.models import ParameterDict @@ -83,3 +85,17 @@ def test_ssm_parameter_from_unknown_region(): "/aws/service/ami-amazon-linux-latest", recursive=False ) ) + + +@pytest.mark.parametrize("region", ["us-gov-east-1", "us-gov-west-1"]) +def test_ssm_parameter_from_gov_cloud_east_region(region): + store = ParameterDict("000000000000", region) + keys = list( + store.get_keys_beginning_with( + "/aws/service/ami-amazon-linux-latest", recursive=False + ) + ) + for key in keys: + ssm_parameter = store.get(key)[0] + ami = ssm_parameter.value + assert ami.startswith("ami-")