aws

type APIGatewayCanarySettings struct {
	// The ID of the canary deployment.
	DeploymentID *string

	// The percent (0-100) of traffic diverted to a canary deployment.
	PercentTraffic *float64 `validate:"min=0,max=100"`

	// Stage variables overridden for a canary release deployment, including new
	// stage variables introduced in the canary. These stage variables are represented
	// as a string-to-string map between stage variable names and their values.
	StageVariableOverrides *map[string]string

	// A Boolean flag to indicate whether the canary deployment uses the stage cache
	// or not.
	UseStageCache *bool
}

type APIGatewayDeployment struct {

	// Enables a cache cluster for the Stage resource specified in the input.
	CacheClusterEnabled *bool `func:"input"`

	// Specifies the cache cluster size for the Stage resource specified in the
	// input, if a cache cluster is enabled.
	CacheClusterSize *string `func:"input" validate:"oneof=0.5 1.6 6.1 13.5 28.4 58.2 118 237"`

	// The input configuration for the canary deployment when the deployment is
	// a canary release deployment.
	CanarySettings *APIGatewayDeploymentCanarySettings `func:"input"`

	// The description for the Deployment resource to create.
	Description *string `func:"input"`

	// The region the API Gateway is deployed to.
	Region string `func:"input"`

	// The string identifier of the associated RestApi.
	RestAPIID string `func:"input" name:"rest_api_id"`

	// The description of the Stage resource for the Deployment resource to
	// create.
	StageDescription *string `func:"input"`

	// The name of the Stage resource for the Deployment resource to create.
	StageName *string `func:"input"`

	// Specifies whether active tracing with X-ray is enabled for the Stage.
	TracingEnabled *bool `func:"input"`

	// A map that defines the stage variables for the Stage resource that is
	// associated with the new deployment. Variable names can have alphanumeric
	// and underscore characters, and the values must match
	// `[A-Za-z0-9-._~:/?#&=,]+`.
	Variables map[string]string `func:"input"`

	// ChangeTrigger causes a new deployment to be executed when the value has
	// changed, even if other inputs have not changed.
	ChangeTrigger string `func:"input"`

	// A summary of the RestApi at the date and time that the deployment resource
	// was created.
	APISummary map[string]map[string]APIGatewayMethodSnapshot `func:"output"`

	// RFC3339 formatted date and time for when the deployment resource was
	// created.
	CreatedDate string `func:"output"`

	// The identifier for the deployment resource.
	ID *string `func:"output"`
	// contains filtered or unexported fields
}

type APIGatewayDeploymentCanarySettings struct {
	// The percentage (0.0-100.0) of traffic routed to the canary deployment.
	PercentTraffic *float64 `validate:"min=0,max=100"`

	// A stage variable overrides used for the canary release deployment. They
	// can override existing stage variables or add new stage variables for the
	// canary release deployment. These stage variables are represented as a
	// string-to-string map between stage variable names and their values.
	StageVariableOverrides map[string]string

	// A Boolean flag to indicate whether the canary release deployment uses
	// the stage cache or not.
	UseStageCache *bool
}

type APIGatewayIntegration struct {
	// Specifies a put integration input's cache key parameters.
	CacheKeyParameters []string `func:"input"`

	// Specifies a put integration input's cache namespace.
	CacheNamespace *string `func:"input"`

	// The [id](https://docs.aws.amazon.com/apigateway/api-reference/resource/vpc-link/#id)
	// of the VpcLink used for the integration when `connectionType=VPC_LINK` and
	// undefined, otherwise.
	ConnectionID *string `func:"input"`

	// The type of the network connection to the integration endpoint. The valid
	// value is `INTERNET` for connections through the public routable internet or
	// `VPC_LINK` for private connections between API Gateway and a network load balancer
	// in a VPC. The default value is `INTERNET`.
	ConnectionType *string `func:"input" validate:"oneof=INTERNET VPC_LINK"`

	// Specifies how to handle request payload content type conversions. Supported
	// values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`, with the following
	// behaviors:
	//
	// - `CONVERT_TO_BINARY`: Converts a request payload from a Base64-encoded
	//   string to the corresponding binary blob.
	// - `CONVERT_TO_TEXT`: Converts a request payload from a binary blob to a
	//   Base64-encoded string.
	//
	// If this property is not defined, the request payload will be passed through
	// from the method request to integration request without modification, provided
	// that the `passthrough_behaviors` is configured to support payload pass-through.
	ContentHandling *string `func:"input" validate:"oneof=CONVERT_TO_BINARY CONVERT_TO_TEXT"`

	// Specifies the credentials required for the integration, if any.
	//
	// For AWS integrations, three options are available:
	// - To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN)
	// - To require that the caller's identity be passed through from the
	//   request, specify the string `arn:aws:iam::*:user/*`
	// - To use resource-based permissions on supported AWS services, leave this field blank.
	Credentials *string `func:"input"`

	// Specifies a put integration request's HTTP method.
	HTTPMethod string `func:"input"`

	// Specifies a put integration HTTP method.
	//
	// When the integration type is `HTTP` or `AWS`, this field is required.
	IntegrationHTTPMethod *string `func:"input"`

	// Specifies the pass-through behavior for incoming requests based on the
	// Content-Type header in the request, and the available mapping templates
	// specified as the `request_templates` property on the Integration
	// resource.
	//
	// There are three valid values:
	//
	// - `WHEN_NO_MATCH` passes the request body for unmapped content types through
	//   to the integration back end without transformation.
	// - `NEVER` rejects unmapped content types with an HTTP 415 'Unsupported Media
	//   Type' response.
	// - `WHEN_NO_TEMPLATES` allows pass-through when the integration has NO content
	//   types mapped to templates. However if there is at least one content type
	//   defined, unmapped content types will be rejected with the same 415 response.
	PassthroughBehavior *string `func:"input" validate:"oneof=WHEN_NO_MATCH NEVER WHEN_NO_TEMPLATES"`

	// The region the API Gateway is deployed to.
	Region string `func:"input"`

	// A key-value map specifying request parameters that are passed from the
	// method request to the back end. The key is an integration request
	// parameter name and the associated value is a method request parameter
	// value or static value that must be enclosed within single quotes and
	// pre-encoded as required by the back end. The method request parameter
	// value must match the pattern of `method.request.{location}.{name}`,
	// where location is `querystring`, `path`, or `header` and name must be a
	// valid and unique method request parameter name.
	RequestParameters map[string]string `func:"input"`

	// Represents a map of
	// [Velocity](https://velocity.apache.org/engine/1.7/user-guide.html#velocity-template-language-vtl-an-introduction)
	// templates that are applied on the request payload based on the value of
	// the Content-Type header sent by the client. The content type value is
	// the key in this map, and the template (as a String) is the value.
	RequestTemplates map[string]string `func:"input"`

	// Specifies a put integration request's resource ID.
	ResourceID string `func:"input"`

	// The string identifier of the associated Rest API.
	RestAPIID string `func:"input" name:"rest_api_id"`

	// Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000
	// milliseconds or 29 seconds.
	TimeoutInMillis *int64 `func:"input" validate:"gte=50,lte=29000"`

	// Specifies a put integration input's type.
	//
	// Valid values:
	// - `AWS`: for integrating the API method request with an AWS service
	//   action, including the Lambda function-invoking action. With the Lambda
	//   function-invoking action, this is referred to as the Lambda custom
	//   integration. With any other AWS service action, this is known as AWS
	//   integration.
	// - `AWS_PROXY`: for integrating the API method request with the Lambda
	//   function-invoking action with the client request passed through as-is.
	//   This integration is also referred to as the Lambda proxy integration.
	// - `HTTP`: for integrating the API method request with an HTTP endpoint,
	//   including a private HTTP endpoint within a VPC. This integration is also
	//   referred to as the HTTP custom integration.
	// - `HTTP_PROXY`: for integrating the API method request with an HTTP
	//   endpoint, including a private HTTP endpoint within a VPC, with the
	//   client request passed through as-is. This is also referred to as the
	//   `HTTP` proxy integration.
	// - `MOCK`: for integrating the API method request with API Gateway as a
	//   "loop-back" endpoint without invoking any backend.
	//
	// For the HTTP and HTTP proxy integrations, each integration can specify a
	// protocol (http/https), port and path. Standard 80 and 443 ports are
	// supported as well as custom ports above 1024. An HTTP or HTTP proxy
	// integration with a `connection_type` of `VPC_LINK` is referred to as a
	// private integration and uses a VpcLink to connect API Gateway to a
	// network load balancer of a VPC.
	IntegrationType string `func:"input" validate:"oneof=AWS AWS_PROXY HTTP HTTP_PROXY MOCK"`

	// Specifies Uniform Resource Identifier (URI) of the integration endpoint.
	//
	// - For `HTTP` or `HTTP_PROXY` integrations, the URI must be a fully
	//   formed, encoded HTTP(S) URL according to the RFC-3986 specification, for
	//   either standard integration, where connectionType is not `VPC_LINK`, or
	//   private integration, where connectionType is `VPC_LINK`. For a private
	//   HTTP integration, the URI is not used for routing.
	// - For AWS or AWS_PROXY integrations, the URI is of the form
	//   `arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}`.
	//   Here, `{Region}` is the API Gateway region (e.g., _us-east-1_);
	//   `{service}` is the name of the integrated AWS service (e.g., _s3_);
	//   and `{subdomain}` is a designated subdomain supported by certain AWS
	//   service for fast host-name lookup. The `action` can be used for an AWS
	//   service action-based API, using an `Action={name}&{p1}={v1}&p2={v2}...`
	//   query string. The ensuing `{service_api}` refers to a supported action
	//   `{name}` plus any required input parameters. Alternatively, `path` can
	//   be used for an AWS service path-based API. The ensuing `service_api`
	//   refers to the path to an AWS service resource, including the region of
	//   the integrated AWS service, if applicable.  For example, for
	//   integration with the S3 API of
	//   [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html),
	//   the uri can be either
	//   `arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key}`
	//   or `arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}`
	URI *string `func:"input"`

	// Specifies the integration's responses.
	//
	// The key in the map is the HTTP status code.
	IntegrationResponses map[string]APIGatewayIntegrationResponse `func:"output"`
	// contains filtered or unexported fields
}

type APIGatewayIntegrationResponse struct {
	// Specifies how to handle response payload content type conversions.
	// Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the
	// following behaviors:
	//
	// - `CONVERT_TO_BINARY`: Converts a response payload from a Base64-encoded
	//    string to the corresponding binary blob.
	// - `CONVERT_TO_TEXT`: Converts a response payload from a binary blob to a
	//    Base64-encoded string.
	//
	// If this property is not defined, the response payload will be passed
	// through from the integration response to the method response without
	// modification.
	ContentHandling string

	// A key-value map specifying response parameters that are passed to the
	// method response from the back end. The key is a method response header
	// parameter name and the mapped value is an integration response header
	// value, a static value enclosed within a pair of single quotes, or a JSON
	// expression from the integration response body. The mapping key must
	// match the pattern of `method.response.header.{name}`, where name is a
	// valid and unique header name.  The mapped non-static value must match
	// the pattern of `integration.response.header.{name}` or
	// `integration.response.body.{JSON-expression}`, where name is a valid and
	// unique response header name and JSON-expression is a valid JSON
	// expression without the `$` prefix.
	ResponseParameters map[string]string

	// Specifies the templates used to transform the integration response body.
	// Response templates are represented as a key/value map, with a
	// content-type as the key and a template as the value.
	ResponseTemplates map[string]string

	// Specifies the regular expression pattern used to choose an integration
	// response based on the response from the back end.
	//
	// For example, if the success response returns nothing and the error
	// response returns some string, you could use the `.+` regex to match
	// error response. However, make sure that the error response does not
	// contain any newline (`\n`) character in such cases. If the back end is
	// an AWS Lambda function, the AWS Lambda function error header is matched.
	// For all other HTTP and AWS back ends, the HTTP status code is matched.
	SelectionPattern string

	// Specifies the status code that is used to map the integration response
	// to an existing MethodResponse.
	StatusCode string
}

type APIGatewayMethod struct {

	// Specifies whether the method requires a valid API key.
	APIKeyRequired *bool `func:"input"`

	// A list of authorization scopes configured on the method. The scopes are used
	// with a `COGNITO_USER_POOLS` authorizer to authorize the method invocation.
	//
	// The authorization works by matching the method scopes against the scopes
	// parsed from the access token in the incoming request. The method invocation
	// is authorized if any method scopes matches a claimed scope in the access
	// token. Otherwise, the invocation is not authorized.
	//
	// When the method scope is configured, the client must provide an access
	// token instead of an identity token for authorization purposes.
	AuthorizationScopes []string `func:"input"`

	// The method's authorization type.
	//
	// Valid values:
	// - `NONE`: open access
	// - `AWS_IAM`: use IAM permissions
	// - `CUSTOM`: use a custom authorizer
	// - `COGNITO_USER_POOL`: use a [Cognito](https://aws.amazon.com/cognito/) user pool
	AuthorizationType string `func:"input" validate:"oneof=NONE AWS_IAM CUSTOM COGNITO_USER_POOL"`

	// Specifies the identifier of an Authorizer to use on this Method, if the type
	// is `CUSTOM` or `COGNITO_USER_POOL`. The authorizer identifier is generated by
	// API Gateway when you created the authorizer.
	AuthorizerID *string `func:"input"`

	// Specifies the method request's HTTP method type.
	HTTPMethod string `func:"input"`

	// A human-friendly operation identifier for the method.
	//
	// For example, you can assign the `operation_name` of `ListPets` for the `GET /pets`
	// method in [PetStore](https://petstore-demo-endpoint.execute-api.com/petstore/pets) example.
	OperationName *string `func:"input"`

	// The region the API Gateway is deployed to.
	Region string `func:"input"`

	// Specifies the Model resources used for the request's content type. Request
	// models are represented as a key/value map, with a content type as the key
	// and a Model name as the value.
	RequestModels map[string]string `func:"input"`

	// A key-value map defining required or optional method request parameters that
	// can be accepted by API Gateway.
	//
	// A key defines a method request parameter name matching the pattern of
	// `method.request.{location}.{name}`, where location is `querystring`,
	// `path`, or `header` and name is a valid and unique parameter name. The
	// value associated with the key is a Boolean flag indicating whether the
	// parameter is required (`true`) or optional (`false`). The method request
	// parameter names defined here are available in Integration to be mapped
	// to integration request parameters or body-mapping templates.
	RequestParameters map[string]bool `func:"input"`

	// The identifier of a RequestValidator for validating the method request.
	RequestValidatorID *string `func:"input"`

	// The Resource identifier for the new Method resource.
	ResourceID string `func:"input"`

	// The string identifier of the associated Rest API.
	RestAPIID string `func:"input" name:"rest_api_id"`
	// contains filtered or unexported fields
}

type APIGatewayMethodSnapshot struct {
	// Specifies whether the method requires a valid ApiKey.
	APIKeyRequired bool

	// The method's authorization type. Valid values are `NONE` for open
	// access, `AWS_IAM` for using AWS IAM permissions, `CUSTOM` for using a
	// custom authorizer, or `COGNITO_USER_POOLS` for using a Cognito user
	// pool.
	AuthorizationType string
}

type APIGatewayResource struct {

	// The parent resource's identifier.
	ParentID string `func:"input"`

	// The last path segment for this resource.
	PathPart string `func:"input"`

	// The region the API Gateway is deployed to.
	Region string `func:"input"`

	// The string identifier of the associated RestApi.
	RestAPIID string `func:"input" name:"rest_api_id"`

	// The resource's identifier.
	ID *string `func:"output"`

	// The full path for this resource.
	Path *string `func:"output"`
	// contains filtered or unexported fields
}

type APIGatewayRestAPI struct {

	// The source of the API key for metering requests according to a usage plan.
	//
	// Valid values are:
	// - HEADER to read the API key from the X-API-Key header of a request.
	// - AUTHORIZER to read the API key from the UsageIdentifierKey from a custom
	//   authorizer.
	APIKeySource *string `func:"input" validate:"oneof=HEADER AUTHORIZER"`

	// The list of binary media types supported by the RestApi.
	// By default, the RestApi supports only UTF-8-encoded text payloads.
	BinaryMediaTypes []string `func:"input"`

	// The ID of the RestApi that you want to clone from.
	CloneFrom *string `func:"input"`

	// The description of the RestApi.
	Description *string `func:"input"`

	// The endpoint configuration of this RestApi showing the endpoint types of
	// the API.
	EndpointConfiguration *struct {
		// A list of endpoint types of an API (RestApi) or its custom domain name (DomainName).
		//
		// - For an edge-optimized API and its custom domain name, the endpoint type is
		//   `EDGE`.
		// - For a regional API and its custom domain name, the endpoint type
		//   is `REGIONAL`. For a private API, the endpoint type is `PRIVATE`.
		Types []string
	} `func:"input"`

	// A nullable integer that is used to enable compression (with non-negative
	// between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with
	// a null value) on an API. When compression is enabled, compression or decompression
	// is not applied on the payload if the payload size is smaller than this value.
	// Setting it to zero allows compression for any payload size.
	MinimumCompressionSize *int64 `func:"input" validate:"min=0,max=10485760"`

	// The name of the RestApi.
	Name string `func:"input"`

	// A stringified JSON policy document that applies to this RestApi regardless
	// of the caller and Method
	Policy *string `func:"input"`

	// The region the API Gateway is deployed to.
	Region string `func:"input"`

	// A version identifier for the API.
	Version *string `func:"input"`

	// RFC3339 formatted date and time for when the API was created.
	CreatedDate string `func:"output"`

	// The API's identifier. This identifier is unique across all of your APIs in
	// API Gateway.
	ID *string `func:"output"`

	// The identifier for the API's root (/) resource.
	RootResourceID *string `func:"output"`
	// contains filtered or unexported fields
}

type APIGatewayStage struct {

	// Whether cache clustering is enabled for the stage.
	CacheClusterEnabled *bool `func:"input"`

	// Specifies the cache cluster size for the Stage resource specified in the
	// input, if a cache cluster is enabled.
	CacheClusterSize *string `func:"input" validate:"oneof=0.5 1.6 6.1 13.5 28.4 58.2 118 237"`

	// The input configuration for the canary deployment when the deployment is
	// a canary release deployment.
	CanarySettings *APIGatewayCanarySettings `func:"input"`

	// The identifier of the Deployment resource for the Stage resource.
	DeploymentID string `func:"input"`

	// The description of the Stage resource.
	Description *string `func:"input"`

	// The version of the associated API documentation.
	DocumentationVersion *string `func:"input"`

	// The region the API Gateway is deployed to.
	Region string `func:"input"`

	// The string identifier of the associated Rest API.
	RestAPIID string `func:"input" name:"rest_api_id"`

	// The name for the Stage resource.
	StageName string `func:"input"`

	// The key-value map of strings. The valid character set is `[a-zA-Z+-=._:/]`.
	// The tag key can be up to 128 characters and must not start with aws:. The
	// tag value can be up to 256 characters.
	Tags map[string]string `func:"input"`

	// Specifies whether active tracing with X-ray is enabled for the Stage.
	TracingEnabled *bool `func:"input"`

	// A map that defines the stage variables for the new Stage resource. Variable
	// names can have alphanumeric and underscore characters, and the values must
	// match `[A-Za-z0-9-._~:/?#&=,]+`.
	Variables map[string]string `func:"input"`

	// Settings for logging access in this stage.
	AccessLogSettings *AccessLogSettings `func:"output"`

	// RFC3339 formatted date and time for when the stage was created.
	CreatedDate string `func:"output"`

	// RFC3339 formatted date and time for when the stage last updated.
	LastUpdatedDate string `func:"output"`

	// A map that defines the method settings for a Stage resource. Keys (designated
	// as /{method_setting_key below) are method paths defined as {resource_path}/{http_method}
	// for an individual method override, or /\*/\* for overriding all methods in
	// the stage.
	MethodSettings map[string]MethodSetting `func:"output"`

	// The ARN of the WebAcl associated with the Stage.
	WebACLARN *string `func:"output" name:"web_acl_arn"`
	// contains filtered or unexported fields
}

type AccessLogSettings struct {
	// The ARN of the CloudWatch Logs log group to receive access logs.
	DestinationARN *string

	// A single line format of the access logs of data, as specified by
	// selected `$context` variables.
	// The format must include at least `$context.requestId`.
	Format *string
}

type DynamoDBTable struct {

	// An array of attributes that describe the key schema for the table and indexes.
	Attributes []struct {
		// A name for the attribute.
		Name string

		// The data type for the attribute, where:
		//
		//   * S - the attribute is of type String
		//   * N - the attribute is of type Number
		//   * B - the attribute is of type Binary
		Type string `validate:"oneof=S N B"`
	} `func:"input" validate:"min=1" name:"attribute"`

	// Controls how you are charged for read and write throughput and how you manage
	// capacity. This setting can be changed later.
	//
	//   * PROVISIONED - Sets the billing mode to PROVISIONED. We recommend using
	//   PROVISIONED for predictable workloads.
	//   * PAY_PER_REQUEST - Sets the billing mode to PAY_PER_REQUEST. We recommend
	//   using PAY_PER_REQUEST for unpredictable workloads.
	BillingMode string `func:"input" validate:"oneof=PROVISIONED PAY_PER_REQUEST"`

	// One or more global secondary indexes (the maximum is 20) to be created on
	// the table.
	GlobalSecondaryIndexes []struct {
		// The name of the global secondary index. The name must be unique
		// among all other indexes on this table.
		Name string `validate:"min=3"`

		// The complete key schema for a global secondary index
		KeySchema []struct {
			// The name of a key attribute.
			Name string `validate:"min=1"`

			// The role that this key attribute will assume:
			//
			//    * HASH - partition key
			//
			//    * RANGE - sort key
			//
			// The partition key of an item is also known as its hash
			// attribute. The term "hash attribute" derives from DynamoDB'
			// usage of an internal hash function to evenly distribute data
			// items across partitions, based on their partition key values.
			//
			// The sort key of an item is also known as its range attribute.
			// The term "range attribute" derives from the way DynamoDB stores
			// items with the same partition key physically close together, in
			// sorted order by the sort key value.
			Type string `validate:"oneof=HASH RANGE"`
		} `validate:"min=1"`

		// Represents attributes that are copied (projected) from the table
		// into the global secondary index. These are in addition to the
		// primary key attributes and index key attributes, which are
		// automatically projected.
		Projection struct {
			// Represents the non-key attribute names which will be projected
			// into the index.
			//
			// For local secondary indexes, the total count of NonKeyAttributes
			// summed across all of the local secondary indexes, must not
			// exceed 20. If you project the same attribute into two different
			// indexes, this counts as two distinct attributes when determining
			// the total.
			NonKeyAttributes []string `validate:"min=1"`

			// The set of attributes that are projected into the index:
			//
			//    * KEYS_ONLY - Only the index and primary keys are projected
			//    into the index.
			//
			//    * INCLUDE - Only the specified table attributes are projected
			//    into the index. The list of projected attributes are in
			//    NonKeyAttributes.
			//
			//    * ALL - All of the table attributes are projected into the
			//    index.
			Type string `validate:"oneof=KEYS_ONLY INCLUDE ALL"`
		}

		// Represents the provisioned throughput settings for a specified table
		// or index.  The settings can be modified using the UpdateTable
		// operation.
		//
		// For current minimum and maximum provisioned throughput values, see
		// [Limits](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html)
		// in the Amazon DynamoDB Developer Guide.  Please also see
		// https://docs.aws.amazon.com/goto/WebAPI/dynamodb-2012-08-10/ProvisionedThroughput
		ProvisionedThroughput *struct {
			// The maximum number of strongly consistent reads consumed per
			// second before DynamoDB returns a ThrottlingException.
			//
			// If read/write capacity mode is PAY_PER_REQUEST the value is set
			// to 0.
			ReadCapacityUnits int64

			// The maximum number of writes consumed per second before DynamoDB
			// returns a ThrottlingException.
			//
			// If read/write capacity mode is PAY_PER_REQUEST the value is set
			// to 0.
			WriteCapacityUnits int64
		}
	} `func:"input" validate:"max=20" name:"global_secondary_index"`

	// Specifies the attributes that make up the primary key for a table or an
	// index.  The attributes in KeySchema must also be defined in the
	// AttributeDefinitions array. For more information, see [Data
	// Model](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DataModel.html)
	// in the Amazon DynamoDB Developer Guide.
	//
	// Each KeySchemaElement in the array is composed of:
	//
	//    * AttributeName - The name of this key attribute.
	//
	//    * KeyType - The role that the key attribute will assume: HASH -
	//    partition key RANGE - sort key
	//
	// For a simple primary key (partition key), you must provide exactly one
	// element with a KeyType of HASH.
	//
	// For a composite primary key (partition key and sort key), you must
	// provide exactly two elements, in this order: The first element must have
	// a KeyType of HASH, and the second element must have a KeyType of RANGE.
	//
	// For more information, see [Working with
	// Tables](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.html)
	// in the Amazon DynamoDB Developer Guide.
	KeySchema []struct {
		// The name of a key attribute.
		Name string `validate:"min=1"`

		// The role that this key attribute will assume:
		//
		//    * HASH - partition key
		//
		//    * RANGE - sort key
		//
		// The partition key of an item is also known as its hash attribute. The term
		// "hash attribute" derives from DynamoDB' usage of an internal hash function
		// to evenly distribute data items across partitions, based on their partition
		// key values.
		//
		// The sort key of an item is also known as its range attribute. The term "range
		// attribute" derives from the way DynamoDB stores items with the same partition
		// key physically close together, in sorted order by the sort key value.
		Type string `validate:"oneof=HASH RANGE"`
	} `func:"input" validate:"min=1"`

	// One or more local secondary indexes (the maximum is 5) to be created on
	// the table. Each index is scoped to a given partition key value. There is
	// a 10 GB size limit per partition key value; otherwise, the size of a
	// local secondary index is unconstrained.
	//
	// Each local secondary index in the array includes the following:
	//
	//    * IndexName - The name of the local secondary index. Must be unique
	//    only for this table.
	//
	//    * KeySchema - Specifies the key schema for the local secondary index.
	//    The key schema must begin with the same partition key as the table.
	//
	//    * Projection - Specifies attributes that are copied (projected) from
	//    the table into the index. These are in addition to the primary key
	//    attributes and index key attributes, which are automatically
	//    projected. Each attribute specification is composed of:
	//    ProjectionType - One of the following: KEYS_ONLY - Only the index and
	//    primary keys are projected into the index. INCLUDE - Only the
	//    specified table attributes are projected into the index. The list of
	//    projected attributes is in NonKeyAttributes. ALL - All of the table
	//    attributes are projected into the index. NonKeyAttributes - A list of
	//    one or more non-key attribute names that are projected into the
	//    secondary index. The total count of attributes provided in
	//    NonKeyAttributes, summed across all of the secondary indexes, must
	//    not exceed 100. If you project the same attribute into two different
	//    indexes, this counts as two distinct attributes when determining the
	//    total.
	LocalSecondaryIndexes []struct {
		// The name of the local secondary index. The name must be unique among
		// all other indexes on this table.
		Name string `validate:"min=3"`

		// The complete key schema for the local secondary index.
		KeySchema []struct {
			// The name of a key attribute.
			Name string `validate:"min=1"`

			// The role that this key attribute will assume:
			//
			//    * HASH - partition key
			//
			//    * RANGE - sort key
			//
			// The partition key of an item is also known as its hash
			// attribute. The term "hash attribute" derives from DynamoDB'
			// usage of an internal hash function to evenly distribute data
			// items across partitions, based on their partition key values.
			//
			// The sort key of an item is also known as its range attribute.
			// The term "range attribute" derives from the way DynamoDB stores
			// items with the same partition key physically close together, in
			// sorted order by the sort key value.
			Type string `validate:"oneof=HASH RANGE"`
		} `validate:"min=1"`

		// Represents attributes that are copied (projected) from the table
		// into the local secondary index. These are in addition to the primary
		// key attributes and index key attributes, which are automatically
		// projected.
		Projection struct {
			// Represents the non-key attribute names which will be projected
			// into the index.
			//
			// For local secondary indexes, the total count of NonKeyAttributes
			// summed across all of the local secondary indexes, must not
			// exceed 20. If you project the same attribute into two different
			// indexes, this counts as two distinct attributes when determining
			// the total.
			NonKeyAttributes []string `validate:"min=1"`

			// The set of attributes that are projected into the index:
			//
			//    * KEYS_ONLY - Only the index and primary keys are projected
			//    into the index.
			//
			//    * INCLUDE - Only the specified table attributes are projected
			//    into the index. The list of projected attributes are in
			//    NonKeyAttributes.
			//
			//    * ALL - All of the table attributes are projected into the
			//    index.
			Type string `validate:"oneof=KEYS_ONLY INCLUDE ALL"`
		}
	} `func:"input" validate:"max=3" name:"local_secondary_index"`

	// Represents the provisioned throughput settings for a specified table or
	// index.  The settings can be modified using the UpdateTable operation.
	//
	// If you set BillingMode as PROVISIONED, you must specify this property.
	// If you set BillingMode as PAY_PER_REQUEST, you cannot specify this
	// property.
	//
	// For current minimum and maximum provisioned throughput values, see
	// [Limits](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html)
	// in the Amazon DynamoDB Developer Guide.
	ProvisionedThroughput *struct {
		// The maximum number of strongly consistent reads consumed per second
		// before DynamoDB returns a ThrottlingException.
		//
		// If read/write capacity mode is PAY_PER_REQUEST the value is set to
		// 0.
		ReadCapacityUnits int64

		// The maximum number of writes consumed per second before DynamoDB
		// returns a ThrottlingException.
		//
		// If read/write capacity mode is PAY_PER_REQUEST the value is set to
		// 0.
		WriteCapacityUnits int64
	} `func:"input"`

	// Represents the settings used to enable server-side encryption.
	SSE *struct {
		// Indicates whether server-side encryption is done using an AWS
		// managed CMK or an AWS owned CMK. If enabled (true), server-side
		// encryption type is set to KMS and an AWS managed CMK is used (AWS
		// KMS charges apply). If disabled (false) or not specified,
		// server-side encryption is set to AWS owned CMK.
		Enabled *bool

		// The KMS Customer Master Key (CMK) which should be used for the KMS
		// encryption.  To specify a CMK, use its key ID, Amazon Resource Name
		// (ARN), alias name, or alias ARN. Note that you should only provide
		// this parameter if the key is different from the default DynamoDB
		// Customer Master Key alias/aws/dynamodb.
		KMSMasterKeyID *string `name:"kms_master_key_id"`
	} `func:"input"`

	// The settings for DynamoDB Streams on the table.
	Stream *struct {
		// Indicates whether DynamoDB Streams is enabled (true) or disabled
		// (false) on the table.
		Enabled *bool

		// When an item in the table is modified, ViewType determines what
		// information is written to the stream for this table. Valid values
		// for StreamViewType are:
		//
		//    * KEYS_ONLY - Only the key attributes of the modified item are written
		//    to the stream.
		//
		//    * NEW_IMAGE - The entire item, as it appears after it was modified, is
		//    written to the stream.
		//
		//    * OLD_IMAGE - The entire item, as it appeared before it was modified,
		//    is written to the stream.
		//
		//    * NEW_AND_OLD_IMAGES - Both the new and the old item images of the item
		//    are written to the stream.
		ViewType string `validate:"oneof=KEYS_ONLY NEW_IMAGE OLD_IMAGE NEW_AND_OLD_IMAGES"`
	} `func:"input"`

	// The name of the table to create.
	TableName string `func:"input" validate:"min=3"`

	// A list of key-value pairs to label the table. For more information, see
	// [Tagging for
	// DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html).
	Tags []struct {
		// The key of the tag. Tag keys are case sensitive. Each DynamoDB table
		// can only have up to one tag with the same key. If you try to add an
		// existing tag (same key), the existing tag value will be updated to
		// the new value.
		Key string `validate:"min=1"`

		// The value of the tag. Tag values are case-sensitive and can be null.
		Value string
	} `func:"input" name:"tag"`

	Region string `func:"input"`

	// RFC3339 formatted date and time for when the table was created.
	CreatedTime string `func:"output"`

	// The Amazon Resource Name (ARN) that uniquely identifies the table.
	TableARN string `func:"output"`

	// Unique identifier for the table for which the backup was created.
	TableID string `func:"output"`
	// contains filtered or unexported fields
}

type IAMPolicy struct {

	// A friendly description of the policy.
	//
	// Typically used to store information about the permissions defined in the
	// policy. For example, `Grants access to production DynamoDB tables.`
	//
	// The policy description is immutable. After a value is assigned, it cannot
	// be changed.
	Description *string `func:"input"`

	// The path for the policy.
	//
	// For more information about paths, see
	// [IAM Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// If the path is not set, it defaults to a slash (`/`).
	Path *string `func:"input"`

	// The JSON policy document that you want to use as the content for the new
	// policy.
	PolicyDocument string `func:"input"`

	// The friendly name of the policy.
	PolicyName string `func:"input"`

	// Region to use for IAM API calls.
	//
	// IAM is global so the calls are not regional but the Region will specify
	// which region the API calls are sent to.
	Region *string `func:"input"`

	// The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.
	//
	// For more information about ARNs, go to Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	ARN *string `func:"output"`

	// The number of entities (users, groups, and roles) that the policy is attached
	// to.
	AttachmentCount *int64 `func:"output"`

	// RFC3339 formatted date and time when the policy was created.
	CreateDate string `func:"output"`

	// The identifier for the version of the policy that is set as the default version.
	DefaultVersionID *string `func:"output"`

	// Specifies whether the policy can be attached to an IAM user, group, or role.
	IsAttachable *bool `func:"output"`

	// The number of entities (users and roles) for which the policy is used to
	// set the permissions boundary.
	//
	// For more information about permissions boundaries, see Permissions Boundaries
	// for IAM Identities
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)
	// in the IAM User Guide.
	PermissionsBoundaryUsageCount *int64 `func:"output"`

	// The stable and unique string identifying the policy.
	//
	// For more information about IDs, see IAM Identifiers
	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the Using IAM guide.
	PolicyID *string `func:"output"`

	// The date and time when the policy was last updated.
	//
	// When a policy has only one version, this field contains the date and time
	// when the policy was created. When a policy has more than one version, this
	// field contains the date and time when the most recent policy version was
	// created.
	UpdateDate string `func:"output"`
	// contains filtered or unexported fields
}

type IAMPolicyDocument struct {
	// Specify the version of the policy language that you want to use.
	// If not set, `2012-10-17` is used.
	Version *string `func:"input"`

	// Use this main policy element as a container for the following elements.
	// You can include more than one statement in a policy.
	Statements []IAMPolicyStatement `func:"input" name:"statement"`

	JSON string `func:"output"`
}

type IAMPolicyStatement struct {
	// Include an optional statement ID to differentiate between your statements.
	ID *string

	// Use `Allow` or `Deny` to indicate whether the policy allows or
	// denies access.
	Effect string `validate:"oneof=Allow Deny"`

	// The account, user, role, or federated user to which you would like to
	// allow or deny access.
	//
	// If you are creating a policy to attach to a user or role, you cannot
	// include this element. The principal is implied as that user or role.
	Principals *map[string][]string

	// The account, user, role or federated user to which the statement does
	// **not** apply to.
	NotPrincipals *map[string][]string

	// Include a list of actions that the policy allows or denies.
	Actions *[]string

	// List of actions that the statement do **not** apply to.
	NotActions *[]string

	// List of resources to which the actions apply.
	Resources *[]string

	// List of resources to which the actions do **not** apply.
	NotResources *[]string

	// Specify the circumstances under which the policy grants permission.
	//
	//   condition = {
	//     "StringEquals" = {
	//       "aws:username": "johndoe"
	//     }
	//   }
	//
	// See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html
	// for supported operators.
	Conditions *map[string]map[string]string
}

type IAMRole struct {

	// The trust relationship policy document that grants an entity permission to
	// assume the role.
	//
	// The [regex pattern](http://wikipedia.org/wiki/regex) used to validate this
	// parameter is a string of characters consisting of the following:
	//
	// * Any printable ASCII character ranging from the space character (\u0020)
	//   through the end of the ASCII character range
	//
	// * The printable characters in the Basic Latin and Latin-1 Supplement character
	//   set (through \u00FF)
	//
	// * The special characters tab (\u0009), line feed (\u000A), and carriage
	//   return (\u000D)
	AssumeRolePolicyDocument string `func:"input"`

	// A description of the role.
	Description *string `func:"input"`

	// The maximum session duration (in seconds) that you want to set for the
	// specified role. If you do not specify a value for this setting, the
	// default maximum of one hour is applied. This setting can have a value
	// from 1 hour to 12 hours.
	//
	// Anyone who assumes the role from the AWS CLI or API can use the
	// DurationSeconds API parameter or the duration-seconds CLI parameter to
	// request a longer session. The MaxSessionDuration setting determines the
	// maximum duration that can be requested using the DurationSeconds
	// parameter. If users don't specify a value for the DurationSeconds
	// parameter, their security credentials are valid for one hour by default.
	// This applies when you use the AssumeRole* API operations or the
	// assume-role* CLI operations but does not apply when you use those
	// operations to create a console URL. For more information, see
	// [Using IAM Roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
	// in the IAM User Guide.
	MaxSessionDuration *int64 `func:"input" validate:"min=3600,max=43200"`

	// The path to the role. For more information about paths, see
	// [IAM Identifiers](http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)
	// in the IAM User Guide.
	//
	// This parameter is optional. If it is not included, it defaults to a
	// slash (/).
	//
	// This parameter allows (per its
	// [regex pattern](http://wikipedia.org/wiki/regex) a string of characters
	// consisting of either a forward slash (/) by itself or a string that must
	// begin and end with forward slashes. In addition, it can contain any
	// ASCII character from the ! (\u0021) through the DEL character (\u007F),
	// including most punctuation characters, digits, and upper and lowercased
	// letters.
	Path *string `func:"input"`

	// The ARN of the policy that is used to set the permissions boundary for
	// the role.
	PermissionsBoundary *string `func:"input"`

	// Region to use for IAM API calls.
	//
	// IAM is global so the calls are not regional but the Region will specify
	// which region the API calls are sent to.
	Region *string `func:"input"`

	// The name of the role to create.
	//
	// This parameter allows (per its
	// [regex pattern](http://wikipedia.org/wiki/regex) a string of characters
	// consisting of upper and lowercase alphanumeric characters with no
	// spaces. You can also include any of the following characters: _+=,.@-
	//
	// Role names are not distinguished by case. For example, you cannot create
	// roles named both "PRODROLE" and "prodrole".
	RoleName string `func:"input"`

	// The Amazon Resource Name (ARN) specifying the role.
	ARN *string `func:"output"`

	// RFC3339 formatted date and time for when the role was created.
	CreateDate string `func:"output"`

	// The stable and unique string identifying the role.
	RoleID *string `func:"output"`
	// contains filtered or unexported fields
}

type IAMRolePolicy struct {

	// The policy document.
	PolicyDocument string `func:"input"`

	// The name of the policy document.
	PolicyName string `func:"input"`

	// Region to use for IAM API calls.
	//
	// IAM is global so the calls are not regional but the Region will specify
	// which region the API calls are sent to.
	Region *string `func:"input"`

	// The name of the role to associate the policy with.
	RoleName string `func:"input"`
	// contains filtered or unexported fields
}

type IAMRolePolicyAttachment struct {

	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//
	// For more information about ARNs, see Amazon Resource Names (ARNs) and AWS
	// Service Namespaces (http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
	// in the AWS General Reference.
	PolicyARN string `func:"input"`

	// Region to use for IAM API calls.
	//
	// IAM is global so the calls are not regional but the Region will specify
	// which region the API calls are sent to.
	Region *string `func:"input"`

	// The name (friendly name, not ARN) of the role to attach the policy to.
	//
	// This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))
	// a string of characters consisting of upper and lowercase alphanumeric characters
	// with no spaces. You can also include any of the following characters: _+=,.@-
	RoleName string `func:"input"`
	// contains filtered or unexported fields
}

type LambdaEventSourceMapping struct {

	// The maximum number of items to retrieve in a single batch.
	//
	//    * Amazon Kinesis - Default 100. Max 10,000.
	//
	//    * Amazon DynamoDB Streams - Default 100. Max 1,000.
	//
	//    * Amazon Simple Queue Service - Default 10. Max 10.
	BatchSize *int64 `func:"input" validate:"min=1,max=10000"`

	// Disables the event source mapping to pause polling and invocation.
	Enabled *bool `func:"input"`

	// The Amazon Resource Name (ARN) of the event source.
	//
	//    * Amazon Kinesis - The ARN of the data stream or a stream consumer.
	//
	//    * Amazon DynamoDB Streams - The ARN of the stream.
	//
	//    * Amazon Simple Queue Service - The ARN of the queue.
	EventSourceARN string `func:"input" name:"event_source_arn" validate:"aws_arn"`

	// The name of the Lambda function.
	//
	// Name formats
	//
	//    * Function name - MyFunction.
	//
	//    * Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
	//
	//    * Version or Alias ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
	//
	//    * Partial ARN - 123456789012:function:MyFunction.
	//
	// The length constraint applies only to the full ARN. If you specify only the
	// function name, it's limited to 64 characters in length.
	FunctionName string `func:"input" validate:"min=1"`

	// The position in a stream from which to start reading. Required for Amazon
	// Kinesis and Amazon DynamoDB Streams sources. AT_TIMESTAMP is only supported
	// for Amazon Kinesis streams.
	StartingPosition *string `func:"input" validate:"oneof=TRIM_HORIZON LATEST AT_TIMESTAMP"`

	// With StartingPosition set to AT_TIMESTAMP, the RFC3339 formatted time from which to start reading.
	StartingPositionTimestamp *string `func:"input"`

	Region string `func:"input"`

	// The ARN of the Lambda function.
	FunctionARN string `func:"output"`

	// RFC3339 formatted date for when the event source mapping was last updated.
	LastModified string `func:"output"`

	// The identifier of the event source mapping.
	UUID string `func:"output"`
	// contains filtered or unexported fields
}

type LambdaFunction struct {

	// A dead letter queue configuration that specifies the queue or topic
	// where Lambda sends asynchronous events when they fail processing. For
	// more information, see
	// [Dead Letter Queues](http://docs.aws.amazon.com/lambda/latest/dg/dlq.html).
	DeadLetterConfig *struct {
		TargetArn *string `validate:"aws_arn"`
	} `func:"input"`

	// A description of the function.
	Description *string `func:"input"`

	// Environment variables that are accessible from function code during execution.
	Environment *struct {
		Variables map[string]string
	} `func:"input"`

	// The name of the Lambda function.
	//
	// Name formats
	//
	//   * Function name: `MyFunction`.
	//   * Function ARN:  `arn:aws:lambda:us-west-2:123456789012:function:MyFunction`.
	//   * Partial ARN:   `123456789012:function:MyFunction`.
	//
	// The length constraint applies only to the full ARN. If you specify only
	// the function name, it is limited to 64 characters in length.
	FunctionName string `func:"input" validate:"min=1,max=64"`

	// The name of the method within your code that Lambda calls to execute
	// your function. For more information, see
	// [Programming Model](http://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html).
	Handler string `func:"input"`

	// The ARN of the KMS key used to encrypt your function's environment
	// variables. If not provided, AWS Lambda will use a default service key.
	KMSKeyArn *string `func:"input"`

	// A list of [function layers](http://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)
	// to add to the function's execution environment.
	Layers []string `func:"input"`

	// The amount of memory that your function has access to. Increasing the
	// function's memory also increases it's CPU allocation. The default value
	// is 128 MB. The value must be a multiple of 64 MB.
	MemorySize *int64 `func:"input" validate:"min=64,max=3008,div=64"`

	// Set to true to publish the first version of the function during
	// creation.
	Publish *bool `func:"input"`

	// Region to run the Lambda function in.
	Region string `func:"input"`

	// The Amazon Resource Name (ARN) of the function's execution role
	// (http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html#lambda-intro-execution-role).
	Role string `func:"input" validate:"aws_arn"`

	// The runtime version for the function.
	Runtime string `` // nolint :lll
	/* 152-byte string literal not displayed */

	// The list of tags (key-value pairs) assigned to the new function. For
	// more information, see
	// [Tagging Lambda Functions](http://docs.aws.amazon.com/lambda/latest/dg/tagging.html)
	// in the AWS Lambda Developer Guide.
	Tags map[string]string `func:"input"`

	// The amount of time that Lambda allows a function to run before
	// terminating it. The default is 3 seconds. The maximum allowed value is
	// 900 seconds.
	Timeout *int64 `func:"input" validate:"min=1,max=900"`

	// Set Mode to Active to sample and trace a subset of incoming requests
	// with AWS X-Ray.
	//
	// https://docs.aws.amazon.com/goto/WebAPI/lambda-2015-03-31/TracingConfig
	TracingConfig *struct {
		// The tracing mode.
		Mode string `validate:"oneof=Active PassTrough"`
	} `func:"input"`

	// If your Lambda function accesses resources in a VPC, you provide this parameter
	// identifying the list of security group IDs and subnet IDs. These must belong
	// to the same VPC. You must provide at least one security group and one subnet
	// ID.
	VPCConfig *struct {
		// A list of VPC security groups IDs.
		SecurityGroupIDs []string
		// A list of VPC subnet IDs.
		SubnetIDs []string
	} `func:"input" name:"vpc_config"`

	// The SHA256 hash of the function's deployment package.
	CodeSha256 *string `func:"output"`

	// The size of the function's deployment package in bytes.
	CodeSize *int64 `func:"output"`

	// The function's Amazon Resource Name.
	FunctionARN *string `func:"output"`

	// RFC3339 formatted date and time for when the function was last updated.
	LastModified string `func:"output"`

	// The ARN of the master function.
	MasterARN *string `func:"output"`

	// Represents the latest updated revision of the function or alias.
	RevisionID *string `func:"output"`

	// The version of the Lambda function.
	Version *string `func:"output"`
	// contains filtered or unexported fields
}

type LambdaInvokePermission struct {

	// The AWS Lambda action you want to allow in this statement. Each Lambda action
	// is a string starting with lambda: followed by the API name . For example,
	// lambda:CreateFunction. You can use wildcard (lambda:*) to grant permission
	// for all AWS Lambda actions.
	Action string `func:"input"`

	// A unique token that must be supplied by the principal invoking the function.
	// This is currently only used for Alexa Smart Home functions.
	EventSourceToken *string `func:"input"`

	// The name of the Lambda function.
	//
	// Name formats
	//
	//  - Function name - `MyFunction`.
	//  - Function ARN - `arn:aws:lambda:us-west-2:123456789012:function:MyFunction`.
	//  - Partial ARN - `123456789012:function:MyFunction`.
	//
	// The length constraint applies only to the full ARN. If you specify only
	// the function name, it is limited to 64 characters in length.
	FunctionName string `func:"input"`

	// The principal who is getting this permission. The principal can be an
	// AWS service (e.g. `s3.amazonaws.com` or `sns.amazonaws.com`) for service
	// triggers, or an account ID for cross-account access. If you specify a
	// service as a principal, use the SourceArn parameter to limit who can
	// invoke the function through that service.
	Principal string `func:"input"`

	// Region the Lambda function has been deployed to.
	Region string `func:"input"`

	// Specify a version or alias to add permissions to a published version of the
	// function.
	Qualifier *string `func:"input"`

	// An optional value you can use to ensure you are updating the latest update
	// of the function version or alias. If the RevisionID you pass doesn't match
	// the latest RevisionID of the function or alias, it will fail with an error
	// message.
	RevisionID *string `func:"input"`

	// This parameter is used for S3 and SES. The AWS account ID (without a hyphen)
	// of the source owner. For example, if the SourceArn identifies a bucket, then
	// this is the bucket owner's account ID. You can use this additional condition
	// to ensure the bucket you specify is owned by a specific account (it is possible
	// the bucket owner deleted the bucket and some other AWS account created the
	// bucket). You can also use this condition to specify all sources (that is,
	// you don't specify the SourceArn) owned by a specific account.
	SourceAccount *string `func:"input"`

	// The Amazon Resource Name of the invoker.
	//
	// If you add a permission to a service principal without providing the source
	// ARN, any AWS account that creates a mapping to your function ARN can invoke
	// your Lambda function.
	SourceARN *string `func:"input" validate:"aws_arn"`

	// A unique statement identifier.
	StatementID string `func:"input"`

	// The permission statement you specified in the request. The response returns
	// the same as a string using a backslash ("\") as an escape character in the
	// JSON.
	Statement *string `func:"output"`
	// contains filtered or unexported fields
}

type MethodSetting struct {
	// Specifies whether the cached responses are encrypted. The PATCH path for
	// this setting is /{method_setting_key}/caching/dataEncrypted, and the value
	// is a Boolean.
	CacheDataEncrypted bool

	// Specifies the time to live (TTL), in seconds, for cached responses. The higher
	// the TTL, the longer the response will be cached. The PATCH path for this
	// setting is /{method_setting_key}/caching/ttlInSeconds, and the value is an
	// integer.
	CacheTTLInSeconds int64

	// Specifies whether responses should be cached and returned for requests. A
	// cache cluster must be enabled on the stage for responses to be cached. The
	// PATCH path for this setting is /{method_setting_key}/caching/enabled, and
	// the value is a Boolean.
	CachingEnabled bool

	// Specifies whether data trace logging is enabled for this method, which affects
	// the log entries pushed to Amazon CloudWatch Logs. The PATCH path for this
	// setting is /{method_setting_key}/logging/dataTrace, and the value is a Boolean.
	DataTraceEnabled bool

	// Specifies the logging level for this method, which affects the log entries
	// pushed to Amazon CloudWatch Logs. The PATCH path for this setting is /{method_setting_key}/logging/loglevel,
	// and the available levels are OFF, ERROR, and INFO.
	LoggingLevel string

	// Specifies whether Amazon CloudWatch metrics are enabled for this method.
	// The PATCH path for this setting is /{method_setting_key}/metrics/enabled,
	// and the value is a Boolean.
	MetricsEnabled bool

	// Specifies whether authorization is required for a cache invalidation request.
	// The PATCH path for this setting is /{method_setting_key}/caching/requireAuthorizationForCacheControl,
	// and the value is a Boolean.
	RequireAuthorizationForCacheControl bool

	// Specifies the throttling burst limit. The PATCH path for this setting is
	// /{method_setting_key}/throttling/burstLimit, and the value is an integer.
	ThrottlingBurstLimit int64

	// Specifies the throttling rate limit. The PATCH path for this setting is /{method_setting_key}/throttling/rateLimit,
	// and the value is a double.
	ThrottlingRateLimit float64

	// Specifies how to handle unauthorized requests for cache invalidation.
	// Available values are:
	// - `FAIL_WITH_403`
	// - `SUCCEED_WITH_RESPONSE_HEADER`
	// - `SUCCEED_WITHOUT_RESPONSE_HEADER`
	UnauthorizedCacheControlHeaderStrategy string
}

type SQSQueue struct {

	// The length of time, in seconds, for which the delivery of all messages
	// in the queue is delayed. Valid values: An integer from 0 to 900 seconds
	// (15 minutes). Default: 0.
	Delay *int `func:"input" validate:"min=0,max=900"`

	// The limit of how many bytes a message can contain before Amazon SQS
	// rejects it. Valid values: An integer from 1,024 bytes (1 KiB) to 262,144
	// bytes (256 KiB). Default: 262,144 (256 KiB).
	MaximumMessageSize *int `func:"input" validate:"min=1024,max=262144"`

	// The length of time, in seconds, for which Amazon SQS retains a message.
	// Valid values: An integer from 60 seconds (1 minute) to 1,209,600 seconds
	// (14 days). Default: 345,600 (4 days).
	MessageRetentionPeriod *int `func:"input" validate:"min=60,max=1209600"`

	// The queue's policy. A valid AWS policy. For more information about
	// policy structure, see Overview of [AWS IAM
	// Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html)
	// in the Amazon IAM User Guide.
	Policy *string `func:"input"`

	// The length of time, in seconds, for which a ReceiveMessage action waits
	// for a message to arrive. Valid values: An integer from 0 to 20
	// (seconds). Default: 0.
	ReceiveMessageWaitTime *int `func:"input" validate:"min=0,max=20"`

	// Parameters for the dead-letter queue functionality of the source queue.
	// For more information about the redrive policy and dead-letter queues,
	// see [Using Amazon SQS Dead-Letter
	// Queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html)
	// in the Amazon Simple Queue Service Developer Guide.
	RedrivePolicy *struct {
		// The number of times a message is delivered to the source queue
		// before being moved to the dead-letter queue. When the ReceiveCount
		// for a message exceeds the maxReceiveCount for a queue, Amazon SQS
		// moves the message to the dead-letter-queue.
		MaxReceiveCount int `validate:"min=1" json:"maxReceiveCount"`

		// The Amazon Resource Name (ARN) of the dead-letter queue to which
		// Amazon SQS moves messages after the value of max_receive_count is
		// exceeded.
		//
		// Note: The dead-letter queue of a FIFO queue must also be a FIFO
		// queue. Similarly, the dead-letter queue of a standard queue must
		// also be a standard queue.
		DeadLetterTargetARN string `validate:"aws_arn" json:"deadLetterTargetArn"`
	} `func:"input"`

	// The visibility timeout for the queue, in seconds.
	// Valid values: An integer from 0 to 43,200 (12 hours). Default: 30.
	// For more information about the visibility timeout, see [Visibility
	// Timeout](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html)
	// in the Amazon Simple Queue Service Developer Guide.
	VisibilityTimeout *int `func:"input" validate:"min=0,max=43200"`

	// The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a
	// custom CMK. For more information, see [Key
	// Terms](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html).
	// While the alias of the AWS-managed CMK for Amazon SQS is always
	// alias/aws/sqs, the alias of a custom CMK can, for example, be
	// alias/MyAlias . For more examples, see
	// [KeyId](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters)
	// in the AWS Key Management Service API Reference.
	KMSMasterKeyID *string `func:"input" name:"kms_master_key_id"`

	// The length of time, in seconds, for which Amazon SQS can reuse a [data
	// key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys)
	// to encrypt or decrypt messages before calling AWS KMS again.  An integer
	// representing seconds, between 60 seconds (1 minute) and 86,400 seconds
	// (24 hours). Default: 300 (5 minutes).
	//
	// A shorter time period provides better security but results in more calls
	// to KMS which might incur charges after Free Tier. For more information,
	// see [How Does the Data Key Reuse Period
	// Work?](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html).
	KMSDataKeyReusePeriod *int `func:"input" name:"kms_data_key_reuse_period" validate:"min=60,max=86400"`

	// Designates a queue as FIFO. If you don't specify the FifoQueue
	// attribute, Amazon SQS creates a standard queue. You can provide this
	// attribute only during queue creation. You can't change it for an
	// existing queue. When you set this attribute, you must also provide the
	// MessageGroupId for your messages explicitly. For more information, see
	// [FIFO Queue
	// Logic](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html)
	// in the Amazon Simple Queue Service Developer Guide.
	FIFOQueue *bool `func:"input" name:"fifo_queue"`

	// Enables content-based deduplication. For more information, see
	// [Exactly-Once
	// Processing](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html)
	// in the Amazon Simple Queue Service Developer Guide.
	//
	// Every message must have a unique MessageDeduplicationId, You may provide
	// a MessageDeduplicationId explicitly. If you aren't able to provide a
	// MessageDeduplicationId and you enable ContentBasedDeduplication for your
	// queue, Amazon SQS uses a SHA-256 hash to generate the
	// MessageDeduplicationId using the body of the message (but not the
	// attributes of the message). If you don't provide a
	// MessageDeduplicationId and the queue doesn't have
	// ContentBasedDeduplication set, the action fails with an error. If the
	// queue has ContentBasedDeduplication set, your MessageDeduplicationId
	// overrides the generated one. When ContentBasedDeduplication is in
	// effect, messages with identical content sent within the deduplication
	// interval are treated as duplicates and only one copy of the message is
	// delivered. If you send one message with ContentBasedDeduplication
	// enabled and then another message with a MessageDeduplicationId that is
	// the same as the one generated for the first MessageDeduplicationId, the
	// two messages are treated as duplicates and only one copy of the message
	// is delivered.
	ContentBasedDeduplication *bool `func:"input"`

	// The name of the new queue. The following limits apply to this name:
	//
	//    * A queue name can have up to 80 characters.
	//
	//    * Valid values: alphanumeric characters, hyphens (-), and underscores
	//    (_).
	//
	//    * A FIFO queue name must end with the .fifo suffix.
	//
	// Queue URLs and names are case-sensitive.
	//
	// QueueName is a required field
	QueueName string `func:"input"`

	// The region to create the queue in.
	Region string `func:"input"`

	QueueURL string `func:"output"`
	QueueARN string `func:"output"`
	// contains filtered or unexported fields
}

type STSCallerIdentity struct {

	// Region to use for STS API calls.
	//
	// STS is global so the calls are not regional but the Region will specify
	// which region the API calls are sent to.
	Region *string `func:"input"`

	// The AWS account ID number of the account that owns or contains the calling
	// entity.
	Account *string `func:"output"`

	// The AWS ARN associated with the calling entity.
	ARN *string `func:"output"`

	// The unique identifier of the calling entity. The exact value depends on
	// the type of entity making the call. The values returned are those listed
	// in the aws:userid column in the
	// [Principal table](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
	// found on the Policy Variables reference page in the IAM User Guide.
	UserID *string `func:"output"`
	// contains filtered or unexported fields
}