S3-CONTROL
AssociateAccessGrantsIdentityCenter
valid {
input.Body.IdentityCenterArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccessGrant
enum_GranteeType := [ "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM" ]
enum_Permission := [ "READ", "WRITE", "READWRITE" ]
enum_S3PrefixType := [ "Object" ]
valid {
input.Body.AccessGrantsLocationId == STRING
input.Body.AccessGrantsLocationConfiguration.S3SubPrefix == STRING
input.Body.Grantee.GranteeType == enum_GranteeType[_]
input.Body.Grantee.GranteeIdentifier == STRING
input.Body.Permission == enum_Permission[_]
input.Body.ApplicationArn == STRING
input.Body.S3PrefixType == enum_S3PrefixType[_]
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccessGrantsInstance
valid {
input.Body.IdentityCenterArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccessGrantsLocation
valid {
input.Body.LocationScope == STRING
input.Body.IAMRoleArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccessPoint
valid {
input.Body.Bucket == STRING
input.Body.VpcConfiguration.VpcId == STRING
input.Body.PublicAccessBlockConfiguration.BlockPublicAcls == BOOLEAN
input.Body.PublicAccessBlockConfiguration.IgnorePublicAcls == BOOLEAN
input.Body.PublicAccessBlockConfiguration.BlockPublicPolicy == BOOLEAN
input.Body.PublicAccessBlockConfiguration.RestrictPublicBuckets == BOOLEAN
input.Body.BucketAccountId == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAccessPointForObjectLambda
enum_ObjectLambdaAllowedFeature := [ "GetObject-Range", "GetObject-PartNumber", "HeadObject-Range", "HeadObject-PartNumber" ]
enum_ObjectLambdaTransformationConfigurationAction := [ "GetObject", "HeadObject", "ListObjects", "ListObjectsV2" ]
valid {
input.Body.Configuration.SupportingAccessPoint == STRING
input.Body.Configuration.CloudWatchMetricsEnabled == BOOLEAN
input.Body.Configuration.AllowedFeatures[_] == enum_ObjectLambdaAllowedFeature[_]
input.Body.Configuration.TransformationConfigurations[_].Actions[_] == enum_ObjectLambdaTransformationConfigurationAction[_]
input.Body.Configuration.TransformationConfigurations[_].ContentTransformation.AwsLambda.FunctionArn == STRING
input.Body.Configuration.TransformationConfigurations[_].ContentTransformation.AwsLambda.FunctionPayload == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateBucket
enum_BucketCannedACL := [ "private", "public-read", "public-read-write", "authenticated-read" ]
enum_BucketLocationConstraint := [ "EU", "eu-west-1", "us-west-1", "us-west-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "sa-east-1", "cn-north-1", "eu-central-1" ]
valid {
input.Body.CreateBucketConfiguration.LocationConstraint == enum_BucketLocationConstraint[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateJob
enum_GeneratedManifestFormat := [ "S3InventoryReport_CSV_20211130" ]
enum_JobManifestFieldName := [ "Ignore", "Bucket", "Key", "VersionId" ]
enum_JobManifestFormat := [ "S3BatchOperations_CSV_20180820", "S3InventoryReport_CSV_20161130" ]
enum_JobReportFormat := [ "Report_CSV_20180820" ]
enum_JobReportScope := [ "AllTasks", "FailedTasksOnly" ]
enum_ReplicationStatus := [ "COMPLETED", "FAILED", "REPLICA", "NONE" ]
enum_S3CannedAccessControlList := [ "private", "public-read", "public-read-write", "aws-exec-read", "authenticated-read", "bucket-owner-read", "bucket-owner-full-control" ]
enum_S3ChecksumAlgorithm := [ "CRC32", "CRC32C", "SHA1", "SHA256", "CRC64NVME" ]
enum_S3GlacierJobTier := [ "BULK", "STANDARD" ]
enum_S3GranteeTypeIdentifier := [ "id", "emailAddress", "uri" ]
enum_S3MetadataDirective := [ "COPY", "REPLACE" ]
enum_S3ObjectLockLegalHoldStatus := [ "OFF", "ON" ]
enum_S3ObjectLockMode := [ "COMPLIANCE", "GOVERNANCE" ]
enum_S3ObjectLockRetentionMode := [ "COMPLIANCE", "GOVERNANCE" ]
enum_S3Permission := [ "FULL_CONTROL", "READ", "WRITE", "READ_ACP", "WRITE_ACP" ]
enum_S3SSEAlgorithm := [ "AES256", "KMS" ]
enum_S3StorageClass := [ "STANDARD", "STANDARD_IA", "ONEZONE_IA", "GLACIER", "INTELLIGENT_TIERING", "DEEP_ARCHIVE", "GLACIER_IR" ]
valid {
input.Body.ConfirmationRequired == BOOLEAN
input.Body.Operation.LambdaInvoke.FunctionArn == STRING
input.Body.Operation.LambdaInvoke.InvocationSchemaVersion == STRING
input.Body.Operation.LambdaInvoke.UserArguments.STRING == STRING
input.Body.Operation.S3PutObjectCopy.TargetResource == STRING
input.Body.Operation.S3PutObjectCopy.CannedAccessControlList == enum_S3CannedAccessControlList[_]
input.Body.Operation.S3PutObjectCopy.AccessControlGrants[_].Grantee.TypeIdentifier == enum_S3GranteeTypeIdentifier[_]
input.Body.Operation.S3PutObjectCopy.AccessControlGrants[_].Grantee.Identifier == STRING
input.Body.Operation.S3PutObjectCopy.AccessControlGrants[_].Grantee.DisplayName == STRING
input.Body.Operation.S3PutObjectCopy.AccessControlGrants[_].Permission == enum_S3Permission[_]
input.Body.Operation.S3PutObjectCopy.MetadataDirective == enum_S3MetadataDirective[_]
input.Body.Operation.S3PutObjectCopy.ModifiedSinceConstraint == TIMESTAMP
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.CacheControl == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.ContentDisposition == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.ContentEncoding == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.ContentLanguage == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.UserMetadata.STRING == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.ContentLength == LONG
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.ContentMD5 == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.ContentType == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.HttpExpiresDate == TIMESTAMP
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.RequesterCharged == BOOLEAN
input.Body.Operation.S3PutObjectCopy.NewObjectMetadata.SSEAlgorithm == enum_S3SSEAlgorithm[_]
input.Body.Operation.S3PutObjectCopy.NewObjectTagging[_].Key == STRING
input.Body.Operation.S3PutObjectCopy.NewObjectTagging[_].Value == STRING
input.Body.Operation.S3PutObjectCopy.RedirectLocation == STRING
input.Body.Operation.S3PutObjectCopy.RequesterPays == BOOLEAN
input.Body.Operation.S3PutObjectCopy.StorageClass == enum_S3StorageClass[_]
input.Body.Operation.S3PutObjectCopy.UnModifiedSinceConstraint == TIMESTAMP
input.Body.Operation.S3PutObjectCopy.SSEAwsKmsKeyId == STRING
input.Body.Operation.S3PutObjectCopy.TargetKeyPrefix == STRING
input.Body.Operation.S3PutObjectCopy.ObjectLockLegalHoldStatus == enum_S3ObjectLockLegalHoldStatus[_]
input.Body.Operation.S3PutObjectCopy.ObjectLockMode == enum_S3ObjectLockMode[_]
input.Body.Operation.S3PutObjectCopy.ObjectLockRetainUntilDate == TIMESTAMP
input.Body.Operation.S3PutObjectCopy.BucketKeyEnabled == BOOLEAN
input.Body.Operation.S3PutObjectCopy.ChecksumAlgorithm == enum_S3ChecksumAlgorithm[_]
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.AccessControlList.Owner.ID == STRING
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.AccessControlList.Owner.DisplayName == STRING
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.AccessControlList.Grants[_].Grantee.TypeIdentifier == enum_S3GranteeTypeIdentifier[_]
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.AccessControlList.Grants[_].Grantee.Identifier == STRING
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.AccessControlList.Grants[_].Grantee.DisplayName == STRING
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.AccessControlList.Grants[_].Permission == enum_S3Permission[_]
input.Body.Operation.S3PutObjectAcl.AccessControlPolicy.CannedAccessControlList == enum_S3CannedAccessControlList[_]
input.Body.Operation.S3PutObjectTagging.TagSet[_].Key == STRING
input.Body.Operation.S3PutObjectTagging.TagSet[_].Value == STRING
input.Body.Operation.S3DeleteObjectTagging == {}
input.Body.Operation.S3InitiateRestoreObject.ExpirationInDays == INTEGER
input.Body.Operation.S3InitiateRestoreObject.GlacierJobTier == enum_S3GlacierJobTier[_]
input.Body.Operation.S3PutObjectLegalHold.LegalHold.Status == enum_S3ObjectLockLegalHoldStatus[_]
input.Body.Operation.S3PutObjectRetention.BypassGovernanceRetention == BOOLEAN
input.Body.Operation.S3PutObjectRetention.Retention.RetainUntilDate == TIMESTAMP
input.Body.Operation.S3PutObjectRetention.Retention.Mode == enum_S3ObjectLockRetentionMode[_]
input.Body.Operation.S3ReplicateObject == {}
input.Body.Report.Bucket == STRING
input.Body.Report.Format == enum_JobReportFormat[_]
input.Body.Report.Enabled == BOOLEAN
input.Body.Report.Prefix == STRING
input.Body.Report.ReportScope == enum_JobReportScope[_]
input.Body.ClientRequestToken == STRING
input.Body.Manifest.Spec.Format == enum_JobManifestFormat[_]
input.Body.Manifest.Spec.Fields[_] == enum_JobManifestFieldName[_]
input.Body.Manifest.Location.ObjectArn == STRING
input.Body.Manifest.Location.ObjectVersionId == STRING
input.Body.Manifest.Location.ETag == STRING
input.Body.Description == STRING
input.Body.Priority == INTEGER
input.Body.RoleArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.ExpectedBucketOwner == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.SourceBucket == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.ManifestOutputLocation.ExpectedManifestBucketOwner == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.ManifestOutputLocation.Bucket == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.ManifestOutputLocation.ManifestPrefix == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.ManifestOutputLocation.ManifestEncryption.SSE-S3 == {}
input.Body.ManifestGenerator.S3JobManifestGenerator.ManifestOutputLocation.ManifestEncryption.SSE-KMS.KeyId == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.ManifestOutputLocation.ManifestFormat == enum_GeneratedManifestFormat[_]
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.EligibleForReplication == BOOLEAN
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.CreatedAfter == TIMESTAMP
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.CreatedBefore == TIMESTAMP
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.ObjectReplicationStatuses[_] == enum_ReplicationStatus[_]
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.KeyNameConstraint.MatchAnyPrefix[_] == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.KeyNameConstraint.MatchAnySuffix[_] == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.KeyNameConstraint.MatchAnySubstring[_] == STRING
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.ObjectSizeGreaterThanBytes == LONG
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.ObjectSizeLessThanBytes == LONG
input.Body.ManifestGenerator.S3JobManifestGenerator.Filter.MatchAnyStorageClass[_] == enum_S3StorageClass[_]
input.Body.ManifestGenerator.S3JobManifestGenerator.EnableManifestOutput == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateMultiRegionAccessPoint
valid {
input.Body.ClientToken == STRING
input.Body.Details.Name == STRING
input.Body.Details.PublicAccessBlock.BlockPublicAcls == BOOLEAN
input.Body.Details.PublicAccessBlock.IgnorePublicAcls == BOOLEAN
input.Body.Details.PublicAccessBlock.BlockPublicPolicy == BOOLEAN
input.Body.Details.PublicAccessBlock.RestrictPublicBuckets == BOOLEAN
input.Body.Details.Regions[_].Bucket == STRING
input.Body.Details.Regions[_].BucketAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateStorageLensGroup
valid {
input.Body.StorageLensGroup.Name == STRING
input.Body.StorageLensGroup.Filter.MatchAnyPrefix[_] == STRING
input.Body.StorageLensGroup.Filter.MatchAnySuffix[_] == STRING
input.Body.StorageLensGroup.Filter.MatchAnyTag[_].Key == STRING
input.Body.StorageLensGroup.Filter.MatchAnyTag[_].Value == STRING
input.Body.StorageLensGroup.Filter.MatchObjectAge.DaysGreaterThan == INTEGER
input.Body.StorageLensGroup.Filter.MatchObjectAge.DaysLessThan == INTEGER
input.Body.StorageLensGroup.Filter.MatchObjectSize.BytesGreaterThan == LONG
input.Body.StorageLensGroup.Filter.MatchObjectSize.BytesLessThan == LONG
input.Body.StorageLensGroup.Filter.And.MatchAnyPrefix[_] == STRING
input.Body.StorageLensGroup.Filter.And.MatchAnySuffix[_] == STRING
input.Body.StorageLensGroup.Filter.And.MatchAnyTag[_].Key == STRING
input.Body.StorageLensGroup.Filter.And.MatchAnyTag[_].Value == STRING
input.Body.StorageLensGroup.Filter.And.MatchObjectAge.DaysGreaterThan == INTEGER
input.Body.StorageLensGroup.Filter.And.MatchObjectAge.DaysLessThan == INTEGER
input.Body.StorageLensGroup.Filter.And.MatchObjectSize.BytesGreaterThan == LONG
input.Body.StorageLensGroup.Filter.And.MatchObjectSize.BytesLessThan == LONG
input.Body.StorageLensGroup.Filter.Or.MatchAnyPrefix[_] == STRING
input.Body.StorageLensGroup.Filter.Or.MatchAnySuffix[_] == STRING
input.Body.StorageLensGroup.Filter.Or.MatchAnyTag[_].Key == STRING
input.Body.StorageLensGroup.Filter.Or.MatchAnyTag[_].Value == STRING
input.Body.StorageLensGroup.Filter.Or.MatchObjectAge.DaysGreaterThan == INTEGER
input.Body.StorageLensGroup.Filter.Or.MatchObjectAge.DaysLessThan == INTEGER
input.Body.StorageLensGroup.Filter.Or.MatchObjectSize.BytesGreaterThan == LONG
input.Body.StorageLensGroup.Filter.Or.MatchObjectSize.BytesLessThan == LONG
input.Body.StorageLensGroup.StorageLensGroupArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessGrant
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessGrantsInstance
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessGrantsInstanceResourcePolicy
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessGrantsLocation
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessPoint
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessPointForObjectLambda
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessPointPolicy
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAccessPointPolicyForObjectLambda
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteBucket
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteBucketLifecycleConfiguration
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteBucketPolicy
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteBucketReplication
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteBucketTagging
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteJobTagging
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteMultiRegionAccessPoint
valid {
input.Body.ClientToken == STRING
input.Body.Details.Name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePublicAccessBlock
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteStorageLensConfiguration
valid {
input.ReqMap.storagelensid == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteStorageLensConfigurationTagging
valid {
input.ReqMap.storagelensid == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteStorageLensGroup
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeJob
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeMultiRegionAccessPointOperation
valid {
input.ReqMap.request_token == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DissociateAccessGrantsIdentityCenter
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessGrant
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessGrantsInstance
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessGrantsInstanceForPrefix
valid {
input.Qs.s3prefix == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessGrantsInstanceResourcePolicy
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessGrantsLocation
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPoint
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPointConfigurationForObjectLambda
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPointForObjectLambda
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPointPolicy
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPointPolicyForObjectLambda
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPointPolicyStatus
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccessPointPolicyStatusForObjectLambda
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucket
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucketLifecycleConfiguration
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucketPolicy
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucketReplication
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucketTagging
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetBucketVersioning
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDataAccess
enum_Permission := [ "READ", "WRITE", "READWRITE" ]
enum_Privilege := [ "Minimal", "Default" ]
enum_S3PrefixType := [ "Object" ]
valid {
input.Qs.target == STRING
input.Qs.permission == enum_Permission[_]
input.Qs.durationSeconds == INTEGER
input.Qs.privilege == enum_Privilege[_]
input.Qs.targetType == enum_S3PrefixType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetJobTagging
valid {
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMultiRegionAccessPoint
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMultiRegionAccessPointPolicy
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMultiRegionAccessPointPolicyStatus
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetMultiRegionAccessPointRoutes
valid {
input.ReqMap.mrap == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPublicAccessBlock
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetStorageLensConfiguration
valid {
input.ReqMap.storagelensid == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetStorageLensConfigurationTagging
valid {
input.ReqMap.storagelensid == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetStorageLensGroup
valid {
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccessGrants
enum_GranteeType := [ "DIRECTORY_USER", "DIRECTORY_GROUP", "IAM" ]
enum_Permission := [ "READ", "WRITE", "READWRITE" ]
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.Qs.granteetype == enum_GranteeType[_]
input.Qs.granteeidentifier == STRING
input.Qs.permission == enum_Permission[_]
input.Qs.grantscope == STRING
input.Qs.application_arn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccessGrantsInstances
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccessGrantsLocations
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.Qs.locationscope == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccessPoints
valid {
input.Qs.bucket == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAccessPointsForObjectLambda
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCallerAccessGrants
valid {
input.Qs.grantscope == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.Qs.allowedByApplication == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListJobs
enum_JobStatus := [ "Active", "Cancelled", "Cancelling", "Complete", "Completing", "Failed", "Failing", "New", "Paused", "Pausing", "Preparing", "Ready", "Suspended" ]
valid {
input.Qs.jobStatuses[_] == enum_JobStatus[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMultiRegionAccessPoints
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListRegionalBuckets
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListStorageLensConfigurations
valid {
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListStorageLensGroups
valid {
input.Qs.nextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAccessGrantsInstanceResourcePolicy
valid {
input.Body.Policy == STRING
input.Body.Organization == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAccessPointConfigurationForObjectLambda
enum_ObjectLambdaAllowedFeature := [ "GetObject-Range", "GetObject-PartNumber", "HeadObject-Range", "HeadObject-PartNumber" ]
enum_ObjectLambdaTransformationConfigurationAction := [ "GetObject", "HeadObject", "ListObjects", "ListObjectsV2" ]
valid {
input.Body.Configuration.SupportingAccessPoint == STRING
input.Body.Configuration.CloudWatchMetricsEnabled == BOOLEAN
input.Body.Configuration.AllowedFeatures[_] == enum_ObjectLambdaAllowedFeature[_]
input.Body.Configuration.TransformationConfigurations[_].Actions[_] == enum_ObjectLambdaTransformationConfigurationAction[_]
input.Body.Configuration.TransformationConfigurations[_].ContentTransformation.AwsLambda.FunctionArn == STRING
input.Body.Configuration.TransformationConfigurations[_].ContentTransformation.AwsLambda.FunctionPayload == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAccessPointPolicy
valid {
input.Body.Policy == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAccessPointPolicyForObjectLambda
valid {
input.Body.Policy == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutBucketLifecycleConfiguration
enum_ExpirationStatus := [ "Enabled", "Disabled" ]
enum_TransitionStorageClass := [ "GLACIER", "STANDARD_IA", "ONEZONE_IA", "INTELLIGENT_TIERING", "DEEP_ARCHIVE" ]
valid {
input.Body.LifecycleConfiguration.Rules[_].Expiration.Date == TIMESTAMP
input.Body.LifecycleConfiguration.Rules[_].Expiration.Days == INTEGER
input.Body.LifecycleConfiguration.Rules[_].Expiration.ExpiredObjectDeleteMarker == BOOLEAN
input.Body.LifecycleConfiguration.Rules[_].ID == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.Prefix == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.Tag.Key == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.Tag.Value == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.And.Prefix == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.And.Tags[_].Key == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.And.Tags[_].Value == STRING
input.Body.LifecycleConfiguration.Rules[_].Filter.And.ObjectSizeGreaterThan == LONG
input.Body.LifecycleConfiguration.Rules[_].Filter.And.ObjectSizeLessThan == LONG
input.Body.LifecycleConfiguration.Rules[_].Filter.ObjectSizeGreaterThan == LONG
input.Body.LifecycleConfiguration.Rules[_].Filter.ObjectSizeLessThan == LONG
input.Body.LifecycleConfiguration.Rules[_].Status == enum_ExpirationStatus[_]
input.Body.LifecycleConfiguration.Rules[_].Transitions[_].Date == TIMESTAMP
input.Body.LifecycleConfiguration.Rules[_].Transitions[_].Days == INTEGER
input.Body.LifecycleConfiguration.Rules[_].Transitions[_].StorageClass == enum_TransitionStorageClass[_]
input.Body.LifecycleConfiguration.Rules[_].NoncurrentVersionTransitions[_].NoncurrentDays == INTEGER
input.Body.LifecycleConfiguration.Rules[_].NoncurrentVersionTransitions[_].StorageClass == enum_TransitionStorageClass[_]
input.Body.LifecycleConfiguration.Rules[_].NoncurrentVersionExpiration.NoncurrentDays == INTEGER
input.Body.LifecycleConfiguration.Rules[_].NoncurrentVersionExpiration.NewerNoncurrentVersions == INTEGER
input.Body.LifecycleConfiguration.Rules[_].AbortIncompleteMultipartUpload.DaysAfterInitiation == INTEGER
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutBucketPolicy
valid {
input.Body.Policy == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutBucketReplication
enum_DeleteMarkerReplicationStatus := [ "Enabled", "Disabled" ]
enum_ExistingObjectReplicationStatus := [ "Enabled", "Disabled" ]
enum_MetricsStatus := [ "Enabled", "Disabled" ]
enum_OwnerOverride := [ "Destination" ]
enum_ReplicaModificationsStatus := [ "Enabled", "Disabled" ]
enum_ReplicationRuleStatus := [ "Enabled", "Disabled" ]
enum_ReplicationStorageClass := [ "STANDARD", "REDUCED_REDUNDANCY", "STANDARD_IA", "ONEZONE_IA", "INTELLIGENT_TIERING", "GLACIER", "DEEP_ARCHIVE", "OUTPOSTS", "GLACIER_IR" ]
enum_ReplicationTimeStatus := [ "Enabled", "Disabled" ]
enum_SseKmsEncryptedObjectsStatus := [ "Enabled", "Disabled" ]
valid {
input.Body.ReplicationConfiguration.Role == STRING
input.Body.ReplicationConfiguration.Rules[_].ID == STRING
input.Body.ReplicationConfiguration.Rules[_].Priority == INTEGER
input.Body.ReplicationConfiguration.Rules[_].Prefix == STRING
input.Body.ReplicationConfiguration.Rules[_].Filter.Prefix == STRING
input.Body.ReplicationConfiguration.Rules[_].Filter.Tag.Key == STRING
input.Body.ReplicationConfiguration.Rules[_].Filter.Tag.Value == STRING
input.Body.ReplicationConfiguration.Rules[_].Filter.And.Prefix == STRING
input.Body.ReplicationConfiguration.Rules[_].Filter.And.Tags[_].Key == STRING
input.Body.ReplicationConfiguration.Rules[_].Filter.And.Tags[_].Value == STRING
input.Body.ReplicationConfiguration.Rules[_].Status == enum_ReplicationRuleStatus[_]
input.Body.ReplicationConfiguration.Rules[_].SourceSelectionCriteria.SseKmsEncryptedObjects.Status == enum_SseKmsEncryptedObjectsStatus[_]
input.Body.ReplicationConfiguration.Rules[_].SourceSelectionCriteria.ReplicaModifications.Status == enum_ReplicaModificationsStatus[_]
input.Body.ReplicationConfiguration.Rules[_].ExistingObjectReplication.Status == enum_ExistingObjectReplicationStatus[_]
input.Body.ReplicationConfiguration.Rules[_].Destination.Account == STRING
input.Body.ReplicationConfiguration.Rules[_].Destination.Bucket == STRING
input.Body.ReplicationConfiguration.Rules[_].Destination.ReplicationTime.Status == enum_ReplicationTimeStatus[_]
input.Body.ReplicationConfiguration.Rules[_].Destination.ReplicationTime.Time.Minutes == INTEGER
input.Body.ReplicationConfiguration.Rules[_].Destination.AccessControlTranslation.Owner == enum_OwnerOverride[_]
input.Body.ReplicationConfiguration.Rules[_].Destination.EncryptionConfiguration.ReplicaKmsKeyID == STRING
input.Body.ReplicationConfiguration.Rules[_].Destination.Metrics.Status == enum_MetricsStatus[_]
input.Body.ReplicationConfiguration.Rules[_].Destination.Metrics.EventThreshold.Minutes == INTEGER
input.Body.ReplicationConfiguration.Rules[_].Destination.StorageClass == enum_ReplicationStorageClass[_]
input.Body.ReplicationConfiguration.Rules[_].DeleteMarkerReplication.Status == enum_DeleteMarkerReplicationStatus[_]
input.Body.ReplicationConfiguration.Rules[_].Bucket == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutBucketTagging
valid {
input.Body.Tagging.TagSet[_].Key == STRING
input.Body.Tagging.TagSet[_].Value == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutBucketVersioning
enum_BucketVersioningStatus := [ "Enabled", "Suspended" ]
enum_MFADelete := [ "Enabled", "Disabled" ]
valid {
input.Body.VersioningConfiguration.MfaDelete == enum_MFADelete[_]
input.Body.VersioningConfiguration.Status == enum_BucketVersioningStatus[_]
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutJobTagging
valid {
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutMultiRegionAccessPointPolicy
valid {
input.Body.ClientToken == STRING
input.Body.Details.Name == STRING
input.Body.Details.Policy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutPublicAccessBlock
valid {
input.Body.PublicAccessBlockConfiguration.BlockPublicAcls == BOOLEAN
input.Body.PublicAccessBlockConfiguration.IgnorePublicAcls == BOOLEAN
input.Body.PublicAccessBlockConfiguration.BlockPublicPolicy == BOOLEAN
input.Body.PublicAccessBlockConfiguration.RestrictPublicBuckets == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutStorageLensConfiguration
enum_Format := [ "CSV", "Parquet" ]
enum_OutputSchemaVersion := [ "V_1" ]
valid {
input.Body.StorageLensConfiguration.Id == STRING
input.Body.StorageLensConfiguration.AccountLevel.ActivityMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.ActivityMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.PrefixLevel.StorageMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.PrefixLevel.StorageMetrics.SelectionCriteria.Delimiter == STRING
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.PrefixLevel.StorageMetrics.SelectionCriteria.MaxDepth == INTEGER
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.PrefixLevel.StorageMetrics.SelectionCriteria.MinStorageBytesPercentage == DOUBLE
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.AdvancedCostOptimizationMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.AdvancedDataProtectionMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.BucketLevel.DetailedStatusCodesMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.AdvancedCostOptimizationMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.AdvancedDataProtectionMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.DetailedStatusCodesMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AccountLevel.StorageLensGroupLevel.SelectionCriteria.Include[_] == STRING
input.Body.StorageLensConfiguration.AccountLevel.StorageLensGroupLevel.SelectionCriteria.Exclude[_] == STRING
input.Body.StorageLensConfiguration.Include.Buckets[_] == STRING
input.Body.StorageLensConfiguration.Include.Regions[_] == STRING
input.Body.StorageLensConfiguration.Exclude.Buckets[_] == STRING
input.Body.StorageLensConfiguration.Exclude.Regions[_] == STRING
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.Format == enum_Format[_]
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.OutputSchemaVersion == enum_OutputSchemaVersion[_]
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.AccountId == STRING
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.Arn == STRING
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.Prefix == STRING
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.Encryption.SSE-S3 == {}
input.Body.StorageLensConfiguration.DataExport.S3BucketDestination.Encryption.SSE-KMS.KeyId == STRING
input.Body.StorageLensConfiguration.DataExport.CloudWatchMetrics.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.IsEnabled == BOOLEAN
input.Body.StorageLensConfiguration.AwsOrg.Arn == STRING
input.Body.StorageLensConfiguration.StorageLensArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ReqMap.storagelensid == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutStorageLensConfigurationTagging
valid {
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ReqMap.storagelensid == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SubmitMultiRegionAccessPointRoutes
valid {
input.Body.RouteUpdates[_].Bucket == STRING
input.Body.RouteUpdates[_].Region == STRING
input.Body.RouteUpdates[_].TrafficDialPercentage == INTEGER
input.ReqMap.mrap == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAccessGrantsLocation
valid {
input.Body.IAMRoleArn == STRING
input.ReqMap.id == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateJobPriority
valid {
input.ReqMap.id == STRING
input.Qs.priority == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateJobStatus
enum_RequestedJobStatus := [ "Cancelled", "Ready" ]
valid {
input.ReqMap.id == STRING
input.Qs.requestedJobStatus == enum_RequestedJobStatus[_]
input.Qs.statusUpdateReason == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateStorageLensGroup
valid {
input.Body.StorageLensGroup.Name == STRING
input.Body.StorageLensGroup.Filter.MatchAnyPrefix[_] == STRING
input.Body.StorageLensGroup.Filter.MatchAnySuffix[_] == STRING
input.Body.StorageLensGroup.Filter.MatchAnyTag[_].Key == STRING
input.Body.StorageLensGroup.Filter.MatchAnyTag[_].Value == STRING
input.Body.StorageLensGroup.Filter.MatchObjectAge.DaysGreaterThan == INTEGER
input.Body.StorageLensGroup.Filter.MatchObjectAge.DaysLessThan == INTEGER
input.Body.StorageLensGroup.Filter.MatchObjectSize.BytesGreaterThan == LONG
input.Body.StorageLensGroup.Filter.MatchObjectSize.BytesLessThan == LONG
input.Body.StorageLensGroup.Filter.And.MatchAnyPrefix[_] == STRING
input.Body.StorageLensGroup.Filter.And.MatchAnySuffix[_] == STRING
input.Body.StorageLensGroup.Filter.And.MatchAnyTag[_].Key == STRING
input.Body.StorageLensGroup.Filter.And.MatchAnyTag[_].Value == STRING
input.Body.StorageLensGroup.Filter.And.MatchObjectAge.DaysGreaterThan == INTEGER
input.Body.StorageLensGroup.Filter.And.MatchObjectAge.DaysLessThan == INTEGER
input.Body.StorageLensGroup.Filter.And.MatchObjectSize.BytesGreaterThan == LONG
input.Body.StorageLensGroup.Filter.And.MatchObjectSize.BytesLessThan == LONG
input.Body.StorageLensGroup.Filter.Or.MatchAnyPrefix[_] == STRING
input.Body.StorageLensGroup.Filter.Or.MatchAnySuffix[_] == STRING
input.Body.StorageLensGroup.Filter.Or.MatchAnyTag[_].Key == STRING
input.Body.StorageLensGroup.Filter.Or.MatchAnyTag[_].Value == STRING
input.Body.StorageLensGroup.Filter.Or.MatchObjectAge.DaysGreaterThan == INTEGER
input.Body.StorageLensGroup.Filter.Or.MatchObjectAge.DaysLessThan == INTEGER
input.Body.StorageLensGroup.Filter.Or.MatchObjectSize.BytesGreaterThan == LONG
input.Body.StorageLensGroup.Filter.Or.MatchObjectSize.BytesLessThan == LONG
input.Body.StorageLensGroup.StorageLensGroupArn == STRING
input.ReqMap.name == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 4 days ago