AbortMultipartUpload

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.uploadId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AbortVaultLock

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddTagsToVault

valid {
    input.Body.Tags.STRING == STRING
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CompleteMultipartUpload

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.uploadId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CompleteVaultLock

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.lockId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateVault

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteArchive

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.archiveId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteVault

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteVaultAccessPolicy

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteVaultNotifications

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeJob

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.jobId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeVault

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDataRetrievalPolicy

valid {
    input.ReqMap.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetJobOutput

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.jobId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetVaultAccessPolicy

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetVaultLock

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetVaultNotifications

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

InitiateJob

enum_CannedACL := [ "private", "public-read", "public-read-write", "aws-exec-read", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control" ]
enum_EncryptionType := [ "aws:kms", "AES256" ]
enum_ExpressionType := [ "SQL" ]
enum_FileHeaderInfo := [ "USE", "IGNORE", "NONE" ]
enum_Permission := [ "FULL_CONTROL", "WRITE", "WRITE_ACP", "READ", "READ_ACP" ]
enum_QuoteFields := [ "ALWAYS", "ASNEEDED" ]
enum_StorageClass := [ "STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA" ]
enum_Type := [ "AmazonCustomerByEmail", "CanonicalUser", "Group" ]

valid {
    input.Body.jobParameters.Format == STRING
    input.Body.jobParameters.Type == STRING
    input.Body.jobParameters.ArchiveId == STRING
    input.Body.jobParameters.Description == STRING
    input.Body.jobParameters.SNSTopic == STRING
    input.Body.jobParameters.RetrievalByteRange == STRING
    input.Body.jobParameters.Tier == STRING
    input.Body.jobParameters.InventoryRetrievalParameters.StartDate == STRING
    input.Body.jobParameters.InventoryRetrievalParameters.EndDate == STRING
    input.Body.jobParameters.InventoryRetrievalParameters.Limit == STRING
    input.Body.jobParameters.InventoryRetrievalParameters.Marker == STRING
    input.Body.jobParameters.SelectParameters.InputSerialization.csv.FileHeaderInfo == enum_FileHeaderInfo[_]
    input.Body.jobParameters.SelectParameters.InputSerialization.csv.Comments == STRING
    input.Body.jobParameters.SelectParameters.InputSerialization.csv.QuoteEscapeCharacter == STRING
    input.Body.jobParameters.SelectParameters.InputSerialization.csv.RecordDelimiter == STRING
    input.Body.jobParameters.SelectParameters.InputSerialization.csv.FieldDelimiter == STRING
    input.Body.jobParameters.SelectParameters.InputSerialization.csv.QuoteCharacter == STRING
    input.Body.jobParameters.SelectParameters.ExpressionType == enum_ExpressionType[_]
    input.Body.jobParameters.SelectParameters.Expression == STRING
    input.Body.jobParameters.SelectParameters.OutputSerialization.csv.QuoteFields == enum_QuoteFields[_]
    input.Body.jobParameters.SelectParameters.OutputSerialization.csv.QuoteEscapeCharacter == STRING
    input.Body.jobParameters.SelectParameters.OutputSerialization.csv.RecordDelimiter == STRING
    input.Body.jobParameters.SelectParameters.OutputSerialization.csv.FieldDelimiter == STRING
    input.Body.jobParameters.SelectParameters.OutputSerialization.csv.QuoteCharacter == STRING
    input.Body.jobParameters.OutputLocation.S3.BucketName == STRING
    input.Body.jobParameters.OutputLocation.S3.Prefix == STRING
    input.Body.jobParameters.OutputLocation.S3.Encryption.EncryptionType == enum_EncryptionType[_]
    input.Body.jobParameters.OutputLocation.S3.Encryption.KMSKeyId == STRING
    input.Body.jobParameters.OutputLocation.S3.Encryption.KMSContext == STRING
    input.Body.jobParameters.OutputLocation.S3.CannedACL == enum_CannedACL[_]
    input.Body.jobParameters.OutputLocation.S3.AccessControlList[_].Grantee.Type == enum_Type[_]
    input.Body.jobParameters.OutputLocation.S3.AccessControlList[_].Grantee.DisplayName == STRING
    input.Body.jobParameters.OutputLocation.S3.AccessControlList[_].Grantee.URI == STRING
    input.Body.jobParameters.OutputLocation.S3.AccessControlList[_].Grantee.ID == STRING
    input.Body.jobParameters.OutputLocation.S3.AccessControlList[_].Grantee.EmailAddress == STRING
    input.Body.jobParameters.OutputLocation.S3.AccessControlList[_].Permission == enum_Permission[_]
    input.Body.jobParameters.OutputLocation.S3.Tagging.STRING == STRING
    input.Body.jobParameters.OutputLocation.S3.UserMetadata.STRING == STRING
    input.Body.jobParameters.OutputLocation.S3.StorageClass == enum_StorageClass[_]
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

InitiateMultipartUpload

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

InitiateVaultLock

valid {
    input.Body.policy.Policy == STRING
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListJobs

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.Qs.limit == STRING
    input.Qs.marker == STRING
    input.Qs.statuscode == STRING
    input.Qs.completed == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMultipartUploads

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.Qs.marker == STRING
    input.Qs.limit == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListParts

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.uploadId == STRING
    input.Qs.marker == STRING
    input.Qs.limit == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListProvisionedCapacity

valid {
    input.ReqMap.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForVault

valid {
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVaults

valid {
    input.ReqMap.accountId == STRING
    input.Qs.marker == STRING
    input.Qs.limit == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PurchaseProvisionedCapacity

valid {
    input.ReqMap.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveTagsFromVault

valid {
    input.Body.TagKeys[_] == STRING
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetDataRetrievalPolicy

valid {
    input.Body.Policy.Rules[_].Strategy == STRING
    input.Body.Policy.Rules[_].BytesPerHour == LONG
    input.ReqMap.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetVaultAccessPolicy

valid {
    input.Body.policy.Policy == STRING
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetVaultNotifications

valid {
    input.Body.vaultNotificationConfig.SNSTopic == STRING
    input.Body.vaultNotificationConfig.Events[_] == STRING
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UploadArchive

valid {
    input.Body.body == BLOB
    input.ReqMap.vaultName == STRING
    input.ReqMap.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UploadMultipartPart

valid {
    input.Body.body == BLOB
    input.ReqMap.accountId == STRING
    input.ReqMap.vaultName == STRING
    input.ReqMap.uploadId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}