AcceptCertificateTransfer

valid {
    input.ReqMap.certificateId == STRING
    input.Qs.setAsActive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddThingToBillingGroup

valid {
    input.Body.billingGroupName == STRING
    input.Body.billingGroupArn == STRING
    input.Body.thingName == STRING
    input.Body.thingArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddThingToThingGroup

valid {
    input.Body.thingGroupName == STRING
    input.Body.thingGroupArn == STRING
    input.Body.thingName == STRING
    input.Body.thingArn == STRING
    input.Body.overrideDynamicGroups == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateSbomWithPackageVersion

valid {
    input.Body.sbom.s3Location.bucket == STRING
    input.Body.sbom.s3Location.key == STRING
    input.Body.sbom.s3Location.version == STRING
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateTargetsWithJob

valid {
    input.Body.targets[_] == STRING
    input.Body.comment == STRING
    input.ReqMap.jobId == STRING
    input.Qs.namespaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachPolicy

valid {
    input.Body.target == STRING
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachPrincipalPolicy

valid {
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachSecurityProfile

valid {
    input.ReqMap.securityProfileName == STRING
    input.Qs.securityProfileTargetArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachThingPrincipal

enum_ThingPrincipalType := [ "EXCLUSIVE_THING", "NON_EXCLUSIVE_THING" ]

valid {
    input.ReqMap.thingName == STRING
    input.Qs.thingPrincipalType == enum_ThingPrincipalType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelAuditMitigationActionsTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelAuditTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelCertificateTransfer

valid {
    input.ReqMap.certificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelDetectMitigationActionsTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelJob

valid {
    input.Body.reasonCode == STRING
    input.Body.comment == STRING
    input.ReqMap.jobId == STRING
    input.Qs.force == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelJobExecution

valid {
    input.Body.expectedVersion == LONG
    input.Body.statusDetails.STRING == STRING
    input.ReqMap.jobId == STRING
    input.ReqMap.thingName == STRING
    input.Qs.force == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ClearDefaultAuthorizer

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ConfirmTopicRuleDestination

valid {
    input.ReqMap.confirmationToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAuditSuppression

valid {
    input.Body.checkName == STRING
    input.Body.resourceIdentifier.deviceCertificateId == STRING
    input.Body.resourceIdentifier.caCertificateId == STRING
    input.Body.resourceIdentifier.cognitoIdentityPoolId == STRING
    input.Body.resourceIdentifier.clientId == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyName == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyVersionId == STRING
    input.Body.resourceIdentifier.account == STRING
    input.Body.resourceIdentifier.iamRoleArn == STRING
    input.Body.resourceIdentifier.roleAliasArn == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSubject == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerId == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSerialNumber == STRING
    input.Body.resourceIdentifier.deviceCertificateArn == STRING
    input.Body.expirationDate == TIMESTAMP
    input.Body.suppressIndefinitely == BOOLEAN
    input.Body.description == STRING
    input.Body.clientRequestToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateAuthorizer

enum_AuthorizerStatus := [ "ACTIVE", "INACTIVE" ]

valid {
    input.Body.authorizerFunctionArn == STRING
    input.Body.tokenKeyName == STRING
    input.Body.tokenSigningPublicKeys.STRING == STRING
    input.Body.status == enum_AuthorizerStatus[_]
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.signingDisabled == BOOLEAN
    input.Body.enableCachingForHttp == BOOLEAN
    input.ReqMap.authorizerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateBillingGroup

valid {
    input.Body.billingGroupProperties.billingGroupDescription == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.billingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCertificateFromCsr

valid {
    input.Body.certificateSigningRequest == STRING
    input.Qs.setAsActive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCertificateProvider

enum_CertificateProviderOperation := [ "CreateCertificateFromCsr" ]

valid {
    input.Body.lambdaFunctionArn == STRING
    input.Body.accountDefaultForOperations[_] == enum_CertificateProviderOperation[_]
    input.Body.clientToken == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.certificateProviderName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCommand

enum_CommandNamespace := [ "AWS-IoT", "AWS-IoT-FleetWise" ]

valid {
    input.Body.namespace == enum_CommandNamespace[_]
    input.Body.displayName == STRING
    input.Body.description == STRING
    input.Body.payload.content == BLOB
    input.Body.payload.contentType == STRING
    input.Body.mandatoryParameters[_].name == STRING
    input.Body.mandatoryParameters[_].value.S == STRING
    input.Body.mandatoryParameters[_].value.B == BOOLEAN
    input.Body.mandatoryParameters[_].value.I == INTEGER
    input.Body.mandatoryParameters[_].value.L == LONG
    input.Body.mandatoryParameters[_].value.D == DOUBLE
    input.Body.mandatoryParameters[_].value.BIN == BLOB
    input.Body.mandatoryParameters[_].value.UL == STRING
    input.Body.mandatoryParameters[_].defaultValue.S == STRING
    input.Body.mandatoryParameters[_].defaultValue.B == BOOLEAN
    input.Body.mandatoryParameters[_].defaultValue.I == INTEGER
    input.Body.mandatoryParameters[_].defaultValue.L == LONG
    input.Body.mandatoryParameters[_].defaultValue.D == DOUBLE
    input.Body.mandatoryParameters[_].defaultValue.BIN == BLOB
    input.Body.mandatoryParameters[_].defaultValue.UL == STRING
    input.Body.mandatoryParameters[_].description == STRING
    input.Body.roleArn == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.commandId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCustomMetric

enum_CustomMetricType := [ "string-list", "ip-address-list", "number-list", "number" ]

valid {
    input.Body.displayName == STRING
    input.Body.metricType == enum_CustomMetricType[_]
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDimension

enum_DimensionType := [ "TOPIC_FILTER" ]

valid {
    input.Body.type == enum_DimensionType[_]
    input.Body.stringValues[_] == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDomainConfiguration

enum_ApplicationProtocol := [ "SECURE_MQTT", "MQTT_WSS", "HTTPS", "DEFAULT" ]
enum_AuthenticationType := [ "CUSTOM_AUTH_X509", "CUSTOM_AUTH", "AWS_X509", "AWS_SIGV4", "DEFAULT" ]
enum_ServiceType := [ "DATA", "CREDENTIAL_PROVIDER", "JOBS" ]

valid {
    input.Body.domainName == STRING
    input.Body.serverCertificateArns[_] == STRING
    input.Body.validationCertificateArn == STRING
    input.Body.authorizerConfig.defaultAuthorizerName == STRING
    input.Body.authorizerConfig.allowAuthorizerOverride == BOOLEAN
    input.Body.serviceType == enum_ServiceType[_]
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.tlsConfig.securityPolicy == STRING
    input.Body.serverCertificateConfig.enableOCSPCheck == BOOLEAN
    input.Body.serverCertificateConfig.ocspLambdaArn == STRING
    input.Body.serverCertificateConfig.ocspAuthorizedResponderArn == STRING
    input.Body.authenticationType == enum_AuthenticationType[_]
    input.Body.applicationProtocol == enum_ApplicationProtocol[_]
    input.Body.clientCertificateConfig.clientCertificateCallbackArn == STRING
    input.ReqMap.domainConfigurationName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDynamicThingGroup

valid {
    input.Body.thingGroupProperties.thingGroupDescription == STRING
    input.Body.thingGroupProperties.attributePayload.attributes.STRING == STRING
    input.Body.thingGroupProperties.attributePayload.merge == BOOLEAN
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.queryVersion == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.thingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFleetMetric

enum_AggregationTypeName := [ "Statistics", "Percentiles", "Cardinality" ]
enum_FleetMetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]

valid {
    input.Body.queryString == STRING
    input.Body.aggregationType.name == enum_AggregationTypeName[_]
    input.Body.aggregationType.values[_] == STRING
    input.Body.period == INTEGER
    input.Body.aggregationField == STRING
    input.Body.description == STRING
    input.Body.queryVersion == STRING
    input.Body.indexName == STRING
    input.Body.unit == enum_FleetMetricUnit[_]
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateJob

enum_AbortAction := [ "CANCEL" ]
enum_JobEndBehavior := [ "STOP_ROLLOUT", "CANCEL", "FORCE_CANCEL" ]
enum_JobExecutionFailureType := [ "FAILED", "REJECTED", "TIMED_OUT", "ALL" ]
enum_RetryableFailureType := [ "FAILED", "TIMED_OUT", "ALL" ]
enum_TargetSelection := [ "CONTINUOUS", "SNAPSHOT" ]

valid {
    input.Body.targets[_] == STRING
    input.Body.documentSource == STRING
    input.Body.document == STRING
    input.Body.description == STRING
    input.Body.presignedUrlConfig.roleArn == STRING
    input.Body.presignedUrlConfig.expiresInSec == LONG
    input.Body.targetSelection == enum_TargetSelection[_]
    input.Body.jobExecutionsRolloutConfig.maximumPerMinute == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.baseRatePerMinute == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.incrementFactor == DOUBLE
    input.Body.jobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfNotifiedThings == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfSucceededThings == INTEGER
    input.Body.abortConfig.criteriaList[_].failureType == enum_JobExecutionFailureType[_]
    input.Body.abortConfig.criteriaList[_].action == enum_AbortAction[_]
    input.Body.abortConfig.criteriaList[_].thresholdPercentage == DOUBLE
    input.Body.abortConfig.criteriaList[_].minNumberOfExecutedThings == INTEGER
    input.Body.timeoutConfig.inProgressTimeoutInMinutes == LONG
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.namespaceId == STRING
    input.Body.jobTemplateArn == STRING
    input.Body.jobExecutionsRetryConfig.criteriaList[_].failureType == enum_RetryableFailureType[_]
    input.Body.jobExecutionsRetryConfig.criteriaList[_].numberOfRetries == INTEGER
    input.Body.documentParameters.STRING == STRING
    input.Body.schedulingConfig.startTime == STRING
    input.Body.schedulingConfig.endTime == STRING
    input.Body.schedulingConfig.endBehavior == enum_JobEndBehavior[_]
    input.Body.schedulingConfig.maintenanceWindows[_].startTime == STRING
    input.Body.schedulingConfig.maintenanceWindows[_].durationInMinutes == INTEGER
    input.Body.destinationPackageVersions[_] == STRING
    input.ReqMap.jobId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateJobTemplate

enum_AbortAction := [ "CANCEL" ]
enum_JobExecutionFailureType := [ "FAILED", "REJECTED", "TIMED_OUT", "ALL" ]
enum_RetryableFailureType := [ "FAILED", "TIMED_OUT", "ALL" ]

valid {
    input.Body.jobArn == STRING
    input.Body.documentSource == STRING
    input.Body.document == STRING
    input.Body.description == STRING
    input.Body.presignedUrlConfig.roleArn == STRING
    input.Body.presignedUrlConfig.expiresInSec == LONG
    input.Body.jobExecutionsRolloutConfig.maximumPerMinute == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.baseRatePerMinute == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.incrementFactor == DOUBLE
    input.Body.jobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfNotifiedThings == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfSucceededThings == INTEGER
    input.Body.abortConfig.criteriaList[_].failureType == enum_JobExecutionFailureType[_]
    input.Body.abortConfig.criteriaList[_].action == enum_AbortAction[_]
    input.Body.abortConfig.criteriaList[_].thresholdPercentage == DOUBLE
    input.Body.abortConfig.criteriaList[_].minNumberOfExecutedThings == INTEGER
    input.Body.timeoutConfig.inProgressTimeoutInMinutes == LONG
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.jobExecutionsRetryConfig.criteriaList[_].failureType == enum_RetryableFailureType[_]
    input.Body.jobExecutionsRetryConfig.criteriaList[_].numberOfRetries == INTEGER
    input.Body.maintenanceWindows[_].startTime == STRING
    input.Body.maintenanceWindows[_].durationInMinutes == INTEGER
    input.Body.destinationPackageVersions[_] == STRING
    input.ReqMap.jobTemplateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateKeysAndCertificate

valid {
    input.Qs.setAsActive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateMitigationAction

enum_CACertificateUpdateAction := [ "DEACTIVATE" ]
enum_DeviceCertificateUpdateAction := [ "DEACTIVATE" ]
enum_LogLevel := [ "DEBUG", "INFO", "ERROR", "WARN", "DISABLED" ]
enum_PolicyTemplateName := [ "BLANK_POLICY" ]

valid {
    input.Body.roleArn == STRING
    input.Body.actionParams.updateDeviceCertificateParams.action == enum_DeviceCertificateUpdateAction[_]
    input.Body.actionParams.updateCACertificateParams.action == enum_CACertificateUpdateAction[_]
    input.Body.actionParams.addThingsToThingGroupParams.thingGroupNames[_] == STRING
    input.Body.actionParams.addThingsToThingGroupParams.overrideDynamicGroups == BOOLEAN
    input.Body.actionParams.replaceDefaultPolicyVersionParams.templateName == enum_PolicyTemplateName[_]
    input.Body.actionParams.enableIoTLoggingParams.roleArnForLogging == STRING
    input.Body.actionParams.enableIoTLoggingParams.logLevel == enum_LogLevel[_]
    input.Body.actionParams.publishFindingToSnsParams.topicArn == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.actionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOTAUpdate

enum_AwsJobAbortCriteriaAbortAction := [ "CANCEL" ]
enum_AwsJobAbortCriteriaFailureType := [ "FAILED", "REJECTED", "TIMED_OUT", "ALL" ]
enum_Protocol := [ "MQTT", "HTTP" ]
enum_TargetSelection := [ "CONTINUOUS", "SNAPSHOT" ]

valid {
    input.Body.description == STRING
    input.Body.targets[_] == STRING
    input.Body.protocols[_] == enum_Protocol[_]
    input.Body.targetSelection == enum_TargetSelection[_]
    input.Body.awsJobExecutionsRolloutConfig.maximumPerMinute == INTEGER
    input.Body.awsJobExecutionsRolloutConfig.exponentialRate.baseRatePerMinute == INTEGER
    input.Body.awsJobExecutionsRolloutConfig.exponentialRate.incrementFactor == DOUBLE
    input.Body.awsJobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfNotifiedThings == INTEGER
    input.Body.awsJobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfSucceededThings == INTEGER
    input.Body.awsJobPresignedUrlConfig.expiresInSec == LONG
    input.Body.awsJobAbortConfig.abortCriteriaList[_].failureType == enum_AwsJobAbortCriteriaFailureType[_]
    input.Body.awsJobAbortConfig.abortCriteriaList[_].action == enum_AwsJobAbortCriteriaAbortAction[_]
    input.Body.awsJobAbortConfig.abortCriteriaList[_].thresholdPercentage == DOUBLE
    input.Body.awsJobAbortConfig.abortCriteriaList[_].minNumberOfExecutedThings == INTEGER
    input.Body.awsJobTimeoutConfig.inProgressTimeoutInMinutes == LONG
    input.Body.files[_].fileName == STRING
    input.Body.files[_].fileType == INTEGER
    input.Body.files[_].fileVersion == STRING
    input.Body.files[_].fileLocation.stream.streamId == STRING
    input.Body.files[_].fileLocation.stream.fileId == INTEGER
    input.Body.files[_].fileLocation.s3Location.bucket == STRING
    input.Body.files[_].fileLocation.s3Location.key == STRING
    input.Body.files[_].fileLocation.s3Location.version == STRING
    input.Body.files[_].codeSigning.awsSignerJobId == STRING
    input.Body.files[_].codeSigning.startSigningJobParameter.signingProfileParameter.certificateArn == STRING
    input.Body.files[_].codeSigning.startSigningJobParameter.signingProfileParameter.platform == STRING
    input.Body.files[_].codeSigning.startSigningJobParameter.signingProfileParameter.certificatePathOnDevice == STRING
    input.Body.files[_].codeSigning.startSigningJobParameter.signingProfileName == STRING
    input.Body.files[_].codeSigning.startSigningJobParameter.destination.s3Destination.bucket == STRING
    input.Body.files[_].codeSigning.startSigningJobParameter.destination.s3Destination.prefix == STRING
    input.Body.files[_].codeSigning.customCodeSigning.signature.inlineDocument == BLOB
    input.Body.files[_].codeSigning.customCodeSigning.certificateChain.certificateName == STRING
    input.Body.files[_].codeSigning.customCodeSigning.certificateChain.inlineDocument == STRING
    input.Body.files[_].codeSigning.customCodeSigning.hashAlgorithm == STRING
    input.Body.files[_].codeSigning.customCodeSigning.signatureAlgorithm == STRING
    input.Body.files[_].attributes.STRING == STRING
    input.Body.roleArn == STRING
    input.Body.additionalParameters.STRING == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.otaUpdateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePackage

valid {
    input.Body.description == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.packageName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePackageVersion

valid {
    input.Body.description == STRING
    input.Body.attributes.STRING == STRING
    input.Body.artifact.s3Location.bucket == STRING
    input.Body.artifact.s3Location.key == STRING
    input.Body.artifact.s3Location.version == STRING
    input.Body.recipe == STRING
    input.Body.tags.STRING == STRING
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicy

valid {
    input.Body.policyDocument == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicyVersion

valid {
    input.Body.policyDocument == STRING
    input.ReqMap.policyName == STRING
    input.Qs.setAsDefault == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateProvisioningClaim

valid {
    input.ReqMap.templateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateProvisioningTemplate

enum_TemplateType := [ "FLEET_PROVISIONING", "JITP" ]

valid {
    input.Body.templateName == STRING
    input.Body.description == STRING
    input.Body.templateBody == STRING
    input.Body.enabled == BOOLEAN
    input.Body.provisioningRoleArn == STRING
    input.Body.preProvisioningHook.payloadVersion == STRING
    input.Body.preProvisioningHook.targetArn == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.type == enum_TemplateType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateProvisioningTemplateVersion

valid {
    input.Body.templateBody == STRING
    input.ReqMap.templateName == STRING
    input.Qs.setAsDefault == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRoleAlias

valid {
    input.Body.roleArn == STRING
    input.Body.credentialDurationSeconds == INTEGER
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.roleAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateScheduledAudit

enum_AuditFrequency := [ "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY" ]
enum_DayOfWeek := [ "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" ]

valid {
    input.Body.frequency == enum_AuditFrequency[_]
    input.Body.dayOfMonth == STRING
    input.Body.dayOfWeek == enum_DayOfWeek[_]
    input.Body.targetCheckNames[_] == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.scheduledAuditName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSecurityProfile

enum_ComparisonOperator := [ "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set", "in-set", "not-in-set" ]
enum_ConfidenceLevel := [ "LOW", "MEDIUM", "HIGH" ]
enum_DimensionValueOperator := [ "IN", "NOT_IN" ]

valid {
    input.Body.securityProfileDescription == STRING
    input.Body.behaviors[_].name == STRING
    input.Body.behaviors[_].metric == STRING
    input.Body.behaviors[_].metricDimension.dimensionName == STRING
    input.Body.behaviors[_].metricDimension.operator == enum_DimensionValueOperator[_]
    input.Body.behaviors[_].criteria.comparisonOperator == enum_ComparisonOperator[_]
    input.Body.behaviors[_].criteria.value.count == LONG
    input.Body.behaviors[_].criteria.value.cidrs[_] == STRING
    input.Body.behaviors[_].criteria.value.ports[_] == INTEGER
    input.Body.behaviors[_].criteria.value.number == DOUBLE
    input.Body.behaviors[_].criteria.value.numbers[_] == DOUBLE
    input.Body.behaviors[_].criteria.value.strings[_] == STRING
    input.Body.behaviors[_].criteria.durationSeconds == INTEGER
    input.Body.behaviors[_].criteria.consecutiveDatapointsToAlarm == INTEGER
    input.Body.behaviors[_].criteria.consecutiveDatapointsToClear == INTEGER
    input.Body.behaviors[_].criteria.statisticalThreshold.statistic == STRING
    input.Body.behaviors[_].criteria.mlDetectionConfig.confidenceLevel == enum_ConfidenceLevel[_]
    input.Body.behaviors[_].suppressAlerts == BOOLEAN
    input.Body.behaviors[_].exportMetric == BOOLEAN
    input.Body.alertTargets.SNS.alertTargetArn == STRING
    input.Body.alertTargets.SNS.roleArn == STRING
    input.Body.additionalMetricsToRetain[_] == STRING
    input.Body.additionalMetricsToRetainV2[_].metric == STRING
    input.Body.additionalMetricsToRetainV2[_].metricDimension.dimensionName == STRING
    input.Body.additionalMetricsToRetainV2[_].metricDimension.operator == enum_DimensionValueOperator[_]
    input.Body.additionalMetricsToRetainV2[_].exportMetric == BOOLEAN
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.metricsExportConfig.mqttTopic == STRING
    input.Body.metricsExportConfig.roleArn == STRING
    input.ReqMap.securityProfileName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateStream

valid {
    input.Body.description == STRING
    input.Body.files[_].fileId == INTEGER
    input.Body.files[_].s3Location.bucket == STRING
    input.Body.files[_].s3Location.key == STRING
    input.Body.files[_].s3Location.version == STRING
    input.Body.roleArn == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.streamId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateThing

valid {
    input.Body.thingTypeName == STRING
    input.Body.attributePayload.attributes.STRING == STRING
    input.Body.attributePayload.merge == BOOLEAN
    input.Body.billingGroupName == STRING
    input.ReqMap.thingName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateThingGroup

valid {
    input.Body.parentGroupName == STRING
    input.Body.thingGroupProperties.thingGroupDescription == STRING
    input.Body.thingGroupProperties.attributePayload.attributes.STRING == STRING
    input.Body.thingGroupProperties.attributePayload.merge == BOOLEAN
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.thingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateThingType

valid {
    input.Body.thingTypeProperties.thingTypeDescription == STRING
    input.Body.thingTypeProperties.searchableAttributes[_] == STRING
    input.Body.thingTypeProperties.mqtt5Configuration.propagatingAttributes[_].userPropertyKey == STRING
    input.Body.thingTypeProperties.mqtt5Configuration.propagatingAttributes[_].thingAttribute == STRING
    input.Body.thingTypeProperties.mqtt5Configuration.propagatingAttributes[_].connectionAttribute == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ReqMap.thingTypeName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateTopicRule

enum_CannedAccessControlList := [ "private", "public-read", "public-read-write", "aws-exec-read", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control", "log-delivery-write" ]
enum_DynamoKeyType := [ "STRING", "NUMBER" ]
enum_MessageFormat := [ "RAW", "JSON" ]

valid {
    input.Body.topicRulePayload.sql == STRING
    input.Body.topicRulePayload.description == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.tableName == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.roleArn == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.operation == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.hashKeyField == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.hashKeyValue == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.hashKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.actions[_].dynamoDB.rangeKeyField == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.rangeKeyValue == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.rangeKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.actions[_].dynamoDB.payloadField == STRING
    input.Body.topicRulePayload.actions[_].dynamoDBv2.roleArn == STRING
    input.Body.topicRulePayload.actions[_].dynamoDBv2.putItem.tableName == STRING
    input.Body.topicRulePayload.actions[_].lambda.functionArn == STRING
    input.Body.topicRulePayload.actions[_].sns.targetArn == STRING
    input.Body.topicRulePayload.actions[_].sns.roleArn == STRING
    input.Body.topicRulePayload.actions[_].sns.messageFormat == enum_MessageFormat[_]
    input.Body.topicRulePayload.actions[_].sqs.roleArn == STRING
    input.Body.topicRulePayload.actions[_].sqs.queueUrl == STRING
    input.Body.topicRulePayload.actions[_].sqs.useBase64 == BOOLEAN
    input.Body.topicRulePayload.actions[_].kinesis.roleArn == STRING
    input.Body.topicRulePayload.actions[_].kinesis.streamName == STRING
    input.Body.topicRulePayload.actions[_].kinesis.partitionKey == STRING
    input.Body.topicRulePayload.actions[_].republish.roleArn == STRING
    input.Body.topicRulePayload.actions[_].republish.topic == STRING
    input.Body.topicRulePayload.actions[_].republish.qos == INTEGER
    input.Body.topicRulePayload.actions[_].republish.headers.payloadFormatIndicator == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.contentType == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.responseTopic == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.correlationData == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.messageExpiry == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.userProperties[_].key == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.userProperties[_].value == STRING
    input.Body.topicRulePayload.actions[_].s3.roleArn == STRING
    input.Body.topicRulePayload.actions[_].s3.bucketName == STRING
    input.Body.topicRulePayload.actions[_].s3.key == STRING
    input.Body.topicRulePayload.actions[_].s3.cannedAcl == enum_CannedAccessControlList[_]
    input.Body.topicRulePayload.actions[_].firehose.roleArn == STRING
    input.Body.topicRulePayload.actions[_].firehose.deliveryStreamName == STRING
    input.Body.topicRulePayload.actions[_].firehose.separator == STRING
    input.Body.topicRulePayload.actions[_].firehose.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.roleArn == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricNamespace == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricName == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricValue == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricUnit == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricTimestamp == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.roleArn == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.alarmName == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.stateReason == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.stateValue == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchLogs.roleArn == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchLogs.logGroupName == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchLogs.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].elasticsearch.roleArn == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.endpoint == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.index == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.type == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.id == STRING
    input.Body.topicRulePayload.actions[_].salesforce.token == STRING
    input.Body.topicRulePayload.actions[_].salesforce.url == STRING
    input.Body.topicRulePayload.actions[_].iotAnalytics.channelArn == STRING
    input.Body.topicRulePayload.actions[_].iotAnalytics.channelName == STRING
    input.Body.topicRulePayload.actions[_].iotAnalytics.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].iotAnalytics.roleArn == STRING
    input.Body.topicRulePayload.actions[_].iotEvents.inputName == STRING
    input.Body.topicRulePayload.actions[_].iotEvents.messageId == STRING
    input.Body.topicRulePayload.actions[_].iotEvents.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].iotEvents.roleArn == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].entryId == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].assetId == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyId == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyAlias == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.stringValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.integerValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.doubleValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.booleanValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.timeInSeconds == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.offsetInNanos == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].quality == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.roleArn == STRING
    input.Body.topicRulePayload.actions[_].stepFunctions.executionNamePrefix == STRING
    input.Body.topicRulePayload.actions[_].stepFunctions.stateMachineName == STRING
    input.Body.topicRulePayload.actions[_].stepFunctions.roleArn == STRING
    input.Body.topicRulePayload.actions[_].timestream.roleArn == STRING
    input.Body.topicRulePayload.actions[_].timestream.databaseName == STRING
    input.Body.topicRulePayload.actions[_].timestream.tableName == STRING
    input.Body.topicRulePayload.actions[_].timestream.dimensions[_].name == STRING
    input.Body.topicRulePayload.actions[_].timestream.dimensions[_].value == STRING
    input.Body.topicRulePayload.actions[_].timestream.timestamp.value == STRING
    input.Body.topicRulePayload.actions[_].timestream.timestamp.unit == STRING
    input.Body.topicRulePayload.actions[_].http.url == STRING
    input.Body.topicRulePayload.actions[_].http.confirmationUrl == STRING
    input.Body.topicRulePayload.actions[_].http.headers[_].key == STRING
    input.Body.topicRulePayload.actions[_].http.headers[_].value == STRING
    input.Body.topicRulePayload.actions[_].http.auth.sigv4.signingRegion == STRING
    input.Body.topicRulePayload.actions[_].http.auth.sigv4.serviceName == STRING
    input.Body.topicRulePayload.actions[_].http.auth.sigv4.roleArn == STRING
    input.Body.topicRulePayload.actions[_].kafka.destinationArn == STRING
    input.Body.topicRulePayload.actions[_].kafka.topic == STRING
    input.Body.topicRulePayload.actions[_].kafka.key == STRING
    input.Body.topicRulePayload.actions[_].kafka.partition == STRING
    input.Body.topicRulePayload.actions[_].kafka.clientProperties.STRING == STRING
    input.Body.topicRulePayload.actions[_].kafka.headers[_].key == STRING
    input.Body.topicRulePayload.actions[_].kafka.headers[_].value == STRING
    input.Body.topicRulePayload.actions[_].openSearch.roleArn == STRING
    input.Body.topicRulePayload.actions[_].openSearch.endpoint == STRING
    input.Body.topicRulePayload.actions[_].openSearch.index == STRING
    input.Body.topicRulePayload.actions[_].openSearch.type == STRING
    input.Body.topicRulePayload.actions[_].openSearch.id == STRING
    input.Body.topicRulePayload.actions[_].location.roleArn == STRING
    input.Body.topicRulePayload.actions[_].location.trackerName == STRING
    input.Body.topicRulePayload.actions[_].location.deviceId == STRING
    input.Body.topicRulePayload.actions[_].location.timestamp.value == STRING
    input.Body.topicRulePayload.actions[_].location.timestamp.unit == STRING
    input.Body.topicRulePayload.actions[_].location.latitude == STRING
    input.Body.topicRulePayload.actions[_].location.longitude == STRING
    input.Body.topicRulePayload.ruleDisabled == BOOLEAN
    input.Body.topicRulePayload.awsIotSqlVersion == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.tableName == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.roleArn == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.operation == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.hashKeyField == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.hashKeyValue == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.hashKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.errorAction.dynamoDB.rangeKeyField == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.rangeKeyValue == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.rangeKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.errorAction.dynamoDB.payloadField == STRING
    input.Body.topicRulePayload.errorAction.dynamoDBv2.roleArn == STRING
    input.Body.topicRulePayload.errorAction.dynamoDBv2.putItem.tableName == STRING
    input.Body.topicRulePayload.errorAction.lambda.functionArn == STRING
    input.Body.topicRulePayload.errorAction.sns.targetArn == STRING
    input.Body.topicRulePayload.errorAction.sns.roleArn == STRING
    input.Body.topicRulePayload.errorAction.sns.messageFormat == enum_MessageFormat[_]
    input.Body.topicRulePayload.errorAction.sqs.roleArn == STRING
    input.Body.topicRulePayload.errorAction.sqs.queueUrl == STRING
    input.Body.topicRulePayload.errorAction.sqs.useBase64 == BOOLEAN
    input.Body.topicRulePayload.errorAction.kinesis.roleArn == STRING
    input.Body.topicRulePayload.errorAction.kinesis.streamName == STRING
    input.Body.topicRulePayload.errorAction.kinesis.partitionKey == STRING
    input.Body.topicRulePayload.errorAction.republish.roleArn == STRING
    input.Body.topicRulePayload.errorAction.republish.topic == STRING
    input.Body.topicRulePayload.errorAction.republish.qos == INTEGER
    input.Body.topicRulePayload.errorAction.republish.headers.payloadFormatIndicator == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.contentType == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.responseTopic == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.correlationData == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.messageExpiry == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.userProperties[_].key == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.userProperties[_].value == STRING
    input.Body.topicRulePayload.errorAction.s3.roleArn == STRING
    input.Body.topicRulePayload.errorAction.s3.bucketName == STRING
    input.Body.topicRulePayload.errorAction.s3.key == STRING
    input.Body.topicRulePayload.errorAction.s3.cannedAcl == enum_CannedAccessControlList[_]
    input.Body.topicRulePayload.errorAction.firehose.roleArn == STRING
    input.Body.topicRulePayload.errorAction.firehose.deliveryStreamName == STRING
    input.Body.topicRulePayload.errorAction.firehose.separator == STRING
    input.Body.topicRulePayload.errorAction.firehose.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.roleArn == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricNamespace == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricName == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricValue == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricUnit == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricTimestamp == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.roleArn == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.alarmName == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.stateReason == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.stateValue == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchLogs.roleArn == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchLogs.logGroupName == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchLogs.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.elasticsearch.roleArn == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.endpoint == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.index == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.type == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.id == STRING
    input.Body.topicRulePayload.errorAction.salesforce.token == STRING
    input.Body.topicRulePayload.errorAction.salesforce.url == STRING
    input.Body.topicRulePayload.errorAction.iotAnalytics.channelArn == STRING
    input.Body.topicRulePayload.errorAction.iotAnalytics.channelName == STRING
    input.Body.topicRulePayload.errorAction.iotAnalytics.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.iotAnalytics.roleArn == STRING
    input.Body.topicRulePayload.errorAction.iotEvents.inputName == STRING
    input.Body.topicRulePayload.errorAction.iotEvents.messageId == STRING
    input.Body.topicRulePayload.errorAction.iotEvents.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.iotEvents.roleArn == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].entryId == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].assetId == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyId == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyAlias == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.stringValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.integerValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.doubleValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.booleanValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.timeInSeconds == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.offsetInNanos == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].quality == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.roleArn == STRING
    input.Body.topicRulePayload.errorAction.stepFunctions.executionNamePrefix == STRING
    input.Body.topicRulePayload.errorAction.stepFunctions.stateMachineName == STRING
    input.Body.topicRulePayload.errorAction.stepFunctions.roleArn == STRING
    input.Body.topicRulePayload.errorAction.timestream.roleArn == STRING
    input.Body.topicRulePayload.errorAction.timestream.databaseName == STRING
    input.Body.topicRulePayload.errorAction.timestream.tableName == STRING
    input.Body.topicRulePayload.errorAction.timestream.dimensions[_].name == STRING
    input.Body.topicRulePayload.errorAction.timestream.dimensions[_].value == STRING
    input.Body.topicRulePayload.errorAction.timestream.timestamp.value == STRING
    input.Body.topicRulePayload.errorAction.timestream.timestamp.unit == STRING
    input.Body.topicRulePayload.errorAction.http.url == STRING
    input.Body.topicRulePayload.errorAction.http.confirmationUrl == STRING
    input.Body.topicRulePayload.errorAction.http.headers[_].key == STRING
    input.Body.topicRulePayload.errorAction.http.headers[_].value == STRING
    input.Body.topicRulePayload.errorAction.http.auth.sigv4.signingRegion == STRING
    input.Body.topicRulePayload.errorAction.http.auth.sigv4.serviceName == STRING
    input.Body.topicRulePayload.errorAction.http.auth.sigv4.roleArn == STRING
    input.Body.topicRulePayload.errorAction.kafka.destinationArn == STRING
    input.Body.topicRulePayload.errorAction.kafka.topic == STRING
    input.Body.topicRulePayload.errorAction.kafka.key == STRING
    input.Body.topicRulePayload.errorAction.kafka.partition == STRING
    input.Body.topicRulePayload.errorAction.kafka.clientProperties.STRING == STRING
    input.Body.topicRulePayload.errorAction.kafka.headers[_].key == STRING
    input.Body.topicRulePayload.errorAction.kafka.headers[_].value == STRING
    input.Body.topicRulePayload.errorAction.openSearch.roleArn == STRING
    input.Body.topicRulePayload.errorAction.openSearch.endpoint == STRING
    input.Body.topicRulePayload.errorAction.openSearch.index == STRING
    input.Body.topicRulePayload.errorAction.openSearch.type == STRING
    input.Body.topicRulePayload.errorAction.openSearch.id == STRING
    input.Body.topicRulePayload.errorAction.location.roleArn == STRING
    input.Body.topicRulePayload.errorAction.location.trackerName == STRING
    input.Body.topicRulePayload.errorAction.location.deviceId == STRING
    input.Body.topicRulePayload.errorAction.location.timestamp.value == STRING
    input.Body.topicRulePayload.errorAction.location.timestamp.unit == STRING
    input.Body.topicRulePayload.errorAction.location.latitude == STRING
    input.Body.topicRulePayload.errorAction.location.longitude == STRING
    input.ReqMap.ruleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateTopicRuleDestination

valid {
    input.Body.destinationConfiguration.httpUrlConfiguration.confirmationUrl == STRING
    input.Body.destinationConfiguration.vpcConfiguration.subnetIds[_] == STRING
    input.Body.destinationConfiguration.vpcConfiguration.securityGroups[_] == STRING
    input.Body.destinationConfiguration.vpcConfiguration.vpcId == STRING
    input.Body.destinationConfiguration.vpcConfiguration.roleArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAccountAuditConfiguration

valid {
    input.Qs.deleteScheduledAudits == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAuditSuppression

valid {
    input.Body.checkName == STRING
    input.Body.resourceIdentifier.deviceCertificateId == STRING
    input.Body.resourceIdentifier.caCertificateId == STRING
    input.Body.resourceIdentifier.cognitoIdentityPoolId == STRING
    input.Body.resourceIdentifier.clientId == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyName == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyVersionId == STRING
    input.Body.resourceIdentifier.account == STRING
    input.Body.resourceIdentifier.iamRoleArn == STRING
    input.Body.resourceIdentifier.roleAliasArn == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSubject == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerId == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSerialNumber == STRING
    input.Body.resourceIdentifier.deviceCertificateArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAuthorizer

valid {
    input.ReqMap.authorizerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteBillingGroup

valid {
    input.ReqMap.billingGroupName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCACertificate

valid {
    input.ReqMap.caCertificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCertificate

valid {
    input.ReqMap.certificateId == STRING
    input.Qs.forceDelete == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCertificateProvider

valid {
    input.ReqMap.certificateProviderName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCommand

valid {
    input.ReqMap.commandId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCommandExecution

valid {
    input.ReqMap.executionId == STRING
    input.Qs.targetArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCustomMetric

valid {
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDimension

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDomainConfiguration

valid {
    input.ReqMap.domainConfigurationName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDynamicThingGroup

valid {
    input.ReqMap.thingGroupName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteFleetMetric

valid {
    input.ReqMap.metricName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteJob

valid {
    input.ReqMap.jobId == STRING
    input.Qs.force == BOOLEAN
    input.Qs.namespaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteJobExecution

valid {
    input.ReqMap.jobId == STRING
    input.ReqMap.thingName == STRING
    input.ReqMap.executionNumber == LONG
    input.Qs.force == BOOLEAN
    input.Qs.namespaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteJobTemplate

valid {
    input.ReqMap.jobTemplateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteMitigationAction

valid {
    input.ReqMap.actionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOTAUpdate

valid {
    input.ReqMap.otaUpdateId == STRING
    input.Qs.deleteStream == BOOLEAN
    input.Qs.forceDeleteAWSJob == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePackage

valid {
    input.ReqMap.packageName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePackageVersion

valid {
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicy

valid {
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicyVersion

valid {
    input.ReqMap.policyName == STRING
    input.ReqMap.policyVersionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteProvisioningTemplate

valid {
    input.ReqMap.templateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteProvisioningTemplateVersion

valid {
    input.ReqMap.templateName == STRING
    input.ReqMap.versionId == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRegistrationCode

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRoleAlias

valid {
    input.ReqMap.roleAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteScheduledAudit

valid {
    input.ReqMap.scheduledAuditName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSecurityProfile

valid {
    input.ReqMap.securityProfileName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteStream

valid {
    input.ReqMap.streamId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteThing

valid {
    input.ReqMap.thingName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteThingGroup

valid {
    input.ReqMap.thingGroupName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteThingType

valid {
    input.ReqMap.thingTypeName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteTopicRule

valid {
    input.ReqMap.ruleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteTopicRuleDestination

valid {
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteV2LoggingLevel

enum_LogTargetType := [ "DEFAULT", "THING_GROUP", "CLIENT_ID", "SOURCE_IP", "PRINCIPAL_ID" ]

valid {
    input.Qs.targetType == enum_LogTargetType[_]
    input.Qs.targetName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeprecateThingType

valid {
    input.Body.undoDeprecate == BOOLEAN
    input.ReqMap.thingTypeName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAccountAuditConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAuditFinding

valid {
    input.ReqMap.findingId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAuditMitigationActionsTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAuditSuppression

valid {
    input.Body.checkName == STRING
    input.Body.resourceIdentifier.deviceCertificateId == STRING
    input.Body.resourceIdentifier.caCertificateId == STRING
    input.Body.resourceIdentifier.cognitoIdentityPoolId == STRING
    input.Body.resourceIdentifier.clientId == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyName == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyVersionId == STRING
    input.Body.resourceIdentifier.account == STRING
    input.Body.resourceIdentifier.iamRoleArn == STRING
    input.Body.resourceIdentifier.roleAliasArn == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSubject == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerId == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSerialNumber == STRING
    input.Body.resourceIdentifier.deviceCertificateArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAuditTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAuthorizer

valid {
    input.ReqMap.authorizerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeBillingGroup

valid {
    input.ReqMap.billingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCACertificate

valid {
    input.ReqMap.caCertificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCertificate

valid {
    input.ReqMap.certificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCertificateProvider

valid {
    input.ReqMap.certificateProviderName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeCustomMetric

valid {
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDefaultAuthorizer

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDetectMitigationActionsTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDimension

valid {
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainConfiguration

valid {
    input.ReqMap.domainConfigurationName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEndpoint

valid {
    input.Qs.endpointType == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEventConfigurations

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeFleetMetric

valid {
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeIndex

valid {
    input.ReqMap.indexName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeJob

valid {
    input.ReqMap.jobId == STRING
    input.Qs.beforeSubstitution == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeJobExecution

valid {
    input.ReqMap.jobId == STRING
    input.ReqMap.thingName == STRING
    input.Qs.executionNumber == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeJobTemplate

valid {
    input.ReqMap.jobTemplateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeManagedJobTemplate

valid {
    input.ReqMap.templateName == STRING
    input.Qs.templateVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeMitigationAction

valid {
    input.ReqMap.actionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeProvisioningTemplate

valid {
    input.ReqMap.templateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeProvisioningTemplateVersion

valid {
    input.ReqMap.templateName == STRING
    input.ReqMap.versionId == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeRoleAlias

valid {
    input.ReqMap.roleAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeScheduledAudit

valid {
    input.ReqMap.scheduledAuditName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeSecurityProfile

valid {
    input.ReqMap.securityProfileName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeStream

valid {
    input.ReqMap.streamId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeThing

valid {
    input.ReqMap.thingName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeThingGroup

valid {
    input.ReqMap.thingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeThingRegistrationTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeThingType

valid {
    input.ReqMap.thingTypeName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachPolicy

valid {
    input.Body.target == STRING
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachPrincipalPolicy

valid {
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachSecurityProfile

valid {
    input.ReqMap.securityProfileName == STRING
    input.Qs.securityProfileTargetArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachThingPrincipal

valid {
    input.ReqMap.thingName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableTopicRule

valid {
    input.ReqMap.ruleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateSbomFromPackageVersion

valid {
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableTopicRule

valid {
    input.ReqMap.ruleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBehaviorModelTrainingSummaries

valid {
    input.Qs.securityProfileName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBucketsAggregation

valid {
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.aggregationField == STRING
    input.Body.queryVersion == STRING
    input.Body.bucketsAggregationType.termsAggregation.maxBuckets == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCardinality

valid {
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.aggregationField == STRING
    input.Body.queryVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCommand

valid {
    input.ReqMap.commandId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCommandExecution

valid {
    input.ReqMap.executionId == STRING
    input.Qs.targetArn == STRING
    input.Qs.includeResult == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetEffectivePolicies

valid {
    input.Body.principal == STRING
    input.Body.cognitoIdentityPoolId == STRING
    input.Qs.thingName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetIndexingConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetJobDocument

valid {
    input.ReqMap.jobId == STRING
    input.Qs.beforeSubstitution == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoggingOptions

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOTAUpdate

valid {
    input.ReqMap.otaUpdateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPackage

valid {
    input.ReqMap.packageName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPackageConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPackageVersion

valid {
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPercentiles

valid {
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.aggregationField == STRING
    input.Body.queryVersion == STRING
    input.Body.percents[_] == DOUBLE
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicy

valid {
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicyVersion

valid {
    input.ReqMap.policyName == STRING
    input.ReqMap.policyVersionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRegistrationCode

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetStatistics

valid {
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.aggregationField == STRING
    input.Body.queryVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetThingConnectivityData

valid {
    input.ReqMap.thingName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetTopicRule

valid {
    input.ReqMap.ruleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetTopicRuleDestination

valid {
    input.ReqMap.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetV2LoggingOptions

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListActiveViolations

enum_BehaviorCriteriaType := [ "STATIC", "STATISTICAL", "MACHINE_LEARNING" ]
enum_VerificationState := [ "FALSE_POSITIVE", "BENIGN_POSITIVE", "TRUE_POSITIVE", "UNKNOWN" ]

valid {
    input.Qs.thingName == STRING
    input.Qs.securityProfileName == STRING
    input.Qs.behaviorCriteriaType == enum_BehaviorCriteriaType[_]
    input.Qs.listSuppressedAlerts == BOOLEAN
    input.Qs.verificationState == enum_VerificationState[_]
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAttachedPolicies

valid {
    input.ReqMap.target == STRING
    input.Qs.recursive == BOOLEAN
    input.Qs.marker == STRING
    input.Qs.pageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAuditFindings

valid {
    input.Body.taskId == STRING
    input.Body.checkName == STRING
    input.Body.resourceIdentifier.deviceCertificateId == STRING
    input.Body.resourceIdentifier.caCertificateId == STRING
    input.Body.resourceIdentifier.cognitoIdentityPoolId == STRING
    input.Body.resourceIdentifier.clientId == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyName == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyVersionId == STRING
    input.Body.resourceIdentifier.account == STRING
    input.Body.resourceIdentifier.iamRoleArn == STRING
    input.Body.resourceIdentifier.roleAliasArn == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSubject == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerId == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSerialNumber == STRING
    input.Body.resourceIdentifier.deviceCertificateArn == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.listSuppressedFindings == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAuditMitigationActionsExecutions

enum_AuditMitigationActionsExecutionStatus := [ "IN_PROGRESS", "COMPLETED", "FAILED", "CANCELED", "SKIPPED", "PENDING" ]

valid {
    input.Qs.taskId == STRING
    input.Qs.actionStatus == enum_AuditMitigationActionsExecutionStatus[_]
    input.Qs.findingId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAuditMitigationActionsTasks

enum_AuditMitigationActionsTaskStatus := [ "IN_PROGRESS", "COMPLETED", "FAILED", "CANCELED" ]

valid {
    input.Qs.auditTaskId == STRING
    input.Qs.findingId == STRING
    input.Qs.taskStatus == enum_AuditMitigationActionsTaskStatus[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.startTime == TIMESTAMP
    input.Qs.endTime == TIMESTAMP
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAuditSuppressions

valid {
    input.Body.checkName == STRING
    input.Body.resourceIdentifier.deviceCertificateId == STRING
    input.Body.resourceIdentifier.caCertificateId == STRING
    input.Body.resourceIdentifier.cognitoIdentityPoolId == STRING
    input.Body.resourceIdentifier.clientId == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyName == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyVersionId == STRING
    input.Body.resourceIdentifier.account == STRING
    input.Body.resourceIdentifier.iamRoleArn == STRING
    input.Body.resourceIdentifier.roleAliasArn == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSubject == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerId == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSerialNumber == STRING
    input.Body.resourceIdentifier.deviceCertificateArn == STRING
    input.Body.ascendingOrder == BOOLEAN
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAuditTasks

enum_AuditTaskStatus := [ "IN_PROGRESS", "COMPLETED", "FAILED", "CANCELED" ]
enum_AuditTaskType := [ "ON_DEMAND_AUDIT_TASK", "SCHEDULED_AUDIT_TASK" ]

valid {
    input.Qs.startTime == TIMESTAMP
    input.Qs.endTime == TIMESTAMP
    input.Qs.taskType == enum_AuditTaskType[_]
    input.Qs.taskStatus == enum_AuditTaskStatus[_]
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAuthorizers

enum_AuthorizerStatus := [ "ACTIVE", "INACTIVE" ]

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.marker == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.Qs.status == enum_AuthorizerStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListBillingGroups

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.namePrefixFilter == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCACertificates

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.marker == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.Qs.templateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCertificateProviders

valid {
    input.Qs.nextToken == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCertificates

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.marker == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCertificatesByCA

valid {
    input.ReqMap.caCertificateId == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.marker == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCommandExecutions

enum_CommandExecutionStatus := [ "CREATED", "IN_PROGRESS", "SUCCEEDED", "FAILED", "REJECTED", "TIMED_OUT" ]
enum_CommandNamespace := [ "AWS-IoT", "AWS-IoT-FleetWise" ]
enum_SortOrder := [ "ASCENDING", "DESCENDING" ]

valid {
    input.Body.namespace == enum_CommandNamespace[_]
    input.Body.status == enum_CommandExecutionStatus[_]
    input.Body.sortOrder == enum_SortOrder[_]
    input.Body.startedTimeFilter.after == STRING
    input.Body.startedTimeFilter.before == STRING
    input.Body.completedTimeFilter.after == STRING
    input.Body.completedTimeFilter.before == STRING
    input.Body.targetArn == STRING
    input.Body.commandArn == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCommands

enum_CommandNamespace := [ "AWS-IoT", "AWS-IoT-FleetWise" ]
enum_SortOrder := [ "ASCENDING", "DESCENDING" ]

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.namespace == enum_CommandNamespace[_]
    input.Qs.commandParameterName == STRING
    input.Qs.sortOrder == enum_SortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCustomMetrics

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDetectMitigationActionsExecutions

valid {
    input.Qs.taskId == STRING
    input.Qs.violationId == STRING
    input.Qs.thingName == STRING
    input.Qs.startTime == TIMESTAMP
    input.Qs.endTime == TIMESTAMP
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDetectMitigationActionsTasks

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.startTime == TIMESTAMP
    input.Qs.endTime == TIMESTAMP
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDimensions

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDomainConfigurations

enum_ServiceType := [ "DATA", "CREDENTIAL_PROVIDER", "JOBS" ]

valid {
    input.Qs.marker == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.serviceType == enum_ServiceType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFleetMetrics

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIndices

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListJobExecutionsForJob

enum_JobExecutionStatus := [ "QUEUED", "IN_PROGRESS", "SUCCEEDED", "FAILED", "TIMED_OUT", "REJECTED", "REMOVED", "CANCELED" ]

valid {
    input.ReqMap.jobId == STRING
    input.Qs.status == enum_JobExecutionStatus[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListJobExecutionsForThing

enum_JobExecutionStatus := [ "QUEUED", "IN_PROGRESS", "SUCCEEDED", "FAILED", "TIMED_OUT", "REJECTED", "REMOVED", "CANCELED" ]

valid {
    input.ReqMap.thingName == STRING
    input.Qs.status == enum_JobExecutionStatus[_]
    input.Qs.namespaceId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.jobId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListJobTemplates

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListJobs

enum_JobStatus := [ "IN_PROGRESS", "CANCELED", "COMPLETED", "DELETION_IN_PROGRESS", "SCHEDULED" ]
enum_TargetSelection := [ "CONTINUOUS", "SNAPSHOT" ]

valid {
    input.Qs.status == enum_JobStatus[_]
    input.Qs.targetSelection == enum_TargetSelection[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.thingGroupName == STRING
    input.Qs.thingGroupId == STRING
    input.Qs.namespaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListManagedJobTemplates

valid {
    input.Qs.templateName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMetricValues

enum_DimensionValueOperator := [ "IN", "NOT_IN" ]

valid {
    input.Qs.thingName == STRING
    input.Qs.metricName == STRING
    input.Qs.dimensionName == STRING
    input.Qs.dimensionValueOperator == enum_DimensionValueOperator[_]
    input.Qs.startTime == TIMESTAMP
    input.Qs.endTime == TIMESTAMP
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMitigationActions

enum_MitigationActionType := [ "UPDATE_DEVICE_CERTIFICATE", "UPDATE_CA_CERTIFICATE", "ADD_THINGS_TO_THING_GROUP", "REPLACE_DEFAULT_POLICY_VERSION", "ENABLE_IOT_LOGGING", "PUBLISH_FINDING_TO_SNS" ]

valid {
    input.Qs.actionType == enum_MitigationActionType[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOTAUpdates

enum_OTAUpdateStatus := [ "CREATE_PENDING", "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "CREATE_FAILED", "DELETE_IN_PROGRESS", "DELETE_FAILED" ]

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.otaUpdateStatus == enum_OTAUpdateStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListOutgoingCertificates

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.marker == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPackageVersions

enum_PackageVersionStatus := [ "DRAFT", "PUBLISHED", "DEPRECATED" ]

valid {
    input.ReqMap.packageName == STRING
    input.Qs.status == enum_PackageVersionStatus[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPackages

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicies

valid {
    input.Qs.marker == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicyPrincipals

valid {
    input.Qs.marker == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicyVersions

valid {
    input.ReqMap.policyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPrincipalPolicies

valid {
    input.Qs.marker == STRING
    input.Qs.pageSize == INTEGER
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPrincipalThings

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPrincipalThingsV2

enum_ThingPrincipalType := [ "EXCLUSIVE_THING", "NON_EXCLUSIVE_THING" ]

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.thingPrincipalType == enum_ThingPrincipalType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListProvisioningTemplateVersions

valid {
    input.ReqMap.templateName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListProvisioningTemplates

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRelatedResourcesForAuditFinding

valid {
    input.Qs.findingId == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRoleAliases

valid {
    input.Qs.pageSize == INTEGER
    input.Qs.marker == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSbomValidationResults

enum_SbomValidationResult := [ "FAILED", "SUCCEEDED" ]

valid {
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.Qs.validationResult == enum_SbomValidationResult[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListScheduledAudits

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSecurityProfiles

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.dimensionName == STRING
    input.Qs.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSecurityProfilesForTarget

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.recursive == BOOLEAN
    input.Qs.securityProfileTargetArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListStreams

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.isAscendingOrder == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Qs.resourceArn == STRING
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTargetsForPolicy

valid {
    input.ReqMap.policyName == STRING
    input.Qs.marker == STRING
    input.Qs.pageSize == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTargetsForSecurityProfile

valid {
    input.ReqMap.securityProfileName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingGroups

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.parentGroup == STRING
    input.Qs.namePrefixFilter == STRING
    input.Qs.recursive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingGroupsForThing

valid {
    input.ReqMap.thingName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingPrincipals

valid {
    input.ReqMap.thingName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingPrincipalsV2

enum_ThingPrincipalType := [ "EXCLUSIVE_THING", "NON_EXCLUSIVE_THING" ]

valid {
    input.ReqMap.thingName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.thingPrincipalType == enum_ThingPrincipalType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingRegistrationTaskReports

enum_ReportType := [ "ERRORS", "RESULTS" ]

valid {
    input.ReqMap.taskId == STRING
    input.Qs.reportType == enum_ReportType[_]
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingRegistrationTasks

enum_Status := [ "InProgress", "Completed", "Failed", "Cancelled", "Cancelling" ]

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.status == enum_Status[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingTypes

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.thingTypeName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThings

valid {
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.attributeName == STRING
    input.Qs.attributeValue == STRING
    input.Qs.thingTypeName == STRING
    input.Qs.usePrefixAttributeValue == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingsInBillingGroup

valid {
    input.ReqMap.billingGroupName == STRING
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListThingsInThingGroup

valid {
    input.ReqMap.thingGroupName == STRING
    input.Qs.recursive == BOOLEAN
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTopicRuleDestinations

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTopicRules

valid {
    input.Qs.topic == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.ruleDisabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListV2LoggingLevels

enum_LogTargetType := [ "DEFAULT", "THING_GROUP", "CLIENT_ID", "SOURCE_IP", "PRINCIPAL_ID" ]

valid {
    input.Qs.targetType == enum_LogTargetType[_]
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListViolationEvents

enum_BehaviorCriteriaType := [ "STATIC", "STATISTICAL", "MACHINE_LEARNING" ]
enum_VerificationState := [ "FALSE_POSITIVE", "BENIGN_POSITIVE", "TRUE_POSITIVE", "UNKNOWN" ]

valid {
    input.Qs.startTime == TIMESTAMP
    input.Qs.endTime == TIMESTAMP
    input.Qs.thingName == STRING
    input.Qs.securityProfileName == STRING
    input.Qs.behaviorCriteriaType == enum_BehaviorCriteriaType[_]
    input.Qs.listSuppressedAlerts == BOOLEAN
    input.Qs.verificationState == enum_VerificationState[_]
    input.Qs.nextToken == STRING
    input.Qs.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutVerificationStateOnViolation

enum_VerificationState := [ "FALSE_POSITIVE", "BENIGN_POSITIVE", "TRUE_POSITIVE", "UNKNOWN" ]

valid {
    input.Body.verificationState == enum_VerificationState[_]
    input.Body.verificationStateDescription == STRING
    input.ReqMap.violationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterCACertificate

enum_CertificateMode := [ "DEFAULT", "SNI_ONLY" ]

valid {
    input.Body.caCertificate == STRING
    input.Body.verificationCertificate == STRING
    input.Body.registrationConfig.templateBody == STRING
    input.Body.registrationConfig.roleArn == STRING
    input.Body.registrationConfig.templateName == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.Body.certificateMode == enum_CertificateMode[_]
    input.Qs.setAsActive == BOOLEAN
    input.Qs.allowAutoRegistration == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterCertificate

enum_CertificateStatus := [ "ACTIVE", "INACTIVE", "REVOKED", "PENDING_TRANSFER", "REGISTER_INACTIVE", "PENDING_ACTIVATION" ]

valid {
    input.Body.certificatePem == STRING
    input.Body.caCertificatePem == STRING
    input.Body.status == enum_CertificateStatus[_]
    input.Qs.setAsActive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterCertificateWithoutCA

enum_CertificateStatus := [ "ACTIVE", "INACTIVE", "REVOKED", "PENDING_TRANSFER", "REGISTER_INACTIVE", "PENDING_ACTIVATION" ]

valid {
    input.Body.certificatePem == STRING
    input.Body.status == enum_CertificateStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterThing

valid {
    input.Body.templateBody == STRING
    input.Body.parameters.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RejectCertificateTransfer

valid {
    input.Body.rejectReason == STRING
    input.ReqMap.certificateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveThingFromBillingGroup

valid {
    input.Body.billingGroupName == STRING
    input.Body.billingGroupArn == STRING
    input.Body.thingName == STRING
    input.Body.thingArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveThingFromThingGroup

valid {
    input.Body.thingGroupName == STRING
    input.Body.thingGroupArn == STRING
    input.Body.thingName == STRING
    input.Body.thingArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ReplaceTopicRule

enum_CannedAccessControlList := [ "private", "public-read", "public-read-write", "aws-exec-read", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control", "log-delivery-write" ]
enum_DynamoKeyType := [ "STRING", "NUMBER" ]
enum_MessageFormat := [ "RAW", "JSON" ]

valid {
    input.Body.topicRulePayload.sql == STRING
    input.Body.topicRulePayload.description == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.tableName == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.roleArn == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.operation == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.hashKeyField == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.hashKeyValue == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.hashKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.actions[_].dynamoDB.rangeKeyField == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.rangeKeyValue == STRING
    input.Body.topicRulePayload.actions[_].dynamoDB.rangeKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.actions[_].dynamoDB.payloadField == STRING
    input.Body.topicRulePayload.actions[_].dynamoDBv2.roleArn == STRING
    input.Body.topicRulePayload.actions[_].dynamoDBv2.putItem.tableName == STRING
    input.Body.topicRulePayload.actions[_].lambda.functionArn == STRING
    input.Body.topicRulePayload.actions[_].sns.targetArn == STRING
    input.Body.topicRulePayload.actions[_].sns.roleArn == STRING
    input.Body.topicRulePayload.actions[_].sns.messageFormat == enum_MessageFormat[_]
    input.Body.topicRulePayload.actions[_].sqs.roleArn == STRING
    input.Body.topicRulePayload.actions[_].sqs.queueUrl == STRING
    input.Body.topicRulePayload.actions[_].sqs.useBase64 == BOOLEAN
    input.Body.topicRulePayload.actions[_].kinesis.roleArn == STRING
    input.Body.topicRulePayload.actions[_].kinesis.streamName == STRING
    input.Body.topicRulePayload.actions[_].kinesis.partitionKey == STRING
    input.Body.topicRulePayload.actions[_].republish.roleArn == STRING
    input.Body.topicRulePayload.actions[_].republish.topic == STRING
    input.Body.topicRulePayload.actions[_].republish.qos == INTEGER
    input.Body.topicRulePayload.actions[_].republish.headers.payloadFormatIndicator == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.contentType == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.responseTopic == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.correlationData == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.messageExpiry == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.userProperties[_].key == STRING
    input.Body.topicRulePayload.actions[_].republish.headers.userProperties[_].value == STRING
    input.Body.topicRulePayload.actions[_].s3.roleArn == STRING
    input.Body.topicRulePayload.actions[_].s3.bucketName == STRING
    input.Body.topicRulePayload.actions[_].s3.key == STRING
    input.Body.topicRulePayload.actions[_].s3.cannedAcl == enum_CannedAccessControlList[_]
    input.Body.topicRulePayload.actions[_].firehose.roleArn == STRING
    input.Body.topicRulePayload.actions[_].firehose.deliveryStreamName == STRING
    input.Body.topicRulePayload.actions[_].firehose.separator == STRING
    input.Body.topicRulePayload.actions[_].firehose.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.roleArn == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricNamespace == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricName == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricValue == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricUnit == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchMetric.metricTimestamp == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.roleArn == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.alarmName == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.stateReason == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchAlarm.stateValue == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchLogs.roleArn == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchLogs.logGroupName == STRING
    input.Body.topicRulePayload.actions[_].cloudwatchLogs.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].elasticsearch.roleArn == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.endpoint == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.index == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.type == STRING
    input.Body.topicRulePayload.actions[_].elasticsearch.id == STRING
    input.Body.topicRulePayload.actions[_].salesforce.token == STRING
    input.Body.topicRulePayload.actions[_].salesforce.url == STRING
    input.Body.topicRulePayload.actions[_].iotAnalytics.channelArn == STRING
    input.Body.topicRulePayload.actions[_].iotAnalytics.channelName == STRING
    input.Body.topicRulePayload.actions[_].iotAnalytics.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].iotAnalytics.roleArn == STRING
    input.Body.topicRulePayload.actions[_].iotEvents.inputName == STRING
    input.Body.topicRulePayload.actions[_].iotEvents.messageId == STRING
    input.Body.topicRulePayload.actions[_].iotEvents.batchMode == BOOLEAN
    input.Body.topicRulePayload.actions[_].iotEvents.roleArn == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].entryId == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].assetId == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyId == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyAlias == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.stringValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.integerValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.doubleValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.booleanValue == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.timeInSeconds == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.offsetInNanos == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].quality == STRING
    input.Body.topicRulePayload.actions[_].iotSiteWise.roleArn == STRING
    input.Body.topicRulePayload.actions[_].stepFunctions.executionNamePrefix == STRING
    input.Body.topicRulePayload.actions[_].stepFunctions.stateMachineName == STRING
    input.Body.topicRulePayload.actions[_].stepFunctions.roleArn == STRING
    input.Body.topicRulePayload.actions[_].timestream.roleArn == STRING
    input.Body.topicRulePayload.actions[_].timestream.databaseName == STRING
    input.Body.topicRulePayload.actions[_].timestream.tableName == STRING
    input.Body.topicRulePayload.actions[_].timestream.dimensions[_].name == STRING
    input.Body.topicRulePayload.actions[_].timestream.dimensions[_].value == STRING
    input.Body.topicRulePayload.actions[_].timestream.timestamp.value == STRING
    input.Body.topicRulePayload.actions[_].timestream.timestamp.unit == STRING
    input.Body.topicRulePayload.actions[_].http.url == STRING
    input.Body.topicRulePayload.actions[_].http.confirmationUrl == STRING
    input.Body.topicRulePayload.actions[_].http.headers[_].key == STRING
    input.Body.topicRulePayload.actions[_].http.headers[_].value == STRING
    input.Body.topicRulePayload.actions[_].http.auth.sigv4.signingRegion == STRING
    input.Body.topicRulePayload.actions[_].http.auth.sigv4.serviceName == STRING
    input.Body.topicRulePayload.actions[_].http.auth.sigv4.roleArn == STRING
    input.Body.topicRulePayload.actions[_].kafka.destinationArn == STRING
    input.Body.topicRulePayload.actions[_].kafka.topic == STRING
    input.Body.topicRulePayload.actions[_].kafka.key == STRING
    input.Body.topicRulePayload.actions[_].kafka.partition == STRING
    input.Body.topicRulePayload.actions[_].kafka.clientProperties.STRING == STRING
    input.Body.topicRulePayload.actions[_].kafka.headers[_].key == STRING
    input.Body.topicRulePayload.actions[_].kafka.headers[_].value == STRING
    input.Body.topicRulePayload.actions[_].openSearch.roleArn == STRING
    input.Body.topicRulePayload.actions[_].openSearch.endpoint == STRING
    input.Body.topicRulePayload.actions[_].openSearch.index == STRING
    input.Body.topicRulePayload.actions[_].openSearch.type == STRING
    input.Body.topicRulePayload.actions[_].openSearch.id == STRING
    input.Body.topicRulePayload.actions[_].location.roleArn == STRING
    input.Body.topicRulePayload.actions[_].location.trackerName == STRING
    input.Body.topicRulePayload.actions[_].location.deviceId == STRING
    input.Body.topicRulePayload.actions[_].location.timestamp.value == STRING
    input.Body.topicRulePayload.actions[_].location.timestamp.unit == STRING
    input.Body.topicRulePayload.actions[_].location.latitude == STRING
    input.Body.topicRulePayload.actions[_].location.longitude == STRING
    input.Body.topicRulePayload.ruleDisabled == BOOLEAN
    input.Body.topicRulePayload.awsIotSqlVersion == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.tableName == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.roleArn == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.operation == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.hashKeyField == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.hashKeyValue == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.hashKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.errorAction.dynamoDB.rangeKeyField == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.rangeKeyValue == STRING
    input.Body.topicRulePayload.errorAction.dynamoDB.rangeKeyType == enum_DynamoKeyType[_]
    input.Body.topicRulePayload.errorAction.dynamoDB.payloadField == STRING
    input.Body.topicRulePayload.errorAction.dynamoDBv2.roleArn == STRING
    input.Body.topicRulePayload.errorAction.dynamoDBv2.putItem.tableName == STRING
    input.Body.topicRulePayload.errorAction.lambda.functionArn == STRING
    input.Body.topicRulePayload.errorAction.sns.targetArn == STRING
    input.Body.topicRulePayload.errorAction.sns.roleArn == STRING
    input.Body.topicRulePayload.errorAction.sns.messageFormat == enum_MessageFormat[_]
    input.Body.topicRulePayload.errorAction.sqs.roleArn == STRING
    input.Body.topicRulePayload.errorAction.sqs.queueUrl == STRING
    input.Body.topicRulePayload.errorAction.sqs.useBase64 == BOOLEAN
    input.Body.topicRulePayload.errorAction.kinesis.roleArn == STRING
    input.Body.topicRulePayload.errorAction.kinesis.streamName == STRING
    input.Body.topicRulePayload.errorAction.kinesis.partitionKey == STRING
    input.Body.topicRulePayload.errorAction.republish.roleArn == STRING
    input.Body.topicRulePayload.errorAction.republish.topic == STRING
    input.Body.topicRulePayload.errorAction.republish.qos == INTEGER
    input.Body.topicRulePayload.errorAction.republish.headers.payloadFormatIndicator == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.contentType == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.responseTopic == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.correlationData == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.messageExpiry == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.userProperties[_].key == STRING
    input.Body.topicRulePayload.errorAction.republish.headers.userProperties[_].value == STRING
    input.Body.topicRulePayload.errorAction.s3.roleArn == STRING
    input.Body.topicRulePayload.errorAction.s3.bucketName == STRING
    input.Body.topicRulePayload.errorAction.s3.key == STRING
    input.Body.topicRulePayload.errorAction.s3.cannedAcl == enum_CannedAccessControlList[_]
    input.Body.topicRulePayload.errorAction.firehose.roleArn == STRING
    input.Body.topicRulePayload.errorAction.firehose.deliveryStreamName == STRING
    input.Body.topicRulePayload.errorAction.firehose.separator == STRING
    input.Body.topicRulePayload.errorAction.firehose.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.roleArn == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricNamespace == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricName == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricValue == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricUnit == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchMetric.metricTimestamp == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.roleArn == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.alarmName == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.stateReason == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchAlarm.stateValue == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchLogs.roleArn == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchLogs.logGroupName == STRING
    input.Body.topicRulePayload.errorAction.cloudwatchLogs.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.elasticsearch.roleArn == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.endpoint == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.index == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.type == STRING
    input.Body.topicRulePayload.errorAction.elasticsearch.id == STRING
    input.Body.topicRulePayload.errorAction.salesforce.token == STRING
    input.Body.topicRulePayload.errorAction.salesforce.url == STRING
    input.Body.topicRulePayload.errorAction.iotAnalytics.channelArn == STRING
    input.Body.topicRulePayload.errorAction.iotAnalytics.channelName == STRING
    input.Body.topicRulePayload.errorAction.iotAnalytics.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.iotAnalytics.roleArn == STRING
    input.Body.topicRulePayload.errorAction.iotEvents.inputName == STRING
    input.Body.topicRulePayload.errorAction.iotEvents.messageId == STRING
    input.Body.topicRulePayload.errorAction.iotEvents.batchMode == BOOLEAN
    input.Body.topicRulePayload.errorAction.iotEvents.roleArn == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].entryId == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].assetId == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyId == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyAlias == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.stringValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.integerValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.doubleValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].value.booleanValue == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.timeInSeconds == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].timestamp.offsetInNanos == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.putAssetPropertyValueEntries[_].propertyValues[_].quality == STRING
    input.Body.topicRulePayload.errorAction.iotSiteWise.roleArn == STRING
    input.Body.topicRulePayload.errorAction.stepFunctions.executionNamePrefix == STRING
    input.Body.topicRulePayload.errorAction.stepFunctions.stateMachineName == STRING
    input.Body.topicRulePayload.errorAction.stepFunctions.roleArn == STRING
    input.Body.topicRulePayload.errorAction.timestream.roleArn == STRING
    input.Body.topicRulePayload.errorAction.timestream.databaseName == STRING
    input.Body.topicRulePayload.errorAction.timestream.tableName == STRING
    input.Body.topicRulePayload.errorAction.timestream.dimensions[_].name == STRING
    input.Body.topicRulePayload.errorAction.timestream.dimensions[_].value == STRING
    input.Body.topicRulePayload.errorAction.timestream.timestamp.value == STRING
    input.Body.topicRulePayload.errorAction.timestream.timestamp.unit == STRING
    input.Body.topicRulePayload.errorAction.http.url == STRING
    input.Body.topicRulePayload.errorAction.http.confirmationUrl == STRING
    input.Body.topicRulePayload.errorAction.http.headers[_].key == STRING
    input.Body.topicRulePayload.errorAction.http.headers[_].value == STRING
    input.Body.topicRulePayload.errorAction.http.auth.sigv4.signingRegion == STRING
    input.Body.topicRulePayload.errorAction.http.auth.sigv4.serviceName == STRING
    input.Body.topicRulePayload.errorAction.http.auth.sigv4.roleArn == STRING
    input.Body.topicRulePayload.errorAction.kafka.destinationArn == STRING
    input.Body.topicRulePayload.errorAction.kafka.topic == STRING
    input.Body.topicRulePayload.errorAction.kafka.key == STRING
    input.Body.topicRulePayload.errorAction.kafka.partition == STRING
    input.Body.topicRulePayload.errorAction.kafka.clientProperties.STRING == STRING
    input.Body.topicRulePayload.errorAction.kafka.headers[_].key == STRING
    input.Body.topicRulePayload.errorAction.kafka.headers[_].value == STRING
    input.Body.topicRulePayload.errorAction.openSearch.roleArn == STRING
    input.Body.topicRulePayload.errorAction.openSearch.endpoint == STRING
    input.Body.topicRulePayload.errorAction.openSearch.index == STRING
    input.Body.topicRulePayload.errorAction.openSearch.type == STRING
    input.Body.topicRulePayload.errorAction.openSearch.id == STRING
    input.Body.topicRulePayload.errorAction.location.roleArn == STRING
    input.Body.topicRulePayload.errorAction.location.trackerName == STRING
    input.Body.topicRulePayload.errorAction.location.deviceId == STRING
    input.Body.topicRulePayload.errorAction.location.timestamp.value == STRING
    input.Body.topicRulePayload.errorAction.location.timestamp.unit == STRING
    input.Body.topicRulePayload.errorAction.location.latitude == STRING
    input.Body.topicRulePayload.errorAction.location.longitude == STRING
    input.ReqMap.ruleName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SearchIndex

valid {
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.queryVersion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetDefaultAuthorizer

valid {
    input.Body.authorizerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetDefaultPolicyVersion

valid {
    input.ReqMap.policyName == STRING
    input.ReqMap.policyVersionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetLoggingOptions

enum_LogLevel := [ "DEBUG", "INFO", "ERROR", "WARN", "DISABLED" ]

valid {
    input.Body.loggingOptionsPayload.roleArn == STRING
    input.Body.loggingOptionsPayload.logLevel == enum_LogLevel[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetV2LoggingLevel

enum_LogLevel := [ "DEBUG", "INFO", "ERROR", "WARN", "DISABLED" ]
enum_LogTargetType := [ "DEFAULT", "THING_GROUP", "CLIENT_ID", "SOURCE_IP", "PRINCIPAL_ID" ]

valid {
    input.Body.logTarget.targetType == enum_LogTargetType[_]
    input.Body.logTarget.targetName == STRING
    input.Body.logLevel == enum_LogLevel[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetV2LoggingOptions

enum_LogLevel := [ "DEBUG", "INFO", "ERROR", "WARN", "DISABLED" ]

valid {
    input.Body.roleArn == STRING
    input.Body.defaultLogLevel == enum_LogLevel[_]
    input.Body.disableAllLogs == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartAuditMitigationActionsTask

valid {
    input.Body.target.auditTaskId == STRING
    input.Body.target.findingIds[_] == STRING
    input.Body.target.auditCheckToReasonCodeFilter.STRING[_] == STRING
    input.Body.auditCheckToActionsMapping.STRING[_] == STRING
    input.Body.clientRequestToken == STRING
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartDetectMitigationActionsTask

valid {
    input.Body.target.violationIds[_] == STRING
    input.Body.target.securityProfileName == STRING
    input.Body.target.behaviorName == STRING
    input.Body.actions[_] == STRING
    input.Body.violationEventOccurrenceRange.startTime == TIMESTAMP
    input.Body.violationEventOccurrenceRange.endTime == TIMESTAMP
    input.Body.includeOnlyActiveViolations == BOOLEAN
    input.Body.includeSuppressedAlerts == BOOLEAN
    input.Body.clientRequestToken == STRING
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartOnDemandAuditTask

valid {
    input.Body.targetCheckNames[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartThingRegistrationTask

valid {
    input.Body.templateBody == STRING
    input.Body.inputFileBucket == STRING
    input.Body.inputFileKey == STRING
    input.Body.roleArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StopThingRegistrationTask

valid {
    input.ReqMap.taskId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.resourceArn == STRING
    input.Body.tags[_].Key == STRING
    input.Body.tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TestAuthorization

enum_ActionType := [ "PUBLISH", "SUBSCRIBE", "RECEIVE", "CONNECT" ]

valid {
    input.Body.principal == STRING
    input.Body.cognitoIdentityPoolId == STRING
    input.Body.authInfos[_].actionType == enum_ActionType[_]
    input.Body.authInfos[_].resources[_] == STRING
    input.Body.policyNamesToAdd[_] == STRING
    input.Body.policyNamesToSkip[_] == STRING
    input.Qs.clientId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TestInvokeAuthorizer

valid {
    input.Body.token == STRING
    input.Body.tokenSignature == STRING
    input.Body.httpContext.headers.STRING == STRING
    input.Body.httpContext.queryString == STRING
    input.Body.mqttContext.username == STRING
    input.Body.mqttContext.password == BLOB
    input.Body.mqttContext.clientId == STRING
    input.Body.tlsContext.serverName == STRING
    input.ReqMap.authorizerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TransferCertificate

valid {
    input.Body.transferMessage == STRING
    input.ReqMap.certificateId == STRING
    input.Qs.targetAwsAccount == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.resourceArn == STRING
    input.Body.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAccountAuditConfiguration

valid {
    input.Body.roleArn == STRING
    input.Body.auditNotificationTargetConfigurations.SNS.targetArn == STRING
    input.Body.auditNotificationTargetConfigurations.SNS.roleArn == STRING
    input.Body.auditNotificationTargetConfigurations.SNS.enabled == BOOLEAN
    input.Body.auditCheckConfigurations.STRING.enabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAuditSuppression

valid {
    input.Body.checkName == STRING
    input.Body.resourceIdentifier.deviceCertificateId == STRING
    input.Body.resourceIdentifier.caCertificateId == STRING
    input.Body.resourceIdentifier.cognitoIdentityPoolId == STRING
    input.Body.resourceIdentifier.clientId == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyName == STRING
    input.Body.resourceIdentifier.policyVersionIdentifier.policyVersionId == STRING
    input.Body.resourceIdentifier.account == STRING
    input.Body.resourceIdentifier.iamRoleArn == STRING
    input.Body.resourceIdentifier.roleAliasArn == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSubject == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerId == STRING
    input.Body.resourceIdentifier.issuerCertificateIdentifier.issuerCertificateSerialNumber == STRING
    input.Body.resourceIdentifier.deviceCertificateArn == STRING
    input.Body.expirationDate == TIMESTAMP
    input.Body.suppressIndefinitely == BOOLEAN
    input.Body.description == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateAuthorizer

enum_AuthorizerStatus := [ "ACTIVE", "INACTIVE" ]

valid {
    input.Body.authorizerFunctionArn == STRING
    input.Body.tokenKeyName == STRING
    input.Body.tokenSigningPublicKeys.STRING == STRING
    input.Body.status == enum_AuthorizerStatus[_]
    input.Body.enableCachingForHttp == BOOLEAN
    input.ReqMap.authorizerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateBillingGroup

valid {
    input.Body.billingGroupProperties.billingGroupDescription == STRING
    input.Body.expectedVersion == LONG
    input.ReqMap.billingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCACertificate

enum_AutoRegistrationStatus := [ "ENABLE", "DISABLE" ]
enum_CACertificateStatus := [ "ACTIVE", "INACTIVE" ]

valid {
    input.Body.registrationConfig.templateBody == STRING
    input.Body.registrationConfig.roleArn == STRING
    input.Body.registrationConfig.templateName == STRING
    input.Body.removeAutoRegistration == BOOLEAN
    input.ReqMap.caCertificateId == STRING
    input.Qs.newStatus == enum_CACertificateStatus[_]
    input.Qs.newAutoRegistrationStatus == enum_AutoRegistrationStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCertificate

enum_CertificateStatus := [ "ACTIVE", "INACTIVE", "REVOKED", "PENDING_TRANSFER", "REGISTER_INACTIVE", "PENDING_ACTIVATION" ]

valid {
    input.ReqMap.certificateId == STRING
    input.Qs.newStatus == enum_CertificateStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCertificateProvider

enum_CertificateProviderOperation := [ "CreateCertificateFromCsr" ]

valid {
    input.Body.lambdaFunctionArn == STRING
    input.Body.accountDefaultForOperations[_] == enum_CertificateProviderOperation[_]
    input.ReqMap.certificateProviderName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCommand

valid {
    input.Body.displayName == STRING
    input.Body.description == STRING
    input.Body.deprecated == BOOLEAN
    input.ReqMap.commandId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCustomMetric

valid {
    input.Body.displayName == STRING
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDimension

valid {
    input.Body.stringValues[_] == STRING
    input.ReqMap.name == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDomainConfiguration

enum_ApplicationProtocol := [ "SECURE_MQTT", "MQTT_WSS", "HTTPS", "DEFAULT" ]
enum_AuthenticationType := [ "CUSTOM_AUTH_X509", "CUSTOM_AUTH", "AWS_X509", "AWS_SIGV4", "DEFAULT" ]
enum_DomainConfigurationStatus := [ "ENABLED", "DISABLED" ]

valid {
    input.Body.authorizerConfig.defaultAuthorizerName == STRING
    input.Body.authorizerConfig.allowAuthorizerOverride == BOOLEAN
    input.Body.domainConfigurationStatus == enum_DomainConfigurationStatus[_]
    input.Body.removeAuthorizerConfig == BOOLEAN
    input.Body.tlsConfig.securityPolicy == STRING
    input.Body.serverCertificateConfig.enableOCSPCheck == BOOLEAN
    input.Body.serverCertificateConfig.ocspLambdaArn == STRING
    input.Body.serverCertificateConfig.ocspAuthorizedResponderArn == STRING
    input.Body.authenticationType == enum_AuthenticationType[_]
    input.Body.applicationProtocol == enum_ApplicationProtocol[_]
    input.Body.clientCertificateConfig.clientCertificateCallbackArn == STRING
    input.ReqMap.domainConfigurationName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDynamicThingGroup

valid {
    input.Body.thingGroupProperties.thingGroupDescription == STRING
    input.Body.thingGroupProperties.attributePayload.attributes.STRING == STRING
    input.Body.thingGroupProperties.attributePayload.merge == BOOLEAN
    input.Body.expectedVersion == LONG
    input.Body.indexName == STRING
    input.Body.queryString == STRING
    input.Body.queryVersion == STRING
    input.ReqMap.thingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateEventConfigurations

valid {
    input.Body.eventConfigurations.THING.Enabled == BOOLEAN
    input.Body.eventConfigurations.THING_GROUP.Enabled == BOOLEAN
    input.Body.eventConfigurations.THING_TYPE.Enabled == BOOLEAN
    input.Body.eventConfigurations.THING_GROUP_MEMBERSHIP.Enabled == BOOLEAN
    input.Body.eventConfigurations.THING_GROUP_HIERARCHY.Enabled == BOOLEAN
    input.Body.eventConfigurations.THING_TYPE_ASSOCIATION.Enabled == BOOLEAN
    input.Body.eventConfigurations.JOB.Enabled == BOOLEAN
    input.Body.eventConfigurations.JOB_EXECUTION.Enabled == BOOLEAN
    input.Body.eventConfigurations.POLICY.Enabled == BOOLEAN
    input.Body.eventConfigurations.CERTIFICATE.Enabled == BOOLEAN
    input.Body.eventConfigurations.CA_CERTIFICATE.Enabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateFleetMetric

enum_AggregationTypeName := [ "Statistics", "Percentiles", "Cardinality" ]
enum_FleetMetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]

valid {
    input.Body.queryString == STRING
    input.Body.aggregationType.name == enum_AggregationTypeName[_]
    input.Body.aggregationType.values[_] == STRING
    input.Body.period == INTEGER
    input.Body.aggregationField == STRING
    input.Body.description == STRING
    input.Body.queryVersion == STRING
    input.Body.indexName == STRING
    input.Body.unit == enum_FleetMetricUnit[_]
    input.Body.expectedVersion == LONG
    input.ReqMap.metricName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateIndexingConfiguration

enum_DeviceDefenderIndexingMode := [ "OFF", "VIOLATIONS" ]
enum_FieldType := [ "Number", "String", "Boolean" ]
enum_NamedShadowIndexingMode := [ "OFF", "ON" ]
enum_TargetFieldOrder := [ "LatLon", "LonLat" ]
enum_ThingConnectivityIndexingMode := [ "OFF", "STATUS" ]
enum_ThingGroupIndexingMode := [ "OFF", "ON" ]
enum_ThingIndexingMode := [ "OFF", "REGISTRY", "REGISTRY_AND_SHADOW" ]

valid {
    input.Body.thingIndexingConfiguration.thingIndexingMode == enum_ThingIndexingMode[_]
    input.Body.thingIndexingConfiguration.thingConnectivityIndexingMode == enum_ThingConnectivityIndexingMode[_]
    input.Body.thingIndexingConfiguration.deviceDefenderIndexingMode == enum_DeviceDefenderIndexingMode[_]
    input.Body.thingIndexingConfiguration.namedShadowIndexingMode == enum_NamedShadowIndexingMode[_]
    input.Body.thingIndexingConfiguration.managedFields[_].name == STRING
    input.Body.thingIndexingConfiguration.managedFields[_].type == enum_FieldType[_]
    input.Body.thingIndexingConfiguration.customFields[_].name == STRING
    input.Body.thingIndexingConfiguration.customFields[_].type == enum_FieldType[_]
    input.Body.thingIndexingConfiguration.filter.namedShadowNames[_] == STRING
    input.Body.thingIndexingConfiguration.filter.geoLocations[_].name == STRING
    input.Body.thingIndexingConfiguration.filter.geoLocations[_].order == enum_TargetFieldOrder[_]
    input.Body.thingGroupIndexingConfiguration.thingGroupIndexingMode == enum_ThingGroupIndexingMode[_]
    input.Body.thingGroupIndexingConfiguration.managedFields[_].name == STRING
    input.Body.thingGroupIndexingConfiguration.managedFields[_].type == enum_FieldType[_]
    input.Body.thingGroupIndexingConfiguration.customFields[_].name == STRING
    input.Body.thingGroupIndexingConfiguration.customFields[_].type == enum_FieldType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateJob

enum_AbortAction := [ "CANCEL" ]
enum_JobExecutionFailureType := [ "FAILED", "REJECTED", "TIMED_OUT", "ALL" ]
enum_RetryableFailureType := [ "FAILED", "TIMED_OUT", "ALL" ]

valid {
    input.Body.description == STRING
    input.Body.presignedUrlConfig.roleArn == STRING
    input.Body.presignedUrlConfig.expiresInSec == LONG
    input.Body.jobExecutionsRolloutConfig.maximumPerMinute == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.baseRatePerMinute == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.incrementFactor == DOUBLE
    input.Body.jobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfNotifiedThings == INTEGER
    input.Body.jobExecutionsRolloutConfig.exponentialRate.rateIncreaseCriteria.numberOfSucceededThings == INTEGER
    input.Body.abortConfig.criteriaList[_].failureType == enum_JobExecutionFailureType[_]
    input.Body.abortConfig.criteriaList[_].action == enum_AbortAction[_]
    input.Body.abortConfig.criteriaList[_].thresholdPercentage == DOUBLE
    input.Body.abortConfig.criteriaList[_].minNumberOfExecutedThings == INTEGER
    input.Body.timeoutConfig.inProgressTimeoutInMinutes == LONG
    input.Body.jobExecutionsRetryConfig.criteriaList[_].failureType == enum_RetryableFailureType[_]
    input.Body.jobExecutionsRetryConfig.criteriaList[_].numberOfRetries == INTEGER
    input.ReqMap.jobId == STRING
    input.Qs.namespaceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateMitigationAction

enum_CACertificateUpdateAction := [ "DEACTIVATE" ]
enum_DeviceCertificateUpdateAction := [ "DEACTIVATE" ]
enum_LogLevel := [ "DEBUG", "INFO", "ERROR", "WARN", "DISABLED" ]
enum_PolicyTemplateName := [ "BLANK_POLICY" ]

valid {
    input.Body.roleArn == STRING
    input.Body.actionParams.updateDeviceCertificateParams.action == enum_DeviceCertificateUpdateAction[_]
    input.Body.actionParams.updateCACertificateParams.action == enum_CACertificateUpdateAction[_]
    input.Body.actionParams.addThingsToThingGroupParams.thingGroupNames[_] == STRING
    input.Body.actionParams.addThingsToThingGroupParams.overrideDynamicGroups == BOOLEAN
    input.Body.actionParams.replaceDefaultPolicyVersionParams.templateName == enum_PolicyTemplateName[_]
    input.Body.actionParams.enableIoTLoggingParams.roleArnForLogging == STRING
    input.Body.actionParams.enableIoTLoggingParams.logLevel == enum_LogLevel[_]
    input.Body.actionParams.publishFindingToSnsParams.topicArn == STRING
    input.ReqMap.actionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePackage

valid {
    input.Body.description == STRING
    input.Body.defaultVersionName == STRING
    input.Body.unsetDefaultVersion == BOOLEAN
    input.ReqMap.packageName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePackageConfiguration

valid {
    input.Body.versionUpdateByJobsConfig.enabled == BOOLEAN
    input.Body.versionUpdateByJobsConfig.roleArn == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePackageVersion

enum_PackageVersionAction := [ "PUBLISH", "DEPRECATE" ]

valid {
    input.Body.description == STRING
    input.Body.attributes.STRING == STRING
    input.Body.artifact.s3Location.bucket == STRING
    input.Body.artifact.s3Location.key == STRING
    input.Body.artifact.s3Location.version == STRING
    input.Body.action == enum_PackageVersionAction[_]
    input.Body.recipe == STRING
    input.ReqMap.packageName == STRING
    input.ReqMap.versionName == STRING
    input.Qs.clientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateProvisioningTemplate

valid {
    input.Body.description == STRING
    input.Body.enabled == BOOLEAN
    input.Body.defaultVersionId == INTEGER
    input.Body.provisioningRoleArn == STRING
    input.Body.preProvisioningHook.payloadVersion == STRING
    input.Body.preProvisioningHook.targetArn == STRING
    input.Body.removePreProvisioningHook == BOOLEAN
    input.ReqMap.templateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRoleAlias

valid {
    input.Body.roleArn == STRING
    input.Body.credentialDurationSeconds == INTEGER
    input.ReqMap.roleAlias == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateScheduledAudit

enum_AuditFrequency := [ "DAILY", "WEEKLY", "BIWEEKLY", "MONTHLY" ]
enum_DayOfWeek := [ "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" ]

valid {
    input.Body.frequency == enum_AuditFrequency[_]
    input.Body.dayOfMonth == STRING
    input.Body.dayOfWeek == enum_DayOfWeek[_]
    input.Body.targetCheckNames[_] == STRING
    input.ReqMap.scheduledAuditName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSecurityProfile

enum_ComparisonOperator := [ "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set", "in-set", "not-in-set" ]
enum_ConfidenceLevel := [ "LOW", "MEDIUM", "HIGH" ]
enum_DimensionValueOperator := [ "IN", "NOT_IN" ]

valid {
    input.Body.securityProfileDescription == STRING
    input.Body.behaviors[_].name == STRING
    input.Body.behaviors[_].metric == STRING
    input.Body.behaviors[_].metricDimension.dimensionName == STRING
    input.Body.behaviors[_].metricDimension.operator == enum_DimensionValueOperator[_]
    input.Body.behaviors[_].criteria.comparisonOperator == enum_ComparisonOperator[_]
    input.Body.behaviors[_].criteria.value.count == LONG
    input.Body.behaviors[_].criteria.value.cidrs[_] == STRING
    input.Body.behaviors[_].criteria.value.ports[_] == INTEGER
    input.Body.behaviors[_].criteria.value.number == DOUBLE
    input.Body.behaviors[_].criteria.value.numbers[_] == DOUBLE
    input.Body.behaviors[_].criteria.value.strings[_] == STRING
    input.Body.behaviors[_].criteria.durationSeconds == INTEGER
    input.Body.behaviors[_].criteria.consecutiveDatapointsToAlarm == INTEGER
    input.Body.behaviors[_].criteria.consecutiveDatapointsToClear == INTEGER
    input.Body.behaviors[_].criteria.statisticalThreshold.statistic == STRING
    input.Body.behaviors[_].criteria.mlDetectionConfig.confidenceLevel == enum_ConfidenceLevel[_]
    input.Body.behaviors[_].suppressAlerts == BOOLEAN
    input.Body.behaviors[_].exportMetric == BOOLEAN
    input.Body.alertTargets.SNS.alertTargetArn == STRING
    input.Body.alertTargets.SNS.roleArn == STRING
    input.Body.additionalMetricsToRetain[_] == STRING
    input.Body.additionalMetricsToRetainV2[_].metric == STRING
    input.Body.additionalMetricsToRetainV2[_].metricDimension.dimensionName == STRING
    input.Body.additionalMetricsToRetainV2[_].metricDimension.operator == enum_DimensionValueOperator[_]
    input.Body.additionalMetricsToRetainV2[_].exportMetric == BOOLEAN
    input.Body.deleteBehaviors == BOOLEAN
    input.Body.deleteAlertTargets == BOOLEAN
    input.Body.deleteAdditionalMetricsToRetain == BOOLEAN
    input.Body.metricsExportConfig.mqttTopic == STRING
    input.Body.metricsExportConfig.roleArn == STRING
    input.Body.deleteMetricsExportConfig == BOOLEAN
    input.ReqMap.securityProfileName == STRING
    input.Qs.expectedVersion == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateStream

valid {
    input.Body.description == STRING
    input.Body.files[_].fileId == INTEGER
    input.Body.files[_].s3Location.bucket == STRING
    input.Body.files[_].s3Location.key == STRING
    input.Body.files[_].s3Location.version == STRING
    input.Body.roleArn == STRING
    input.ReqMap.streamId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateThing

valid {
    input.Body.thingTypeName == STRING
    input.Body.attributePayload.attributes.STRING == STRING
    input.Body.attributePayload.merge == BOOLEAN
    input.Body.expectedVersion == LONG
    input.Body.removeThingType == BOOLEAN
    input.ReqMap.thingName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateThingGroup

valid {
    input.Body.thingGroupProperties.thingGroupDescription == STRING
    input.Body.thingGroupProperties.attributePayload.attributes.STRING == STRING
    input.Body.thingGroupProperties.attributePayload.merge == BOOLEAN
    input.Body.expectedVersion == LONG
    input.ReqMap.thingGroupName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateThingGroupsForThing

valid {
    input.Body.thingName == STRING
    input.Body.thingGroupsToAdd[_] == STRING
    input.Body.thingGroupsToRemove[_] == STRING
    input.Body.overrideDynamicGroups == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateThingType

valid {
    input.Body.thingTypeProperties.thingTypeDescription == STRING
    input.Body.thingTypeProperties.searchableAttributes[_] == STRING
    input.Body.thingTypeProperties.mqtt5Configuration.propagatingAttributes[_].userPropertyKey == STRING
    input.Body.thingTypeProperties.mqtt5Configuration.propagatingAttributes[_].thingAttribute == STRING
    input.Body.thingTypeProperties.mqtt5Configuration.propagatingAttributes[_].connectionAttribute == STRING
    input.ReqMap.thingTypeName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateTopicRuleDestination

enum_TopicRuleDestinationStatus := [ "ENABLED", "IN_PROGRESS", "DISABLED", "ERROR", "DELETING" ]

valid {
    input.Body.arn == STRING
    input.Body.status == enum_TopicRuleDestinationStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ValidateSecurityProfileBehaviors

enum_ComparisonOperator := [ "less-than", "less-than-equals", "greater-than", "greater-than-equals", "in-cidr-set", "not-in-cidr-set", "in-port-set", "not-in-port-set", "in-set", "not-in-set" ]
enum_ConfidenceLevel := [ "LOW", "MEDIUM", "HIGH" ]
enum_DimensionValueOperator := [ "IN", "NOT_IN" ]

valid {
    input.Body.behaviors[_].name == STRING
    input.Body.behaviors[_].metric == STRING
    input.Body.behaviors[_].metricDimension.dimensionName == STRING
    input.Body.behaviors[_].metricDimension.operator == enum_DimensionValueOperator[_]
    input.Body.behaviors[_].criteria.comparisonOperator == enum_ComparisonOperator[_]
    input.Body.behaviors[_].criteria.value.count == LONG
    input.Body.behaviors[_].criteria.value.cidrs[_] == STRING
    input.Body.behaviors[_].criteria.value.ports[_] == INTEGER
    input.Body.behaviors[_].criteria.value.number == DOUBLE
    input.Body.behaviors[_].criteria.value.numbers[_] == DOUBLE
    input.Body.behaviors[_].criteria.value.strings[_] == STRING
    input.Body.behaviors[_].criteria.durationSeconds == INTEGER
    input.Body.behaviors[_].criteria.consecutiveDatapointsToAlarm == INTEGER
    input.Body.behaviors[_].criteria.consecutiveDatapointsToClear == INTEGER
    input.Body.behaviors[_].criteria.statisticalThreshold.statistic == STRING
    input.Body.behaviors[_].criteria.mlDetectionConfig.confidenceLevel == enum_ConfidenceLevel[_]
    input.Body.behaviors[_].suppressAlerts == BOOLEAN
    input.Body.behaviors[_].exportMetric == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}