LAMBDA
AddLayerVersionPermission
valid {
input.Body.StatementId == STRING
input.Body.Action == STRING
input.Body.Principal == STRING
input.Body.OrganizationId == STRING
input.ReqMap.LayerName == STRING
input.ReqMap.VersionNumber == LONG
input.Qs.RevisionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AddPermission
enum_FunctionUrlAuthType := [ "NONE", "AWS_IAM" ]
valid {
input.Body.StatementId == STRING
input.Body.Action == STRING
input.Body.Principal == STRING
input.Body.SourceArn == STRING
input.Body.SourceAccount == STRING
input.Body.EventSourceToken == STRING
input.Body.RevisionId == STRING
input.Body.PrincipalOrgID == STRING
input.Body.FunctionUrlAuthType == enum_FunctionUrlAuthType[_]
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAlias
valid {
input.Body.Name == STRING
input.Body.FunctionVersion == STRING
input.Body.Description == STRING
input.Body.RoutingConfig.AdditionalVersionWeights.STRING == DOUBLE
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateCodeSigningConfig
enum_CodeSigningPolicy := [ "Warn", "Enforce" ]
valid {
input.Body.Description == STRING
input.Body.AllowedPublishers.SigningProfileVersionArns[_] == STRING
input.Body.CodeSigningPolicies.UntrustedArtifactOnDeployment == enum_CodeSigningPolicy[_]
input.Body.Tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateEventSourceMapping
enum_EventSourceMappingMetric := [ "EventCount" ]
enum_EventSourcePosition := [ "TRIM_HORIZON", "LATEST", "AT_TIMESTAMP" ]
enum_FullDocument := [ "UpdateLookup", "Default" ]
enum_FunctionResponseType := [ "ReportBatchItemFailures" ]
enum_SourceAccessType := [ "BASIC_AUTH", "VPC_SUBNET", "VPC_SECURITY_GROUP", "SASL_SCRAM_512_AUTH", "SASL_SCRAM_256_AUTH", "VIRTUAL_HOST", "CLIENT_CERTIFICATE_TLS_AUTH", "SERVER_ROOT_CA_CERTIFICATE" ]
valid {
input.Body.EventSourceArn == STRING
input.Body.FunctionName == STRING
input.Body.Enabled == BOOLEAN
input.Body.BatchSize == INTEGER
input.Body.FilterCriteria.Filters[_].Pattern == STRING
input.Body.MaximumBatchingWindowInSeconds == INTEGER
input.Body.ParallelizationFactor == INTEGER
input.Body.StartingPosition == enum_EventSourcePosition[_]
input.Body.StartingPositionTimestamp == TIMESTAMP
input.Body.DestinationConfig.OnSuccess.Destination == STRING
input.Body.DestinationConfig.OnFailure.Destination == STRING
input.Body.MaximumRecordAgeInSeconds == INTEGER
input.Body.BisectBatchOnFunctionError == BOOLEAN
input.Body.MaximumRetryAttempts == INTEGER
input.Body.Tags.STRING == STRING
input.Body.TumblingWindowInSeconds == INTEGER
input.Body.Topics[_] == STRING
input.Body.Queues[_] == STRING
input.Body.SourceAccessConfigurations[_].Type == enum_SourceAccessType[_]
input.Body.SourceAccessConfigurations[_].URI == STRING
input.Body.SelfManagedEventSource.Endpoints.KAFKA_BOOTSTRAP_SERVERS[_] == STRING
input.Body.FunctionResponseTypes[_] == enum_FunctionResponseType[_]
input.Body.AmazonManagedKafkaEventSourceConfig.ConsumerGroupId == STRING
input.Body.SelfManagedKafkaEventSourceConfig.ConsumerGroupId == STRING
input.Body.ScalingConfig.MaximumConcurrency == INTEGER
input.Body.DocumentDBEventSourceConfig.DatabaseName == STRING
input.Body.DocumentDBEventSourceConfig.CollectionName == STRING
input.Body.DocumentDBEventSourceConfig.FullDocument == enum_FullDocument[_]
input.Body.KMSKeyArn == STRING
input.Body.MetricsConfig.Metrics[_] == enum_EventSourceMappingMetric[_]
input.Body.ProvisionedPollerConfig.MinimumPollers == INTEGER
input.Body.ProvisionedPollerConfig.MaximumPollers == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFunction
enum_ApplicationLogLevel := [ "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" ]
enum_Architecture := [ "x86_64", "arm64" ]
enum_LogFormat := [ "JSON", "Text" ]
enum_PackageType := [ "Zip", "Image" ]
enum_Runtime := [ "nodejs", "nodejs4.3", "nodejs6.10", "nodejs8.10", "nodejs10.x", "nodejs12.x", "nodejs14.x", "nodejs16.x", "java8", "java8.al2", "java11", "python2.7", "python3.6", "python3.7", "python3.8", "python3.9", "dotnetcore1.0", "dotnetcore2.0", "dotnetcore2.1", "dotnetcore3.1", "dotnet6", "dotnet8", "nodejs4.3-edge", "go1.x", "ruby2.5", "ruby2.7", "provided", "provided.al2", "nodejs18.x", "python3.10", "java17", "ruby3.2", "ruby3.3", "python3.11", "nodejs20.x", "provided.al2023", "python3.12", "java21", "python3.13", "nodejs22.x" ]
enum_SnapStartApplyOn := [ "PublishedVersions", "None" ]
enum_SystemLogLevel := [ "DEBUG", "INFO", "WARN" ]
enum_TracingMode := [ "Active", "PassThrough" ]
valid {
input.Body.FunctionName == STRING
input.Body.Runtime == enum_Runtime[_]
input.Body.Role == STRING
input.Body.Handler == STRING
input.Body.Code.ZipFile == BLOB
input.Body.Code.S3Bucket == STRING
input.Body.Code.S3Key == STRING
input.Body.Code.S3ObjectVersion == STRING
input.Body.Code.ImageUri == STRING
input.Body.Code.SourceKMSKeyArn == STRING
input.Body.Description == STRING
input.Body.Timeout == INTEGER
input.Body.MemorySize == INTEGER
input.Body.Publish == BOOLEAN
input.Body.VpcConfig.SubnetIds[_] == STRING
input.Body.VpcConfig.SecurityGroupIds[_] == STRING
input.Body.VpcConfig.Ipv6AllowedForDualStack == BOOLEAN
input.Body.PackageType == enum_PackageType[_]
input.Body.DeadLetterConfig.TargetArn == STRING
input.Body.Environment.Variables.STRING == STRING
input.Body.KMSKeyArn == STRING
input.Body.TracingConfig.Mode == enum_TracingMode[_]
input.Body.Tags.STRING == STRING
input.Body.Layers[_] == STRING
input.Body.FileSystemConfigs[_].Arn == STRING
input.Body.FileSystemConfigs[_].LocalMountPath == STRING
input.Body.ImageConfig.EntryPoint[_] == STRING
input.Body.ImageConfig.Command[_] == STRING
input.Body.ImageConfig.WorkingDirectory == STRING
input.Body.CodeSigningConfigArn == STRING
input.Body.Architectures[_] == enum_Architecture[_]
input.Body.EphemeralStorage.Size == INTEGER
input.Body.SnapStart.ApplyOn == enum_SnapStartApplyOn[_]
input.Body.LoggingConfig.LogFormat == enum_LogFormat[_]
input.Body.LoggingConfig.ApplicationLogLevel == enum_ApplicationLogLevel[_]
input.Body.LoggingConfig.SystemLogLevel == enum_SystemLogLevel[_]
input.Body.LoggingConfig.LogGroup == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFunctionUrlConfig
enum_FunctionUrlAuthType := [ "NONE", "AWS_IAM" ]
enum_InvokeMode := [ "BUFFERED", "RESPONSE_STREAM" ]
valid {
input.Body.AuthType == enum_FunctionUrlAuthType[_]
input.Body.Cors.AllowCredentials == BOOLEAN
input.Body.Cors.AllowHeaders[_] == STRING
input.Body.Cors.AllowMethods[_] == STRING
input.Body.Cors.AllowOrigins[_] == STRING
input.Body.Cors.ExposeHeaders[_] == STRING
input.Body.Cors.MaxAge == INTEGER
input.Body.InvokeMode == enum_InvokeMode[_]
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAlias
valid {
input.ReqMap.FunctionName == STRING
input.ReqMap.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteCodeSigningConfig
valid {
input.ReqMap.CodeSigningConfigArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteEventSourceMapping
valid {
input.ReqMap.UUID == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFunction
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFunctionCodeSigningConfig
valid {
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFunctionConcurrency
valid {
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFunctionEventInvokeConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFunctionUrlConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteLayerVersion
valid {
input.ReqMap.LayerName == STRING
input.ReqMap.VersionNumber == LONG
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteProvisionedConcurrencyConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccountSettings
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAlias
valid {
input.ReqMap.FunctionName == STRING
input.ReqMap.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCodeSigningConfig
valid {
input.ReqMap.CodeSigningConfigArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEventSourceMapping
valid {
input.ReqMap.UUID == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunction
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunctionCodeSigningConfig
valid {
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunctionConcurrency
valid {
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunctionConfiguration
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunctionEventInvokeConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunctionRecursionConfig
valid {
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetFunctionUrlConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLayerVersion
valid {
input.ReqMap.LayerName == STRING
input.ReqMap.VersionNumber == LONG
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLayerVersionByArn
valid {
input.Qs.Arn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLayerVersionPolicy
valid {
input.ReqMap.LayerName == STRING
input.ReqMap.VersionNumber == LONG
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicy
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetProvisionedConcurrencyConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetRuntimeManagementConfig
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Invoke
enum_InvocationType := [ "Event", "RequestResponse", "DryRun" ]
enum_LogType := [ "None", "Tail" ]
valid {
input.Body.Payload == BLOB
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
InvokeAsync
valid {
input.Body.InvokeArgs == BLOB
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
InvokeWithResponseStream
enum_LogType := [ "None", "Tail" ]
enum_ResponseStreamingInvocationType := [ "RequestResponse", "DryRun" ]
valid {
input.Body.Payload == BLOB
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAliases
valid {
input.ReqMap.FunctionName == STRING
input.Qs.FunctionVersion == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCodeSigningConfigs
valid {
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListEventSourceMappings
valid {
input.Qs.EventSourceArn == STRING
input.Qs.FunctionName == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFunctionEventInvokeConfigs
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFunctionUrlConfigs
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFunctions
enum_FunctionVersion := [ "ALL" ]
valid {
input.Qs.MasterRegion == STRING
input.Qs.FunctionVersion == enum_FunctionVersion[_]
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFunctionsByCodeSigningConfig
valid {
input.ReqMap.CodeSigningConfigArn == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListLayerVersions
enum_Architecture := [ "x86_64", "arm64" ]
enum_Runtime := [ "nodejs", "nodejs4.3", "nodejs6.10", "nodejs8.10", "nodejs10.x", "nodejs12.x", "nodejs14.x", "nodejs16.x", "java8", "java8.al2", "java11", "python2.7", "python3.6", "python3.7", "python3.8", "python3.9", "dotnetcore1.0", "dotnetcore2.0", "dotnetcore2.1", "dotnetcore3.1", "dotnet6", "dotnet8", "nodejs4.3-edge", "go1.x", "ruby2.5", "ruby2.7", "provided", "provided.al2", "nodejs18.x", "python3.10", "java17", "ruby3.2", "ruby3.3", "python3.11", "nodejs20.x", "provided.al2023", "python3.12", "java21", "python3.13", "nodejs22.x" ]
valid {
input.ReqMap.LayerName == STRING
input.Qs.CompatibleRuntime == enum_Runtime[_]
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.Qs.CompatibleArchitecture == enum_Architecture[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListLayers
enum_Architecture := [ "x86_64", "arm64" ]
enum_Runtime := [ "nodejs", "nodejs4.3", "nodejs6.10", "nodejs8.10", "nodejs10.x", "nodejs12.x", "nodejs14.x", "nodejs16.x", "java8", "java8.al2", "java11", "python2.7", "python3.6", "python3.7", "python3.8", "python3.9", "dotnetcore1.0", "dotnetcore2.0", "dotnetcore2.1", "dotnetcore3.1", "dotnet6", "dotnet8", "nodejs4.3-edge", "go1.x", "ruby2.5", "ruby2.7", "provided", "provided.al2", "nodejs18.x", "python3.10", "java17", "ruby3.2", "ruby3.3", "python3.11", "nodejs20.x", "provided.al2023", "python3.12", "java21", "python3.13", "nodejs22.x" ]
valid {
input.Qs.CompatibleRuntime == enum_Runtime[_]
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.Qs.CompatibleArchitecture == enum_Architecture[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListProvisionedConcurrencyConfigs
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTags
valid {
input.ReqMap.ARN == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListVersionsByFunction
valid {
input.ReqMap.FunctionName == STRING
input.Qs.Marker == STRING
input.Qs.MaxItems == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PublishLayerVersion
enum_Architecture := [ "x86_64", "arm64" ]
enum_Runtime := [ "nodejs", "nodejs4.3", "nodejs6.10", "nodejs8.10", "nodejs10.x", "nodejs12.x", "nodejs14.x", "nodejs16.x", "java8", "java8.al2", "java11", "python2.7", "python3.6", "python3.7", "python3.8", "python3.9", "dotnetcore1.0", "dotnetcore2.0", "dotnetcore2.1", "dotnetcore3.1", "dotnet6", "dotnet8", "nodejs4.3-edge", "go1.x", "ruby2.5", "ruby2.7", "provided", "provided.al2", "nodejs18.x", "python3.10", "java17", "ruby3.2", "ruby3.3", "python3.11", "nodejs20.x", "provided.al2023", "python3.12", "java21", "python3.13", "nodejs22.x" ]
valid {
input.Body.Description == STRING
input.Body.Content.S3Bucket == STRING
input.Body.Content.S3Key == STRING
input.Body.Content.S3ObjectVersion == STRING
input.Body.Content.ZipFile == BLOB
input.Body.CompatibleRuntimes[_] == enum_Runtime[_]
input.Body.LicenseInfo == STRING
input.Body.CompatibleArchitectures[_] == enum_Architecture[_]
input.ReqMap.LayerName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PublishVersion
valid {
input.Body.CodeSha256 == STRING
input.Body.Description == STRING
input.Body.RevisionId == STRING
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutFunctionCodeSigningConfig
valid {
input.Body.CodeSigningConfigArn == STRING
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutFunctionConcurrency
valid {
input.Body.ReservedConcurrentExecutions == INTEGER
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutFunctionEventInvokeConfig
valid {
input.Body.MaximumRetryAttempts == INTEGER
input.Body.MaximumEventAgeInSeconds == INTEGER
input.Body.DestinationConfig.OnSuccess.Destination == STRING
input.Body.DestinationConfig.OnFailure.Destination == STRING
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutFunctionRecursionConfig
enum_RecursiveLoop := [ "Allow", "Terminate" ]
valid {
input.Body.RecursiveLoop == enum_RecursiveLoop[_]
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutProvisionedConcurrencyConfig
valid {
input.Body.ProvisionedConcurrentExecutions == INTEGER
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutRuntimeManagementConfig
enum_UpdateRuntimeOn := [ "Auto", "Manual", "FunctionUpdate" ]
valid {
input.Body.UpdateRuntimeOn == enum_UpdateRuntimeOn[_]
input.Body.RuntimeVersionArn == STRING
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveLayerVersionPermission
valid {
input.ReqMap.LayerName == STRING
input.ReqMap.VersionNumber == LONG
input.ReqMap.StatementId == STRING
input.Qs.RevisionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemovePermission
valid {
input.ReqMap.FunctionName == STRING
input.ReqMap.StatementId == STRING
input.Qs.Qualifier == STRING
input.Qs.RevisionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.Tags.STRING == STRING
input.ReqMap.ARN == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.ARN == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAlias
valid {
input.Body.FunctionVersion == STRING
input.Body.Description == STRING
input.Body.RoutingConfig.AdditionalVersionWeights.STRING == DOUBLE
input.Body.RevisionId == STRING
input.ReqMap.FunctionName == STRING
input.ReqMap.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateCodeSigningConfig
enum_CodeSigningPolicy := [ "Warn", "Enforce" ]
valid {
input.Body.Description == STRING
input.Body.AllowedPublishers.SigningProfileVersionArns[_] == STRING
input.Body.CodeSigningPolicies.UntrustedArtifactOnDeployment == enum_CodeSigningPolicy[_]
input.ReqMap.CodeSigningConfigArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateEventSourceMapping
enum_EventSourceMappingMetric := [ "EventCount" ]
enum_FullDocument := [ "UpdateLookup", "Default" ]
enum_FunctionResponseType := [ "ReportBatchItemFailures" ]
enum_SourceAccessType := [ "BASIC_AUTH", "VPC_SUBNET", "VPC_SECURITY_GROUP", "SASL_SCRAM_512_AUTH", "SASL_SCRAM_256_AUTH", "VIRTUAL_HOST", "CLIENT_CERTIFICATE_TLS_AUTH", "SERVER_ROOT_CA_CERTIFICATE" ]
valid {
input.Body.FunctionName == STRING
input.Body.Enabled == BOOLEAN
input.Body.BatchSize == INTEGER
input.Body.FilterCriteria.Filters[_].Pattern == STRING
input.Body.MaximumBatchingWindowInSeconds == INTEGER
input.Body.DestinationConfig.OnSuccess.Destination == STRING
input.Body.DestinationConfig.OnFailure.Destination == STRING
input.Body.MaximumRecordAgeInSeconds == INTEGER
input.Body.BisectBatchOnFunctionError == BOOLEAN
input.Body.MaximumRetryAttempts == INTEGER
input.Body.ParallelizationFactor == INTEGER
input.Body.SourceAccessConfigurations[_].Type == enum_SourceAccessType[_]
input.Body.SourceAccessConfigurations[_].URI == STRING
input.Body.TumblingWindowInSeconds == INTEGER
input.Body.FunctionResponseTypes[_] == enum_FunctionResponseType[_]
input.Body.ScalingConfig.MaximumConcurrency == INTEGER
input.Body.DocumentDBEventSourceConfig.DatabaseName == STRING
input.Body.DocumentDBEventSourceConfig.CollectionName == STRING
input.Body.DocumentDBEventSourceConfig.FullDocument == enum_FullDocument[_]
input.Body.KMSKeyArn == STRING
input.Body.MetricsConfig.Metrics[_] == enum_EventSourceMappingMetric[_]
input.Body.ProvisionedPollerConfig.MinimumPollers == INTEGER
input.Body.ProvisionedPollerConfig.MaximumPollers == INTEGER
input.ReqMap.UUID == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFunctionCode
enum_Architecture := [ "x86_64", "arm64" ]
valid {
input.Body.ZipFile == BLOB
input.Body.S3Bucket == STRING
input.Body.S3Key == STRING
input.Body.S3ObjectVersion == STRING
input.Body.ImageUri == STRING
input.Body.Publish == BOOLEAN
input.Body.DryRun == BOOLEAN
input.Body.RevisionId == STRING
input.Body.Architectures[_] == enum_Architecture[_]
input.Body.SourceKMSKeyArn == STRING
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFunctionConfiguration
enum_ApplicationLogLevel := [ "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" ]
enum_LogFormat := [ "JSON", "Text" ]
enum_Runtime := [ "nodejs", "nodejs4.3", "nodejs6.10", "nodejs8.10", "nodejs10.x", "nodejs12.x", "nodejs14.x", "nodejs16.x", "java8", "java8.al2", "java11", "python2.7", "python3.6", "python3.7", "python3.8", "python3.9", "dotnetcore1.0", "dotnetcore2.0", "dotnetcore2.1", "dotnetcore3.1", "dotnet6", "dotnet8", "nodejs4.3-edge", "go1.x", "ruby2.5", "ruby2.7", "provided", "provided.al2", "nodejs18.x", "python3.10", "java17", "ruby3.2", "ruby3.3", "python3.11", "nodejs20.x", "provided.al2023", "python3.12", "java21", "python3.13", "nodejs22.x" ]
enum_SnapStartApplyOn := [ "PublishedVersions", "None" ]
enum_SystemLogLevel := [ "DEBUG", "INFO", "WARN" ]
enum_TracingMode := [ "Active", "PassThrough" ]
valid {
input.Body.Role == STRING
input.Body.Handler == STRING
input.Body.Description == STRING
input.Body.Timeout == INTEGER
input.Body.MemorySize == INTEGER
input.Body.VpcConfig.SubnetIds[_] == STRING
input.Body.VpcConfig.SecurityGroupIds[_] == STRING
input.Body.VpcConfig.Ipv6AllowedForDualStack == BOOLEAN
input.Body.Environment.Variables.STRING == STRING
input.Body.Runtime == enum_Runtime[_]
input.Body.DeadLetterConfig.TargetArn == STRING
input.Body.KMSKeyArn == STRING
input.Body.TracingConfig.Mode == enum_TracingMode[_]
input.Body.RevisionId == STRING
input.Body.Layers[_] == STRING
input.Body.FileSystemConfigs[_].Arn == STRING
input.Body.FileSystemConfigs[_].LocalMountPath == STRING
input.Body.ImageConfig.EntryPoint[_] == STRING
input.Body.ImageConfig.Command[_] == STRING
input.Body.ImageConfig.WorkingDirectory == STRING
input.Body.EphemeralStorage.Size == INTEGER
input.Body.SnapStart.ApplyOn == enum_SnapStartApplyOn[_]
input.Body.LoggingConfig.LogFormat == enum_LogFormat[_]
input.Body.LoggingConfig.ApplicationLogLevel == enum_ApplicationLogLevel[_]
input.Body.LoggingConfig.SystemLogLevel == enum_SystemLogLevel[_]
input.Body.LoggingConfig.LogGroup == STRING
input.ReqMap.FunctionName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFunctionEventInvokeConfig
valid {
input.Body.MaximumRetryAttempts == INTEGER
input.Body.MaximumEventAgeInSeconds == INTEGER
input.Body.DestinationConfig.OnSuccess.Destination == STRING
input.Body.DestinationConfig.OnFailure.Destination == STRING
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFunctionUrlConfig
enum_FunctionUrlAuthType := [ "NONE", "AWS_IAM" ]
enum_InvokeMode := [ "BUFFERED", "RESPONSE_STREAM" ]
valid {
input.Body.AuthType == enum_FunctionUrlAuthType[_]
input.Body.Cors.AllowCredentials == BOOLEAN
input.Body.Cors.AllowHeaders[_] == STRING
input.Body.Cors.AllowMethods[_] == STRING
input.Body.Cors.AllowOrigins[_] == STRING
input.Body.Cors.ExposeHeaders[_] == STRING
input.Body.Cors.MaxAge == INTEGER
input.Body.InvokeMode == enum_InvokeMode[_]
input.ReqMap.FunctionName == STRING
input.Qs.Qualifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 3 days ago