ELASTICLOADBALANCINGV2

AddListenerCertificates

valid {
    input.Body.ListenerArn == STRING
    input.Body.Certificates[_].CertificateArn == STRING
    input.Body.Certificates[_].IsDefault == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddTags

valid {
    input.Body.ResourceArns[_] == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddTrustStoreRevocations

enum_RevocationType := [ "CRL" ]

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.RevocationContents[_].S3Bucket == STRING
    input.Body.RevocationContents[_].S3Key == STRING
    input.Body.RevocationContents[_].S3ObjectVersion == STRING
    input.Body.RevocationContents[_].RevocationType == enum_RevocationType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateListener

enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]
enum_TrustStoreAssociationStatusEnum := [ "active", "removed" ]

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.Protocol == enum_ProtocolEnum[_]
    input.Body.Port == INTEGER
    input.Body.SslPolicy == STRING
    input.Body.Certificates[_].CertificateArn == STRING
    input.Body.Certificates[_].IsDefault == BOOLEAN
    input.Body.DefaultActions[_].Type == enum_ActionTypeEnum[_]
    input.Body.DefaultActions[_].TargetGroupArn == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.Issuer == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientId == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientSecret == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionCookieName == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.Scope == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionTimeout == LONG
    input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
    input.Body.DefaultActions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.Scope == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
    input.Body.DefaultActions[_].Order == INTEGER
    input.Body.DefaultActions[_].RedirectConfig.Protocol == STRING
    input.Body.DefaultActions[_].RedirectConfig.Port == STRING
    input.Body.DefaultActions[_].RedirectConfig.Host == STRING
    input.Body.DefaultActions[_].RedirectConfig.Path == STRING
    input.Body.DefaultActions[_].RedirectConfig.Query == STRING
    input.Body.DefaultActions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
    input.Body.DefaultActions[_].FixedResponseConfig.MessageBody == STRING
    input.Body.DefaultActions[_].FixedResponseConfig.StatusCode == STRING
    input.Body.DefaultActions[_].FixedResponseConfig.ContentType == STRING
    input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
    input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
    input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
    input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
    input.Body.AlpnPolicy[_] == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.MutualAuthentication.Mode == STRING
    input.Body.MutualAuthentication.TrustStoreArn == STRING
    input.Body.MutualAuthentication.IgnoreClientCertificateExpiry == BOOLEAN
    input.Body.MutualAuthentication.TrustStoreAssociationStatus == enum_TrustStoreAssociationStatusEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateLoadBalancer

enum_EnablePrefixForIpv6SourceNatEnum := [ "on", "off" ]
enum_IpAddressType := [ "ipv4", "dualstack", "dualstack-without-public-ipv4" ]
enum_LoadBalancerSchemeEnum := [ "internet-facing", "internal" ]
enum_LoadBalancerTypeEnum := [ "application", "network", "gateway" ]

valid {
    input.Body.Name == STRING
    input.Body.Subnets[_] == STRING
    input.Body.SubnetMappings[_].SubnetId == STRING
    input.Body.SubnetMappings[_].AllocationId == STRING
    input.Body.SubnetMappings[_].PrivateIPv4Address == STRING
    input.Body.SubnetMappings[_].IPv6Address == STRING
    input.Body.SubnetMappings[_].SourceNatIpv6Prefix == STRING
    input.Body.SecurityGroups[_] == STRING
    input.Body.Scheme == enum_LoadBalancerSchemeEnum[_]
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.Type == enum_LoadBalancerTypeEnum[_]
    input.Body.IpAddressType == enum_IpAddressType[_]
    input.Body.CustomerOwnedIpv4Pool == STRING
    input.Body.EnablePrefixForIpv6SourceNat == enum_EnablePrefixForIpv6SourceNatEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRule

enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]

valid {
    input.Body.ListenerArn == STRING
    input.Body.Conditions[_].Field == STRING
    input.Body.Conditions[_].Values[_] == STRING
    input.Body.Conditions[_].HostHeaderConfig.Values[_] == STRING
    input.Body.Conditions[_].PathPatternConfig.Values[_] == STRING
    input.Body.Conditions[_].HttpHeaderConfig.HttpHeaderName == STRING
    input.Body.Conditions[_].HttpHeaderConfig.Values[_] == STRING
    input.Body.Conditions[_].QueryStringConfig.Values[_].Key == STRING
    input.Body.Conditions[_].QueryStringConfig.Values[_].Value == STRING
    input.Body.Conditions[_].HttpRequestMethodConfig.Values[_] == STRING
    input.Body.Conditions[_].SourceIpConfig.Values[_] == STRING
    input.Body.Priority == INTEGER
    input.Body.Actions[_].Type == enum_ActionTypeEnum[_]
    input.Body.Actions[_].TargetGroupArn == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.Issuer == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.ClientId == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.ClientSecret == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.SessionCookieName == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.Scope == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.SessionTimeout == LONG
    input.Body.Actions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
    input.Body.Actions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
    input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.Scope == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
    input.Body.Actions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
    input.Body.Actions[_].Order == INTEGER
    input.Body.Actions[_].RedirectConfig.Protocol == STRING
    input.Body.Actions[_].RedirectConfig.Port == STRING
    input.Body.Actions[_].RedirectConfig.Host == STRING
    input.Body.Actions[_].RedirectConfig.Path == STRING
    input.Body.Actions[_].RedirectConfig.Query == STRING
    input.Body.Actions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
    input.Body.Actions[_].FixedResponseConfig.MessageBody == STRING
    input.Body.Actions[_].FixedResponseConfig.StatusCode == STRING
    input.Body.Actions[_].FixedResponseConfig.ContentType == STRING
    input.Body.Actions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
    input.Body.Actions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
    input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
    input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateTargetGroup

enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
enum_TargetGroupIpAddressTypeEnum := [ "ipv4", "ipv6" ]
enum_TargetTypeEnum := [ "instance", "ip", "lambda", "alb" ]

valid {
    input.Body.Name == STRING
    input.Body.Protocol == enum_ProtocolEnum[_]
    input.Body.ProtocolVersion == STRING
    input.Body.Port == INTEGER
    input.Body.VpcId == STRING
    input.Body.HealthCheckProtocol == enum_ProtocolEnum[_]
    input.Body.HealthCheckPort == STRING
    input.Body.HealthCheckEnabled == BOOLEAN
    input.Body.HealthCheckPath == STRING
    input.Body.HealthCheckIntervalSeconds == INTEGER
    input.Body.HealthCheckTimeoutSeconds == INTEGER
    input.Body.HealthyThresholdCount == INTEGER
    input.Body.UnhealthyThresholdCount == INTEGER
    input.Body.Matcher.HttpCode == STRING
    input.Body.Matcher.GrpcCode == STRING
    input.Body.TargetType == enum_TargetTypeEnum[_]
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.IpAddressType == enum_TargetGroupIpAddressTypeEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateTrustStore

valid {
    input.Body.Name == STRING
    input.Body.CaCertificatesBundleS3Bucket == STRING
    input.Body.CaCertificatesBundleS3Key == STRING
    input.Body.CaCertificatesBundleS3ObjectVersion == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteListener

valid {
    input.Body.ListenerArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteLoadBalancer

valid {
    input.Body.LoadBalancerArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRule

valid {
    input.Body.RuleArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSharedTrustStoreAssociation

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteTargetGroup

valid {
    input.Body.TargetGroupArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteTrustStore

valid {
    input.Body.TrustStoreArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeregisterTargets

valid {
    input.Body.TargetGroupArn == STRING
    input.Body.Targets[_].Id == STRING
    input.Body.Targets[_].Port == INTEGER
    input.Body.Targets[_].AvailabilityZone == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAccountLimits

valid {
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeListenerAttributes

valid {
    input.Body.ListenerArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeListenerCertificates

valid {
    input.Body.ListenerArn == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeListeners

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.ListenerArns[_] == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeLoadBalancerAttributes

valid {
    input.Body.LoadBalancerArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeLoadBalancers

valid {
    input.Body.LoadBalancerArns[_] == STRING
    input.Body.Names[_] == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeRules

valid {
    input.Body.ListenerArn == STRING
    input.Body.RuleArns[_] == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeSSLPolicies

enum_LoadBalancerTypeEnum := [ "application", "network", "gateway" ]

valid {
    input.Body.Names[_] == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.Body.LoadBalancerType == enum_LoadBalancerTypeEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTags

valid {
    input.Body.ResourceArns[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTargetGroupAttributes

valid {
    input.Body.TargetGroupArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTargetGroups

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.TargetGroupArns[_] == STRING
    input.Body.Names[_] == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTargetHealth

enum_DescribeTargetHealthInputIncludeEnum := [ "AnomalyDetection", "All" ]

valid {
    input.Body.TargetGroupArn == STRING
    input.Body.Targets[_].Id == STRING
    input.Body.Targets[_].Port == INTEGER
    input.Body.Targets[_].AvailabilityZone == STRING
    input.Body.Include[_] == enum_DescribeTargetHealthInputIncludeEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTrustStoreAssociations

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTrustStoreRevocations

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.RevocationIds[_] == LONG
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeTrustStores

valid {
    input.Body.TrustStoreArns[_] == STRING
    input.Body.Names[_] == STRING
    input.Body.Marker == STRING
    input.Body.PageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetResourcePolicy

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetTrustStoreCaCertificatesBundle

valid {
    input.Body.TrustStoreArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetTrustStoreRevocationContent

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.RevocationId == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyListener

enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]
enum_TrustStoreAssociationStatusEnum := [ "active", "removed" ]

valid {
    input.Body.ListenerArn == STRING
    input.Body.Port == INTEGER
    input.Body.Protocol == enum_ProtocolEnum[_]
    input.Body.SslPolicy == STRING
    input.Body.Certificates[_].CertificateArn == STRING
    input.Body.Certificates[_].IsDefault == BOOLEAN
    input.Body.DefaultActions[_].Type == enum_ActionTypeEnum[_]
    input.Body.DefaultActions[_].TargetGroupArn == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.Issuer == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientId == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientSecret == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionCookieName == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.Scope == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionTimeout == LONG
    input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.DefaultActions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
    input.Body.DefaultActions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.Scope == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.DefaultActions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
    input.Body.DefaultActions[_].Order == INTEGER
    input.Body.DefaultActions[_].RedirectConfig.Protocol == STRING
    input.Body.DefaultActions[_].RedirectConfig.Port == STRING
    input.Body.DefaultActions[_].RedirectConfig.Host == STRING
    input.Body.DefaultActions[_].RedirectConfig.Path == STRING
    input.Body.DefaultActions[_].RedirectConfig.Query == STRING
    input.Body.DefaultActions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
    input.Body.DefaultActions[_].FixedResponseConfig.MessageBody == STRING
    input.Body.DefaultActions[_].FixedResponseConfig.StatusCode == STRING
    input.Body.DefaultActions[_].FixedResponseConfig.ContentType == STRING
    input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
    input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
    input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
    input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
    input.Body.AlpnPolicy[_] == STRING
    input.Body.MutualAuthentication.Mode == STRING
    input.Body.MutualAuthentication.TrustStoreArn == STRING
    input.Body.MutualAuthentication.IgnoreClientCertificateExpiry == BOOLEAN
    input.Body.MutualAuthentication.TrustStoreAssociationStatus == enum_TrustStoreAssociationStatusEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyListenerAttributes

valid {
    input.Body.ListenerArn == STRING
    input.Body.Attributes[_].Key == STRING
    input.Body.Attributes[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyLoadBalancerAttributes

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.Attributes[_].Key == STRING
    input.Body.Attributes[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyRule

enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]

valid {
    input.Body.RuleArn == STRING
    input.Body.Conditions[_].Field == STRING
    input.Body.Conditions[_].Values[_] == STRING
    input.Body.Conditions[_].HostHeaderConfig.Values[_] == STRING
    input.Body.Conditions[_].PathPatternConfig.Values[_] == STRING
    input.Body.Conditions[_].HttpHeaderConfig.HttpHeaderName == STRING
    input.Body.Conditions[_].HttpHeaderConfig.Values[_] == STRING
    input.Body.Conditions[_].QueryStringConfig.Values[_].Key == STRING
    input.Body.Conditions[_].QueryStringConfig.Values[_].Value == STRING
    input.Body.Conditions[_].HttpRequestMethodConfig.Values[_] == STRING
    input.Body.Conditions[_].SourceIpConfig.Values[_] == STRING
    input.Body.Actions[_].Type == enum_ActionTypeEnum[_]
    input.Body.Actions[_].TargetGroupArn == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.Issuer == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.ClientId == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.ClientSecret == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.SessionCookieName == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.Scope == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.SessionTimeout == LONG
    input.Body.Actions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.Actions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
    input.Body.Actions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
    input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.Scope == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
    input.Body.Actions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
    input.Body.Actions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
    input.Body.Actions[_].Order == INTEGER
    input.Body.Actions[_].RedirectConfig.Protocol == STRING
    input.Body.Actions[_].RedirectConfig.Port == STRING
    input.Body.Actions[_].RedirectConfig.Host == STRING
    input.Body.Actions[_].RedirectConfig.Path == STRING
    input.Body.Actions[_].RedirectConfig.Query == STRING
    input.Body.Actions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
    input.Body.Actions[_].FixedResponseConfig.MessageBody == STRING
    input.Body.Actions[_].FixedResponseConfig.StatusCode == STRING
    input.Body.Actions[_].FixedResponseConfig.ContentType == STRING
    input.Body.Actions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
    input.Body.Actions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
    input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
    input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyTargetGroup

enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]

valid {
    input.Body.TargetGroupArn == STRING
    input.Body.HealthCheckProtocol == enum_ProtocolEnum[_]
    input.Body.HealthCheckPort == STRING
    input.Body.HealthCheckPath == STRING
    input.Body.HealthCheckEnabled == BOOLEAN
    input.Body.HealthCheckIntervalSeconds == INTEGER
    input.Body.HealthCheckTimeoutSeconds == INTEGER
    input.Body.HealthyThresholdCount == INTEGER
    input.Body.UnhealthyThresholdCount == INTEGER
    input.Body.Matcher.HttpCode == STRING
    input.Body.Matcher.GrpcCode == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyTargetGroupAttributes

valid {
    input.Body.TargetGroupArn == STRING
    input.Body.Attributes[_].Key == STRING
    input.Body.Attributes[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ModifyTrustStore

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.CaCertificatesBundleS3Bucket == STRING
    input.Body.CaCertificatesBundleS3Key == STRING
    input.Body.CaCertificatesBundleS3ObjectVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterTargets

valid {
    input.Body.TargetGroupArn == STRING
    input.Body.Targets[_].Id == STRING
    input.Body.Targets[_].Port == INTEGER
    input.Body.Targets[_].AvailabilityZone == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveListenerCertificates

valid {
    input.Body.ListenerArn == STRING
    input.Body.Certificates[_].CertificateArn == STRING
    input.Body.Certificates[_].IsDefault == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveTags

valid {
    input.Body.ResourceArns[_] == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveTrustStoreRevocations

valid {
    input.Body.TrustStoreArn == STRING
    input.Body.RevocationIds[_] == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetIpAddressType

enum_IpAddressType := [ "ipv4", "dualstack", "dualstack-without-public-ipv4" ]

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.IpAddressType == enum_IpAddressType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetRulePriorities

valid {
    input.Body.RulePriorities[_].RuleArn == STRING
    input.Body.RulePriorities[_].Priority == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetSecurityGroups

enum_EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum := [ "on", "off" ]

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.SecurityGroups[_] == STRING
    input.Body.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic == enum_EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetSubnets

enum_EnablePrefixForIpv6SourceNatEnum := [ "on", "off" ]
enum_IpAddressType := [ "ipv4", "dualstack", "dualstack-without-public-ipv4" ]

valid {
    input.Body.LoadBalancerArn == STRING
    input.Body.Subnets[_] == STRING
    input.Body.SubnetMappings[_].SubnetId == STRING
    input.Body.SubnetMappings[_].AllocationId == STRING
    input.Body.SubnetMappings[_].PrivateIPv4Address == STRING
    input.Body.SubnetMappings[_].IPv6Address == STRING
    input.Body.SubnetMappings[_].SourceNatIpv6Prefix == STRING
    input.Body.IpAddressType == enum_IpAddressType[_]
    input.Body.EnablePrefixForIpv6SourceNat == enum_EnablePrefixForIpv6SourceNatEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}