OPENSEARCH

AcceptInboundConnection

valid {
    input.ReqMap.ConnectionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddDataSource

valid {
    input.Body.Name == STRING
    input.Body.DataSourceType.S3GlueDataCatalog.RoleArn == STRING
    input.Body.Description == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AddTags

valid {
    input.Body.ARN == STRING
    input.Body.TagList[_].Key == STRING
    input.Body.TagList[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociatePackage

valid {
    input.ReqMap.PackageID == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AuthorizeVpcEndpointAccess

valid {
    input.Body.Account == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelDomainConfigChange

valid {
    input.Body.DryRun == BOOLEAN
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelServiceSoftwareUpdate

valid {
    input.Body.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateDomain

enum_AutoTuneDesiredState := [ "ENABLED", "DISABLED" ]
enum_IPAddressType := [ "ipv4", "dualstack" ]
enum_NaturalLanguageQueryGenerationDesiredState := [ "ENABLED", "DISABLED" ]
enum_OpenSearchPartitionInstanceType := [ "m3.medium.search", "m3.large.search", "m3.xlarge.search", "m3.2xlarge.search", "m4.large.search", "m4.xlarge.search", "m4.2xlarge.search", "m4.4xlarge.search", "m4.10xlarge.search", "m5.large.search", "m5.xlarge.search", "m5.2xlarge.search", "m5.4xlarge.search", "m5.12xlarge.search", "m5.24xlarge.search", "r5.large.search", "r5.xlarge.search", "r5.2xlarge.search", "r5.4xlarge.search", "r5.12xlarge.search", "r5.24xlarge.search", "c5.large.search", "c5.xlarge.search", "c5.2xlarge.search", "c5.4xlarge.search", "c5.9xlarge.search", "c5.18xlarge.search", "t3.nano.search", "t3.micro.search", "t3.small.search", "t3.medium.search", "t3.large.search", "t3.xlarge.search", "t3.2xlarge.search", "or1.medium.search", "or1.large.search", "or1.xlarge.search", "or1.2xlarge.search", "or1.4xlarge.search", "or1.8xlarge.search", "or1.12xlarge.search", "or1.16xlarge.search", "ultrawarm1.medium.search", "ultrawarm1.large.search", "ultrawarm1.xlarge.search", "t2.micro.search", "t2.small.search", "t2.medium.search", "r3.large.search", "r3.xlarge.search", "r3.2xlarge.search", "r3.4xlarge.search", "r3.8xlarge.search", "i2.xlarge.search", "i2.2xlarge.search", "d2.xlarge.search", "d2.2xlarge.search", "d2.4xlarge.search", "d2.8xlarge.search", "c4.large.search", "c4.xlarge.search", "c4.2xlarge.search", "c4.4xlarge.search", "c4.8xlarge.search", "r4.large.search", "r4.xlarge.search", "r4.2xlarge.search", "r4.4xlarge.search", "r4.8xlarge.search", "r4.16xlarge.search", "i3.large.search", "i3.xlarge.search", "i3.2xlarge.search", "i3.4xlarge.search", "i3.8xlarge.search", "i3.16xlarge.search", "r6g.large.search", "r6g.xlarge.search", "r6g.2xlarge.search", "r6g.4xlarge.search", "r6g.8xlarge.search", "r6g.12xlarge.search", "m6g.large.search", "m6g.xlarge.search", "m6g.2xlarge.search", "m6g.4xlarge.search", "m6g.8xlarge.search", "m6g.12xlarge.search", "c6g.large.search", "c6g.xlarge.search", "c6g.2xlarge.search", "c6g.4xlarge.search", "c6g.8xlarge.search", "c6g.12xlarge.search", "r6gd.large.search", "r6gd.xlarge.search", "r6gd.2xlarge.search", "r6gd.4xlarge.search", "r6gd.8xlarge.search", "r6gd.12xlarge.search", "r6gd.16xlarge.search", "t4g.small.search", "t4g.medium.search" ]
enum_OpenSearchWarmPartitionInstanceType := [ "ultrawarm1.medium.search", "ultrawarm1.large.search", "ultrawarm1.xlarge.search" ]
enum_TLSSecurityPolicy := [ "Policy-Min-TLS-1-0-2019-07", "Policy-Min-TLS-1-2-2019-07", "Policy-Min-TLS-1-2-PFS-2023-10" ]
enum_TimeUnit := [ "HOURS" ]
enum_VolumeType := [ "standard", "gp2", "io1", "gp3" ]

valid {
    input.Body.DomainName == STRING
    input.Body.EngineVersion == STRING
    input.Body.ClusterConfig.InstanceType == enum_OpenSearchPartitionInstanceType[_]
    input.Body.ClusterConfig.InstanceCount == INTEGER
    input.Body.ClusterConfig.DedicatedMasterEnabled == BOOLEAN
    input.Body.ClusterConfig.ZoneAwarenessEnabled == BOOLEAN
    input.Body.ClusterConfig.ZoneAwarenessConfig.AvailabilityZoneCount == INTEGER
    input.Body.ClusterConfig.DedicatedMasterType == enum_OpenSearchPartitionInstanceType[_]
    input.Body.ClusterConfig.DedicatedMasterCount == INTEGER
    input.Body.ClusterConfig.WarmEnabled == BOOLEAN
    input.Body.ClusterConfig.WarmType == enum_OpenSearchWarmPartitionInstanceType[_]
    input.Body.ClusterConfig.WarmCount == INTEGER
    input.Body.ClusterConfig.ColdStorageOptions.Enabled == BOOLEAN
    input.Body.ClusterConfig.MultiAZWithStandbyEnabled == BOOLEAN
    input.Body.EBSOptions.EBSEnabled == BOOLEAN
    input.Body.EBSOptions.VolumeType == enum_VolumeType[_]
    input.Body.EBSOptions.VolumeSize == INTEGER
    input.Body.EBSOptions.Iops == INTEGER
    input.Body.EBSOptions.Throughput == INTEGER
    input.Body.AccessPolicies == STRING
    input.Body.IPAddressType == enum_IPAddressType[_]
    input.Body.SnapshotOptions.AutomatedSnapshotStartHour == INTEGER
    input.Body.VPCOptions.SubnetIds[_] == STRING
    input.Body.VPCOptions.SecurityGroupIds[_] == STRING
    input.Body.CognitoOptions.Enabled == BOOLEAN
    input.Body.CognitoOptions.UserPoolId == STRING
    input.Body.CognitoOptions.IdentityPoolId == STRING
    input.Body.CognitoOptions.RoleArn == STRING
    input.Body.EncryptionAtRestOptions.Enabled == BOOLEAN
    input.Body.EncryptionAtRestOptions.KmsKeyId == STRING
    input.Body.NodeToNodeEncryptionOptions.Enabled == BOOLEAN
    input.Body.AdvancedOptions.STRING == STRING
    input.Body.LogPublishingOptions.INDEX_SLOW_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.INDEX_SLOW_LOGS.Enabled == BOOLEAN
    input.Body.LogPublishingOptions.SEARCH_SLOW_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.SEARCH_SLOW_LOGS.Enabled == BOOLEAN
    input.Body.LogPublishingOptions.ES_APPLICATION_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.ES_APPLICATION_LOGS.Enabled == BOOLEAN
    input.Body.LogPublishingOptions.AUDIT_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.AUDIT_LOGS.Enabled == BOOLEAN
    input.Body.DomainEndpointOptions.EnforceHTTPS == BOOLEAN
    input.Body.DomainEndpointOptions.TLSSecurityPolicy == enum_TLSSecurityPolicy[_]
    input.Body.DomainEndpointOptions.CustomEndpointEnabled == BOOLEAN
    input.Body.DomainEndpointOptions.CustomEndpoint == STRING
    input.Body.DomainEndpointOptions.CustomEndpointCertificateArn == STRING
    input.Body.AdvancedSecurityOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.InternalUserDatabaseEnabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.MasterUserOptions.MasterUserARN == STRING
    input.Body.AdvancedSecurityOptions.MasterUserOptions.MasterUserName == STRING
    input.Body.AdvancedSecurityOptions.MasterUserOptions.MasterUserPassword == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.SAMLOptions.Idp.MetadataContent == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.Idp.EntityId == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.MasterUserName == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.MasterBackendRole == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.SubjectKey == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.RolesKey == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.SessionTimeoutMinutes == INTEGER
    input.Body.AdvancedSecurityOptions.JWTOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.JWTOptions.SubjectKey == STRING
    input.Body.AdvancedSecurityOptions.JWTOptions.RolesKey == STRING
    input.Body.AdvancedSecurityOptions.JWTOptions.PublicKey == STRING
    input.Body.AdvancedSecurityOptions.AnonymousAuthEnabled == BOOLEAN
    input.Body.TagList[_].Key == STRING
    input.Body.TagList[_].Value == STRING
    input.Body.AutoTuneOptions.DesiredState == enum_AutoTuneDesiredState[_]
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].StartAt == TIMESTAMP
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].Duration.Value == LONG
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].Duration.Unit == enum_TimeUnit[_]
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].CronExpressionForRecurrence == STRING
    input.Body.AutoTuneOptions.UseOffPeakWindow == BOOLEAN
    input.Body.OffPeakWindowOptions.Enabled == BOOLEAN
    input.Body.OffPeakWindowOptions.OffPeakWindow.WindowStartTime.Hours == LONG
    input.Body.OffPeakWindowOptions.OffPeakWindow.WindowStartTime.Minutes == LONG
    input.Body.SoftwareUpdateOptions.AutoSoftwareUpdateEnabled == BOOLEAN
    input.Body.AIMLOptions.NaturalLanguageQueryGenerationOptions.DesiredState == enum_NaturalLanguageQueryGenerationDesiredState[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateOutboundConnection

enum_ConnectionMode := [ "DIRECT", "VPC_ENDPOINT" ]
enum_SkipUnavailableStatus := [ "ENABLED", "DISABLED" ]

valid {
    input.Body.LocalDomainInfo.AWSDomainInformation.OwnerId == STRING
    input.Body.LocalDomainInfo.AWSDomainInformation.DomainName == STRING
    input.Body.LocalDomainInfo.AWSDomainInformation.Region == STRING
    input.Body.RemoteDomainInfo.AWSDomainInformation.OwnerId == STRING
    input.Body.RemoteDomainInfo.AWSDomainInformation.DomainName == STRING
    input.Body.RemoteDomainInfo.AWSDomainInformation.Region == STRING
    input.Body.ConnectionAlias == STRING
    input.Body.ConnectionMode == enum_ConnectionMode[_]
    input.Body.ConnectionProperties.Endpoint == STRING
    input.Body.ConnectionProperties.CrossClusterSearch.SkipUnavailable == enum_SkipUnavailableStatus[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePackage

enum_PackageType := [ "TXT-DICTIONARY", "ZIP-PLUGIN" ]

valid {
    input.Body.PackageName == STRING
    input.Body.PackageType == enum_PackageType[_]
    input.Body.PackageDescription == STRING
    input.Body.PackageSource.S3BucketName == STRING
    input.Body.PackageSource.S3Key == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateVpcEndpoint

valid {
    input.Body.DomainArn == STRING
    input.Body.VpcOptions.SubnetIds[_] == STRING
    input.Body.VpcOptions.SecurityGroupIds[_] == STRING
    input.Body.ClientToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDataSource

valid {
    input.ReqMap.DomainName == STRING
    input.ReqMap.DataSourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteDomain

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteInboundConnection

valid {
    input.ReqMap.ConnectionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteOutboundConnection

valid {
    input.ReqMap.ConnectionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePackage

valid {
    input.ReqMap.PackageID == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteVpcEndpoint

valid {
    input.ReqMap.VpcEndpointId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomain

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainAutoTunes

valid {
    input.Body.MaxResults == INTEGER
    input.Body.NextToken == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainChangeProgress

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.changeid == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainConfig

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainHealth

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomainNodes

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDomains

valid {
    input.Body.DomainNames[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDryRunProgress

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.dryRunId == STRING
    input.Qs.loadDryRunConfig == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeInboundConnections

valid {
    input.Body.Filters[_].Name == STRING
    input.Body.Filters[_].Values[_] == STRING
    input.Body.MaxResults == INTEGER
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeInstanceTypeLimits

enum_OpenSearchPartitionInstanceType := [ "m3.medium.search", "m3.large.search", "m3.xlarge.search", "m3.2xlarge.search", "m4.large.search", "m4.xlarge.search", "m4.2xlarge.search", "m4.4xlarge.search", "m4.10xlarge.search", "m5.large.search", "m5.xlarge.search", "m5.2xlarge.search", "m5.4xlarge.search", "m5.12xlarge.search", "m5.24xlarge.search", "r5.large.search", "r5.xlarge.search", "r5.2xlarge.search", "r5.4xlarge.search", "r5.12xlarge.search", "r5.24xlarge.search", "c5.large.search", "c5.xlarge.search", "c5.2xlarge.search", "c5.4xlarge.search", "c5.9xlarge.search", "c5.18xlarge.search", "t3.nano.search", "t3.micro.search", "t3.small.search", "t3.medium.search", "t3.large.search", "t3.xlarge.search", "t3.2xlarge.search", "or1.medium.search", "or1.large.search", "or1.xlarge.search", "or1.2xlarge.search", "or1.4xlarge.search", "or1.8xlarge.search", "or1.12xlarge.search", "or1.16xlarge.search", "ultrawarm1.medium.search", "ultrawarm1.large.search", "ultrawarm1.xlarge.search", "t2.micro.search", "t2.small.search", "t2.medium.search", "r3.large.search", "r3.xlarge.search", "r3.2xlarge.search", "r3.4xlarge.search", "r3.8xlarge.search", "i2.xlarge.search", "i2.2xlarge.search", "d2.xlarge.search", "d2.2xlarge.search", "d2.4xlarge.search", "d2.8xlarge.search", "c4.large.search", "c4.xlarge.search", "c4.2xlarge.search", "c4.4xlarge.search", "c4.8xlarge.search", "r4.large.search", "r4.xlarge.search", "r4.2xlarge.search", "r4.4xlarge.search", "r4.8xlarge.search", "r4.16xlarge.search", "i3.large.search", "i3.xlarge.search", "i3.2xlarge.search", "i3.4xlarge.search", "i3.8xlarge.search", "i3.16xlarge.search", "r6g.large.search", "r6g.xlarge.search", "r6g.2xlarge.search", "r6g.4xlarge.search", "r6g.8xlarge.search", "r6g.12xlarge.search", "m6g.large.search", "m6g.xlarge.search", "m6g.2xlarge.search", "m6g.4xlarge.search", "m6g.8xlarge.search", "m6g.12xlarge.search", "c6g.large.search", "c6g.xlarge.search", "c6g.2xlarge.search", "c6g.4xlarge.search", "c6g.8xlarge.search", "c6g.12xlarge.search", "r6gd.large.search", "r6gd.xlarge.search", "r6gd.2xlarge.search", "r6gd.4xlarge.search", "r6gd.8xlarge.search", "r6gd.12xlarge.search", "r6gd.16xlarge.search", "t4g.small.search", "t4g.medium.search" ]

valid {
    input.ReqMap.InstanceType == enum_OpenSearchPartitionInstanceType[_]
    input.ReqMap.EngineVersion == STRING
    input.Qs.domainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeOutboundConnections

valid {
    input.Body.Filters[_].Name == STRING
    input.Body.Filters[_].Values[_] == STRING
    input.Body.MaxResults == INTEGER
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribePackages

enum_DescribePackagesFilterName := [ "PackageID", "PackageName", "PackageStatus", "PackageType", "EngineVersion" ]

valid {
    input.Body.Filters[_].Name == enum_DescribePackagesFilterName[_]
    input.Body.Filters[_].Value[_] == STRING
    input.Body.MaxResults == INTEGER
    input.Body.NextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeReservedInstanceOfferings

valid {
    input.Qs.offeringId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeReservedInstances

valid {
    input.Qs.reservationId == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeVpcEndpoints

valid {
    input.Body.VpcEndpointIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DissociatePackage

valid {
    input.ReqMap.PackageID == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCompatibleVersions

valid {
    input.Qs.domainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDataSource

valid {
    input.ReqMap.DomainName == STRING
    input.ReqMap.DataSourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDomainMaintenanceStatus

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.maintenanceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPackageVersionHistory

valid {
    input.ReqMap.PackageID == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetUpgradeHistory

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetUpgradeStatus

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDataSources

valid {
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDomainMaintenances

enum_MaintenanceStatus := [ "PENDING", "IN_PROGRESS", "COMPLETED", "FAILED", "TIMED_OUT" ]
enum_MaintenanceType := [ "REBOOT_NODE", "RESTART_SEARCH_PROCESS", "RESTART_DASHBOARD" ]

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.action == enum_MaintenanceType[_]
    input.Qs.status == enum_MaintenanceStatus[_]
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDomainNames

enum_EngineType := [ "OpenSearch", "Elasticsearch" ]

valid {
    input.Qs.engineType == enum_EngineType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDomainsForPackage

valid {
    input.ReqMap.PackageID == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListInstanceTypeDetails

valid {
    input.ReqMap.EngineVersion == STRING
    input.Qs.domainName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.Qs.retrieveAZs == BOOLEAN
    input.Qs.instanceType == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPackagesForDomain

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListScheduledActions

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTags

valid {
    input.Qs.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVersions

valid {
    input.Qs.maxResults == INTEGER
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVpcEndpointAccess

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVpcEndpoints

valid {
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListVpcEndpointsForDomain

valid {
    input.ReqMap.DomainName == STRING
    input.Qs.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PurchaseReservedInstanceOffering

valid {
    input.Body.ReservedInstanceOfferingId == STRING
    input.Body.ReservationName == STRING
    input.Body.InstanceCount == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RejectInboundConnection

valid {
    input.ReqMap.ConnectionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RemoveTags

valid {
    input.Body.ARN == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

RevokeVpcEndpointAccess

valid {
    input.Body.Account == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartDomainMaintenance

enum_MaintenanceType := [ "REBOOT_NODE", "RESTART_SEARCH_PROCESS", "RESTART_DASHBOARD" ]

valid {
    input.Body.Action == enum_MaintenanceType[_]
    input.Body.NodeId == STRING
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartServiceSoftwareUpdate

enum_ScheduleAt := [ "NOW", "TIMESTAMP", "OFF_PEAK_WINDOW" ]

valid {
    input.Body.DomainName == STRING
    input.Body.ScheduleAt == enum_ScheduleAt[_]
    input.Body.DesiredStartTime == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDataSource

enum_DataSourceStatus := [ "ACTIVE", "DISABLED" ]

valid {
    input.Body.DataSourceType.S3GlueDataCatalog.RoleArn == STRING
    input.Body.Description == STRING
    input.Body.Status == enum_DataSourceStatus[_]
    input.ReqMap.DomainName == STRING
    input.ReqMap.DataSourceName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateDomainConfig

enum_AutoTuneDesiredState := [ "ENABLED", "DISABLED" ]
enum_DryRunMode := [ "Basic", "Verbose" ]
enum_IPAddressType := [ "ipv4", "dualstack" ]
enum_NaturalLanguageQueryGenerationDesiredState := [ "ENABLED", "DISABLED" ]
enum_OpenSearchPartitionInstanceType := [ "m3.medium.search", "m3.large.search", "m3.xlarge.search", "m3.2xlarge.search", "m4.large.search", "m4.xlarge.search", "m4.2xlarge.search", "m4.4xlarge.search", "m4.10xlarge.search", "m5.large.search", "m5.xlarge.search", "m5.2xlarge.search", "m5.4xlarge.search", "m5.12xlarge.search", "m5.24xlarge.search", "r5.large.search", "r5.xlarge.search", "r5.2xlarge.search", "r5.4xlarge.search", "r5.12xlarge.search", "r5.24xlarge.search", "c5.large.search", "c5.xlarge.search", "c5.2xlarge.search", "c5.4xlarge.search", "c5.9xlarge.search", "c5.18xlarge.search", "t3.nano.search", "t3.micro.search", "t3.small.search", "t3.medium.search", "t3.large.search", "t3.xlarge.search", "t3.2xlarge.search", "or1.medium.search", "or1.large.search", "or1.xlarge.search", "or1.2xlarge.search", "or1.4xlarge.search", "or1.8xlarge.search", "or1.12xlarge.search", "or1.16xlarge.search", "ultrawarm1.medium.search", "ultrawarm1.large.search", "ultrawarm1.xlarge.search", "t2.micro.search", "t2.small.search", "t2.medium.search", "r3.large.search", "r3.xlarge.search", "r3.2xlarge.search", "r3.4xlarge.search", "r3.8xlarge.search", "i2.xlarge.search", "i2.2xlarge.search", "d2.xlarge.search", "d2.2xlarge.search", "d2.4xlarge.search", "d2.8xlarge.search", "c4.large.search", "c4.xlarge.search", "c4.2xlarge.search", "c4.4xlarge.search", "c4.8xlarge.search", "r4.large.search", "r4.xlarge.search", "r4.2xlarge.search", "r4.4xlarge.search", "r4.8xlarge.search", "r4.16xlarge.search", "i3.large.search", "i3.xlarge.search", "i3.2xlarge.search", "i3.4xlarge.search", "i3.8xlarge.search", "i3.16xlarge.search", "r6g.large.search", "r6g.xlarge.search", "r6g.2xlarge.search", "r6g.4xlarge.search", "r6g.8xlarge.search", "r6g.12xlarge.search", "m6g.large.search", "m6g.xlarge.search", "m6g.2xlarge.search", "m6g.4xlarge.search", "m6g.8xlarge.search", "m6g.12xlarge.search", "c6g.large.search", "c6g.xlarge.search", "c6g.2xlarge.search", "c6g.4xlarge.search", "c6g.8xlarge.search", "c6g.12xlarge.search", "r6gd.large.search", "r6gd.xlarge.search", "r6gd.2xlarge.search", "r6gd.4xlarge.search", "r6gd.8xlarge.search", "r6gd.12xlarge.search", "r6gd.16xlarge.search", "t4g.small.search", "t4g.medium.search" ]
enum_OpenSearchWarmPartitionInstanceType := [ "ultrawarm1.medium.search", "ultrawarm1.large.search", "ultrawarm1.xlarge.search" ]
enum_RollbackOnDisable := [ "NO_ROLLBACK", "DEFAULT_ROLLBACK" ]
enum_TLSSecurityPolicy := [ "Policy-Min-TLS-1-0-2019-07", "Policy-Min-TLS-1-2-2019-07", "Policy-Min-TLS-1-2-PFS-2023-10" ]
enum_TimeUnit := [ "HOURS" ]
enum_VolumeType := [ "standard", "gp2", "io1", "gp3" ]

valid {
    input.Body.ClusterConfig.InstanceType == enum_OpenSearchPartitionInstanceType[_]
    input.Body.ClusterConfig.InstanceCount == INTEGER
    input.Body.ClusterConfig.DedicatedMasterEnabled == BOOLEAN
    input.Body.ClusterConfig.ZoneAwarenessEnabled == BOOLEAN
    input.Body.ClusterConfig.ZoneAwarenessConfig.AvailabilityZoneCount == INTEGER
    input.Body.ClusterConfig.DedicatedMasterType == enum_OpenSearchPartitionInstanceType[_]
    input.Body.ClusterConfig.DedicatedMasterCount == INTEGER
    input.Body.ClusterConfig.WarmEnabled == BOOLEAN
    input.Body.ClusterConfig.WarmType == enum_OpenSearchWarmPartitionInstanceType[_]
    input.Body.ClusterConfig.WarmCount == INTEGER
    input.Body.ClusterConfig.ColdStorageOptions.Enabled == BOOLEAN
    input.Body.ClusterConfig.MultiAZWithStandbyEnabled == BOOLEAN
    input.Body.EBSOptions.EBSEnabled == BOOLEAN
    input.Body.EBSOptions.VolumeType == enum_VolumeType[_]
    input.Body.EBSOptions.VolumeSize == INTEGER
    input.Body.EBSOptions.Iops == INTEGER
    input.Body.EBSOptions.Throughput == INTEGER
    input.Body.SnapshotOptions.AutomatedSnapshotStartHour == INTEGER
    input.Body.VPCOptions.SubnetIds[_] == STRING
    input.Body.VPCOptions.SecurityGroupIds[_] == STRING
    input.Body.CognitoOptions.Enabled == BOOLEAN
    input.Body.CognitoOptions.UserPoolId == STRING
    input.Body.CognitoOptions.IdentityPoolId == STRING
    input.Body.CognitoOptions.RoleArn == STRING
    input.Body.AdvancedOptions.STRING == STRING
    input.Body.AccessPolicies == STRING
    input.Body.IPAddressType == enum_IPAddressType[_]
    input.Body.LogPublishingOptions.INDEX_SLOW_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.INDEX_SLOW_LOGS.Enabled == BOOLEAN
    input.Body.LogPublishingOptions.SEARCH_SLOW_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.SEARCH_SLOW_LOGS.Enabled == BOOLEAN
    input.Body.LogPublishingOptions.ES_APPLICATION_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.ES_APPLICATION_LOGS.Enabled == BOOLEAN
    input.Body.LogPublishingOptions.AUDIT_LOGS.CloudWatchLogsLogGroupArn == STRING
    input.Body.LogPublishingOptions.AUDIT_LOGS.Enabled == BOOLEAN
    input.Body.EncryptionAtRestOptions.Enabled == BOOLEAN
    input.Body.EncryptionAtRestOptions.KmsKeyId == STRING
    input.Body.DomainEndpointOptions.EnforceHTTPS == BOOLEAN
    input.Body.DomainEndpointOptions.TLSSecurityPolicy == enum_TLSSecurityPolicy[_]
    input.Body.DomainEndpointOptions.CustomEndpointEnabled == BOOLEAN
    input.Body.DomainEndpointOptions.CustomEndpoint == STRING
    input.Body.DomainEndpointOptions.CustomEndpointCertificateArn == STRING
    input.Body.NodeToNodeEncryptionOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.InternalUserDatabaseEnabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.MasterUserOptions.MasterUserARN == STRING
    input.Body.AdvancedSecurityOptions.MasterUserOptions.MasterUserName == STRING
    input.Body.AdvancedSecurityOptions.MasterUserOptions.MasterUserPassword == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.SAMLOptions.Idp.MetadataContent == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.Idp.EntityId == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.MasterUserName == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.MasterBackendRole == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.SubjectKey == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.RolesKey == STRING
    input.Body.AdvancedSecurityOptions.SAMLOptions.SessionTimeoutMinutes == INTEGER
    input.Body.AdvancedSecurityOptions.JWTOptions.Enabled == BOOLEAN
    input.Body.AdvancedSecurityOptions.JWTOptions.SubjectKey == STRING
    input.Body.AdvancedSecurityOptions.JWTOptions.RolesKey == STRING
    input.Body.AdvancedSecurityOptions.JWTOptions.PublicKey == STRING
    input.Body.AdvancedSecurityOptions.AnonymousAuthEnabled == BOOLEAN
    input.Body.AutoTuneOptions.DesiredState == enum_AutoTuneDesiredState[_]
    input.Body.AutoTuneOptions.RollbackOnDisable == enum_RollbackOnDisable[_]
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].StartAt == TIMESTAMP
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].Duration.Value == LONG
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].Duration.Unit == enum_TimeUnit[_]
    input.Body.AutoTuneOptions.MaintenanceSchedules[_].CronExpressionForRecurrence == STRING
    input.Body.AutoTuneOptions.UseOffPeakWindow == BOOLEAN
    input.Body.DryRun == BOOLEAN
    input.Body.DryRunMode == enum_DryRunMode[_]
    input.Body.OffPeakWindowOptions.Enabled == BOOLEAN
    input.Body.OffPeakWindowOptions.OffPeakWindow.WindowStartTime.Hours == LONG
    input.Body.OffPeakWindowOptions.OffPeakWindow.WindowStartTime.Minutes == LONG
    input.Body.SoftwareUpdateOptions.AutoSoftwareUpdateEnabled == BOOLEAN
    input.Body.AIMLOptions.NaturalLanguageQueryGenerationOptions.DesiredState == enum_NaturalLanguageQueryGenerationDesiredState[_]
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePackage

valid {
    input.Body.PackageID == STRING
    input.Body.PackageSource.S3BucketName == STRING
    input.Body.PackageSource.S3Key == STRING
    input.Body.PackageDescription == STRING
    input.Body.CommitMessage == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateScheduledAction

enum_ActionType := [ "SERVICE_SOFTWARE_UPDATE", "JVM_HEAP_SIZE_TUNING", "JVM_YOUNG_GEN_TUNING" ]
enum_ScheduleAt := [ "NOW", "TIMESTAMP", "OFF_PEAK_WINDOW" ]

valid {
    input.Body.ActionID == STRING
    input.Body.ActionType == enum_ActionType[_]
    input.Body.ScheduleAt == enum_ScheduleAt[_]
    input.Body.DesiredStartTime == LONG
    input.ReqMap.DomainName == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateVpcEndpoint

valid {
    input.Body.VpcEndpointId == STRING
    input.Body.VpcOptions.SubnetIds[_] == STRING
    input.Body.VpcOptions.SecurityGroupIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpgradeDomain

valid {
    input.Body.DomainName == STRING
    input.Body.TargetVersion == STRING
    input.Body.PerformCheckOnly == BOOLEAN
    input.Body.AdvancedOptions.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}