Guides

DS

docs.aws.amazon.com
AWS documentation

AcceptSharedDirectory

valid {
    input.Body.SharedDirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddIpRoutes

valid {
    input.Body.DirectoryId == STRING
    input.Body.IpRoutes[_].CidrIp == STRING
    input.Body.IpRoutes[_].CidrIpv6 == STRING
    input.Body.IpRoutes[_].Description == STRING
    input.Body.UpdateSecurityGroupForDirectoryControllers == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddRegion

valid {
    input.Body.DirectoryId == STRING
    input.Body.RegionName == STRING
    input.Body.VPCSettings.VpcId == STRING
    input.Body.VPCSettings.SubnetIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddTagsToResource

valid {
    input.Body.ResourceId == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelSchemaExtension

valid {
    input.Body.DirectoryId == STRING
    input.Body.SchemaExtensionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ConnectDirectory

enum_DirectorySize := [ "Small", "Large" ]
enum_NetworkType := [ "Dual-stack", "IPv4", "IPv6" ]

valid {
    input.Body.Name == STRING
    input.Body.ShortName == STRING
    input.Body.Password == STRING
    input.Body.Description == STRING
    input.Body.Size == enum_DirectorySize[_]
    input.Body.ConnectSettings.VpcId == STRING
    input.Body.ConnectSettings.SubnetIds[_] == STRING
    input.Body.ConnectSettings.CustomerDnsIps[_] == STRING
    input.Body.ConnectSettings.CustomerDnsIpsV6[_] == STRING
    input.Body.ConnectSettings.CustomerUserName == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.NetworkType == enum_NetworkType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAlias

valid {
    input.Body.DirectoryId == STRING
    input.Body.Alias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateComputer

valid {
    input.Body.DirectoryId == STRING
    input.Body.ComputerName == STRING
    input.Body.Password == STRING
    input.Body.OrganizationalUnitDistinguishedName == STRING
    input.Body.ComputerAttributes[_].Name == STRING
    input.Body.ComputerAttributes[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateConditionalForwarder

valid {
    input.Body.DirectoryId == STRING
    input.Body.RemoteDomainName == STRING
    input.Body.DnsIpAddrs[_] == STRING
    input.Body.DnsIpv6Addrs[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDirectory

enum_DirectorySize := [ "Small", "Large" ]
enum_NetworkType := [ "Dual-stack", "IPv4", "IPv6" ]

valid {
    input.Body.Name == STRING
    input.Body.ShortName == STRING
    input.Body.Password == STRING
    input.Body.Description == STRING
    input.Body.Size == enum_DirectorySize[_]
    input.Body.VpcSettings.VpcId == STRING
    input.Body.VpcSettings.SubnetIds[_] == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.NetworkType == enum_NetworkType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateHybridAD

valid {
    input.Body.SecretArn == STRING
    input.Body.AssessmentId == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateLogSubscription

valid {
    input.Body.DirectoryId == STRING
    input.Body.LogGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateMicrosoftAD

enum_DirectoryEdition := [ "Enterprise", "Standard", "Hybrid" ]
enum_NetworkType := [ "Dual-stack", "IPv4", "IPv6" ]

valid {
    input.Body.Name == STRING
    input.Body.ShortName == STRING
    input.Body.Password == STRING
    input.Body.Description == STRING
    input.Body.VpcSettings.VpcId == STRING
    input.Body.VpcSettings.SubnetIds[_] == STRING
    input.Body.Edition == enum_DirectoryEdition[_]
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.NetworkType == enum_NetworkType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSnapshot

valid {
    input.Body.DirectoryId == STRING
    input.Body.Name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateTrust

enum_SelectiveAuth := [ "Enabled", "Disabled" ]
enum_TrustDirection := [ "One-Way: Outgoing", "One-Way: Incoming", "Two-Way" ]
enum_TrustType := [ "Forest", "External" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.RemoteDomainName == STRING
    input.Body.TrustPassword == STRING
    input.Body.TrustDirection == enum_TrustDirection[_]
    input.Body.TrustType == enum_TrustType[_]
    input.Body.ConditionalForwarderIpAddrs[_] == STRING
    input.Body.ConditionalForwarderIpv6Addrs[_] == STRING
    input.Body.SelectiveAuth == enum_SelectiveAuth[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteADAssessment

valid {
    input.Body.AssessmentId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteConditionalForwarder

valid {
    input.Body.DirectoryId == STRING
    input.Body.RemoteDomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDirectory

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteLogSubscription

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSnapshot

valid {
    input.Body.SnapshotId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteTrust

valid {
    input.Body.TrustId == STRING
    input.Body.DeleteAssociatedConditionalForwarder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterCertificate

valid {
    input.Body.DirectoryId == STRING
    input.Body.CertificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterEventTopic

valid {
    input.Body.DirectoryId == STRING
    input.Body.TopicName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeADAssessment

valid {
    input.Body.AssessmentId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCAEnrollmentPolicy

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCertificate

valid {
    input.Body.DirectoryId == STRING
    input.Body.CertificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeClientAuthenticationSettings

enum_ClientAuthenticationType := [ "SmartCard", "SmartCardOrPassword" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Type == enum_ClientAuthenticationType[_]
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeConditionalForwarders

valid {
    input.Body.DirectoryId == STRING
    input.Body.RemoteDomainNames[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDirectories

valid {
    input.Body.DirectoryIds[_] == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDirectoryDataAccess

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainControllers

valid {
    input.Body.DirectoryId == STRING
    input.Body.DomainControllerIds[_] == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEventTopics

valid {
    input.Body.DirectoryId == STRING
    input.Body.TopicNames[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeHybridADUpdate

enum_HybridUpdateType := [ "SelfManagedInstances", "HybridAdministratorAccount" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.UpdateType == enum_HybridUpdateType[_]
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeLDAPSSettings

enum_LDAPSType := [ "Client" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Type == enum_LDAPSType[_]
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeRegions

valid {
    input.Body.DirectoryId == STRING
    input.Body.RegionName == STRING
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeSettings

enum_DirectoryConfigurationStatus := [ "Requested", "Updating", "Updated", "Failed", "Default" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Status == enum_DirectoryConfigurationStatus[_]
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeSharedDirectories

valid {
    input.Body.OwnerDirectoryId == STRING
    input.Body.SharedDirectoryIds[_] == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeSnapshots

valid {
    input.Body.DirectoryId == STRING
    input.Body.SnapshotIds[_] == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTrusts

valid {
    input.Body.DirectoryId == STRING
    input.Body.TrustIds[_] == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeUpdateDirectory

enum_UpdateType := [ "OS", "NETWORK", "SIZE" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.UpdateType == enum_UpdateType[_]
    input.Body.RegionName == STRING
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableCAEnrollmentPolicy

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableClientAuthentication

enum_ClientAuthenticationType := [ "SmartCard", "SmartCardOrPassword" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Type == enum_ClientAuthenticationType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableDirectoryDataAccess

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableLDAPS

enum_LDAPSType := [ "Client" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Type == enum_LDAPSType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableRadius

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableSso

valid {
    input.Body.DirectoryId == STRING
    input.Body.UserName == STRING
    input.Body.Password == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableCAEnrollmentPolicy

valid {
    input.Body.DirectoryId == STRING
    input.Body.PcaConnectorArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableClientAuthentication

enum_ClientAuthenticationType := [ "SmartCard", "SmartCardOrPassword" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Type == enum_ClientAuthenticationType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableDirectoryDataAccess

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableLDAPS

enum_LDAPSType := [ "Client" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.Type == enum_LDAPSType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableRadius

enum_RadiusAuthenticationProtocol := [ "PAP", "CHAP", "MS-CHAPv1", "MS-CHAPv2" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.RadiusSettings.RadiusServers[_] == STRING
    input.Body.RadiusSettings.RadiusServersIpv6[_] == STRING
    input.Body.RadiusSettings.RadiusPort == INTEGER
    input.Body.RadiusSettings.RadiusTimeout == INTEGER
    input.Body.RadiusSettings.RadiusRetries == INTEGER
    input.Body.RadiusSettings.SharedSecret == STRING
    input.Body.RadiusSettings.AuthenticationProtocol == enum_RadiusAuthenticationProtocol[_]
    input.Body.RadiusSettings.DisplayLabel == STRING
    input.Body.RadiusSettings.UseSameUsername == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableSso

valid {
    input.Body.DirectoryId == STRING
    input.Body.UserName == STRING
    input.Body.Password == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDirectoryLimits

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSnapshotLimits

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListADAssessments

valid {
    input.Body.DirectoryId == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCertificates

valid {
    input.Body.DirectoryId == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIpRoutes

valid {
    input.Body.DirectoryId == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListLogSubscriptions

valid {
    input.Body.DirectoryId == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSchemaExtensions

valid {
    input.Body.DirectoryId == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Body.ResourceId == STRING
    input.Body.NextToken == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterCertificate

enum_CertificateType := [ "ClientCertAuth", "ClientLDAPS" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.CertificateData == STRING
    input.Body.Type == enum_CertificateType[_]
    input.Body.ClientCertAuthSettings.OCSPUrl == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterEventTopic

valid {
    input.Body.DirectoryId == STRING
    input.Body.TopicName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RejectSharedDirectory

valid {
    input.Body.SharedDirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveIpRoutes

valid {
    input.Body.DirectoryId == STRING
    input.Body.CidrIps[_] == STRING
    input.Body.CidrIpv6s[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveRegion

valid {
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveTagsFromResource

valid {
    input.Body.ResourceId == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ResetUserPassword

valid {
    input.Body.DirectoryId == STRING
    input.Body.UserName == STRING
    input.Body.NewPassword == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RestoreFromSnapshot

valid {
    input.Body.SnapshotId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ShareDirectory

enum_ShareMethod := [ "ORGANIZATIONS", "HANDSHAKE" ]
enum_TargetType := [ "ACCOUNT" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.ShareNotes == STRING
    input.Body.ShareTarget.Id == STRING
    input.Body.ShareTarget.Type == enum_TargetType[_]
    input.Body.ShareMethod == enum_ShareMethod[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartADAssessment

valid {
    input.Body.AssessmentConfiguration.CustomerDnsIps[_] == STRING
    input.Body.AssessmentConfiguration.DnsName == STRING
    input.Body.AssessmentConfiguration.VpcSettings.VpcId == STRING
    input.Body.AssessmentConfiguration.VpcSettings.SubnetIds[_] == STRING
    input.Body.AssessmentConfiguration.InstanceIds[_] == STRING
    input.Body.AssessmentConfiguration.SecurityGroupIds[_] == STRING
    input.Body.DirectoryId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartSchemaExtension

valid {
    input.Body.DirectoryId == STRING
    input.Body.CreateSnapshotBeforeSchemaExtension == BOOLEAN
    input.Body.LdifContent == STRING
    input.Body.Description == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UnshareDirectory

enum_TargetType := [ "ACCOUNT" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.UnshareTarget.Id == STRING
    input.Body.UnshareTarget.Type == enum_TargetType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateConditionalForwarder

valid {
    input.Body.DirectoryId == STRING
    input.Body.RemoteDomainName == STRING
    input.Body.DnsIpAddrs[_] == STRING
    input.Body.DnsIpv6Addrs[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDirectorySetup

enum_DirectorySize := [ "Small", "Large" ]
enum_NetworkType := [ "Dual-stack", "IPv4", "IPv6" ]
enum_OSVersion := [ "SERVER_2012", "SERVER_2019" ]
enum_UpdateType := [ "OS", "NETWORK", "SIZE" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.UpdateType == enum_UpdateType[_]
    input.Body.OSUpdateSettings.OSVersion == enum_OSVersion[_]
    input.Body.DirectorySizeUpdateSettings.DirectorySize == enum_DirectorySize[_]
    input.Body.NetworkUpdateSettings.NetworkType == enum_NetworkType[_]
    input.Body.NetworkUpdateSettings.CustomerDnsIpsV6[_] == STRING
    input.Body.CreateSnapshotBeforeUpdate == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateHybridAD

valid {
    input.Body.DirectoryId == STRING
    input.Body.HybridAdministratorAccountUpdate.SecretArn == STRING
    input.Body.SelfManagedInstancesSettings.CustomerDnsIps[_] == STRING
    input.Body.SelfManagedInstancesSettings.InstanceIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateNumberOfDomainControllers

valid {
    input.Body.DirectoryId == STRING
    input.Body.DesiredNumber == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRadius

enum_RadiusAuthenticationProtocol := [ "PAP", "CHAP", "MS-CHAPv1", "MS-CHAPv2" ]

valid {
    input.Body.DirectoryId == STRING
    input.Body.RadiusSettings.RadiusServers[_] == STRING
    input.Body.RadiusSettings.RadiusServersIpv6[_] == STRING
    input.Body.RadiusSettings.RadiusPort == INTEGER
    input.Body.RadiusSettings.RadiusTimeout == INTEGER
    input.Body.RadiusSettings.RadiusRetries == INTEGER
    input.Body.RadiusSettings.SharedSecret == STRING
    input.Body.RadiusSettings.AuthenticationProtocol == enum_RadiusAuthenticationProtocol[_]
    input.Body.RadiusSettings.DisplayLabel == STRING
    input.Body.RadiusSettings.UseSameUsername == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSettings

valid {
    input.Body.DirectoryId == STRING
    input.Body.Settings[_].Name == STRING
    input.Body.Settings[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateTrust

enum_SelectiveAuth := [ "Enabled", "Disabled" ]

valid {
    input.Body.TrustId == STRING
    input.Body.SelectiveAuth == enum_SelectiveAuth[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

VerifyTrust

valid {
    input.Body.TrustId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}