LIGHTSAIL

AllocateStaticIp

valid {
    input.Body.staticIpName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachCertificateToDistribution

valid {
    input.Body.distributionName == STRING
    input.Body.certificateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachDisk

valid {
    input.Body.diskName == STRING
    input.Body.instanceName == STRING
    input.Body.diskPath == STRING
    input.Body.autoMounting == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachInstancesToLoadBalancer

valid {
    input.Body.loadBalancerName == STRING
    input.Body.instanceNames[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachLoadBalancerTlsCertificate

valid {
    input.Body.loadBalancerName == STRING
    input.Body.certificateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AttachStaticIp

valid {
    input.Body.staticIpName == STRING
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CloseInstancePublicPorts

enum_NetworkProtocol := [ "tcp", "all", "udp", "icmp" ]

valid {
    input.Body.portInfo.fromPort == INTEGER
    input.Body.portInfo.toPort == INTEGER
    input.Body.portInfo.protocol == enum_NetworkProtocol[_]
    input.Body.portInfo.cidrs[_] == STRING
    input.Body.portInfo.ipv6Cidrs[_] == STRING
    input.Body.portInfo.cidrListAliases[_] == STRING
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CopySnapshot

enum_RegionName := [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "ca-central-1", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "eu-north-1" ]

valid {
    input.Body.sourceSnapshotName == STRING
    input.Body.sourceResourceName == STRING
    input.Body.restoreDate == STRING
    input.Body.useLatestRestorableAutoSnapshot == BOOLEAN
    input.Body.targetSnapshotName == STRING
    input.Body.sourceRegion == enum_RegionName[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateBucket

valid {
    input.Body.bucketName == STRING
    input.Body.bundleId == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.enableObjectVersioning == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateBucketAccessKey

valid {
    input.Body.bucketName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCertificate

valid {
    input.Body.certificateName == STRING
    input.Body.domainName == STRING
    input.Body.subjectAlternativeNames[_] == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCloudFormationStack

enum_PortInfoSourceType := [ "DEFAULT", "INSTANCE", "NONE", "CLOSED" ]

valid {
    input.Body.instances[_].sourceName == STRING
    input.Body.instances[_].instanceType == STRING
    input.Body.instances[_].portInfoSource == enum_PortInfoSourceType[_]
    input.Body.instances[_].userData == STRING
    input.Body.instances[_].availabilityZone == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateContactMethod

enum_ContactProtocol := [ "Email", "SMS" ]

valid {
    input.Body.protocol == enum_ContactProtocol[_]
    input.Body.contactEndpoint == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateContainerService

enum_ContainerServicePowerName := [ "nano", "micro", "small", "medium", "large", "xlarge" ]
enum_ContainerServiceProtocol := [ "HTTP", "HTTPS", "TCP", "UDP" ]

valid {
    input.Body.serviceName == STRING
    input.Body.power == enum_ContainerServicePowerName[_]
    input.Body.scale == INTEGER
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.publicDomainNames.STRING[_] == STRING
    input.Body.deployment.containers.STRING.image == STRING
    input.Body.deployment.containers.STRING.command[_] == STRING
    input.Body.deployment.containers.STRING.environment.STRING == STRING
    input.Body.deployment.containers.STRING.ports.STRING == enum_ContainerServiceProtocol[_]
    input.Body.deployment.publicEndpoint.containerName == STRING
    input.Body.deployment.publicEndpoint.containerPort == INTEGER
    input.Body.deployment.publicEndpoint.healthCheck.healthyThreshold == INTEGER
    input.Body.deployment.publicEndpoint.healthCheck.unhealthyThreshold == INTEGER
    input.Body.deployment.publicEndpoint.healthCheck.timeoutSeconds == INTEGER
    input.Body.deployment.publicEndpoint.healthCheck.intervalSeconds == INTEGER
    input.Body.deployment.publicEndpoint.healthCheck.path == STRING
    input.Body.deployment.publicEndpoint.healthCheck.successCodes == STRING
    input.Body.privateRegistryAccess.ecrImagePullerRole.isActive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateContainerServiceDeployment

enum_ContainerServiceProtocol := [ "HTTP", "HTTPS", "TCP", "UDP" ]

valid {
    input.Body.serviceName == STRING
    input.Body.containers.STRING.image == STRING
    input.Body.containers.STRING.command[_] == STRING
    input.Body.containers.STRING.environment.STRING == STRING
    input.Body.containers.STRING.ports.STRING == enum_ContainerServiceProtocol[_]
    input.Body.publicEndpoint.containerName == STRING
    input.Body.publicEndpoint.containerPort == INTEGER
    input.Body.publicEndpoint.healthCheck.healthyThreshold == INTEGER
    input.Body.publicEndpoint.healthCheck.unhealthyThreshold == INTEGER
    input.Body.publicEndpoint.healthCheck.timeoutSeconds == INTEGER
    input.Body.publicEndpoint.healthCheck.intervalSeconds == INTEGER
    input.Body.publicEndpoint.healthCheck.path == STRING
    input.Body.publicEndpoint.healthCheck.successCodes == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateContainerServiceRegistryLogin

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDisk

enum_AddOnType := [ "AutoSnapshot", "StopInstanceOnIdle" ]

valid {
    input.Body.diskName == STRING
    input.Body.availabilityZone == STRING
    input.Body.sizeInGb == INTEGER
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.addOns[_].addOnType == enum_AddOnType[_]
    input.Body.addOns[_].autoSnapshotAddOnRequest.snapshotTimeOfDay == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.threshold == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.duration == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDiskFromSnapshot

enum_AddOnType := [ "AutoSnapshot", "StopInstanceOnIdle" ]

valid {
    input.Body.diskName == STRING
    input.Body.diskSnapshotName == STRING
    input.Body.availabilityZone == STRING
    input.Body.sizeInGb == INTEGER
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.addOns[_].addOnType == enum_AddOnType[_]
    input.Body.addOns[_].autoSnapshotAddOnRequest.snapshotTimeOfDay == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.threshold == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.duration == STRING
    input.Body.sourceDiskName == STRING
    input.Body.restoreDate == STRING
    input.Body.useLatestRestorableAutoSnapshot == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDiskSnapshot

valid {
    input.Body.diskName == STRING
    input.Body.diskSnapshotName == STRING
    input.Body.instanceName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDistribution

enum_BehaviorEnum := [ "dont-cache", "cache" ]
enum_ForwardValues := [ "none", "allow-list", "all" ]
enum_HeaderEnum := [ "Accept", "Accept-Charset", "Accept-Datetime", "Accept-Encoding", "Accept-Language", "Authorization", "CloudFront-Forwarded-Proto", "CloudFront-Is-Desktop-Viewer", "CloudFront-Is-Mobile-Viewer", "CloudFront-Is-SmartTV-Viewer", "CloudFront-Is-Tablet-Viewer", "CloudFront-Viewer-Country", "Host", "Origin", "Referer" ]
enum_IpAddressType := [ "dualstack", "ipv4" ]
enum_OriginProtocolPolicyEnum := [ "http-only", "https-only" ]
enum_RegionName := [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "ca-central-1", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "eu-north-1" ]
enum_ViewerMinimumTlsProtocolVersionEnum := [ "TLSv1.1_2016", "TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021" ]

valid {
    input.Body.distributionName == STRING
    input.Body.origin.name == STRING
    input.Body.origin.regionName == enum_RegionName[_]
    input.Body.origin.protocolPolicy == enum_OriginProtocolPolicyEnum[_]
    input.Body.origin.responseTimeout == INTEGER
    input.Body.defaultCacheBehavior.behavior == enum_BehaviorEnum[_]
    input.Body.cacheBehaviorSettings.defaultTTL == LONG
    input.Body.cacheBehaviorSettings.minimumTTL == LONG
    input.Body.cacheBehaviorSettings.maximumTTL == LONG
    input.Body.cacheBehaviorSettings.allowedHTTPMethods == STRING
    input.Body.cacheBehaviorSettings.cachedHTTPMethods == STRING
    input.Body.cacheBehaviorSettings.forwardedCookies.option == enum_ForwardValues[_]
    input.Body.cacheBehaviorSettings.forwardedCookies.cookiesAllowList[_] == STRING
    input.Body.cacheBehaviorSettings.forwardedHeaders.option == enum_ForwardValues[_]
    input.Body.cacheBehaviorSettings.forwardedHeaders.headersAllowList[_] == enum_HeaderEnum[_]
    input.Body.cacheBehaviorSettings.forwardedQueryStrings.option == BOOLEAN
    input.Body.cacheBehaviorSettings.forwardedQueryStrings.queryStringsAllowList[_] == STRING
    input.Body.cacheBehaviors[_].path == STRING
    input.Body.cacheBehaviors[_].behavior == enum_BehaviorEnum[_]
    input.Body.bundleId == STRING
    input.Body.ipAddressType == enum_IpAddressType[_]
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.certificateName == STRING
    input.Body.viewerMinimumTlsProtocolVersion == enum_ViewerMinimumTlsProtocolVersionEnum[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDomain

valid {
    input.Body.domainName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDomainEntry

valid {
    input.Body.domainName == STRING
    input.Body.domainEntry.id == STRING
    input.Body.domainEntry.name == STRING
    input.Body.domainEntry.target == STRING
    input.Body.domainEntry.isAlias == BOOLEAN
    input.Body.domainEntry.type == STRING
    input.Body.domainEntry.options.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateGUISessionAccessDetails

valid {
    input.Body.resourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateInstanceSnapshot

valid {
    input.Body.instanceSnapshotName == STRING
    input.Body.instanceName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateInstances

enum_AddOnType := [ "AutoSnapshot", "StopInstanceOnIdle" ]
enum_IpAddressType := [ "dualstack", "ipv4" ]

valid {
    input.Body.instanceNames[_] == STRING
    input.Body.availabilityZone == STRING
    input.Body.customImageName == STRING
    input.Body.blueprintId == STRING
    input.Body.bundleId == STRING
    input.Body.userData == STRING
    input.Body.keyPairName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.addOns[_].addOnType == enum_AddOnType[_]
    input.Body.addOns[_].autoSnapshotAddOnRequest.snapshotTimeOfDay == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.threshold == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.duration == STRING
    input.Body.ipAddressType == enum_IpAddressType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateInstancesFromSnapshot

enum_AddOnType := [ "AutoSnapshot", "StopInstanceOnIdle" ]
enum_IpAddressType := [ "dualstack", "ipv4" ]

valid {
    input.Body.instanceNames[_] == STRING
    input.Body.attachedDiskMapping.STRING[_].originalDiskPath == STRING
    input.Body.attachedDiskMapping.STRING[_].newDiskName == STRING
    input.Body.availabilityZone == STRING
    input.Body.instanceSnapshotName == STRING
    input.Body.bundleId == STRING
    input.Body.userData == STRING
    input.Body.keyPairName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.addOns[_].addOnType == enum_AddOnType[_]
    input.Body.addOns[_].autoSnapshotAddOnRequest.snapshotTimeOfDay == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.threshold == STRING
    input.Body.addOns[_].stopInstanceOnIdleRequest.duration == STRING
    input.Body.ipAddressType == enum_IpAddressType[_]
    input.Body.sourceInstanceName == STRING
    input.Body.restoreDate == STRING
    input.Body.useLatestRestorableAutoSnapshot == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateKeyPair

valid {
    input.Body.keyPairName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateLoadBalancer

enum_IpAddressType := [ "dualstack", "ipv4" ]

valid {
    input.Body.loadBalancerName == STRING
    input.Body.instancePort == INTEGER
    input.Body.healthCheckPath == STRING
    input.Body.certificateName == STRING
    input.Body.certificateDomainName == STRING
    input.Body.certificateAlternativeNames[_] == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.Body.ipAddressType == enum_IpAddressType[_]
    input.Body.tlsPolicyName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateLoadBalancerTlsCertificate

valid {
    input.Body.loadBalancerName == STRING
    input.Body.certificateName == STRING
    input.Body.certificateDomainName == STRING
    input.Body.certificateAlternativeNames[_] == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.availabilityZone == STRING
    input.Body.relationalDatabaseBlueprintId == STRING
    input.Body.relationalDatabaseBundleId == STRING
    input.Body.masterDatabaseName == STRING
    input.Body.masterUsername == STRING
    input.Body.masterUserPassword == STRING
    input.Body.preferredBackupWindow == STRING
    input.Body.preferredMaintenanceWindow == STRING
    input.Body.publiclyAccessible == BOOLEAN
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRelationalDatabaseFromSnapshot

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.availabilityZone == STRING
    input.Body.publiclyAccessible == BOOLEAN
    input.Body.relationalDatabaseSnapshotName == STRING
    input.Body.relationalDatabaseBundleId == STRING
    input.Body.sourceRelationalDatabaseName == STRING
    input.Body.restoreTime == TIMESTAMP
    input.Body.useLatestRestorableTime == BOOLEAN
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRelationalDatabaseSnapshot

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.relationalDatabaseSnapshotName == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAlarm

valid {
    input.Body.alarmName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteAutoSnapshot

valid {
    input.Body.resourceName == STRING
    input.Body.date == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteBucket

valid {
    input.Body.bucketName == STRING
    input.Body.forceDelete == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteBucketAccessKey

valid {
    input.Body.bucketName == STRING
    input.Body.accessKeyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCertificate

valid {
    input.Body.certificateName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteContactMethod

enum_ContactProtocol := [ "Email", "SMS" ]

valid {
    input.Body.protocol == enum_ContactProtocol[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteContainerImage

valid {
    input.Body.serviceName == STRING
    input.Body.image == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteContainerService

valid {
    input.Body.serviceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDisk

valid {
    input.Body.diskName == STRING
    input.Body.forceDeleteAddOns == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDiskSnapshot

valid {
    input.Body.diskSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDistribution

valid {
    input.Body.distributionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDomain

valid {
    input.Body.domainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDomainEntry

valid {
    input.Body.domainName == STRING
    input.Body.domainEntry.id == STRING
    input.Body.domainEntry.name == STRING
    input.Body.domainEntry.target == STRING
    input.Body.domainEntry.isAlias == BOOLEAN
    input.Body.domainEntry.type == STRING
    input.Body.domainEntry.options.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteInstance

valid {
    input.Body.instanceName == STRING
    input.Body.forceDeleteAddOns == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteInstanceSnapshot

valid {
    input.Body.instanceSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteKeyPair

valid {
    input.Body.keyPairName == STRING
    input.Body.expectedFingerprint == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteKnownHostKeys

valid {
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteLoadBalancer

valid {
    input.Body.loadBalancerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteLoadBalancerTlsCertificate

valid {
    input.Body.loadBalancerName == STRING
    input.Body.certificateName == STRING
    input.Body.force == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.skipFinalSnapshot == BOOLEAN
    input.Body.finalRelationalDatabaseSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRelationalDatabaseSnapshot

valid {
    input.Body.relationalDatabaseSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachCertificateFromDistribution

valid {
    input.Body.distributionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachDisk

valid {
    input.Body.diskName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachInstancesFromLoadBalancer

valid {
    input.Body.loadBalancerName == STRING
    input.Body.instanceNames[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DetachStaticIp

valid {
    input.Body.staticIpName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableAddOn

enum_AddOnType := [ "AutoSnapshot", "StopInstanceOnIdle" ]

valid {
    input.Body.addOnType == enum_AddOnType[_]
    input.Body.resourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DownloadDefaultKeyPair

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableAddOn

enum_AddOnType := [ "AutoSnapshot", "StopInstanceOnIdle" ]

valid {
    input.Body.resourceName == STRING
    input.Body.addOnRequest.addOnType == enum_AddOnType[_]
    input.Body.addOnRequest.autoSnapshotAddOnRequest.snapshotTimeOfDay == STRING
    input.Body.addOnRequest.stopInstanceOnIdleRequest.threshold == STRING
    input.Body.addOnRequest.stopInstanceOnIdleRequest.duration == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ExportSnapshot

valid {
    input.Body.sourceSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetActiveNames

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAlarms

valid {
    input.Body.alarmName == STRING
    input.Body.pageToken == STRING
    input.Body.monitoredResourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAutoSnapshots

valid {
    input.Body.resourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBlueprints

enum_AppCategory := [ "LfR" ]

valid {
    input.Body.includeInactive == BOOLEAN
    input.Body.pageToken == STRING
    input.Body.appCategory == enum_AppCategory[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBucketAccessKeys

valid {
    input.Body.bucketName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBucketBundles

valid {
    input.Body.includeInactive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBucketMetricData

enum_BucketMetricName := [ "BucketSizeBytes", "NumberOfObjects" ]
enum_MetricStatistic := [ "Minimum", "Maximum", "Sum", "Average", "SampleCount" ]
enum_MetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]

valid {
    input.Body.bucketName == STRING
    input.Body.metricName == enum_BucketMetricName[_]
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.period == INTEGER
    input.Body.statistics[_] == enum_MetricStatistic[_]
    input.Body.unit == enum_MetricUnit[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBuckets

valid {
    input.Body.bucketName == STRING
    input.Body.pageToken == STRING
    input.Body.includeConnectedResources == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetBundles

enum_AppCategory := [ "LfR" ]

valid {
    input.Body.includeInactive == BOOLEAN
    input.Body.pageToken == STRING
    input.Body.appCategory == enum_AppCategory[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCertificates

enum_CertificateStatus := [ "PENDING_VALIDATION", "ISSUED", "INACTIVE", "EXPIRED", "VALIDATION_TIMED_OUT", "REVOKED", "FAILED" ]

valid {
    input.Body.certificateStatuses[_] == enum_CertificateStatus[_]
    input.Body.includeCertificateDetails == BOOLEAN
    input.Body.certificateName == STRING
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCloudFormationStackRecords

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContactMethods

enum_ContactProtocol := [ "Email", "SMS" ]

valid {
    input.Body.protocols[_] == enum_ContactProtocol[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerAPIMetadata

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerImages

valid {
    input.Body.serviceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerLog

valid {
    input.Body.serviceName == STRING
    input.Body.containerName == STRING
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.filterPattern == STRING
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerServiceDeployments

valid {
    input.Body.serviceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerServiceMetricData

enum_ContainerServiceMetricName := [ "CPUUtilization", "MemoryUtilization" ]
enum_MetricStatistic := [ "Minimum", "Maximum", "Sum", "Average", "SampleCount" ]

valid {
    input.Body.serviceName == STRING
    input.Body.metricName == enum_ContainerServiceMetricName[_]
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.period == INTEGER
    input.Body.statistics[_] == enum_MetricStatistic[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerServicePowers

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetContainerServices

valid {
    input.Body.serviceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCostEstimate

valid {
    input.Body.resourceName == STRING
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDisk

valid {
    input.Body.diskName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDiskSnapshot

valid {
    input.Body.diskSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDiskSnapshots

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDisks

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDistributionBundles

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDistributionLatestCacheReset

valid {
    input.Body.distributionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDistributionMetricData

enum_DistributionMetricName := [ "Requests", "BytesDownloaded", "BytesUploaded", "TotalErrorRate", "Http4xxErrorRate", "Http5xxErrorRate" ]
enum_MetricStatistic := [ "Minimum", "Maximum", "Sum", "Average", "SampleCount" ]
enum_MetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]

valid {
    input.Body.distributionName == STRING
    input.Body.metricName == enum_DistributionMetricName[_]
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.period == INTEGER
    input.Body.unit == enum_MetricUnit[_]
    input.Body.statistics[_] == enum_MetricStatistic[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDistributions

valid {
    input.Body.distributionName == STRING
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDomain

valid {
    input.Body.domainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDomains

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetExportSnapshotRecords

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstance

valid {
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstanceAccessDetails

enum_InstanceAccessProtocol := [ "ssh", "rdp" ]

valid {
    input.Body.instanceName == STRING
    input.Body.protocol == enum_InstanceAccessProtocol[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstanceMetricData

enum_InstanceMetricName := [ "CPUUtilization", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System", "BurstCapacityTime", "BurstCapacityPercentage", "MetadataNoToken" ]
enum_MetricStatistic := [ "Minimum", "Maximum", "Sum", "Average", "SampleCount" ]
enum_MetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]

valid {
    input.Body.instanceName == STRING
    input.Body.metricName == enum_InstanceMetricName[_]
    input.Body.period == INTEGER
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.unit == enum_MetricUnit[_]
    input.Body.statistics[_] == enum_MetricStatistic[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstancePortStates

valid {
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstanceSnapshot

valid {
    input.Body.instanceSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstanceSnapshots

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstanceState

valid {
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetInstances

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetKeyPair

valid {
    input.Body.keyPairName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetKeyPairs

valid {
    input.Body.pageToken == STRING
    input.Body.includeDefaultKeyPair == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoadBalancer

valid {
    input.Body.loadBalancerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoadBalancerMetricData

enum_LoadBalancerMetricName := [ "ClientTLSNegotiationErrorCount", "HealthyHostCount", "UnhealthyHostCount", "HTTPCode_LB_4XX_Count", "HTTPCode_LB_5XX_Count", "HTTPCode_Instance_2XX_Count", "HTTPCode_Instance_3XX_Count", "HTTPCode_Instance_4XX_Count", "HTTPCode_Instance_5XX_Count", "InstanceResponseTime", "RejectedConnectionCount", "RequestCount" ]
enum_MetricStatistic := [ "Minimum", "Maximum", "Sum", "Average", "SampleCount" ]
enum_MetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]

valid {
    input.Body.loadBalancerName == STRING
    input.Body.metricName == enum_LoadBalancerMetricName[_]
    input.Body.period == INTEGER
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.unit == enum_MetricUnit[_]
    input.Body.statistics[_] == enum_MetricStatistic[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoadBalancerTlsCertificates

valid {
    input.Body.loadBalancerName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoadBalancerTlsPolicies

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoadBalancers

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOperation

valid {
    input.Body.operationId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOperations

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetOperationsForResource

valid {
    input.Body.resourceName == STRING
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRegions

valid {
    input.Body.includeAvailabilityZones == BOOLEAN
    input.Body.includeRelationalDatabaseAvailabilityZones == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseBlueprints

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseBundles

valid {
    input.Body.pageToken == STRING
    input.Body.includeInactive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseEvents

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.durationInMinutes == INTEGER
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseLogEvents

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.logStreamName == STRING
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.startFromHead == BOOLEAN
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseLogStreams

valid {
    input.Body.relationalDatabaseName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseMasterUserPassword

enum_RelationalDatabasePasswordVersion := [ "CURRENT", "PREVIOUS", "PENDING" ]

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.passwordVersion == enum_RelationalDatabasePasswordVersion[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseMetricData

enum_MetricStatistic := [ "Minimum", "Maximum", "Sum", "Average", "SampleCount" ]
enum_MetricUnit := [ "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None" ]
enum_RelationalDatabaseMetricName := [ "CPUUtilization", "DatabaseConnections", "DiskQueueDepth", "FreeStorageSpace", "NetworkReceiveThroughput", "NetworkTransmitThroughput" ]

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.metricName == enum_RelationalDatabaseMetricName[_]
    input.Body.period == INTEGER
    input.Body.startTime == TIMESTAMP
    input.Body.endTime == TIMESTAMP
    input.Body.unit == enum_MetricUnit[_]
    input.Body.statistics[_] == enum_MetricStatistic[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseParameters

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseSnapshot

valid {
    input.Body.relationalDatabaseSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabaseSnapshots

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRelationalDatabases

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSetupHistory

valid {
    input.Body.resourceName == STRING
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetStaticIp

valid {
    input.Body.staticIpName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetStaticIps

valid {
    input.Body.pageToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ImportKeyPair

valid {
    input.Body.keyPairName == STRING
    input.Body.publicKeyBase64 == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

IsVpcPeered

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

OpenInstancePublicPorts

enum_NetworkProtocol := [ "tcp", "all", "udp", "icmp" ]

valid {
    input.Body.portInfo.fromPort == INTEGER
    input.Body.portInfo.toPort == INTEGER
    input.Body.portInfo.protocol == enum_NetworkProtocol[_]
    input.Body.portInfo.cidrs[_] == STRING
    input.Body.portInfo.ipv6Cidrs[_] == STRING
    input.Body.portInfo.cidrListAliases[_] == STRING
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PeerVpc

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutAlarm

enum_AlarmState := [ "OK", "ALARM", "INSUFFICIENT_DATA" ]
enum_ComparisonOperator := [ "GreaterThanOrEqualToThreshold", "GreaterThanThreshold", "LessThanThreshold", "LessThanOrEqualToThreshold" ]
enum_ContactProtocol := [ "Email", "SMS" ]
enum_MetricName := [ "CPUUtilization", "NetworkIn", "NetworkOut", "StatusCheckFailed", "StatusCheckFailed_Instance", "StatusCheckFailed_System", "ClientTLSNegotiationErrorCount", "HealthyHostCount", "UnhealthyHostCount", "HTTPCode_LB_4XX_Count", "HTTPCode_LB_5XX_Count", "HTTPCode_Instance_2XX_Count", "HTTPCode_Instance_3XX_Count", "HTTPCode_Instance_4XX_Count", "HTTPCode_Instance_5XX_Count", "InstanceResponseTime", "RejectedConnectionCount", "RequestCount", "DatabaseConnections", "DiskQueueDepth", "FreeStorageSpace", "NetworkReceiveThroughput", "NetworkTransmitThroughput", "BurstCapacityTime", "BurstCapacityPercentage" ]
enum_TreatMissingData := [ "breaching", "notBreaching", "ignore", "missing" ]

valid {
    input.Body.alarmName == STRING
    input.Body.metricName == enum_MetricName[_]
    input.Body.monitoredResourceName == STRING
    input.Body.comparisonOperator == enum_ComparisonOperator[_]
    input.Body.threshold == DOUBLE
    input.Body.evaluationPeriods == INTEGER
    input.Body.datapointsToAlarm == INTEGER
    input.Body.treatMissingData == enum_TreatMissingData[_]
    input.Body.contactProtocols[_] == enum_ContactProtocol[_]
    input.Body.notificationTriggers[_] == enum_AlarmState[_]
    input.Body.notificationEnabled == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutInstancePublicPorts

enum_NetworkProtocol := [ "tcp", "all", "udp", "icmp" ]

valid {
    input.Body.portInfos[_].fromPort == INTEGER
    input.Body.portInfos[_].toPort == INTEGER
    input.Body.portInfos[_].protocol == enum_NetworkProtocol[_]
    input.Body.portInfos[_].cidrs[_] == STRING
    input.Body.portInfos[_].ipv6Cidrs[_] == STRING
    input.Body.portInfos[_].cidrListAliases[_] == STRING
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RebootInstance

valid {
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RebootRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RegisterContainerImage

valid {
    input.Body.serviceName == STRING
    input.Body.label == STRING
    input.Body.digest == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ReleaseStaticIp

valid {
    input.Body.staticIpName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ResetDistributionCache

valid {
    input.Body.distributionName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SendContactMethodVerification

enum_ContactMethodVerificationProtocol := [ "Email" ]

valid {
    input.Body.protocol == enum_ContactMethodVerificationProtocol[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetIpAddressType

enum_IpAddressType := [ "dualstack", "ipv4" ]
enum_ResourceType := [ "ContainerService", "Instance", "StaticIp", "KeyPair", "InstanceSnapshot", "Domain", "PeeredVpc", "LoadBalancer", "LoadBalancerTlsCertificate", "Disk", "DiskSnapshot", "RelationalDatabase", "RelationalDatabaseSnapshot", "ExportSnapshotRecord", "CloudFormationStackRecord", "Alarm", "ContactMethod", "Distribution", "Certificate", "Bucket" ]

valid {
    input.Body.resourceType == enum_ResourceType[_]
    input.Body.resourceName == STRING
    input.Body.ipAddressType == enum_IpAddressType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetResourceAccessForBucket

enum_ResourceBucketAccess := [ "allow", "deny" ]

valid {
    input.Body.resourceName == STRING
    input.Body.bucketName == STRING
    input.Body.access == enum_ResourceBucketAccess[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SetupInstanceHttps

enum_CertificateProvider := [ "LetsEncrypt" ]

valid {
    input.Body.instanceName == STRING
    input.Body.emailAddress == STRING
    input.Body.domainNames[_] == STRING
    input.Body.certificateProvider == enum_CertificateProvider[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartGUISession

valid {
    input.Body.resourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartInstance

valid {
    input.Body.instanceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StopGUISession

valid {
    input.Body.resourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StopInstance

valid {
    input.Body.instanceName == STRING
    input.Body.force == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StopRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.relationalDatabaseSnapshotName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.resourceName == STRING
    input.Body.resourceArn == STRING
    input.Body.tags[_].key == STRING
    input.Body.tags[_].value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TestAlarm

enum_AlarmState := [ "OK", "ALARM", "INSUFFICIENT_DATA" ]

valid {
    input.Body.alarmName == STRING
    input.Body.state == enum_AlarmState[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UnpeerVpc

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.resourceName == STRING
    input.Body.resourceArn == STRING
    input.Body.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateBucket

enum_AccessType := [ "public", "private" ]

valid {
    input.Body.bucketName == STRING
    input.Body.accessRules.getObject == enum_AccessType[_]
    input.Body.accessRules.allowPublicOverrides == BOOLEAN
    input.Body.versioning == STRING
    input.Body.readonlyAccessAccounts[_] == STRING
    input.Body.accessLogConfig.enabled == BOOLEAN
    input.Body.accessLogConfig.destination == STRING
    input.Body.accessLogConfig.prefix == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateBucketBundle

valid {
    input.Body.bucketName == STRING
    input.Body.bundleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateContainerService

enum_ContainerServicePowerName := [ "nano", "micro", "small", "medium", "large", "xlarge" ]

valid {
    input.Body.serviceName == STRING
    input.Body.power == enum_ContainerServicePowerName[_]
    input.Body.scale == INTEGER
    input.Body.isDisabled == BOOLEAN
    input.Body.publicDomainNames.STRING[_] == STRING
    input.Body.privateRegistryAccess.ecrImagePullerRole.isActive == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDistribution

enum_BehaviorEnum := [ "dont-cache", "cache" ]
enum_ForwardValues := [ "none", "allow-list", "all" ]
enum_HeaderEnum := [ "Accept", "Accept-Charset", "Accept-Datetime", "Accept-Encoding", "Accept-Language", "Authorization", "CloudFront-Forwarded-Proto", "CloudFront-Is-Desktop-Viewer", "CloudFront-Is-Mobile-Viewer", "CloudFront-Is-SmartTV-Viewer", "CloudFront-Is-Tablet-Viewer", "CloudFront-Viewer-Country", "Host", "Origin", "Referer" ]
enum_OriginProtocolPolicyEnum := [ "http-only", "https-only" ]
enum_RegionName := [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "eu-west-1", "eu-west-2", "eu-west-3", "eu-central-1", "ca-central-1", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "eu-north-1" ]
enum_ViewerMinimumTlsProtocolVersionEnum := [ "TLSv1.1_2016", "TLSv1.2_2018", "TLSv1.2_2019", "TLSv1.2_2021" ]

valid {
    input.Body.distributionName == STRING
    input.Body.origin.name == STRING
    input.Body.origin.regionName == enum_RegionName[_]
    input.Body.origin.protocolPolicy == enum_OriginProtocolPolicyEnum[_]
    input.Body.origin.responseTimeout == INTEGER
    input.Body.defaultCacheBehavior.behavior == enum_BehaviorEnum[_]
    input.Body.cacheBehaviorSettings.defaultTTL == LONG
    input.Body.cacheBehaviorSettings.minimumTTL == LONG
    input.Body.cacheBehaviorSettings.maximumTTL == LONG
    input.Body.cacheBehaviorSettings.allowedHTTPMethods == STRING
    input.Body.cacheBehaviorSettings.cachedHTTPMethods == STRING
    input.Body.cacheBehaviorSettings.forwardedCookies.option == enum_ForwardValues[_]
    input.Body.cacheBehaviorSettings.forwardedCookies.cookiesAllowList[_] == STRING
    input.Body.cacheBehaviorSettings.forwardedHeaders.option == enum_ForwardValues[_]
    input.Body.cacheBehaviorSettings.forwardedHeaders.headersAllowList[_] == enum_HeaderEnum[_]
    input.Body.cacheBehaviorSettings.forwardedQueryStrings.option == BOOLEAN
    input.Body.cacheBehaviorSettings.forwardedQueryStrings.queryStringsAllowList[_] == STRING
    input.Body.cacheBehaviors[_].path == STRING
    input.Body.cacheBehaviors[_].behavior == enum_BehaviorEnum[_]
    input.Body.isEnabled == BOOLEAN
    input.Body.viewerMinimumTlsProtocolVersion == enum_ViewerMinimumTlsProtocolVersionEnum[_]
    input.Body.certificateName == STRING
    input.Body.useDefaultCertificate == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDistributionBundle

valid {
    input.Body.distributionName == STRING
    input.Body.bundleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDomainEntry

valid {
    input.Body.domainName == STRING
    input.Body.domainEntry.id == STRING
    input.Body.domainEntry.name == STRING
    input.Body.domainEntry.target == STRING
    input.Body.domainEntry.isAlias == BOOLEAN
    input.Body.domainEntry.type == STRING
    input.Body.domainEntry.options.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateInstanceMetadataOptions

enum_HttpEndpoint := [ "disabled", "enabled" ]
enum_HttpProtocolIpv6 := [ "disabled", "enabled" ]
enum_HttpTokens := [ "optional", "required" ]

valid {
    input.Body.instanceName == STRING
    input.Body.httpTokens == enum_HttpTokens[_]
    input.Body.httpEndpoint == enum_HttpEndpoint[_]
    input.Body.httpPutResponseHopLimit == INTEGER
    input.Body.httpProtocolIpv6 == enum_HttpProtocolIpv6[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateLoadBalancerAttribute

enum_LoadBalancerAttributeName := [ "HealthCheckPath", "SessionStickinessEnabled", "SessionStickiness_LB_CookieDurationSeconds", "HttpsRedirectionEnabled", "TlsPolicyName" ]

valid {
    input.Body.loadBalancerName == STRING
    input.Body.attributeName == enum_LoadBalancerAttributeName[_]
    input.Body.attributeValue == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRelationalDatabase

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.masterUserPassword == STRING
    input.Body.rotateMasterUserPassword == BOOLEAN
    input.Body.preferredBackupWindow == STRING
    input.Body.preferredMaintenanceWindow == STRING
    input.Body.enableBackupRetention == BOOLEAN
    input.Body.disableBackupRetention == BOOLEAN
    input.Body.publiclyAccessible == BOOLEAN
    input.Body.applyImmediately == BOOLEAN
    input.Body.caCertificateIdentifier == STRING
    input.Body.relationalDatabaseBlueprintId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRelationalDatabaseParameters

valid {
    input.Body.relationalDatabaseName == STRING
    input.Body.parameters[_].allowedValues == STRING
    input.Body.parameters[_].applyMethod == STRING
    input.Body.parameters[_].applyType == STRING
    input.Body.parameters[_].dataType == STRING
    input.Body.parameters[_].description == STRING
    input.Body.parameters[_].isModifiable == BOOLEAN
    input.Body.parameters[_].parameterName == STRING
    input.Body.parameters[_].parameterValue == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}