CLOUDFRONT

AssociateAlias

valid {
    input.ReqMap.TargetDistributionId == STRING
    input.Qs.Alias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CopyDistribution

valid {
    input.Body.CallerReference == STRING
    input.Body.Enabled == BOOLEAN
    input.ReqMap.PrimaryDistributionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCachePolicy

enum_CachePolicyCookieBehavior := [ "none", "whitelist", "allExcept", "all" ]
enum_CachePolicyHeaderBehavior := [ "none", "whitelist" ]
enum_CachePolicyQueryStringBehavior := [ "none", "whitelist", "allExcept", "all" ]

valid {
    input.Body.CachePolicyConfig.Comment == STRING
    input.Body.CachePolicyConfig.Name == STRING
    input.Body.CachePolicyConfig.DefaultTTL == LONG
    input.Body.CachePolicyConfig.MaxTTL == LONG
    input.Body.CachePolicyConfig.MinTTL == LONG
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.EnableAcceptEncodingGzip == BOOLEAN
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.EnableAcceptEncodingBrotli == BOOLEAN
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.HeaderBehavior == enum_CachePolicyHeaderBehavior[_]
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.Headers.Quantity == INTEGER
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.Headers.Items[_] == STRING
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.CookiesConfig.CookieBehavior == enum_CachePolicyCookieBehavior[_]
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.CookiesConfig.Cookies.Quantity == INTEGER
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.CookiesConfig.Cookies.Items[_] == STRING
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.QueryStringsConfig.QueryStringBehavior == enum_CachePolicyQueryStringBehavior[_]
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.QueryStringsConfig.QueryStrings.Quantity == INTEGER
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.QueryStringsConfig.QueryStrings.Items[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCloudFrontOriginAccessIdentity

valid {
    input.Body.CloudFrontOriginAccessIdentityConfig.CallerReference == STRING
    input.Body.CloudFrontOriginAccessIdentityConfig.Comment == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateContinuousDeploymentPolicy

enum_ContinuousDeploymentPolicyType := [ "SingleWeight", "SingleHeader" ]

valid {
    input.Body.ContinuousDeploymentPolicyConfig.StagingDistributionDnsNames.Quantity == INTEGER
    input.Body.ContinuousDeploymentPolicyConfig.StagingDistributionDnsNames.Items[_] == STRING
    input.Body.ContinuousDeploymentPolicyConfig.Enabled == BOOLEAN
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleWeightConfig.Weight == FLOAT
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleWeightConfig.SessionStickinessConfig.IdleTTL == INTEGER
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleWeightConfig.SessionStickinessConfig.MaximumTTL == INTEGER
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleHeaderConfig.Header == STRING
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleHeaderConfig.Value == STRING
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.Type == enum_ContinuousDeploymentPolicyType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDistribution

enum_CertificateSource := [ "cloudfront", "iam", "acm" ]
enum_EventType := [ "viewer-request", "viewer-response", "origin-request", "origin-response" ]
enum_GeoRestrictionType := [ "blacklist", "whitelist", "none" ]
enum_HttpVersion := [ "http1.1", "http2", "http3", "http2and3" ]
enum_ItemSelection := [ "none", "whitelist", "all" ]
enum_Method := [ "GET", "HEAD", "POST", "PUT", "PATCH", "OPTIONS", "DELETE" ]
enum_MinimumProtocolVersion := [ "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021" ]
enum_OriginProtocolPolicy := [ "http-only", "match-viewer", "https-only" ]
enum_PriceClass := [ "PriceClass_100", "PriceClass_200", "PriceClass_All" ]
enum_SSLSupportMethod := [ "sni-only", "vip", "static-ip" ]
enum_SslProtocol := [ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" ]
enum_ViewerProtocolPolicy := [ "allow-all", "https-only", "redirect-to-https" ]

valid {
    input.Body.DistributionConfig.CallerReference == STRING
    input.Body.DistributionConfig.Aliases.Quantity == INTEGER
    input.Body.DistributionConfig.Aliases.Items[_] == STRING
    input.Body.DistributionConfig.DefaultRootObject == STRING
    input.Body.DistributionConfig.Origins.Quantity == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].Id == STRING
    input.Body.DistributionConfig.Origins.Items[_].DomainName == STRING
    input.Body.DistributionConfig.Origins.Items[_].OriginPath == STRING
    input.Body.DistributionConfig.Origins.Items[_].CustomHeaders.Quantity == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomHeaders.Items[_].HeaderName == STRING
    input.Body.DistributionConfig.Origins.Items[_].CustomHeaders.Items[_].HeaderValue == STRING
    input.Body.DistributionConfig.Origins.Items[_].S3OriginConfig.OriginAccessIdentity == STRING
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.HTTPPort == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.HTTPSPort == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginProtocolPolicy == enum_OriginProtocolPolicy[_]
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginSslProtocols.Quantity == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginSslProtocols.Items[_] == enum_SslProtocol[_]
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginReadTimeout == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginKeepaliveTimeout == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].ConnectionAttempts == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].ConnectionTimeout == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].OriginShield.Enabled == BOOLEAN
    input.Body.DistributionConfig.Origins.Items[_].OriginShield.OriginShieldRegion == STRING
    input.Body.DistributionConfig.Origins.Items[_].OriginAccessControlId == STRING
    input.Body.DistributionConfig.OriginGroups.Quantity == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].Id == STRING
    input.Body.DistributionConfig.OriginGroups.Items[_].FailoverCriteria.StatusCodes.Quantity == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].FailoverCriteria.StatusCodes.Items[_] == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].Members.Quantity == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].Members.Items[_].OriginId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.TargetOriginId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Enabled == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Enabled == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy == enum_ViewerProtocolPolicy[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.CachedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.CachedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.SmoothStreaming == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.Compress == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].LambdaFunctionARN == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].IncludeBody == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Items[_].FunctionARN == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.FieldLevelEncryptionId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.RealtimeLogConfigArn == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.CachePolicyId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.OriginRequestPolicyId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ResponseHeadersPolicyId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryString == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.Forward == enum_ItemSelection[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Headers.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Headers.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryStringCacheKeys.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryStringCacheKeys.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.MinTTL == LONG
    input.Body.DistributionConfig.DefaultCacheBehavior.DefaultTTL == LONG
    input.Body.DistributionConfig.DefaultCacheBehavior.MaxTTL == LONG
    input.Body.DistributionConfig.CacheBehaviors.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].PathPattern == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TargetOriginId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Enabled == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Enabled == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ViewerProtocolPolicy == enum_ViewerProtocolPolicy[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.CachedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.CachedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].SmoothStreaming == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].Compress == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].LambdaFunctionARN == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].IncludeBody == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Items[_].FunctionARN == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FieldLevelEncryptionId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].RealtimeLogConfigArn == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].CachePolicyId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].OriginRequestPolicyId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ResponseHeadersPolicyId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryString == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.Forward == enum_ItemSelection[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.WhitelistedNames.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.WhitelistedNames.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Headers.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Headers.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryStringCacheKeys.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryStringCacheKeys.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].MinTTL == LONG
    input.Body.DistributionConfig.CacheBehaviors.Items[_].DefaultTTL == LONG
    input.Body.DistributionConfig.CacheBehaviors.Items[_].MaxTTL == LONG
    input.Body.DistributionConfig.CustomErrorResponses.Quantity == INTEGER
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ErrorCode == INTEGER
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ResponsePagePath == STRING
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ResponseCode == STRING
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ErrorCachingMinTTL == LONG
    input.Body.DistributionConfig.Comment == STRING
    input.Body.DistributionConfig.Logging.Enabled == BOOLEAN
    input.Body.DistributionConfig.Logging.IncludeCookies == BOOLEAN
    input.Body.DistributionConfig.Logging.Bucket == STRING
    input.Body.DistributionConfig.Logging.Prefix == STRING
    input.Body.DistributionConfig.PriceClass == enum_PriceClass[_]
    input.Body.DistributionConfig.Enabled == BOOLEAN
    input.Body.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate == BOOLEAN
    input.Body.DistributionConfig.ViewerCertificate.IAMCertificateId == STRING
    input.Body.DistributionConfig.ViewerCertificate.ACMCertificateArn == STRING
    input.Body.DistributionConfig.ViewerCertificate.SSLSupportMethod == enum_SSLSupportMethod[_]
    input.Body.DistributionConfig.ViewerCertificate.MinimumProtocolVersion == enum_MinimumProtocolVersion[_]
    input.Body.DistributionConfig.ViewerCertificate.Certificate == STRING
    input.Body.DistributionConfig.ViewerCertificate.CertificateSource == enum_CertificateSource[_]
    input.Body.DistributionConfig.Restrictions.GeoRestriction.RestrictionType == enum_GeoRestrictionType[_]
    input.Body.DistributionConfig.Restrictions.GeoRestriction.Quantity == INTEGER
    input.Body.DistributionConfig.Restrictions.GeoRestriction.Items[_] == STRING
    input.Body.DistributionConfig.WebACLId == STRING
    input.Body.DistributionConfig.HttpVersion == enum_HttpVersion[_]
    input.Body.DistributionConfig.IsIPV6Enabled == BOOLEAN
    input.Body.DistributionConfig.ContinuousDeploymentPolicyId == STRING
    input.Body.DistributionConfig.Staging == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDistributionWithTags

enum_CertificateSource := [ "cloudfront", "iam", "acm" ]
enum_EventType := [ "viewer-request", "viewer-response", "origin-request", "origin-response" ]
enum_GeoRestrictionType := [ "blacklist", "whitelist", "none" ]
enum_HttpVersion := [ "http1.1", "http2", "http3", "http2and3" ]
enum_ItemSelection := [ "none", "whitelist", "all" ]
enum_Method := [ "GET", "HEAD", "POST", "PUT", "PATCH", "OPTIONS", "DELETE" ]
enum_MinimumProtocolVersion := [ "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021" ]
enum_OriginProtocolPolicy := [ "http-only", "match-viewer", "https-only" ]
enum_PriceClass := [ "PriceClass_100", "PriceClass_200", "PriceClass_All" ]
enum_SSLSupportMethod := [ "sni-only", "vip", "static-ip" ]
enum_SslProtocol := [ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" ]
enum_ViewerProtocolPolicy := [ "allow-all", "https-only", "redirect-to-https" ]

valid {
    input.Body.DistributionConfigWithTags.DistributionConfig.CallerReference == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Aliases.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Aliases.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultRootObject == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].Id == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].DomainName == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].OriginPath == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomHeaders.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomHeaders.Items[_].HeaderName == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomHeaders.Items[_].HeaderValue == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].S3OriginConfig.OriginAccessIdentity == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.HTTPPort == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.HTTPSPort == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginProtocolPolicy == enum_OriginProtocolPolicy[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginSslProtocols.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginSslProtocols.Items[_] == enum_SslProtocol[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginReadTimeout == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginKeepaliveTimeout == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].ConnectionAttempts == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].ConnectionTimeout == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].OriginShield.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].OriginShield.OriginShieldRegion == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Origins.Items[_].OriginAccessControlId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.OriginGroups.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.OriginGroups.Items[_].Id == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.OriginGroups.Items[_].FailoverCriteria.StatusCodes.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.OriginGroups.Items[_].FailoverCriteria.StatusCodes.Items[_] == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.OriginGroups.Items[_].Members.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.OriginGroups.Items[_].Members.Items[_].OriginId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TargetOriginId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy == enum_ViewerProtocolPolicy[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.AllowedMethods.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.AllowedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.AllowedMethods.CachedMethods.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.AllowedMethods.CachedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.SmoothStreaming == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.Compress == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].LambdaFunctionARN == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].IncludeBody == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Items[_].FunctionARN == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.FieldLevelEncryptionId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.RealtimeLogConfigArn == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.CachePolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.OriginRequestPolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ResponseHeadersPolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryString == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.Forward == enum_ItemSelection[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Headers.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Headers.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryStringCacheKeys.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryStringCacheKeys.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.MinTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.DefaultTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.DefaultCacheBehavior.MaxTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].PathPattern == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TargetOriginId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ViewerProtocolPolicy == enum_ViewerProtocolPolicy[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.CachedMethods.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.CachedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].SmoothStreaming == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].Compress == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].LambdaFunctionARN == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].IncludeBody == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Items[_].FunctionARN == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].FieldLevelEncryptionId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].RealtimeLogConfigArn == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].CachePolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].OriginRequestPolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ResponseHeadersPolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryString == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.Forward == enum_ItemSelection[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.WhitelistedNames.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.WhitelistedNames.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Headers.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Headers.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryStringCacheKeys.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryStringCacheKeys.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].MinTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].DefaultTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.CacheBehaviors.Items[_].MaxTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.CustomErrorResponses.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CustomErrorResponses.Items[_].ErrorCode == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.CustomErrorResponses.Items[_].ResponsePagePath == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CustomErrorResponses.Items[_].ResponseCode == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.CustomErrorResponses.Items[_].ErrorCachingMinTTL == LONG
    input.Body.DistributionConfigWithTags.DistributionConfig.Comment == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Logging.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.Logging.IncludeCookies == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.Logging.Bucket == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Logging.Prefix == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.PriceClass == enum_PriceClass[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.IAMCertificateId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.ACMCertificateArn == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.SSLSupportMethod == enum_SSLSupportMethod[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.MinimumProtocolVersion == enum_MinimumProtocolVersion[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.Certificate == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.ViewerCertificate.CertificateSource == enum_CertificateSource[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.Restrictions.GeoRestriction.RestrictionType == enum_GeoRestrictionType[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.Restrictions.GeoRestriction.Quantity == INTEGER
    input.Body.DistributionConfigWithTags.DistributionConfig.Restrictions.GeoRestriction.Items[_] == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.WebACLId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.HttpVersion == enum_HttpVersion[_]
    input.Body.DistributionConfigWithTags.DistributionConfig.IsIPV6Enabled == BOOLEAN
    input.Body.DistributionConfigWithTags.DistributionConfig.ContinuousDeploymentPolicyId == STRING
    input.Body.DistributionConfigWithTags.DistributionConfig.Staging == BOOLEAN
    input.Body.DistributionConfigWithTags.Tags.Items[_].Key == STRING
    input.Body.DistributionConfigWithTags.Tags.Items[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFieldLevelEncryptionConfig

enum_Format := [ "URLEncoded" ]

valid {
    input.Body.FieldLevelEncryptionConfig.CallerReference == STRING
    input.Body.FieldLevelEncryptionConfig.Comment == STRING
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.ForwardWhenQueryArgProfileIsUnknown == BOOLEAN
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.QueryArgProfiles.Quantity == INTEGER
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.QueryArgProfiles.Items[_].QueryArg == STRING
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.QueryArgProfiles.Items[_].ProfileId == STRING
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ForwardWhenContentTypeIsUnknown == BOOLEAN
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Quantity == INTEGER
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Items[_].Format == enum_Format[_]
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Items[_].ProfileId == STRING
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Items[_].ContentType == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFieldLevelEncryptionProfile

valid {
    input.Body.FieldLevelEncryptionProfileConfig.Name == STRING
    input.Body.FieldLevelEncryptionProfileConfig.CallerReference == STRING
    input.Body.FieldLevelEncryptionProfileConfig.Comment == STRING
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Quantity == INTEGER
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].PublicKeyId == STRING
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].ProviderId == STRING
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].FieldPatterns.Quantity == INTEGER
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].FieldPatterns.Items[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFunction

enum_FunctionRuntime := [ "cloudfront-js-1.0", "cloudfront-js-2.0" ]

valid {
    input.Body.Name == STRING
    input.Body.FunctionConfig.Comment == STRING
    input.Body.FunctionConfig.Runtime == enum_FunctionRuntime[_]
    input.Body.FunctionConfig.KeyValueStoreAssociations.Quantity == INTEGER
    input.Body.FunctionConfig.KeyValueStoreAssociations.Items[_].KeyValueStoreARN == STRING
    input.Body.FunctionCode == BLOB
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateInvalidation

valid {
    input.Body.InvalidationBatch.Paths.Quantity == INTEGER
    input.Body.InvalidationBatch.Paths.Items[_] == STRING
    input.Body.InvalidationBatch.CallerReference == STRING
    input.ReqMap.DistributionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateKeyGroup

valid {
    input.Body.KeyGroupConfig.Name == STRING
    input.Body.KeyGroupConfig.Items[_] == STRING
    input.Body.KeyGroupConfig.Comment == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateKeyValueStore

enum_ImportSourceType := [ "S3" ]

valid {
    input.Body.Name == STRING
    input.Body.Comment == STRING
    input.Body.ImportSource.SourceType == enum_ImportSourceType[_]
    input.Body.ImportSource.SourceARN == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateMonitoringSubscription

enum_RealtimeMetricsSubscriptionStatus := [ "Enabled", "Disabled" ]

valid {
    input.Body.MonitoringSubscription.RealtimeMetricsSubscriptionConfig.RealtimeMetricsSubscriptionStatus == enum_RealtimeMetricsSubscriptionStatus[_]
    input.ReqMap.DistributionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOriginAccessControl

enum_OriginAccessControlOriginTypes := [ "s3", "mediastore" ]
enum_OriginAccessControlSigningBehaviors := [ "never", "always", "no-override" ]
enum_OriginAccessControlSigningProtocols := [ "sigv4" ]

valid {
    input.Body.OriginAccessControlConfig.Name == STRING
    input.Body.OriginAccessControlConfig.Description == STRING
    input.Body.OriginAccessControlConfig.SigningProtocol == enum_OriginAccessControlSigningProtocols[_]
    input.Body.OriginAccessControlConfig.SigningBehavior == enum_OriginAccessControlSigningBehaviors[_]
    input.Body.OriginAccessControlConfig.OriginAccessControlOriginType == enum_OriginAccessControlOriginTypes[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOriginRequestPolicy

enum_OriginRequestPolicyCookieBehavior := [ "none", "whitelist", "all", "allExcept" ]
enum_OriginRequestPolicyHeaderBehavior := [ "none", "whitelist", "allViewer", "allViewerAndWhitelistCloudFront", "allExcept" ]
enum_OriginRequestPolicyQueryStringBehavior := [ "none", "whitelist", "all", "allExcept" ]

valid {
    input.Body.OriginRequestPolicyConfig.Comment == STRING
    input.Body.OriginRequestPolicyConfig.Name == STRING
    input.Body.OriginRequestPolicyConfig.HeadersConfig.HeaderBehavior == enum_OriginRequestPolicyHeaderBehavior[_]
    input.Body.OriginRequestPolicyConfig.HeadersConfig.Headers.Quantity == INTEGER
    input.Body.OriginRequestPolicyConfig.HeadersConfig.Headers.Items[_] == STRING
    input.Body.OriginRequestPolicyConfig.CookiesConfig.CookieBehavior == enum_OriginRequestPolicyCookieBehavior[_]
    input.Body.OriginRequestPolicyConfig.CookiesConfig.Cookies.Quantity == INTEGER
    input.Body.OriginRequestPolicyConfig.CookiesConfig.Cookies.Items[_] == STRING
    input.Body.OriginRequestPolicyConfig.QueryStringsConfig.QueryStringBehavior == enum_OriginRequestPolicyQueryStringBehavior[_]
    input.Body.OriginRequestPolicyConfig.QueryStringsConfig.QueryStrings.Quantity == INTEGER
    input.Body.OriginRequestPolicyConfig.QueryStringsConfig.QueryStrings.Items[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePublicKey

valid {
    input.Body.PublicKeyConfig.CallerReference == STRING
    input.Body.PublicKeyConfig.Name == STRING
    input.Body.PublicKeyConfig.EncodedKey == STRING
    input.Body.PublicKeyConfig.Comment == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRealtimeLogConfig

valid {
    input.Body.EndPoints[_].StreamType == STRING
    input.Body.EndPoints[_].KinesisStreamConfig.RoleARN == STRING
    input.Body.EndPoints[_].KinesisStreamConfig.StreamARN == STRING
    input.Body.Fields[_] == STRING
    input.Body.Name == STRING
    input.Body.SamplingRate == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateResponseHeadersPolicy

enum_FrameOptionsList := [ "DENY", "SAMEORIGIN" ]
enum_ReferrerPolicyList := [ "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-cross-origin", "same-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url" ]
enum_ResponseHeadersPolicyAccessControlAllowMethodsValues := [ "GET", "POST", "OPTIONS", "PUT", "DELETE", "PATCH", "HEAD", "ALL" ]

valid {
    input.Body.ResponseHeadersPolicyConfig.Comment == STRING
    input.Body.ResponseHeadersPolicyConfig.Name == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowOrigins.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowOrigins.Items[_] == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowHeaders.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowHeaders.Items[_] == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowMethods.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowMethods.Items[_] == enum_ResponseHeadersPolicyAccessControlAllowMethodsValues[_]
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowCredentials == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlExposeHeaders.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlExposeHeaders.Items[_] == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlMaxAgeSec == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.OriginOverride == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.Protection == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.ModeBlock == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.ReportUri == STRING
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.FrameOptions.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.FrameOptions.FrameOption == enum_FrameOptionsList[_]
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ReferrerPolicy.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ReferrerPolicy.ReferrerPolicy == enum_ReferrerPolicyList[_]
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ContentSecurityPolicy.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ContentSecurityPolicy.ContentSecurityPolicy == STRING
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ContentTypeOptions.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.IncludeSubdomains == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.Preload == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.AccessControlMaxAgeSec == INTEGER
    input.Body.ResponseHeadersPolicyConfig.ServerTimingHeadersConfig.Enabled == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.ServerTimingHeadersConfig.SamplingRate == DOUBLE
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Items[_].Header == STRING
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Items[_].Value == STRING
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Items[_].Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.RemoveHeadersConfig.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.RemoveHeadersConfig.Items[_].Header == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateStreamingDistribution

enum_PriceClass := [ "PriceClass_100", "PriceClass_200", "PriceClass_All" ]

valid {
    input.Body.StreamingDistributionConfig.CallerReference == STRING
    input.Body.StreamingDistributionConfig.S3Origin.DomainName == STRING
    input.Body.StreamingDistributionConfig.S3Origin.OriginAccessIdentity == STRING
    input.Body.StreamingDistributionConfig.Aliases.Quantity == INTEGER
    input.Body.StreamingDistributionConfig.Aliases.Items[_] == STRING
    input.Body.StreamingDistributionConfig.Comment == STRING
    input.Body.StreamingDistributionConfig.Logging.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfig.Logging.Bucket == STRING
    input.Body.StreamingDistributionConfig.Logging.Prefix == STRING
    input.Body.StreamingDistributionConfig.TrustedSigners.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfig.TrustedSigners.Quantity == INTEGER
    input.Body.StreamingDistributionConfig.TrustedSigners.Items[_] == STRING
    input.Body.StreamingDistributionConfig.PriceClass == enum_PriceClass[_]
    input.Body.StreamingDistributionConfig.Enabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateStreamingDistributionWithTags

enum_PriceClass := [ "PriceClass_100", "PriceClass_200", "PriceClass_All" ]

valid {
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.CallerReference == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.S3Origin.DomainName == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.S3Origin.OriginAccessIdentity == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Aliases.Quantity == INTEGER
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Aliases.Items[_] == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Comment == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Logging.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Logging.Bucket == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Logging.Prefix == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.TrustedSigners.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.TrustedSigners.Quantity == INTEGER
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.TrustedSigners.Items[_] == STRING
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.PriceClass == enum_PriceClass[_]
    input.Body.StreamingDistributionConfigWithTags.StreamingDistributionConfig.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfigWithTags.Tags.Items[_].Key == STRING
    input.Body.StreamingDistributionConfigWithTags.Tags.Items[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCachePolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCloudFrontOriginAccessIdentity

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteContinuousDeploymentPolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDistribution

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteFieldLevelEncryptionConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteFieldLevelEncryptionProfile

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteFunction

valid {
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteKeyGroup

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteKeyValueStore

valid {
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteMonitoringSubscription

valid {
    input.ReqMap.DistributionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOriginAccessControl

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOriginRequestPolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePublicKey

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRealtimeLogConfig

valid {
    input.Body.Name == STRING
    input.Body.ARN == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteResponseHeadersPolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteStreamingDistribution

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeFunction

enum_FunctionStage := [ "DEVELOPMENT", "LIVE" ]

valid {
    input.ReqMap.Name == STRING
    input.Qs.Stage == enum_FunctionStage[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeKeyValueStore

valid {
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCachePolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCachePolicyConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCloudFrontOriginAccessIdentity

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCloudFrontOriginAccessIdentityConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContinuousDeploymentPolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContinuousDeploymentPolicyConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDistribution

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDistributionConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFieldLevelEncryption

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFieldLevelEncryptionConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFieldLevelEncryptionProfile

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFieldLevelEncryptionProfileConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFunction

enum_FunctionStage := [ "DEVELOPMENT", "LIVE" ]

valid {
    input.ReqMap.Name == STRING
    input.Qs.Stage == enum_FunctionStage[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInvalidation

valid {
    input.ReqMap.DistributionId == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetKeyGroup

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetKeyGroupConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMonitoringSubscription

valid {
    input.ReqMap.DistributionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOriginAccessControl

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOriginAccessControlConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOriginRequestPolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOriginRequestPolicyConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPublicKey

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPublicKeyConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRealtimeLogConfig

valid {
    input.Body.Name == STRING
    input.Body.ARN == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResponseHeadersPolicy

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResponseHeadersPolicyConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetStreamingDistribution

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetStreamingDistributionConfig

valid {
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCachePolicies

enum_CachePolicyType := [ "managed", "custom" ]

valid {
    input.Qs.Type == enum_CachePolicyType[_]
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCloudFrontOriginAccessIdentities

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListConflictingAliases

valid {
    input.Qs.DistributionId == STRING
    input.Qs.Alias == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListContinuousDeploymentPolicies

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributions

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributionsByCachePolicyId

valid {
    input.ReqMap.CachePolicyId == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributionsByKeyGroup

valid {
    input.ReqMap.KeyGroupId == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributionsByOriginRequestPolicyId

valid {
    input.ReqMap.OriginRequestPolicyId == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributionsByRealtimeLogConfig

valid {
    input.Body.Marker == STRING
    input.Body.MaxItems == STRING
    input.Body.RealtimeLogConfigName == STRING
    input.Body.RealtimeLogConfigArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributionsByResponseHeadersPolicyId

valid {
    input.ReqMap.ResponseHeadersPolicyId == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDistributionsByWebACLId

valid {
    input.ReqMap.WebACLId == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFieldLevelEncryptionConfigs

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFieldLevelEncryptionProfiles

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFunctions

enum_FunctionStage := [ "DEVELOPMENT", "LIVE" ]

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.Qs.Stage == enum_FunctionStage[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInvalidations

valid {
    input.ReqMap.DistributionId == STRING
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListKeyGroups

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListKeyValueStores

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.Qs.Status == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOriginAccessControls

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOriginRequestPolicies

enum_OriginRequestPolicyType := [ "managed", "custom" ]

valid {
    input.Qs.Type == enum_OriginRequestPolicyType[_]
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPublicKeys

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRealtimeLogConfigs

valid {
    input.Qs.MaxItems == STRING
    input.Qs.Marker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResponseHeadersPolicies

enum_ResponseHeadersPolicyType := [ "managed", "custom" ]

valid {
    input.Qs.Type == enum_ResponseHeadersPolicyType[_]
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListStreamingDistributions

valid {
    input.Qs.Marker == STRING
    input.Qs.MaxItems == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Qs.Resource == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PublishFunction

valid {
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.Tags.Items[_].Key == STRING
    input.Body.Tags.Items[_].Value == STRING
    input.Qs.Resource == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TestFunction

enum_FunctionStage := [ "DEVELOPMENT", "LIVE" ]

valid {
    input.Body.Stage == enum_FunctionStage[_]
    input.Body.EventObject == BLOB
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.TagKeys.Items[_] == STRING
    input.Qs.Resource == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCachePolicy

enum_CachePolicyCookieBehavior := [ "none", "whitelist", "allExcept", "all" ]
enum_CachePolicyHeaderBehavior := [ "none", "whitelist" ]
enum_CachePolicyQueryStringBehavior := [ "none", "whitelist", "allExcept", "all" ]

valid {
    input.Body.CachePolicyConfig.Comment == STRING
    input.Body.CachePolicyConfig.Name == STRING
    input.Body.CachePolicyConfig.DefaultTTL == LONG
    input.Body.CachePolicyConfig.MaxTTL == LONG
    input.Body.CachePolicyConfig.MinTTL == LONG
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.EnableAcceptEncodingGzip == BOOLEAN
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.EnableAcceptEncodingBrotli == BOOLEAN
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.HeaderBehavior == enum_CachePolicyHeaderBehavior[_]
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.Headers.Quantity == INTEGER
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.Headers.Items[_] == STRING
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.CookiesConfig.CookieBehavior == enum_CachePolicyCookieBehavior[_]
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.CookiesConfig.Cookies.Quantity == INTEGER
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.CookiesConfig.Cookies.Items[_] == STRING
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.QueryStringsConfig.QueryStringBehavior == enum_CachePolicyQueryStringBehavior[_]
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.QueryStringsConfig.QueryStrings.Quantity == INTEGER
    input.Body.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.QueryStringsConfig.QueryStrings.Items[_] == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCloudFrontOriginAccessIdentity

valid {
    input.Body.CloudFrontOriginAccessIdentityConfig.CallerReference == STRING
    input.Body.CloudFrontOriginAccessIdentityConfig.Comment == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateContinuousDeploymentPolicy

enum_ContinuousDeploymentPolicyType := [ "SingleWeight", "SingleHeader" ]

valid {
    input.Body.ContinuousDeploymentPolicyConfig.StagingDistributionDnsNames.Quantity == INTEGER
    input.Body.ContinuousDeploymentPolicyConfig.StagingDistributionDnsNames.Items[_] == STRING
    input.Body.ContinuousDeploymentPolicyConfig.Enabled == BOOLEAN
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleWeightConfig.Weight == FLOAT
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleWeightConfig.SessionStickinessConfig.IdleTTL == INTEGER
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleWeightConfig.SessionStickinessConfig.MaximumTTL == INTEGER
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleHeaderConfig.Header == STRING
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.SingleHeaderConfig.Value == STRING
    input.Body.ContinuousDeploymentPolicyConfig.TrafficConfig.Type == enum_ContinuousDeploymentPolicyType[_]
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDistribution

enum_CertificateSource := [ "cloudfront", "iam", "acm" ]
enum_EventType := [ "viewer-request", "viewer-response", "origin-request", "origin-response" ]
enum_GeoRestrictionType := [ "blacklist", "whitelist", "none" ]
enum_HttpVersion := [ "http1.1", "http2", "http3", "http2and3" ]
enum_ItemSelection := [ "none", "whitelist", "all" ]
enum_Method := [ "GET", "HEAD", "POST", "PUT", "PATCH", "OPTIONS", "DELETE" ]
enum_MinimumProtocolVersion := [ "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021" ]
enum_OriginProtocolPolicy := [ "http-only", "match-viewer", "https-only" ]
enum_PriceClass := [ "PriceClass_100", "PriceClass_200", "PriceClass_All" ]
enum_SSLSupportMethod := [ "sni-only", "vip", "static-ip" ]
enum_SslProtocol := [ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" ]
enum_ViewerProtocolPolicy := [ "allow-all", "https-only", "redirect-to-https" ]

valid {
    input.Body.DistributionConfig.CallerReference == STRING
    input.Body.DistributionConfig.Aliases.Quantity == INTEGER
    input.Body.DistributionConfig.Aliases.Items[_] == STRING
    input.Body.DistributionConfig.DefaultRootObject == STRING
    input.Body.DistributionConfig.Origins.Quantity == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].Id == STRING
    input.Body.DistributionConfig.Origins.Items[_].DomainName == STRING
    input.Body.DistributionConfig.Origins.Items[_].OriginPath == STRING
    input.Body.DistributionConfig.Origins.Items[_].CustomHeaders.Quantity == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomHeaders.Items[_].HeaderName == STRING
    input.Body.DistributionConfig.Origins.Items[_].CustomHeaders.Items[_].HeaderValue == STRING
    input.Body.DistributionConfig.Origins.Items[_].S3OriginConfig.OriginAccessIdentity == STRING
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.HTTPPort == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.HTTPSPort == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginProtocolPolicy == enum_OriginProtocolPolicy[_]
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginSslProtocols.Quantity == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginSslProtocols.Items[_] == enum_SslProtocol[_]
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginReadTimeout == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].CustomOriginConfig.OriginKeepaliveTimeout == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].ConnectionAttempts == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].ConnectionTimeout == INTEGER
    input.Body.DistributionConfig.Origins.Items[_].OriginShield.Enabled == BOOLEAN
    input.Body.DistributionConfig.Origins.Items[_].OriginShield.OriginShieldRegion == STRING
    input.Body.DistributionConfig.Origins.Items[_].OriginAccessControlId == STRING
    input.Body.DistributionConfig.OriginGroups.Quantity == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].Id == STRING
    input.Body.DistributionConfig.OriginGroups.Items[_].FailoverCriteria.StatusCodes.Quantity == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].FailoverCriteria.StatusCodes.Items[_] == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].Members.Quantity == INTEGER
    input.Body.DistributionConfig.OriginGroups.Items[_].Members.Items[_].OriginId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.TargetOriginId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Enabled == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedSigners.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Enabled == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.TrustedKeyGroups.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ViewerProtocolPolicy == enum_ViewerProtocolPolicy[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.CachedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.AllowedMethods.CachedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.SmoothStreaming == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.Compress == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].LambdaFunctionARN == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.LambdaFunctionAssociations.Items[_].IncludeBody == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Items[_].FunctionARN == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.FunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.FieldLevelEncryptionId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.RealtimeLogConfigArn == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.CachePolicyId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.OriginRequestPolicyId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ResponseHeadersPolicyId == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryString == BOOLEAN
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.Forward == enum_ItemSelection[_]
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Headers.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.Headers.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryStringCacheKeys.Quantity == INTEGER
    input.Body.DistributionConfig.DefaultCacheBehavior.ForwardedValues.QueryStringCacheKeys.Items[_] == STRING
    input.Body.DistributionConfig.DefaultCacheBehavior.MinTTL == LONG
    input.Body.DistributionConfig.DefaultCacheBehavior.DefaultTTL == LONG
    input.Body.DistributionConfig.DefaultCacheBehavior.MaxTTL == LONG
    input.Body.DistributionConfig.CacheBehaviors.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].PathPattern == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TargetOriginId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Enabled == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedSigners.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Enabled == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].TrustedKeyGroups.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ViewerProtocolPolicy == enum_ViewerProtocolPolicy[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.CachedMethods.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].AllowedMethods.CachedMethods.Items[_] == enum_Method[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].SmoothStreaming == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].Compress == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].LambdaFunctionARN == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].LambdaFunctionAssociations.Items[_].IncludeBody == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Items[_].FunctionARN == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FunctionAssociations.Items[_].EventType == enum_EventType[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].FieldLevelEncryptionId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].RealtimeLogConfigArn == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].CachePolicyId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].OriginRequestPolicyId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ResponseHeadersPolicyId == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryString == BOOLEAN
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.Forward == enum_ItemSelection[_]
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.WhitelistedNames.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Cookies.WhitelistedNames.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Headers.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.Headers.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryStringCacheKeys.Quantity == INTEGER
    input.Body.DistributionConfig.CacheBehaviors.Items[_].ForwardedValues.QueryStringCacheKeys.Items[_] == STRING
    input.Body.DistributionConfig.CacheBehaviors.Items[_].MinTTL == LONG
    input.Body.DistributionConfig.CacheBehaviors.Items[_].DefaultTTL == LONG
    input.Body.DistributionConfig.CacheBehaviors.Items[_].MaxTTL == LONG
    input.Body.DistributionConfig.CustomErrorResponses.Quantity == INTEGER
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ErrorCode == INTEGER
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ResponsePagePath == STRING
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ResponseCode == STRING
    input.Body.DistributionConfig.CustomErrorResponses.Items[_].ErrorCachingMinTTL == LONG
    input.Body.DistributionConfig.Comment == STRING
    input.Body.DistributionConfig.Logging.Enabled == BOOLEAN
    input.Body.DistributionConfig.Logging.IncludeCookies == BOOLEAN
    input.Body.DistributionConfig.Logging.Bucket == STRING
    input.Body.DistributionConfig.Logging.Prefix == STRING
    input.Body.DistributionConfig.PriceClass == enum_PriceClass[_]
    input.Body.DistributionConfig.Enabled == BOOLEAN
    input.Body.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate == BOOLEAN
    input.Body.DistributionConfig.ViewerCertificate.IAMCertificateId == STRING
    input.Body.DistributionConfig.ViewerCertificate.ACMCertificateArn == STRING
    input.Body.DistributionConfig.ViewerCertificate.SSLSupportMethod == enum_SSLSupportMethod[_]
    input.Body.DistributionConfig.ViewerCertificate.MinimumProtocolVersion == enum_MinimumProtocolVersion[_]
    input.Body.DistributionConfig.ViewerCertificate.Certificate == STRING
    input.Body.DistributionConfig.ViewerCertificate.CertificateSource == enum_CertificateSource[_]
    input.Body.DistributionConfig.Restrictions.GeoRestriction.RestrictionType == enum_GeoRestrictionType[_]
    input.Body.DistributionConfig.Restrictions.GeoRestriction.Quantity == INTEGER
    input.Body.DistributionConfig.Restrictions.GeoRestriction.Items[_] == STRING
    input.Body.DistributionConfig.WebACLId == STRING
    input.Body.DistributionConfig.HttpVersion == enum_HttpVersion[_]
    input.Body.DistributionConfig.IsIPV6Enabled == BOOLEAN
    input.Body.DistributionConfig.ContinuousDeploymentPolicyId == STRING
    input.Body.DistributionConfig.Staging == BOOLEAN
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDistributionWithStagingConfig

valid {
    input.ReqMap.Id == STRING
    input.Qs.StagingDistributionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateFieldLevelEncryptionConfig

enum_Format := [ "URLEncoded" ]

valid {
    input.Body.FieldLevelEncryptionConfig.CallerReference == STRING
    input.Body.FieldLevelEncryptionConfig.Comment == STRING
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.ForwardWhenQueryArgProfileIsUnknown == BOOLEAN
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.QueryArgProfiles.Quantity == INTEGER
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.QueryArgProfiles.Items[_].QueryArg == STRING
    input.Body.FieldLevelEncryptionConfig.QueryArgProfileConfig.QueryArgProfiles.Items[_].ProfileId == STRING
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ForwardWhenContentTypeIsUnknown == BOOLEAN
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Quantity == INTEGER
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Items[_].Format == enum_Format[_]
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Items[_].ProfileId == STRING
    input.Body.FieldLevelEncryptionConfig.ContentTypeProfileConfig.ContentTypeProfiles.Items[_].ContentType == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateFieldLevelEncryptionProfile

valid {
    input.Body.FieldLevelEncryptionProfileConfig.Name == STRING
    input.Body.FieldLevelEncryptionProfileConfig.CallerReference == STRING
    input.Body.FieldLevelEncryptionProfileConfig.Comment == STRING
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Quantity == INTEGER
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].PublicKeyId == STRING
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].ProviderId == STRING
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].FieldPatterns.Quantity == INTEGER
    input.Body.FieldLevelEncryptionProfileConfig.EncryptionEntities.Items[_].FieldPatterns.Items[_] == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateFunction

enum_FunctionRuntime := [ "cloudfront-js-1.0", "cloudfront-js-2.0" ]

valid {
    input.Body.FunctionConfig.Comment == STRING
    input.Body.FunctionConfig.Runtime == enum_FunctionRuntime[_]
    input.Body.FunctionConfig.KeyValueStoreAssociations.Quantity == INTEGER
    input.Body.FunctionConfig.KeyValueStoreAssociations.Items[_].KeyValueStoreARN == STRING
    input.Body.FunctionCode == BLOB
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateKeyGroup

valid {
    input.Body.KeyGroupConfig.Name == STRING
    input.Body.KeyGroupConfig.Items[_] == STRING
    input.Body.KeyGroupConfig.Comment == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateKeyValueStore

valid {
    input.Body.Comment == STRING
    input.ReqMap.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOriginAccessControl

enum_OriginAccessControlOriginTypes := [ "s3", "mediastore" ]
enum_OriginAccessControlSigningBehaviors := [ "never", "always", "no-override" ]
enum_OriginAccessControlSigningProtocols := [ "sigv4" ]

valid {
    input.Body.OriginAccessControlConfig.Name == STRING
    input.Body.OriginAccessControlConfig.Description == STRING
    input.Body.OriginAccessControlConfig.SigningProtocol == enum_OriginAccessControlSigningProtocols[_]
    input.Body.OriginAccessControlConfig.SigningBehavior == enum_OriginAccessControlSigningBehaviors[_]
    input.Body.OriginAccessControlConfig.OriginAccessControlOriginType == enum_OriginAccessControlOriginTypes[_]
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOriginRequestPolicy

enum_OriginRequestPolicyCookieBehavior := [ "none", "whitelist", "all", "allExcept" ]
enum_OriginRequestPolicyHeaderBehavior := [ "none", "whitelist", "allViewer", "allViewerAndWhitelistCloudFront", "allExcept" ]
enum_OriginRequestPolicyQueryStringBehavior := [ "none", "whitelist", "all", "allExcept" ]

valid {
    input.Body.OriginRequestPolicyConfig.Comment == STRING
    input.Body.OriginRequestPolicyConfig.Name == STRING
    input.Body.OriginRequestPolicyConfig.HeadersConfig.HeaderBehavior == enum_OriginRequestPolicyHeaderBehavior[_]
    input.Body.OriginRequestPolicyConfig.HeadersConfig.Headers.Quantity == INTEGER
    input.Body.OriginRequestPolicyConfig.HeadersConfig.Headers.Items[_] == STRING
    input.Body.OriginRequestPolicyConfig.CookiesConfig.CookieBehavior == enum_OriginRequestPolicyCookieBehavior[_]
    input.Body.OriginRequestPolicyConfig.CookiesConfig.Cookies.Quantity == INTEGER
    input.Body.OriginRequestPolicyConfig.CookiesConfig.Cookies.Items[_] == STRING
    input.Body.OriginRequestPolicyConfig.QueryStringsConfig.QueryStringBehavior == enum_OriginRequestPolicyQueryStringBehavior[_]
    input.Body.OriginRequestPolicyConfig.QueryStringsConfig.QueryStrings.Quantity == INTEGER
    input.Body.OriginRequestPolicyConfig.QueryStringsConfig.QueryStrings.Items[_] == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePublicKey

valid {
    input.Body.PublicKeyConfig.CallerReference == STRING
    input.Body.PublicKeyConfig.Name == STRING
    input.Body.PublicKeyConfig.EncodedKey == STRING
    input.Body.PublicKeyConfig.Comment == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRealtimeLogConfig

valid {
    input.Body.EndPoints[_].StreamType == STRING
    input.Body.EndPoints[_].KinesisStreamConfig.RoleARN == STRING
    input.Body.EndPoints[_].KinesisStreamConfig.StreamARN == STRING
    input.Body.Fields[_] == STRING
    input.Body.Name == STRING
    input.Body.ARN == STRING
    input.Body.SamplingRate == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateResponseHeadersPolicy

enum_FrameOptionsList := [ "DENY", "SAMEORIGIN" ]
enum_ReferrerPolicyList := [ "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-cross-origin", "same-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url" ]
enum_ResponseHeadersPolicyAccessControlAllowMethodsValues := [ "GET", "POST", "OPTIONS", "PUT", "DELETE", "PATCH", "HEAD", "ALL" ]

valid {
    input.Body.ResponseHeadersPolicyConfig.Comment == STRING
    input.Body.ResponseHeadersPolicyConfig.Name == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowOrigins.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowOrigins.Items[_] == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowHeaders.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowHeaders.Items[_] == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowMethods.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowMethods.Items[_] == enum_ResponseHeadersPolicyAccessControlAllowMethodsValues[_]
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlAllowCredentials == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlExposeHeaders.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlExposeHeaders.Items[_] == STRING
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.AccessControlMaxAgeSec == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CorsConfig.OriginOverride == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.Protection == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.ModeBlock == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.XSSProtection.ReportUri == STRING
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.FrameOptions.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.FrameOptions.FrameOption == enum_FrameOptionsList[_]
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ReferrerPolicy.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ReferrerPolicy.ReferrerPolicy == enum_ReferrerPolicyList[_]
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ContentSecurityPolicy.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ContentSecurityPolicy.ContentSecurityPolicy == STRING
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.ContentTypeOptions.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.IncludeSubdomains == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.Preload == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.SecurityHeadersConfig.StrictTransportSecurity.AccessControlMaxAgeSec == INTEGER
    input.Body.ResponseHeadersPolicyConfig.ServerTimingHeadersConfig.Enabled == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.ServerTimingHeadersConfig.SamplingRate == DOUBLE
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Items[_].Header == STRING
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Items[_].Value == STRING
    input.Body.ResponseHeadersPolicyConfig.CustomHeadersConfig.Items[_].Override == BOOLEAN
    input.Body.ResponseHeadersPolicyConfig.RemoveHeadersConfig.Quantity == INTEGER
    input.Body.ResponseHeadersPolicyConfig.RemoveHeadersConfig.Items[_].Header == STRING
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateStreamingDistribution

enum_PriceClass := [ "PriceClass_100", "PriceClass_200", "PriceClass_All" ]

valid {
    input.Body.StreamingDistributionConfig.CallerReference == STRING
    input.Body.StreamingDistributionConfig.S3Origin.DomainName == STRING
    input.Body.StreamingDistributionConfig.S3Origin.OriginAccessIdentity == STRING
    input.Body.StreamingDistributionConfig.Aliases.Quantity == INTEGER
    input.Body.StreamingDistributionConfig.Aliases.Items[_] == STRING
    input.Body.StreamingDistributionConfig.Comment == STRING
    input.Body.StreamingDistributionConfig.Logging.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfig.Logging.Bucket == STRING
    input.Body.StreamingDistributionConfig.Logging.Prefix == STRING
    input.Body.StreamingDistributionConfig.TrustedSigners.Enabled == BOOLEAN
    input.Body.StreamingDistributionConfig.TrustedSigners.Quantity == INTEGER
    input.Body.StreamingDistributionConfig.TrustedSigners.Items[_] == STRING
    input.Body.StreamingDistributionConfig.PriceClass == enum_PriceClass[_]
    input.Body.StreamingDistributionConfig.Enabled == BOOLEAN
    input.ReqMap.Id == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}