Az)      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~               !!!!!!!!!!!!!"""""""""""""""################################# # # # # ##################$ $!$"$#$$$%$&$'$(%)%*%+%,%-%.%/%0%1%2%3%4%5%6%7&8&9&:&;&<&=&>'?'@'A'B'C'D'E'F'G(H(I(J(K(L(M(N(O(P(Q(R)S)T)U)V)W)X)Y)Z)[*\*]*^*_*`*a*b*c*d*e*f*g*h*i*j+k+l+m+n+o+p+q+r+s+t+u+v+w,x,y,z,{,|,},~,,-----------------...............///////////0000000000000000000000000000000000000111111111111111111111112222222223333333333333444444444444 4 4 4 4 4444444444444444455 5!5"5#5$5%5&5'5(5)5*5+6,6-6.6/606162636465666768696:6;6<7=7>7?7@7A7B7C7D7E8F8G8H8I8J8K8L8M8N8O8P9Q9R9S9T9U9V9W9X9Y9Z9[9\9]9^9_9`9a9b9c9d9e9f9g9h9i9j9k9l9m9n9o9p9q9r9s9t9u9v9w9x9y9z9{9|9}9~9999:::::::::::::::;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<<<<<<<<<<===================>NoneThis class defines items with names in them. It is used to extract the name from JSON fields so we can get an Object with the names as keys instead of just an array..Might create an aeson pair from a Maybe value. Similar to , except we specify the prefix exactly. We use this because camelCaseNamer is terrible with names that start in all caps, like EC2. We would like to start the field names with "ec2...", but camelCaseNamer wants "eC2...".See aUsed for the JSON instances in Template. It is put here because it must be in a separate module.     None!"*7C Class used to create a  from another type. ?We need to wrap Bools for the same reason we need to wrap Ints.We need to wrap integers so we can override the Aeson type-classes. This is necessary because CloudFront made the silly decision to represent numbers as JSON strings.JThis type is a wrapper around any values in a template. A value can be a , a ", or an intrinsic function. See: _http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html       None08Full data type definition for AccessLoggingPolicy. See $# for a more convenient constructor.$Constructor for * containing required fields as arguments.%sThe interval for publishing access logs in minutes. You can specify an interval of either 5 minutes or 60 minutes.&1Whether logging is enabled for the load balancer.'BThe name of an Amazon S3 bucket where access log files are stored.(A prefix for the all log object keys, such as my-load-balancer-logs/prod. If you store log files from multiple sources in a single bucket, you can use a prefix to distinguish each log file and its source.  !"#$&'%&'()*  !"#$%&'(  !"#*)$%&'( !"#$%&'()*None0+/Full data type definition for AliasTarget. See 0$ for a more convenient constructor.0Constructor for +) containing required fields as arguments.1The DNS name of the load balancer, the domain name of the CloudFront distribution, the website endpoint of the Amazon S3 bucket, or another record set in the same hosted zone that is the target of the alias. Type: String2Whether Amazon Route 53 checks the health of the resource record sets in the alias target when responding to DNS queries. For more information about using this property, see EvaluateTargetHealth in the Amazon Route 53 API Reference. Type: Boolean3BThe hosted zone ID. For load balancers, use the canonical hosted zone ID of the load balancer. For Amazon S3, use the hosted zone ID for your bucket's website endpoint. For CloudFront, use Z2FDTNDATAQYW2. For examples, see Example: Creating Alias Resource Record Sets in the Amazon Route 53 API Reference. Type: String +,-./01312345 +,-./0123 +,-./540123+,-./012345None06>Full data type definition for AppCookieStickinessPolicy. See :# for a more convenient constructor.:Constructor for 6* containing required fields as arguments.;3Name of the application cookie used for stickiness.<The name of the policy being created. The name must be unique within the set of policies for this Load Balancer. Note To associate this policy with a listener, include the policy name in the listener's PolicyNames property. 6789:;<;<=>6789:;< 6789>=:;<6789:;<=>None0?=Full data type definition for ConnectionDrainingPolicy. See C# for a more convenient constructor.CConstructor for ?* containing required fields as arguments.DDWhether or not connection draining is enabled for the load balancer.ElThe time in seconds after the load balancer closes all connections to a deregistered or unhealthy instance. ?@ABCDDEFG?@ABCDE ?@ABGFCDE?@ABCDEFGNone0H7Full data type definition for ConnectionSettings. See K# for a more convenient constructor.KConstructor for H* containing required fields as arguments.LThe time (in seconds) that a connection to the load balancer can remain idle, which means no data is sent over the connection. After the specified time, the load balancer closes the connection.HIJKLLMNHIJKLHIJNMKLHIJKLMNNone0O2Full data type definition for EBSBlockDevice. See W$ for a more convenient constructor.WConstructor for O) containing required fields as arguments.X\Determines whether to delete the volume on instance termination. The default value is true.YIndicates whether the volume is encrypted. Encrypted Amazon EBS volumes can only be attached to instance types that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are automatically encrypted. You cannot create an encrypted volume from an unencrypted snapshot or vice versa. If your AMI uses encrypted volumes, you can only launch the AMI on supported instance types. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide for Linux Instances.ZqThe number of I/O operations per second (IOPS) that the volume supports. This can be an integer from 100 - 2000.[>The snapshot ID of the volume to use to create a block device.\}The volume size, in gibibytes (GiB). This can be a number from 1  1024. If the volume type is io1, the minimum value is 10.]The volume type. You can specify standard, io1, or gp2. If you set the type to io1, you must also set the Iops property. For more information about these values and the default value, see CreateVolume in the Amazon EC2 API Reference.OPQRSTUVWXYZ[\]^_OPQRSTUVWXYZ[\]OPQRSTUV_^WXYZ[\] OPQRSTUVWXYZ[\]^_ None0`:Full data type definition for EC2BlockDeviceMapping. See f# for a more convenient constructor.fConstructor for `* containing required fields as arguments.g)The name of the device within Amazon EC2.i4This property can be used to unmap a defined device.jThe name of the virtual device. The name must be in the form ephemeralX where X is a number starting from zero (0); for example, ephemeral0. `abcdefgghijkl `abcdefghij `abcdelkfghij`abcdefghijkl None0m1Full data type definition for EC2MountPoint. See q$ for a more convenient constructor.qConstructor for m) containing required fields as arguments.r3How the device is exposed to the instance (such as devsdh, or xvdh).sThe ID of the Amazon EBS volume. The volume and instance must be within the same Availability Zone and the instance must be running. mnopqrsrstumnopqrs mnoputqrsmnopqrstu None0v@Full data type definition for EC2SsmAssociationParameters. See z# for a more convenient constructor.zConstructor for v* containing required fields as arguments.{FThe name of an input parameter that is in the associated SSM document.| The value of an input parameter. vwxyz{|{|}~vwxyz{| vwxy~}z{|vwxyz{|}~ None07Full data type definition for EC2SsmAssociations. See # for a more convenient constructor.Constructor for * containing required fields as arguments.CThe input parameter values to use with the associated SSM document.;The name of an SSM document to associate with the instance.   None0-Full data type definition for ELBPolicy. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.A list of arbitrary attributes for this policy. If you don't need to specify any policy attributes, specify an empty list ([]).bA list of instance ports for the policy. These are the ports associated with the back-end server.6A list of external load balancer ports for the policy.;A name for this policy that is unique to the load balancer.The name of the policy type for this policy. This must be one of the types reported by the Elastic Load Balancing DescribeLoadBalancerPolicyTypes action.  None0/Full data type definition for HealthCheck. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.uSpecifies the number of consecutive health probe successes required before moving the instance to the Healthy state.aSpecifies the approximate interval, in seconds, between health checks of an individual instance.Specifies the instance's protocol and port to check. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535.Specifies the amount of time, in seconds, during which no response means a failed health probe. This value must be less than the value for Interval.vSpecifies the number of consecutive health probe failures required before moving the instance to the Unhealthy state.  None0/Full data type definition for IAMPolicies. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.NA policy document that describes what actions are allowed on which resources.The name of the policy.  None0=Full data type definition for LBCookieStickinessPolicy. See # for a more convenient constructor.Constructor for * containing required fields as arguments.The time period, in seconds, after which the cookie should be considered stale. If this parameter isn't specified, the sticky session will last for the duration of the browser session.The name of the policy being created. The name must be unique within the set of policies for this load balancer. Note To associate this policy with a listener, include the policy name in the listener's PolicyNames property.  None04Full data type definition for ListenerProperty. See $ for a more convenient constructor.Constructor for * containing required fields as arguments.Specifies the TCP port on which the instance server is listening. This property cannot be modified for the life of the load balancer.Specifies the protocol to use for routing traffic to back-end instances HTTP, HTTPS, TCP, or SSL. This property cannot be modified for the life of the load balancer.vSpecifies the external load balancer port number. This property cannot be modified for the life of the load balancer.LA list of ElasticLoadBalancing policy names to associate with the listener.Specifies the load balancer transport protocol to use for routing  HTTP, HTTPS, TCP or SSL. This property cannot be modified for the life of the load balancer.The ARN of the SSL certificate to use. For more information about SSL certificates, see Managing Server Certificates in the AWS Identity and Access Management documentation. None0BFull data type definition for PrivateIpAddressSpecification. See # for a more convenient constructor.Constructor for * containing required fields as arguments.0The private IP address of the network interface.Sets the private IP address as the primary private address. You can set only one primary private IP address. If you don't specify a primary private IP address, Amazon EC2 automatically assigns a primary private IP address.  None0 4Full data type definition for NetworkInterface. See $ for a more convenient constructor.Constructor for * containing required fields as arguments.rIndicates whether the network interface receives a public IP address. You can associate a public IP address with a network interface only if it has a device index of eth0 and if it is a new network interface (not an existing one). In other words, if you specify true, don't specify a network interface ID. For more information, see Amazon EC2 Instance IP Addressing.EWhether to delete the network interface when the instance terminates.*The description of this network interface.9The network interface's position in the attachment order.DA list of security group IDs associated with this network interface.!An existing network interface ID.Assigns a single private IP address to the network interface, which is used as the primary private IP address. If you want to specify multiple private IP address, use the PrivateIpAddresses property.Assigns a list of private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want Amazon EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpCount property and do not specify this property. For information about the maximum number of private IP addresses, see Private IP Addresses Per ENI Per Instance Type in the Amazon EC2 User Guide for Linux Instances.eThe number of secondary private IP addresses that Amazon EC2 auto assigns to the network interface. Amazon EC2 uses the value of the PrivateIpAddress property as the primary private IP address. If you don't specify that property, Amazon EC2 auto assigns both the primary and secondary private IP addresses. If you want to specify your own list of private IP addresses, use the PrivateIpAddresses property and do not specify this property. For information about the maximum number of private IP addresses, see Private IP Addresses Per ENI Per Instance Type in the Amazon EC2 User Guide for Linux Instances.=The ID of the subnet to associate with the network interface. None09Full data type definition for RDSSecurityGroupRule. See # for a more convenient constructor.Constructor for * containing required fields as arguments.fThe IP range to authorize. For an overview of CIDR ranges, go to the Wikipedia Tutorial. Type: StringId of the VPC or EC2 Security Group to authorize. For VPC DB Security Groups, use EC2SecurityGroupId. For EC2 Security Groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId. Type: StringName of the EC2 Security Group to authorize. For VPC DB Security Groups, use EC2SecurityGroupId. For EC2 Security Groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId. Type: StringMAWS Account Number of the owner of the EC2 Security Group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, use EC2SecurityGroupId. For EC2 Security Groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId. Type: String None09Full data type definition for RecordSetGeoLocation. See # for a more convenient constructor.Constructor for * containing required fields as arguments.All DNS queries from the continent that you specified are routed to this resource record set. If you specify this property, omit the CountryCode and SubdivisionCode properties. For valid values, see the ContinentCode element in the Amazon Route 53 API Reference. Type: StringAll DNS queries from the country that you specified are routed to this resource record set. If you specify this property, omit the ContinentCode property. For valid values, see the CountryCode element in the Amazon Route 53 API Reference. Type: StringIf you specified US for the country code, you can specify a state in the United States. All DNS queries from the state that you specified are routed to this resource record set. If you specify this property, you must specify US for the CountryCode and omit the ContinentCode property. For valid values, see the SubdivisionCode element in the Amazon Route 53 API Reference. Type: String   None0/Full data type definition for ResourceTag. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. The value for the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.            None0 <Full data type definition for SecurityGroupEgressRule. See # for a more convenient constructor.Constructor for  * containing required fields as arguments.Specifies a CIDR range.QSpecifies the GroupId of the destination Amazon VPC security group. Type: StringThe start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).qAn IP protocol name or number. For valid values, go to the IpProtocol parameter in AuthorizeSecurityGroupIngressThe end of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).          None0 =Full data type definition for SecurityGroupIngressRule. See $# for a more convenient constructor.$Constructor for * containing required fields as arguments.%Specifies a CIDR range.&The start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number). Type: Integer'qAn IP protocol name or number. For valid values, go to the IpProtocol parameter in AuthorizeSecurityGroupIngress(For VPC security groups only. Specifies the ID of the Amazon EC2 Security Group to allow access. You can use the Ref intrinsic function to refer to the logical ID of a security group defined in the same template.)For non-VPC security groups only. Specifies the name of the Amazon EC2 Security Group to use for access. You can use the Ref intrinsic function to refer to the logical name of a security group that is defined in the same template.*Specifies the AWS Account ID of the owner of the Amazon EC2 Security Group that is specified in the SourceSecurityGroupName property.+The end of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code). !"#$'%&'()*+,- !"#$%&'()*+ !"#-,$%&'()*+  !"#$%&'()*+,-None0.4Full data type definition for UserLoginProfile. See 2$ for a more convenient constructor.2Constructor for .* containing required fields as arguments.3The password for the user.4{Specifies whether the user is required to set a new password the next time the user logs in to the AWS Management Console. ./01233456./01234 ./0165234./0123456None07;Full data type definition for DBSecurityGroupIngress. See ># for a more convenient constructor.>Constructor for 7* containing required fields as arguments.?The IP range to authorize. For an overview of CIDR ranges, go to the Wikipedia Tutorial. Type: String Update requires: No interruption@bThe name (ARN) of the AWS::RDS::DBSecurityGroup to which this ingress will be added. Type: StringAThe ID of the VPC or EC2 security group to authorize. For VPC DB security groups, use EC2SecurityGroupId. For EC2 security groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId. Type: StringBThe name of the EC2 security group to authorize. For VPC DB security groups, use EC2SecurityGroupId. For EC2 security groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId. Type: StringCQThe AWS Account Number of the owner of the EC2 security group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB security groups, use EC2SecurityGroupId. For EC2 security groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId. Type: String789:;<=>@?@ABCDE 789:;<=>?@ABC789:;<=ED>?@ABC 789:;<=>?@ABCDENone0F*Full data type definition for Subnet. See M$ for a more convenient constructor.MConstructor for F) containing required fields as arguments.NgThe availability zone in which you want the subnet. Default: AWS selects a zone for you (recommended).OOThe CIDR block that you want the subnet to cover (for example, "10.0.0.0/24").PzIndicates whether instances that are launched in this subnet receive a public IP address. By default, the value is false.Q;An arbitrary set of tags (key value pairs) for this subnet.RA Ref structure that contains the ID of the VPC on which you want to create the subnet. The VPC ID is provided as the value of the Ref property, as: { Ref: VPCID }.FGHIJKLMORNOPQRST FGHIJKLMNOPQRFGHIJKLTSMNOPQR FGHIJKLMNOPQRSTNone0"U.Full data type definition for DBInstance. See w$ for a more convenient constructor.wConstructor for U) containing required fields as arguments.xKThe allocated storage size specified in gigabytes (GB). If any value is used in the Iops parameter, AllocatedStorage must be at least 100 GB, which corresponds to the minimum Iops value of 1000. If Iops is increased (in 1000 IOPS increments), then AllocatedStorage must also be increased (in 100 GB increments) correspondingly.y:Indicates whether major version upgrades are allowed. Changing this parameter does not result in an outage, and the change is applied asynchronously as soon as possible. Constraints: This parameter must be set to true when you specify an EngineVersion that differs from the DB instance's current major version.zIndicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. The default value is true.{The name of the Availability Zone where the DB instance is located. You cannot set the AvailabilityZone parameter if the MultiAZ parameter is set to true.|The number of days for which automatic DB snapshots are retained. Important If this DB instance is deleted or replaced during an update, all automated snapshots are deleted. However, manual DB snapshot are retained.}For supported engines, specifies the character set to associate with the database instance. For more information, see Appendix: Oracle Character Sets Supported in Amazon RDS in the Amazon Relational Database Service User Guide. If you specify the DBSnapshotIdentifier or SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the snapshot or source database instance.~The identifier of an existing DB cluster that this instance will be associated with. If you specify this property, specify aurora for the Engine property and do not specify any of the following properties: AllocatedStorage, CharacterSetName, DBSecurityGroups, SourceDBInstanceIdentifier, and StorageType. Amazon RDS assigns the first DB instance in the cluster as the primary and additional DB instances as replicas.EThe name of the compute and memory capacity class of the DB instance.A name for the DB instance. If you specify a name, AWS CloudFormation converts it to lower case. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see Name Type. Important If you specify a name, you cannot do updates that require this resource to be replaced. You can still do updates that require no or some interruption. If you must replace the resource, specify a new name.The name of the initial database of this instance that was provided at create time, if one was specified. This same name is returned for the life of the DB instance. Note If you restore from a snapshot, do specify this property for the MySQL or MariaDB engines.}The name of an existing DB parameter group or a reference to an AWS::RDS::DBParameterGroup resource created in the template.+A list of the DB security groups to assign to the Amazon RDS instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice-versa.aThe identifier for the DB snapshot to restore from. By specifying this property, you can create a DB instance from the specified DB snapshot. If the DBSnapshotIdentifier property is an empty string or the AWS::RDS::DBInstance declaration has no DBSnapshotIdentifier property, the database is created as a new database. If the property contains a value (other than empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name does not exist, the database creation fails and the stack rolls back. Some DB instance properties are not valid when you restore from a snapshot, such as the MasterUsername and MasterUserPassword properties. For information about the properties that you can specify, see the RestoreDBInstanceFromDBSnapshot action in the Amazon Relational Database Service API Reference.*A DB subnet group to associate with the DB instance. If there is no DB subnet group, then it is a non-VPC DB instance. For more information about using Amazon RDS in a VPC, go to Using Amazon RDS with Amazon Virtual Private Cloud (VPC) in the Amazon Relational Database Service Developer Guide.&The name of the database engine that the DB instance uses. This property is optional when you specify the DBSnapshotIdentifier property to create DB instances. For valid values, see the Engine parameter of the CreateDBInstance action in the Amazon Relational Database Service API Reference.1The version number of the database engine to use.nThe number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GB of storage (a ratio of 5:1) or specify 2000 IOPS with 200 GB of storage (a ratio of 10:1). For more information, see Amazon RDS Provisioned IOPS Storage to Improve Performance in the Amazon Relational Database Service User Guide.The Amazon Resource Name (ARN) of the AWS Key Management Service master key that is used to encrypt the database instance, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, the default master key is used. If you specify this property, you must set the StorageEncrypted property to true. If you specify the DBSnapshotIdentifier or SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the snapshot or source database instance. Note Currently, if you specify DBSecurityGroups, this property is ignored. If you want to specify a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see Using Amazon RDS with Amazon VPC in the Amazon Relational Database Service User Guide.2The license model information for the DB instance.mThe master user name for the database instance. This property is optional when you specify the DBSnapshotIdentifier or the DBClusterIdentifier property to create DB instances. Note If you specify the SourceDBInstanceIdentifier or DBSnapshotIdentifier property, do not specify this property. The value is inherited from the source database instance or snapshot.GThe master password for the database instance. This property is optional when you specify the DBSnapshotIdentifier or the DBClusterIdentifier property to create DB instances. Note If you specify the SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the source database instance.rSpecifies if the database instance is a multiple Availability Zone deployment. You cannot set the AvailabilityZone parameter if the MultiAZ parameter is set to true. Note Do not specify this property if you want a Multi-AZ deployment for a SQL Server database instance. Use the mirroring option in an option group to set Multi-AZ for a SQL Server database instance.?An option group that this database instance is associated with.The port for the instance.The daily time range during which automated backups are created if automated backups are enabled, as determined by the BackupRetentionPeriod.IThe weekly time range (in UTC) during which system maintenance can occur.8Indicates whether the database instance is an Internet-facing instance. If you specify true, an instance is created with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, an internal instance is created with a DNS name that resolves to a private IP address. The default behavior value depends on your VPC setup and the database subnet group. For more information, see the PubliclyAccessible parameter in CreateDBInstance in the Amazon Relational Database Service API Reference. If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment. For more information, see DependsOn Attribute. Note Currently, if you specify DBSecurityGroups, this property is ignored. If you want to specify a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see Using Amazon RDS with Amazon VPC in the Amazon Relational Database Service User Guide.EIf you want to create a read replica DB instance, specify the ID of the source database instance. Each database instance can have a certain number of read replicas. For more information, see Working with Read Replicas in the Amazon Relational Database Service Developer Guide. The SourceDBInstanceIdentifier property determines whether a database instance is a read replica. If you remove the SourceDBInstanceIdentifier property from your current template and then update your stack, the read replica is deleted and a new database instance (not a read replica) is created. Important Read replicas do not support deletion policies. Any deletion policy that's associated with a read replica is ignored. If you specify SourceDBInstanceIdentifier, do not set the MultiAZ property to true and do not specify the DBSnapshotIdentifier property. You cannot deploy read replicas in multiple Availability Zones, and you cannot create a read replica from a snapshot. Do not set the BackupRetentionPeriod, DBName, MasterUsername, MasterUserPassword, and PreferredBackupWindow properties. The database attributes are inherited from the source database instance, and backups are disabled for read replicas. If the source DB instance is in a different region than the read replica, specify a valid DB instance ARN. For more information, see Constructing a Amazon RDS Amazon Resource Name (ARN) in the Amazon Relational Database Service User Guide. For DB instances in an Amazon Aurora clusters, do not specify this property. Amazon RDS assigns automatically assigns a writer and reader DB instances.CIndicates whether the database instance is encrypted. If you specify the DBClusterIdentifier, DBSnapshotIdentifier, or SourceDBInstanceIdentifier property, do not specify this property. The value is inherited from the cluster, snapshot, or source database instance. Note Currently, if you specify DBSecurityGroups, this property is ignored. If you want to specify a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see Using Amazon RDS with Amazon VPC in the Amazon Relational Database Service User Guide. The storage type associated with this database instance. For the default and valid values, see the StorageType parameter of the CreateDBInstance action in the Amazon Relational Database Service API Reference. Note Currently, if you specify DBSecurityGroups, this property is ignored. If you want to specify a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see Using Amazon RDS with Amazon VPC in the Amazon Relational Database Service User Guide.FAn arbitrary set of tags (key value pairs) for this database instance.A list of the VPC security groups to assign to the Amazon RDS instance. The list can include both the physical IDs of existing VPC security groups or references to AWS::EC2::SecurityGroup resources created in the template. If you set VPCSecurityGroups, you must not set DBSecurityGroups, and vice-versa. Important You can migrate a database instance in your stack from an RDS DB security group to a VPC security group, but you should keep the following points in mind: You cannot revert to using an RDS security group once you have established a VPC security group membership. When you migrate your DB instance to VPC security groups, if your stack update rolls back because of another failure in the database instance update, or because of an update failure in another AWS CloudFormation resource, the rollback will fail because it cannot revert to an RDS security group. To avoid this situation, only migrate your DB instance to using VPC security groups when that is the only change in your stack template.EUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~CUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~EUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~$U!VWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None0+Full data type definition for IAMRole. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.=The IAM assume role policy that is associated with this role.7One or more managed policy ARNs to attach to this role.uThe path associated with this role. For information about IAM paths, see Friendly Names and Paths in IAM User Guide.The policies to associate with this role. Policies can also be specified externally. For sample templates that demonstrates both embedded and external policies, see Template Examples. If you specify multiple polices, specify unique values for the policy name. If you don't, updates to the IAM role will fail. Note If an external policy (such as AWS::IAM::Policy or AWS::IAM::ManagedPolicy) has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource so that the resource depends on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that the AWS::ECS::Service resource can complete its deletion before its role's policy is deleted.   None0)Full data type definition for Group. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.8One or more managed policy ARNs to attach to this group.hThe path to the group. For more information about paths, see Identifiers for IAM Entities in Using IAM.rThe policies to associate with this group. For information about policies, see Overview of Policies in Using IAM.   None01Full data type definition for DBSubnetGroup. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.(The description for the DB Subnet Group.+The EC2 Subnet IDs for the DB Subnet Group.BThe tags that you want to attach to the RDS database subnet group.    None01Full data type definition for SecurityGroup. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments."Description of the security group.1A list of Amazon EC2 security group egress rules.2A list of Amazon EC2 security group ingress rules.1The tags that you want to attach to the resource.bThe physical ID of the VPC. Can be obtained by using a reference to an AWS::EC2::VPC, such as: { RefJ : "myVPC" }. For more information about using the Ref function, see Ref.  !None04Full data type definition for DBParameterGroup. See $ for a more convenient constructor.Constructor for * containing required fields as arguments.VA friendly description of the RDS parameter group. For example, "My Parameter Group".IThe database family of this RDS parameter group. For example, "MySQL5.1".The parameters to set for this RDS parameter group. Changes to dynamic parameters are applied immediately. Changes to static parameters require a reboot without failover to the DB instance that is associated with the parameter group before the change can take effect.<The tags that you want to attach to the RDS parameter group.   "None0*Full data type definition for Policy. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.8The names of groups to which you want to add the policy.UA policy document that contains permissions to add to the specified users or groups.The name of the policy. If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.4The names of AWS::IAM::Roles to attach to this policy. Note If a policy has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource so that the resource depends on the policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that the AWS::ECS::Service resource can complete its deletion before its role's policy is deleted.7The names of users for whom you want to add the policy.  #None0/Full data type definition for EC2Instance. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.Specifies the name of the Availability Zone in which the instance is located. For more information about AWS regions and Availability Zones, see Regions and Availability Zones in the Amazon EC2 User Guide.Defines a set of Amazon Elastic Block Store block device mappings, ephemeral instance store block device mappings, or both. For more information, see Amazon Elastic Block Store or Amazon EC2 Instance Store in the Amazon EC2 User Guide for Linux Instances.ASpecifies whether the instance can be terminated through the API.Specifies whether the instance is optimized for Amazon Elastic Block Store I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. For more information about the instance types that can be launched as Amazon EBS optimized instances, see Amazon EBS-Optimized Instances in the Amazon Elastic Compute Cloud User Guide. Additional fees are incurred when using Amazon EBS-optimized instances.The physical ID (resource name) of an instance profile or a reference to an AWS::IAM::InstanceProfile resource. For more information about IAM roles, see Working with Roles in the AWS Identity and Access Management User Guide. `Provides the unique ID of the Amazon Machine Image (AMI) that was assigned during registration. Indicates whether an instance stops or terminates when you shut down the instance from the instance's operating system shutdown command. You can specify stop or terminate. For more information, see the RunInstances command in the Amazon EC2 API Reference. The instance type, such as t2.micro. The default type is "m1.small". For a list of instance types, see Instance Families and Types. The kernel ID. -Provides the name of the Amazon EC2 key pair.9Specifies whether monitoring is enabled for the instance.XA list of embedded objects that describe the network interfaces to associate with this instance. Note If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment. For more information, see DependsOn Attribute.kThe name of an existing placement group that you want to launch the instance into (for cluster instances).The private IP address for this instance. Important If you make an update to an instance that requires replacement, you must assign a new private IP address. During a replacement, AWS CloudFormation creates a new instance but doesn't delete the old instance until the stack has successfully updated. If the stack update fails, AWS CloudFormation uses the old instance in order to roll back the stack to the previous working state. The old and new instances cannot have the same private IP address. (Optional) If you're using Amazon VPC, you can use this parameter to assign the instance a specific available IP address from the subnet (for example, 10.0.0.25). By default, Amazon VPC selects an IP address from the subnet for the instance. The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the AWS Resource Center and search for the kernel ID.A list that contains the security group IDs for VPC security groups to assign to the Amazon EC2 instance. If you specified the NetworkInterfaces property, do not specify this property.Valid only for Amazon EC2 security groups. A list that contains the Amazon EC2 security groups to assign to the Amazon EC2 instance. The list can contain both the name of existing Amazon EC2 security groups or references to AWS::EC2::SecurityGroup resources created in the template.Controls whether source/destination checking is enabled on the instance. Also determines if an instance in a VPC will perform network address translation (NAT). A value of "true" means that source/destination checking is enabled, and a value of "false" means that checking is disabled. For the instance to perform NAT, the value must be "false". For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide.The Amazon EC2 Simple Systems Manager (SSM) document and parameter values to associate with this instance. To use this property, you must specify an IAM role for the instance. For more information, see Prerequisites for Remotely Running Commands on EC2 Instances in the Amazon EC2 User Guide for Microsoft Windows Instances. Note You can currently associate only one document with an instance.If you're using Amazon VPC, this property specifies the ID of the subnet that you want to launch the instance into. If you specified the NetworkInterfaces property, do not specify this property.=An arbitrary set of tags (key value pairs) for this instance.IThe tenancy of the instance that you want to launch. This value can be either "default" or "dedicated". An instance that has a tenancy value of "dedicated" runs on single-tenant hardware and can be launched only into a VPC. For more information, see Using EC2 Dedicated Instances Within Your VPC in the Amazon VPC User Guide.FBase64-encoded MIME user data that is made available to the instances.The Amazon EBS volumes to attach to the instance. Note Before detaching a volume, unmount any file systems on the device within your operating system. If you don't unmount the file system, a volume might get stuck in a busy state while detaching. Reserved.7      5     7          $None0.Full data type definition for RouteTable. See #$ for a more convenient constructor.#Constructor for ) containing required fields as arguments.$OThe ID of the VPC where the route table will be created. Example: vpc-11ad4878%@An arbitrary set of tags (key value pairs) for this route table.  !"#$$%&' !"#$%  !"'&#$% !"#$%&'%None0(2Full data type definition for EIPAssociation. See /$ for a more convenient constructor./Constructor for () containing required fields as arguments.0lAllocation ID for the VPC Elastic IP address you want to associate with an Amazon EC2 instance in your VPC.1Elastic IP address that you want to associate with the Amazon EC2 instance specified by the InstanceId property. You can specify an existing Elastic IP address or a reference to an Elastic IP address allocated with a AWS::EC2::EIP resource.2}Instance ID of the Amazon EC2 instance that you want to associate with the Elastic IP address specified by the EIP property.3UThe ID of the network interface to associate with the Elastic IP address (VPC only).4XThe private IP address that you want to associate with the Elastic IP address. The private IP address is restricted to the primary and secondary private IP addresses that are associated with the network interface. By default, the private IP address that is associated with the EIP is the primary private IP address of the network interface.()*+,-./0123456 ()*+,-./01234()*+,-.65/01234 ()*+,-./0123456&None073Full data type definition for InternetGateway. See :$ for a more convenient constructor.:Constructor for 7* containing required fields as arguments.;=An arbitrary set of tags (key value pairs) for this resource.789:;<=789:;789=<:;789:;<='None0>3Full data type definition for InstanceProfile. See B$ for a more convenient constructor.BConstructor for >* containing required fields as arguments.CThe path associated with this IAM instance profile. For information about IAM paths, see Friendly Names and Paths in the AWS Identity and Access Management User Guide.D4The roles associated with this IAM instance profile. >?@ABCDCDEF>?@ABCD >?@AFEBCD>?@ABCDEF(None0G9Full data type definition for VPCGatewayAttachment. See L# for a more convenient constructor.LConstructor for G* containing required fields as arguments.MThe ID of the Internet gateway.N1The ID of the VPC to associate with this gateway.OIThe ID of the virtual private network (VPN) gateway to attach to the VPC. GHIJKLNMNOPQ GHIJKLMNO GHIJKQPLMNOGHIJKLMNOPQ)None0R'Full data type definition for EIP. See V$ for a more convenient constructor.VConstructor for R) containing required fields as arguments.WdThe Instance ID of the Amazon EC2 instance that you want to associate with this Elastic IP address.X7Set to vpc to allocate the address to your Virtual Private Cloud (VPC). No other values are supported. Note If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the DependsOn attribute on this resource. For more information, see DependsOn Attribute. For more information, see AllocateAddress in the Amazon EC2 API Reference. For more information about Elastic IP Addresses in VPC, go to IP Addressing in Your VPC in the Amazon VPC User Guide. RSTUVWXYZRSTUVWX RSTUZYVWXRSTUVWXYZ*None0[(Full data type definition for User. See b$ for a more convenient constructor.bConstructor for [) containing required fields as arguments.c4A name of a group to which you want to add the user.dPCreates a login profile so that the user can access the AWS Management Console.e7One or more managed policy ARNs to attach to this user.fThe path for the user name. For more information about paths, see Identifiers for IAM Entities in Using AWS Identity and Access Management.gThe policies to associate with this user. For information about policies, see Overview of Policies in [Using IAM]. Note If you specify multiple polices, specify unique values for the policy name. If you don't, updates to the IAM user will fail.[\]^_`abcdefghi [\]^_`abcdefg[\]^_`aihbcdefg [\]^_`abcdefghi+None0j3Full data type definition for DBSecurityGroup. See p$ for a more convenient constructor.pConstructor for j* containing required fields as arguments.qYThe Id of VPC. Indicates which VPC this DB Security Group should belong to. Type: StringrNetwork ingress authorization for an Amazon EC2 security group or an IP address range. Type: List of RDS Security Group Rules.s/Description of the security group. Type: StringtEThe tags that you want to attach to the Amazon RDS DB security group. jklmnoprsqrstuv jklmnopqrst jklmnovupqrstjklmnopqrstuv,None0w@Full data type definition for SubnetRouteTableAssociation. See {# for a more convenient constructor.{Constructor for w* containing required fields as arguments.|The ID of the route table. This is commonly written as a reference to a route table declared elsewhere in the template. For example:}{The ID of the subnet. This is commonly written as a reference to a subnet declared elsewhere in the template. For example: wxyz{|}|}~wxyz{|} wxyz~{|}wxyz{|}~-None01Full data type definition for ManagedPolicy. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.kA description of the policy. For example, you can describe the permissions that are defined in the policy.-The names of groups to attach to this policy.{The path for the policy. By default, the path is /. For more information, see IAM Identifiers in the IAM User Guide guide.Policies that define the permissions for this managed policy. For more information about policy syntax, see IAM Policy Elements Reference in IAM User Guide.*The names of roles to attach to this policy. Note If a policy has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource so that the resource depends on the policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that the AWS::ECS::Service resource can complete its deletion before its role's policy is deleted.,The names of users to attach to this policy. .None0'Full data type definition for VPC. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.EThe CIDR block you want the VPC to cover. For example: "10.0.0.0/16".Specifies whether DNS resolution is supported for the VPC. If this attribute is true, the Amazon DNS server resolves DNS hostnames for your instances to their corresponding IP addresses; otherwise, it does not. By default the value is set to true.0Specifies whether the instances launched in the VPC get DNS hostnames. If this attribute is true, instances in the VPC get DNS hostnames; otherwise, they do not. You can only set EnableDnsHostnames to true if you also set the EnableDnsSupport attribute to true. By default, the value is set to false. The allowed tenancy of instances launched into the VPC. "default": Instances can be launched with any tenancy. "dedicated": Any instance launched into the VPC will automatically be dedicated, regardless of the tenancy option you specify when you launch the instance.8An arbitrary set of tags (key value pairs) for this VPC.  /None0-Full data type definition for AccessKey. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments. This value is specific to AWS CloudFormation and can only be incremented. Incrementing this value notifies AWS CloudFormation that you want to rotate your access key. When you update your stack, AWS CloudFormation will replace the existing access key with a new key.aThe status of the access key. By default, AWS CloudFormation sets this property value to Active.5The name of the user that the new key will belong to.   0None00Full data type definition for LoadBalancer. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.Captures detailed information for all requests made to your load balancer, such as the time a request was received, client s IP address, latencies, request path, and server responses.Generates one or more stickiness policies with sticky session lifetimes that follow that of an application-generated cookie. These policies can be associated only with HTTP/HTTPS listeners.The Availability Zones in which to create the load balancer. You can specify the AvailabilityZones or Subnets property, but not both. Note For load balancers that are in a VPC, specify the Subnets property.QWhether deregistered or unhealthy instances can complete all in-flight requests.]Specifies how long front-end and back-end connections of your load balancer can remain idle.Whether cross-zone load balancing is enabled for the load balancer. With cross-zone load balancing, your load balancer nodes route traffic to the back-end instances across all Availability Zones. By default the CrossZone property is false.+Application health check for the instances.1A list of EC2 instance IDs for the load balancer.Generates a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent), or by a specified expiration period. This policy can be associated only with HTTP/HTTPS listeners.A name for the load balancer. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the load balancer. The name must be unique within your set of load balancers. For more information, see Name Type. Important If you specify a name, you cannot do updates that require this resource to be replaced. You can still do updates that require no or some interruption. If you must replace the resource, specify a new name.One or more listeners for this load balancer. Each listener must be registered for a specific port, and you cannot have more than one listener for a given port. Important If you update the property values for a listener specified by the Listeners property, AWS CloudFormation will delete the existing listener and create a new one with the updated properties. During the time that AWS CloudFormation is performing this action, clients will not be able to connect to the load balancer.RA list of elastic load balancing policies to apply to this elastic load balancer.For load balancers attached to an Amazon VPC, this parameter can be used to specify the type of load balancer to use. Specify internal to create an internal load balancer with a DNS name that resolves to private IP addresses or internet-facing to create a load balancer with a publicly resolvable DNS name, which resolves to public IP addresses. Note If you specify internal, you must specify subnets to associate with the load balancer, not Availability Zones.A list of subnet IDs in your virtual private cloud (VPC) to attach to your load balancer. Do not specify multiple subnets that are in the same Availability Zone. You can specify the AvailabilityZones or Subnets property, but not both. For more information about using Elastic Load Balancing in a VPC, see How Do I Use Elastic Load Balancing in Amazon VPC in the Elastic Load Balancing Developer Guide.BAn arbitrary set of tags (key-value pairs) for this load balancer.%#%1None0 *Full data type definition for Volume. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.Indicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2 instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O. For more information, see Working with the AutoEnableIO Volume Attribute in the Amazon EC2 User Guide for Linux Instances.8The Availability Zone in which to create the new volume.Indicates whether the volume is encrypted. Encrypted Amazon EBS volumes can only be attached to instance types that support Amazon EBS encryption. Volumes that are created from encrypted snapshots are automatically encrypted. You cannot create an encrypted volume from an unencrypted snapshot or vice versa. If your AMI uses encrypted volumes, you can only launch the AMI on supported instance types. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide for Linux Instances.The number of I/O operations per second (IOPS) that the volume supports. For more information about the valid sizes for each volume type, see the Iops parameter for the CreateVolume action in the Amazon EC2 API Reference.4The Amazon Resource Name (ARN) of the AWS Key Management Service master key that is used to create the encrypted volume, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you create an encrypted volume and don't specify this property, the default master key is used.The size of the volume, in gibibytes (GiBs). For more information about the valid sizes for each volume type, see the Size parameter for the CreateVolume action in the Amazon EC2 API Reference. If you specify the SnapshotId property, specify a size that is equal to or greater than the snapshot size. If you don't specify a size, Amazon EC2 will use the size of the snapshot as the volume size.1The snapshot from which to create the new volume.;An arbitrary set of tags (key value pairs) for this volume.The volume type. You can specify standard, io1, or gp2. If you set the type to io1, you must also set the Iops property. For more information about these values and the default value, see the VolumeType parameter for the CreateVolume action in the Amazon EC2 API Reference.  2None08Full data type definition for UserToGroupAddition. See # for a more convenient constructor.Constructor for * containing required fields as arguments."The name of group to add users to.  3None0/Full data type definition for VPCEndpoint. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.A policy to attach to the endpoint that controls access to the service. The policy must be valid JSON. The default policy allows full access to the AWS service. For more information, see Controlling Access to Services in the Amazon VPC User Guide.LOne or more route table IDs that are used by the VPC to reach the endpoint.The AWS service to which you want to establish a connection. Specify the service name in the form of com.amazonaws.region.service.0The ID of the VPC in which the endpoint is used.   4None0-Full data type definition for RecordSet. See  $ for a more convenient constructor. Constructor for ) containing required fields as arguments.Alias resource record sets only: Information about the domain to which you are redirecting traffic. If you specify this property, do not specify the TTL property. The alias uses a TTL value from the alias target record. For more information about alias resource record sets, see Creating Alias Resource Record Sets in the Amazon Route 53 Developer Guide and POST ChangeResourceRecordSets in the Amazon Route 53 API reference.Any comments that you want to include about the hosted zone. Important If the record set is part of a record set group, this property isn't valid. Don't specify this property.9Designates the record set as a PRIMARY or SECONDARY failover record set. When you have more than one resource performing the same function, you can configure Amazon Route 53 to check the health of your resources and use only health resources to respond to DNS queries. You cannot create nonfailover resource record sets that have the same Name and Type property values as failover resource record sets. For more information, see the Failover element in the Amazon Route 53 API Reference. If you specify this property, you must specify the SetIdentifier property.cDescribes how Amazon Route 53 responds to DNS queries based on the geographic origin of the query.The health check ID that you want to apply to this record set. Amazon Route 53 returns this resource record set in response to a DNS query only while record set is healthy.The ID of the hosted zone.IThe name of the domain for the hosted zone where you want to add the record set. When you create a stack using an AWS::Route53::RecordSet that specifies HostedZoneName, AWS CloudFormation attempts to find a hosted zone whose name matches the HostedZoneName. If AWS CloudFormation cannot find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack. If you have multiple hosted zones with the same domain name, you must explicitly specify the hosted zone using HostedZoneId.The name of the domain. You must specify a fully qualified domain name that ends with a period as the last label indication. If you omit the final period, AWS CloudFormation adds it.PLatency resource record sets only: The Amazon EC2 region where the resource that is specified in this resource record set resides. The resource typically is an AWS resource, for example, Amazon EC2 instance or an Elastic Load Balancing load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type. When Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Amazon Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 region. Amazon Route 53 then returns the value that is associated with the selected resource record set. The following restrictions must be followed: You can only specify one resource record per latency resource record set. You can only create one latency resource record set for each Amazon EC2 region. You are not required to create latency resource record sets for all Amazon EC2 regions. Amazon Route 53 will choose the region with the best latency from among the regions for which you create latency resource record sets. You cannot create both weighted and latency resource record sets that have the same values for the Name and Type elements. To see a list of regions by service, see Regions and Endpoints in the AWS General Reference.List of resource records to add. Each record should be in the format appropriate for the record type specified by the Type property. For information about different record types and their record formats, see Appendix: Domain Name Format in the Amazon Route 53 Developer Guide.A unique identifier that differentiates among multiple resource record sets that have the same combination of DNS name and type.The resource record cache time to live (TTL), in seconds. If you specify this property, do not specify the AliasTarget property. For alias target records, the alias uses a TTL value from the target. If you specify this property, you must specify the ResourceRecords property.The type of records to add.Weighted resource record sets only: Among resource record sets that have the same combination of DNS name and type, a value that determines what portion of traffic for the current resource record set is routed to the associated location. For more information about weighted resource record sets, see Setting Up Weighted Resource Record Sets in the Amazon Route 53 Developer Guide.!          !          5None02Full data type definition for RecordSetGroup. See $$ for a more convenient constructor.$Constructor for ) containing required fields as arguments.%7Any comments you want to include about the hosted zone.&The ID of the hosted zone.'IThe name of the domain for the hosted zone where you want to add the record set. When you create a stack using an AWS::Route53::RecordSet that specifies HostedZoneName, AWS CloudFormation attempts to find a hosted zone whose name matches the HostedZoneName. If AWS CloudFormation cannot find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack. If you have multiple hosted zones with the same domain name, you must explicitly specify the hosted zone using HostedZoneId.($List of resource record sets to add.  !"#$(%&'()*  !"#$%&'(  !"#*)$%&'( !"#$%&'()*6None0+)Full data type definition for Route. See 3$ for a more convenient constructor.3Constructor for +) containing required fields as arguments.4The CIDR address block used for the destination match. For example, 0.0.0.0/0. Routing decisions are based on the most specific match.5The ID of an Internet gateway or virtual private gateway that is attached to your VPC. For example: igw-eaad4883. For route entries that specify a gateway, you must specify a dependency on the gateway attachment resource. For more information, see DependsOn Attribute.6>The ID of a NAT instance in your VPC. For example, i-1a2b3c4d.7<The ID of a NAT gateway. For example, nat-0a12bc456789de0fg.8,Allows the routing of network interface IDs.98The ID of the route table where the route will be added.+,-./012349456789:;+,-./0123456789+,-./012;:3456789 +,-./0123456789:;7None0<.Full data type definition for NatGateway. See @$ for a more convenient constructor.@Constructor for <) containing required fields as arguments.AThe allocation ID of an Elastic IP address to associate with the NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.B5The public subnet in which to create the NAT gateway. <=>?@ABABCD<=>?@AB <=>?DC@AB<=>?@ABCD8None0E4Full data type definition for VolumeAttachment. See J$ for a more convenient constructor.JConstructor for E* containing required fields as arguments.K1How the device is exposed to the instance (e.g., devsdh, or xvdh).LThe ID of the instance to which the volume attaches. This value can be a reference to an AWS::EC2::Instance resource, or it can be the physical ID of an existing EC2 instance.MThe ID of the Amazon EBS volume. The volume and instance must be within the same Availability Zone. This value can be a reference to an AWS::EC2::Volume resource, or it can be the volume ID of an existing Amazon EBS volume. EFGHIJKLMKLMNO EFGHIJKLM EFGHIONJKLMEFGHIJKLMNO9None*3579;>CLN S The data type for the parameter.TA value of the appropriate type for the template to use if no value is specified when a stack is created. If you define constraints for the parameter, you must specify a value that adheres to those constraints.UWhether to mask the parameter value whenever anyone makes a call that describes the stack. If you set the value to true, the parameter value is masked with asterisks (*****).VAAn array containing the list of values allowed for the parameter.WVA regular expression that represents the patterns you want to allow for String types.XfAn integer value that determines the largest number of characters you want to allow for String types.YgAn integer value that determines the smallest number of characters you want to allow for String types.Z^A numeric value that determines the largest numeric value you want to allow for Number types.[_A numeric value that determines the smallest numeric value you want to allow for Number types.\?A string of up to 4000 characters that describes the parameter.]FA string that explains the constraint when the constraint is violated.^Wrapper around a list of ^(s to we can modify the aeson instances.{Constructor for P with required arguments.2PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{NameType|}~,PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{=PQRSTUVWXYZ[\]wxuvstqropmnklijghefcdabyz{^_`~}|P QRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~:None0)Full data type definition for Stack. See $ for a more convenient constructor.Constructor for ) containing required fields as arguments.VA list of existing Amazon SNS topics where notifications about stack events are sent.<The set of parameters passed to AWS CloudFormation when this nested stack is created. Note If you use the ref function to pass a parameter value to a nested stack, comma-delimited list parameters must be of type String. In other words, you cannot pass values that are of type CommaDelimitedList to nested stacks.BAn arbitrary set of tags (key value pairs) to describe this stack.The URL of a template that specifies the stack that you want to create as a resource. The template must be stored on an Amazon S3 bucket, so the URL must have the form: 2https://s3.amazonaws.com/.../TemplateName.template The length of time, in minutes, that AWS CloudFormation waits for the nested stack to reach the CREATE_COMPLETE state. The default is no timeout. When AWS CloudFormation detects that the nested stack has reached the CREATE_COMPLETE state, it marks the nested stack resource as CREATE_COMPLETE in the parent stack and resumes creating the parent stack. If the timeout period expires before the nested stack reaches CREATE_COMPLETE, AWS CloudFormation marks the nested stack as failed and rolls back both the nested stack and parent stack.  ;None03579;>CLNConvenient constructor for  with required arguments.Wrapper around a list of (s to we can modify the aeson instances.? Logical name !"#$%&'(+,-./01236789:;<?@ABCDEHIJKLOPQRSTUVWXYZ[\]`abcdefghijmnopqrsvwxyz{|    !"#$%&'()*+./01234789:;<=>?@ABCFGHIJKLMNOPQRUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%()*+,-./01234789:;>?@ABCDGHIJKLMNORSTUVWX[\]^_`abcdefgjklmnopqrstwxyz{|}      !"#$%&'(+,-./0123456789<=>?@ABEFGHIJKLM0 <None*3579;>CLNSee  for a convenient constructor.oAn identifier for this output. The logical ID must be alphanumeric (A-Za-z0-9) and unique within the template.=A String type up to 4K in length describing the output value.The value of the property that is returned by the aws cloudformation describe-stacks command. The value of an output can be literals, parameter references, pseudo parameters, a mapping value, and intrinsic functions.Wrapper around a list of 's to we can modify the aeson instances.Constructor for NameValue fp fp =None *3579;N Specifies the AWS CloudFormation template version that the template conforms to. The template format version is not the same as the API or WSDL version. The template format version can change independently of the API and WSDL versions.pA text string that describes the template. This section must always follow the template format version section.DJSON objects that provide additional information about the template.Specifies values that you can pass in to your template at runtime (when you create or update a stack). You can refer to parameters in the Resources and Outputs sections of the template.A mapping of keys and associated values that you can use to specify conditional parameter values, similar to a lookup table. You can match a key to a corresponding value by using the Fn::FindInMap intrinsic function in the Resources and Outputs section.(Defines conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment.Specifies the stack resources and their properties, such as an Amazon Elastic Compute Cloud instance or an Amazon Simple Storage Service bucket. You can refer to resources in the Resources and Outputs sections of the template.Describes the values that are returned whenever you view your stack's properties. For example, you can declare an output for an Amazon S3 bucket name and then call the aws cloudformation describe-stacks AWS CLI command to view the name.Convenient constructor for  with required arguments.+Pretty print a template using aeson-pretty. pp   >None     !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,  !"#$%&'(+,-./01236789:;<?@ABCDEHIJKLOPQRSTUVWXYZ[\]`abcdefghijmnopqrsvwxyz{|    !"#$%&'()*+./01234789:;<=>?@ABCFGHIJKLMNOPQRUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%()*+,-./01234789:;>?@ABCDGHIJKLMNORSTUVWX[\]^_`abcdefgjklmnopqrstwxyz{|}      !"#$%&'(+,-./0123456789<=>?@ABEFGHIJKLMPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{-?@ABCDEFGHIJKLMNNOPQRSTUVWXYZ[\\]^_`abcdefghhijklmnopqrrstuvwxyzz{|}~                 !"#$$%&'()*+,-../01234566789:;<=>?@ABCDDEFGHIJKLMNOPQRSTUVVWXYZ[\]^^_`abcdefghijkllmnopqrstuvwxyzz{|}~               !!!!!!!!!!!!!"""""""""""""""##### # # # # ################### #!#"###$#%#&#'#(#)#*#+#,#-#.#/#0#1#2#3#4#5#6#7#8#9#:#;$<$<$=$>$?$@$A$B$C%D%D%E%F%G%H%I%J%K%L%M%N%O%P%Q&R&R&S&T&U&V&W'X'X'Y'Z'['\']'^'_(`(`(a(b(c(d(e(f(g(h(i)j)j)k)l)m)n)o)p)q*r*r*s*t*u*v*w*x*y*z*{*|*}*~*+++++++++++++,,,,,,,,,-----------------...............///////////0000000000000000000000000000000000000111111111111111111111112222222223333333333333 4 4 4 4 4 4444444444444444444 4!4"4#4$4%4&4'4(4)5*5*5+5,5-5.5/50515253545566666768696:6;6<6=6>6?6@6A6B6C6D6E7F7F7G7H7I7J7K7L7M8N8N8O8P8Q8R8S8T8U8V8W9X9X9Y9Z9[9\9]9^9_9`9a9b9c9d9e9e9f9g9h9i9j9k9l9m9n9o9p9q9r9s9t9u9v9w9x9y9z9{9|9}9~999999999:::::::::::::::;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<<<<<<<<<<===================;;;;;k;l;;;;;;;;;<<<<<<<<<========= =                !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFEGHIHJHKHLMNMOMPMQMRMSMTMUMVMWMXMYMZ[\[][^[_[`[a[b[c[d[e[f[g[h[i[j[klmlnopoqorstsusvswsxsyszs{s|s}s~sss~sss       !"#$%&'()*+,-./0123456789:;:<:=:>:?:@:A:B:C:D:E:F:G:H:I:J:K:L:M:N:O:P:Q:R:S:T:U:V:W:X:Y:Z:[:\:]:^:_:`:a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:w:x:y:z:{:|:}:~:::      !"#$%&'(')'*'+','-'.'/'0'1'2'3'4'5'6'7'8'9':';'<'='>'?'@'A'BCDCECFCGCHCICJCKCLCMCNCOCPCQCRCSCTCUCVCWCXCYCZC[C\C]C^C_C`CaCbCcCdCeCfCgChCiCjCkClCmCnCoCpCqCrCsCtCuCvCwCxCyCzC{C|C}C~CCCCCCCCCCCCCCCCCCCCCCCCCCCCCC         !"#$%&''()*+*,-.-/0123423567867967:67;<=><=?<=@<=A<BC<BD<BEFstrat_GSdp7mAP1rQ46kb0TBysgDStratosphere.HelpersStratosphere.Values3Stratosphere.ResourceProperties.AccessLoggingPolicy+Stratosphere.ResourceProperties.AliasTarget9Stratosphere.ResourceProperties.AppCookieStickinessPolicy8Stratosphere.ResourceProperties.ConnectionDrainingPolicy2Stratosphere.ResourceProperties.ConnectionSettings.Stratosphere.ResourceProperties.EBSBlockDevice5Stratosphere.ResourceProperties.EC2BlockDeviceMapping-Stratosphere.ResourceProperties.EC2MountPoint;Stratosphere.ResourceProperties.EC2SsmAssociationParameters2Stratosphere.ResourceProperties.EC2SsmAssociations)Stratosphere.ResourceProperties.ELBPolicy+Stratosphere.ResourceProperties.HealthCheck+Stratosphere.ResourceProperties.IAMPolicies8Stratosphere.ResourceProperties.LBCookieStickinessPolicy0Stratosphere.ResourceProperties.ListenerProperty=Stratosphere.ResourceProperties.PrivateIpAddressSpecification0Stratosphere.ResourceProperties.NetworkInterface4Stratosphere.ResourceProperties.RDSSecurityGroupRule4Stratosphere.ResourceProperties.RecordSetGeoLocation+Stratosphere.ResourceProperties.ResourceTag7Stratosphere.ResourceProperties.SecurityGroupEgressRule8Stratosphere.ResourceProperties.SecurityGroupIngressRule0Stratosphere.ResourceProperties.UserLoginProfile-Stratosphere.Resources.DBSecurityGroupIngressStratosphere.Resources.Subnet!Stratosphere.Resources.DBInstanceStratosphere.Resources.IAMRoleStratosphere.Resources.Group$Stratosphere.Resources.DBSubnetGroup$Stratosphere.Resources.SecurityGroup'Stratosphere.Resources.DBParameterGroupStratosphere.Resources.Policy"Stratosphere.Resources.EC2Instance!Stratosphere.Resources.RouteTable%Stratosphere.Resources.EIPAssociation&Stratosphere.Resources.InternetGateway&Stratosphere.Resources.InstanceProfile+Stratosphere.Resources.VPCGatewayAttachmentStratosphere.Resources.EIPStratosphere.Resources.User&Stratosphere.Resources.DBSecurityGroup2Stratosphere.Resources.SubnetRouteTableAssociation$Stratosphere.Resources.ManagedPolicyStratosphere.Resources.VPC Stratosphere.Resources.AccessKey#Stratosphere.Resources.LoadBalancerStratosphere.Resources.Volume*Stratosphere.Resources.UserToGroupAddition"Stratosphere.Resources.VPCEndpoint Stratosphere.Resources.RecordSet%Stratosphere.Resources.RecordSetGroupStratosphere.Resources.Route!Stratosphere.Resources.NatGateway'Stratosphere.Resources.VolumeAttachmentStratosphere.ParametersStratosphere.Resources.StackStratosphere.ResourcesStratosphere.OutputsStratosphere.Template Stratosphere NamedItemitemName nameToJSON nameParseJSON maybeField prefixNamerprefixFieldRulesmodTemplateJSONFieldnamedItemToJSONnamedItemFromJSONToReftoRefBool'False'True'Integer' unInteger'ValLiteralRefIfAndEqualsOrGetAttBase64JoinSelectGetAZsAccessLoggingPolicy _accessLoggingPolicyEmitInterval_accessLoggingPolicyEnabled _accessLoggingPolicyS3BucketName"_accessLoggingPolicyS3BucketPrefixaccessLoggingPolicyalpEmitInterval alpEnabledalpS3BucketNamealpS3BucketPrefix$fFromJSONAccessLoggingPolicy$fToJSONAccessLoggingPolicy AliasTarget_aliasTargetDNSName _aliasTargetEvaluateTargetHealth_aliasTargetHostedZoneId aliasTarget atDNSNameatEvaluateTargetHealthatHostedZoneId$fFromJSONAliasTarget$fToJSONAliasTargetAppCookieStickinessPolicy$_appCookieStickinessPolicyCookieName$_appCookieStickinessPolicyPolicyNameappCookieStickinessPolicyacspCookieNameacspPolicyName#$fFromJSONAppCookieStickinessPolicy!$fToJSONAppCookieStickinessPolicyConnectionDrainingPolicy _connectionDrainingPolicyEnabled _connectionDrainingPolicyTimeoutconnectionDrainingPolicy cdpEnabled cdpTimeout"$fFromJSONConnectionDrainingPolicy $fToJSONConnectionDrainingPolicyConnectionSettings_connectionSettingsIdleTimeoutconnectionSettings csIdleTimeout$fFromJSONConnectionSettings$fToJSONConnectionSettingsEBSBlockDevice"_eBSBlockDeviceDeleteOnTermination_eBSBlockDeviceEncrypted_eBSBlockDeviceIops_eBSBlockDeviceSnapshotId_eBSBlockDeviceVolumeSize_eBSBlockDeviceVolumeTypeebsBlockDeviceebsbdDeleteOnTerminationebsbdEncrypted ebsbdIopsebsbdSnapshotIdebsbdVolumeSizeebsbdVolumeType$fFromJSONEBSBlockDevice$fToJSONEBSBlockDeviceEC2BlockDeviceMapping _eC2BlockDeviceMappingDeviceName_eC2BlockDeviceMappingEbs_eC2BlockDeviceMappingNoDevice!_eC2BlockDeviceMappingVirtualNameec2BlockDeviceMappingecbdmDeviceNameecbdmEbs ecbdmNoDeviceecbdmVirtualName$fFromJSONEC2BlockDeviceMapping$fToJSONEC2BlockDeviceMapping EC2MountPoint_eC2MountPointDevice_eC2MountPointVolumeId ec2MountPoint ecmpDevice ecmpVolumeId$fFromJSONEC2MountPoint$fToJSONEC2MountPointEC2SsmAssociationParameters_eC2SsmAssociationParametersKey!_eC2SsmAssociationParametersValueec2SsmAssociationParametersecsapKey ecsapValue%$fFromJSONEC2SsmAssociationParameters#$fToJSONEC2SsmAssociationParametersEC2SsmAssociations(_eC2SsmAssociationsAssociationParameters_eC2SsmAssociationsDocumentNameec2SsmAssociationsecsaAssociationParametersecsaDocumentName$fFromJSONEC2SsmAssociations$fToJSONEC2SsmAssociations ELBPolicy_eLBPolicyAttributes_eLBPolicyInstancePorts_eLBPolicyLoadBalancerPorts_eLBPolicyPolicyName_eLBPolicyPolicyType elbPolicyelbpAttributeselbpInstancePortselbpLoadBalancerPortselbpPolicyNameelbpPolicyType$fFromJSONELBPolicy$fToJSONELBPolicy HealthCheck_healthCheckHealthyThreshold_healthCheckInterval_healthCheckTarget_healthCheckTimeout_healthCheckUnhealthyThreshold healthCheckhcHealthyThreshold hcIntervalhcTarget hcTimeouthcUnhealthyThreshold$fFromJSONHealthCheck$fToJSONHealthCheck IAMPolicies_iAMPoliciesPolicyDocument_iAMPoliciesPolicyName iamPoliciesiampPolicyDocumentiampPolicyName$fFromJSONIAMPolicies$fToJSONIAMPoliciesLBCookieStickinessPolicy/_lBCookieStickinessPolicyCookieExpirationPeriod#_lBCookieStickinessPolicyPolicyNamelbCookieStickinessPolicylbcspCookieExpirationPeriodlbcspPolicyName"$fFromJSONLBCookieStickinessPolicy $fToJSONLBCookieStickinessPolicyListenerProperty_listenerPropertyInstancePort!_listenerPropertyInstanceProtocol!_listenerPropertyLoadBalancerPort_listenerPropertyPolicyNames_listenerPropertyProtocol!_listenerPropertySSLCertificateIdlistenerPropertylpInstancePortlpInstanceProtocollpLoadBalancerPort lpPolicyNames lpProtocollpSSLCertificateId$fFromJSONListenerProperty$fToJSONListenerPropertyPrivateIpAddressSpecification._privateIpAddressSpecificationPrivateIpAddress%_privateIpAddressSpecificationPrimaryprivateIpAddressSpecificationpiasPrivateIpAddress piasPrimary'$fFromJSONPrivateIpAddressSpecification%$fToJSONPrivateIpAddressSpecificationNetworkInterface)_networkInterfaceAssociatePublicIpAddress$_networkInterfaceDeleteOnTermination_networkInterfaceDescription_networkInterfaceDeviceIndex_networkInterfaceGroupSet#_networkInterfaceNetworkInterfaceId!_networkInterfacePrivateIpAddress#_networkInterfacePrivateIpAddresses/_networkInterfaceSecondaryPrivateIpAddressCount_networkInterfaceSubnetIdnetworkInterfaceniAssociatePublicIpAddressniDeleteOnTermination niDescription niDeviceIndex niGroupSetniNetworkInterfaceIdniPrivateIpAddressniPrivateIpAddresses niSecondaryPrivateIpAddressCount niSubnetId$fFromJSONNetworkInterface$fToJSONNetworkInterfaceRDSSecurityGroupRule_rDSSecurityGroupRuleCIDRIP'_rDSSecurityGroupRuleEC2SecurityGroupId)_rDSSecurityGroupRuleEC2SecurityGroupName,_rDSSecurityGroupRuleEC2SecurityGroupOwnerIdrdsSecurityGroupRule rdssgrCIDRIPrdssgrEC2SecurityGroupIdrdssgrEC2SecurityGroupNamerdssgrEC2SecurityGroupOwnerId$fFromJSONRDSSecurityGroupRule$fToJSONRDSSecurityGroupRuleRecordSetGeoLocation"_recordSetGeoLocationContinentCode _recordSetGeoLocationCountryCode$_recordSetGeoLocationSubdivisionCoderecordSetGeoLocationrsglContinentCodersglCountryCodersglSubdivisionCode$fFromJSONRecordSetGeoLocation$fToJSONRecordSetGeoLocation ResourceTag_resourceTagKey_resourceTagValue resourceTagrtKeyrtValue$fFromJSONResourceTag$fToJSONResourceTagSecurityGroupEgressRule_securityGroupEgressRuleCidrIp2_securityGroupEgressRuleDestinationSecurityGroupId _securityGroupEgressRuleFromPort"_securityGroupEgressRuleIpProtocol_securityGroupEgressRuleToPortsecurityGroupEgressRule sgerCidrIpsgerDestinationSecurityGroupId sgerFromPortsgerIpProtocol sgerToPort!$fFromJSONSecurityGroupEgressRule$fToJSONSecurityGroupEgressRuleSecurityGroupIngressRule_securityGroupIngressRuleCidrIp!_securityGroupIngressRuleFromPort#_securityGroupIngressRuleIpProtocol._securityGroupIngressRuleSourceSecurityGroupId0_securityGroupIngressRuleSourceSecurityGroupName3_securityGroupIngressRuleSourceSecurityGroupOwnerId_securityGroupIngressRuleToPortsecurityGroupIngressRule sgirCidrIp sgirFromPortsgirIpProtocolsgirSourceSecurityGroupIdsgirSourceSecurityGroupNamesgirSourceSecurityGroupOwnerId sgirToPort"$fFromJSONSecurityGroupIngressRule $fToJSONSecurityGroupIngressRuleUserLoginProfile_userLoginProfilePassword&_userLoginProfilePasswordResetRequireduserLoginProfile ulpPasswordulpPasswordResetRequired$fFromJSONUserLoginProfile$fToJSONUserLoginProfileDBSecurityGroupIngress_dBSecurityGroupIngressCIDRIP*_dBSecurityGroupIngressDBSecurityGroupName)_dBSecurityGroupIngressEC2SecurityGroupId+_dBSecurityGroupIngressEC2SecurityGroupName._dBSecurityGroupIngressEC2SecurityGroupOwnerIddbSecurityGroupIngress dbsgiCIDRIPdbsgiDBSecurityGroupNamedbsgiEC2SecurityGroupIddbsgiEC2SecurityGroupNamedbsgiEC2SecurityGroupOwnerId $fFromJSONDBSecurityGroupIngress$fToJSONDBSecurityGroupIngressSubnet_subnetAvailabilityZone_subnetCidrBlock_subnetMapPublicIpOnLaunch _subnetTags _subnetVpcIdsubnetsAvailabilityZone sCidrBlocksMapPublicIpOnLaunchsTagssVpcId$fFromJSONSubnet$fToJSONSubnet DBInstance_dBInstanceAllocatedStorage#_dBInstanceAllowMajorVersionUpgrade"_dBInstanceAutoMinorVersionUpgrade_dBInstanceAvailabilityZone _dBInstanceBackupRetentionPeriod_dBInstanceCharacterSetName_dBInstanceDBClusterIdentifier_dBInstanceDBInstanceClass_dBInstanceDBInstanceIdentifier_dBInstanceDBName_dBInstanceDBParameterGroupName_dBInstanceDBSecurityGroups_dBInstanceDBSnapshotIdentifier_dBInstanceDBSubnetGroupName_dBInstanceEngine_dBInstanceEngineVersion_dBInstanceIops_dBInstanceKmsKeyId_dBInstanceLicenseModel_dBInstanceMasterUsername_dBInstanceMasterUserPassword_dBInstanceMultiAZ_dBInstanceOptionGroupName_dBInstancePort _dBInstancePreferredBackupWindow%_dBInstancePreferredMaintenanceWindow_dBInstancePubliclyAccessible%_dBInstanceSourceDBInstanceIdentifier_dBInstanceStorageEncrypted_dBInstanceStorageType_dBInstanceTags_dBInstanceVPCSecurityGroups dbInstancedbiAllocatedStoragedbiAllowMajorVersionUpgradedbiAutoMinorVersionUpgradedbiAvailabilityZonedbiBackupRetentionPerioddbiCharacterSetNamedbiDBClusterIdentifierdbiDBInstanceClassdbiDBInstanceIdentifier dbiDBNamedbiDBParameterGroupNamedbiDBSecurityGroupsdbiDBSnapshotIdentifierdbiDBSubnetGroupName dbiEnginedbiEngineVersiondbiIops dbiKmsKeyIddbiLicenseModeldbiMasterUsernamedbiMasterUserPassword dbiMultiAZdbiOptionGroupNamedbiPortdbiPreferredBackupWindowdbiPreferredMaintenanceWindowdbiPubliclyAccessibledbiSourceDBInstanceIdentifierdbiStorageEncrypteddbiStorageTypedbiTagsdbiVPCSecurityGroups$fFromJSONDBInstance$fToJSONDBInstanceIAMRole _iAMRoleAssumeRolePolicyDocument_iAMRoleManagedPolicyArns _iAMRolePath_iAMRolePoliciesiamRoleiamrAssumeRolePolicyDocumentiamrManagedPolicyArnsiamrPath iamrPolicies$fFromJSONIAMRole$fToJSONIAMRoleGroup_groupManagedPolicyArns _groupPath_groupPoliciesgroupgManagedPolicyArnsgPath gPolicies$fFromJSONGroup $fToJSONGroup DBSubnetGroup&_dBSubnetGroupDBSubnetGroupDescription_dBSubnetGroupSubnetIds_dBSubnetGroupTags dbSubnetGroupdbsgDBSubnetGroupDescription dbsgSubnetIdsdbsgTags$fFromJSONDBSubnetGroup$fToJSONDBSubnetGroup SecurityGroup_securityGroupGroupDescription!_securityGroupSecurityGroupEgress"_securityGroupSecurityGroupIngress_securityGroupTags_securityGroupVpcId securityGroupsgGroupDescriptionsgSecurityGroupEgresssgSecurityGroupIngresssgTagssgVpcId$fFromJSONSecurityGroup$fToJSONSecurityGroupDBParameterGroup_dBParameterGroupDescription_dBParameterGroupFamily_dBParameterGroupParameters_dBParameterGroupTagsdbParameterGroupdbpgDescription dbpgFamilydbpgParametersdbpgTags$fFromJSONDBParameterGroup$fToJSONDBParameterGroupPolicy _policyGroups_policyPolicyDocument_policyPolicyName _policyRoles _policyUserspolicypGroupspPolicyDocument pPolicyNamepRolespUsers$fFromJSONPolicy$fToJSONPolicy EC2Instance_eC2InstanceAvailabilityZone_eC2InstanceBlockDeviceMappings!_eC2InstanceDisableApiTermination_eC2InstanceEbsOptimized_eC2InstanceIamInstanceProfile_eC2InstanceImageId-_eC2InstanceInstanceInitiatedShutdownBehavior_eC2InstanceInstanceType_eC2InstanceKernelId_eC2InstanceKeyName_eC2InstanceMonitoring_eC2InstanceNetworkInterfaces_eC2InstancePlacementGroupName_eC2InstancePrivateIpAddress_eC2InstanceRamdiskId_eC2InstanceSecurityGroupIds_eC2InstanceSecurityGroups_eC2InstanceSourceDestCheck_eC2InstanceSsmAssociations_eC2InstanceSubnetId_eC2InstanceTags_eC2InstanceTenancy_eC2InstanceUserData_eC2InstanceVolumes_eC2InstanceAdditionalInfo ec2InstanceeciAvailabilityZoneeciBlockDeviceMappingseciDisableApiTerminationeciEbsOptimizedeciIamInstanceProfile eciImageId$eciInstanceInitiatedShutdownBehavioreciInstanceType eciKernelId eciKeyName eciMonitoringeciNetworkInterfaceseciPlacementGroupNameeciPrivateIpAddress eciRamdiskIdeciSecurityGroupIdseciSecurityGroupseciSourceDestCheckeciSsmAssociations eciSubnetIdeciTags eciTenancy eciUserData eciVolumeseciAdditionalInfo$fFromJSONEC2Instance$fToJSONEC2Instance RouteTable_routeTableVpcId_routeTableTags routeTablertVpcIdrtTags$fFromJSONRouteTable$fToJSONRouteTableEIPAssociation_eIPAssociationAllocationId_eIPAssociationEIP_eIPAssociationInstanceId!_eIPAssociationNetworkInterfaceId_eIPAssociationPrivateIpAddresseipAssociationeipaAllocationIdeipaEIPeipaInstanceIdeipaNetworkInterfaceIdeipaPrivateIpAddress$fFromJSONEIPAssociation$fToJSONEIPAssociationInternetGateway_internetGatewayTagsinternetGatewayigTags$fFromJSONInternetGateway$fToJSONInternetGatewayInstanceProfile_instanceProfilePath_instanceProfileRolesinstanceProfileipPathipRoles$fFromJSONInstanceProfile$fToJSONInstanceProfileVPCGatewayAttachment&_vPCGatewayAttachmentInternetGatewayId_vPCGatewayAttachmentVpcId!_vPCGatewayAttachmentVpnGatewayIdvpcGatewayAttachmentvpcgaInternetGatewayId vpcgaVpcIdvpcgaVpnGatewayId$fFromJSONVPCGatewayAttachment$fToJSONVPCGatewayAttachmentEIP_eIPInstanceId _eIPDomaineip eipInstanceId eipDomain $fFromJSONEIP $fToJSONEIPUser _userGroups_userLoginProfile_userManagedPolicyArns _userPath _userPoliciesuseruGroups uLoginProfileuManagedPolicyArnsuPath uPolicies$fFromJSONUser $fToJSONUserDBSecurityGroup_dBSecurityGroupEC2VpcId&_dBSecurityGroupDBSecurityGroupIngress _dBSecurityGroupGroupDescription_dBSecurityGroupResourceTagsdbSecurityGroup dbsgEC2VpcIddbsgDBSecurityGroupIngressdbsgGroupDescriptiondbsgResourceTags$fFromJSONDBSecurityGroup$fToJSONDBSecurityGroupSubnetRouteTableAssociation(_subnetRouteTableAssociationRouteTableId$_subnetRouteTableAssociationSubnetIdsubnetRouteTableAssociationsrtaRouteTableId srtaSubnetId%$fFromJSONSubnetRouteTableAssociation#$fToJSONSubnetRouteTableAssociation ManagedPolicy_managedPolicyDescription_managedPolicyGroups_managedPolicyPath_managedPolicyPolicyDocument_managedPolicyRoles_managedPolicyUsers managedPolicy mpDescriptionmpGroupsmpPathmpPolicyDocumentmpRolesmpUsers$fFromJSONManagedPolicy$fToJSONManagedPolicyVPC _vPCCidrBlock_vPCEnableDnsSupport_vPCEnableDnsHostnames_vPCInstanceTenancy_vPCTagsvpc vpcCidrBlockvpcEnableDnsSupportvpcEnableDnsHostnamesvpcInstanceTenancyvpcTags $fFromJSONVPC $fToJSONVPC AccessKey_accessKeySerial_accessKeyStatus_accessKeyUserName accessKeyakSerialakStatus akUserName$fFromJSONAccessKey$fToJSONAccessKey LoadBalancer _loadBalancerAccessLoggingPolicy&_loadBalancerAppCookieStickinessPolicy_loadBalancerAvailabilityZones%_loadBalancerConnectionDrainingPolicy_loadBalancerConnectionSettings_loadBalancerCrossZone_loadBalancerHealthCheck_loadBalancerInstances%_loadBalancerLBCookieStickinessPolicy_loadBalancerLoadBalancerName_loadBalancerListeners_loadBalancerPolicies_loadBalancerScheme_loadBalancerSecurityGroups_loadBalancerSubnets_loadBalancerTags loadBalancerlbAccessLoggingPolicylbAppCookieStickinessPolicylbAvailabilityZoneslbConnectionDrainingPolicylbConnectionSettings lbCrossZone lbHealthCheck lbInstanceslbLBCookieStickinessPolicylbLoadBalancerName lbListeners lbPolicieslbSchemelbSecurityGroups lbSubnetslbTags$fFromJSONLoadBalancer$fToJSONLoadBalancerVolume_volumeAutoEnableIO_volumeAvailabilityZone_volumeEncrypted _volumeIops_volumeKmsKeyId _volumeSize_volumeSnapshotId _volumeTags_volumeVolumeTypevolume vAutoEnableIOvAvailabilityZone vEncryptedvIops vKmsKeyIdvSize vSnapshotIdvTags vVolumeType$fFromJSONVolume$fToJSONVolumeUserToGroupAddition_userToGroupAdditionGroupName_userToGroupAdditionUsersuserToGroupAddition utgaGroupName utgaUsers$fFromJSONUserToGroupAddition$fToJSONUserToGroupAddition VPCEndpoint_vPCEndpointPolicyDocument_vPCEndpointRouteTableIds_vPCEndpointServiceName_vPCEndpointVpcId vpcEndpointvpcePolicyDocumentvpceRouteTableIdsvpceServiceName vpceVpcId$fFromJSONVPCEndpoint$fToJSONVPCEndpoint RecordSet_recordSetAliasTarget_recordSetComment_recordSetFailover_recordSetGeoLocation_recordSetHealthCheckId_recordSetHostedZoneId_recordSetHostedZoneName_recordSetName_recordSetRegion_recordSetResourceRecords_recordSetSetIdentifier _recordSetTTL_recordSetType_recordSetWeight recordSet rsAliasTarget rsComment rsFailover rsGeoLocationrsHealthCheckIdrsHostedZoneIdrsHostedZoneNamersNamersRegionrsResourceRecordsrsSetIdentifierrsTTLrsTypersWeight$fFromJSONRecordSet$fToJSONRecordSetRecordSetGroup_recordSetGroupComment_recordSetGroupHostedZoneId_recordSetGroupHostedZoneName_recordSetGroupRecordSetsrecordSetGroup rsgCommentrsgHostedZoneIdrsgHostedZoneName rsgRecordSets$fFromJSONRecordSetGroup$fToJSONRecordSetGroupRoute_routeDestinationCidrBlock_routeGatewayId_routeInstanceId_routeNatGatewayId_routeNetworkInterfaceId_routeRouteTableIdrouterDestinationCidrBlock rGatewayId rInstanceId rNatGatewayIdrNetworkInterfaceId rRouteTableId$fFromJSONRoute $fToJSONRoute NatGateway_natGatewayAllocationId_natGatewaySubnetId natGatewayngAllocationId ngSubnetId$fFromJSONNatGateway$fToJSONNatGatewayVolumeAttachment_volumeAttachmentDevice_volumeAttachmentInstanceId_volumeAttachmentVolumeIdvolumeAttachmentvaDevice vaInstanceId vaVolumeId$fFromJSONVolumeAttachment$fToJSONVolumeAttachment Parameter parameterNameparameterType'parameterDefault'parameterNoEchoparameterAllowedValuesparameterAllowedPatternparameterMaxLengthparameterMinLengthparameterMaxValueparameterMinValueparameterDescriptionparameterConstraintDescription Parameters unParametersHasType'type' HasNoEchonoEchoHasNamename HasMinValueminValue HasMinLength minLength HasMaxValuemaxValue HasMaxLength maxLengthHasDescription description HasDefault'default'HasConstraintDescriptionconstraintDescriptionHasAllowedValues allowedValuesHasAllowedPatternallowedPatternparameterToJSONparameterFromJSON parameter$fFromJSONParameters$fToJSONParameters$fNamedItemParameter$fIsListParameters$fToRefParameterb$fHasType'ParameterTextStack_stackNotificationARNs_stackParameters_stackResourceTags_stackTemplateURL_stackTimeoutInMinutesstacksNotificationARNs sParameters sResourceTags sTemplateURLsTimeoutInMinutes$fFromJSONStack $fToJSONStackResource resourceNameresourcePropertiesresourceDeletionPolicyDeletionPolicyDeleteRetainSnapshotResourceProperties DBSecurityGroupIngressPropertiesSubnetPropertiesDBInstancePropertiesIAMRolePropertiesGroupPropertiesDBSubnetGroupPropertiesSecurityGroupPropertiesDBParameterGroupPropertiesPolicyPropertiesEC2InstancePropertiesRouteTablePropertiesEIPAssociationPropertiesInternetGatewayPropertiesInstanceProfilePropertiesVPCGatewayAttachmentProperties EIPPropertiesUserPropertiesDBSecurityGroupProperties%SubnetRouteTableAssociationPropertiesRecordSetGroupPropertiesStackPropertiesManagedPolicyProperties VPCPropertiesAccessKeyPropertiesLoadBalancerPropertiesVolumePropertiesUserToGroupAdditionPropertiesVPCEndpointPropertiesRecordSetPropertiesRoutePropertiesNatGatewayPropertiesVolumeAttachmentPropertiesresource Resources unResources propertiesdeletionPolicyOutput outputNameoutputDescription outputValueOutputs unOutputsvalueoutputTemplatetemplateFormatVersiontemplateDescriptiontemplateMetadatatemplateParameterstemplateMappingstemplateConditionstemplateResourcestemplateOutputs resources parametersoutputsmetadatamappings formatVersion conditionstemplateencodeTemplatelens_3izFRvuXRLICEsbX0CxITgControl.Lens.THcamelCaseNamermkFunc$fFromJSONBool' $fToJSONBool'$fFromJSONInteger'$fToJSONInteger' $fFromJSONVal $fToJSONVal $fIsStringValtext_HmqVQnZSpjaC156ABqPhne Data.Text$fToRefResourceb$fFromJSONDeletionPolicy$fToJSONDeletionPolicy HasPropertiesHasDeletionPolicyresourceToJSONresourcePropertiesJSONresourceFromJSON$fFromJSONResources$fToJSONResources$fNamedItemResource$fIsListResources)$fHasPropertiesResourceResourcePropertiesHasValue outputToJSONoutputFromJSON$fFromJSONOutputs$fToJSONOutputs$fNamedItemOutput$fIsListOutputs$fToRefOutputb$fHasValueOutputValMapping$fFromJSONTemplate HasResources HasParameters HasOutputs HasMetadata HasMappingsHasFormatVersion HasConditions$fHasResourcesTemplateResourcesbaseData.Traversable Traversablecontr_9KnP1RTdqfZG251z0tkqVXData.Functor.Contravariant contramap ContravariantData.Functor.Identity runIdentityIdentityData.Bifunctorbimap BifunctortraverseControl.ApplicativegetConstConst Data.Function&>$defaultFieldRules makeFieldsabbreviatedNamerabbreviatedFieldscamelCaseFieldsunderscoreNamerunderscoreFields makeWrappeddeclareLensesWith declareFieldsdeclareWrapped declarePrismsdeclareClassyFor declareClassydeclareLensesFor declareLensesmakeLensesWith makeClassyFor makeLensesFor makeClassy_ makeClassy makeLenses classyRules_ classyRules mappingNamerlookingupNamer lensRulesForunderscoreNoPrefixNamer lensRules lensClass lensField createClassgenerateLazyPatternsgenerateUpdateableOpticsgenerateSignatures simpleLenses FieldNamer ClassyNamerControl.Lens.Internal.PrismTHmakeClassyPrisms makePrismsControl.Lens.Internal.FieldTH LensRules MethodNameTopNameDefNameControl.Lens.AtiatsansixAtiix icontainsIndexcontainsContainsIxValueixIxedatAtControl.Lens.Consunsnocsnoc|>_last_init_tail_headunconscons<|:>:<_ConsCons_SnocSnocControl.Lens.EacheachEachControl.Lens.EmptyEmpty_EmptyAsEmptyControl.Lens.Wrappedalafala _Unwrapping _Wrapping _Unwrapping' _Wrapping'op _Unwrapped_Wrapped _Unwrapped' UnwrappedWrapped _Wrapped' Rewrapped RewrappingControl.Lens.Isocoerced secondingfirsting bimappingrmappinglmapping dimapping contramappingimagmamagma involutedreversedlazyflipped uncurriedcurriedanonnon'nonmappingenumunderaufaucloneIsowithIsofromisoListReversedSwappedLazyStrictAnIsoAnIso'swappedstrictControl.Lens.EqualitysimplesimplyfromEqmapEqsubstEqrunEq Identical AnEquality AnEquality'Control.Lens.Platedgplateparts composOpFoldparaparaOf holesOnOfholesOnholes contextsOnOf contextsOn contextsOfcontextstransformMOnOf transformMOf transformMOn transformM transformOnOf transformOf transformOn transform cosmosOnOfcosmosOncosmosOfcosmos universeOnOf universeOn universeOfuniverse rewriteMOnOf rewriteMOn rewriteMOfrewriteM rewriteOnOf rewriteOn rewriteOfrewritechildrendeep...platePlatedGPlatedControl.Lens.ReifiedrunLensLens ReifiedLens ReifiedLens'runIndexedLens IndexedLensReifiedIndexedLensReifiedIndexedLens'runIndexedTraversalIndexedTraversalReifiedIndexedTraversalReifiedIndexedTraversal' runTraversal TraversalReifiedTraversalReifiedTraversal' runGetterGetter ReifiedGetterrunIndexedGetter IndexedGetterReifiedIndexedGetterrunFoldFold ReifiedFoldrunIndexedFold IndexedFoldReifiedIndexedFold runSetterSetter ReifiedSetterReifiedSetter'runIndexedSetter IndexedSetterReifiedIndexedSetterReifiedIndexedSetter'runIsoIso ReifiedIso ReifiedIso'runPrismPrism ReifiedPrism ReifiedPrism'Control.Lens.LevelilevelslevelsControl.Lens.Indexed itraverseByOf itraverseBy ifoldMapByOf ifoldMapBy imapAccumL imapAccumRiforMimapMiforitoListifoldlMifoldrMifind iconcatMapiforM_imapM_ifor_ itraverse_noneinoneiallianyindexindicesicompose<.> reindexed selfIndex.><.imappedimapFunctorWithIndexifoldl'ifoldr'ifoldlifoldrifoldedifoldMapFoldableWithIndex itraversed itraverseTraversableWithIndexControl.Lens.Traversal sequenceByOf traverseByOf confusingdeepOffailing ifailoverfailoverelements elementsOfelement elementOfignored traversed64 traversed1 traversed imapAccumLOf imapAccumROfiforMOfimapMOfiforOf itraverseOfcloneIndexedTraversal1cloneIndexPreservingTraversal1cloneTraversal1cloneIndexedTraversalcloneIndexPreservingTraversalcloneTraversaldroppingtakingbesidebothunsafeSingularsingularholesOfiunsafePartsOf'unsafePartsOf'iunsafePartsOf unsafePartsOf ipartsOf'partsOf'ipartsOfpartsOfilocilociscanl1Ofscanr1Of mapAccumLOf mapAccumROf transposeOf sequenceOfforMOfmapMOf sequenceAOfforOf traverseOf ATraversal ATraversal' ATraversal1 ATraversal1'AnIndexedTraversalAnIndexedTraversal1AnIndexedTraversal'AnIndexedTraversal1' Traversing Traversing1 Traversing' Traversing1' traverseMin TraverseMin traverseMax TraverseMaxControl.Lens.Fold foldMapByOffoldByOfidroppingWhile itakingWhile ifiltered findIndicesOf findIndexOf elemIndicesOf elemIndexOf^@?!^@?^@.. itoListOf ifoldlMOf ifoldrMOf ifoldlOf' ifoldrOf'ifindMOfifindOf iconcatMapOfiforMOf_imapMOf_iforOf_ itraverseOf_inoneOfiallOfianyOfifoldlOfifoldrOf ifoldMapOf backwardsipreusespreusesipreusepreuse ipreviewspreviewsipreviewpreviewipreprehasn'thasfoldlMOffoldrMOf foldl1Of' foldr1Of'foldlOf'foldrOf'foldl1Offoldr1OflookupOffindMOffindOf minimumByOf maximumByOf minimumOf maximumOf notNullOfnullOflastOffirstOf^?!^?lengthOfconcatOf concatMapOf notElemOfelemOfmsumOfasumOf sequenceOf_forMOf_mapMOf_ sequenceAOf_forOf_ traverseOf_sumOf productOfnoneOfallOfanyOforOfandOf^..toListOffoldlOffoldrOffoldOf foldMapOflinedworded droppingWhile takingWhilefilterediteratedunfoldedcycled replicatedrepeatedfolded64folded ifoldringfoldringifoldingfoldingControl.Lens.ZoomzoomZoommagnifyMagnifyControl.Lens.Prism_Shownearlyonly_Void_Nothing_Just_Right_Leftmatchingisn'tbelowasidewithoutoutsideprism'prism clonePrism withPrismAPrismAPrism'Control.Lens.Reviewreusesreusereviews#reviewreununtoControl.Lens.Gettergetting^@.iusesiuseiviewsiview ilistenings listenings ilistening listeningusesuse^.viewsviewilikelikeitotoGettingIndexedGetting AccessingControl.Lens.Tuple_9'_8'_7'_6'_5'_4'_3'_2'_1'_1Field1_2Field2_3Field3_4Field4_5Field5_6Field6_7Field7_8Field8_9Field9Control.Lens.Lensfusinguniteddevoid<#=<#~#%%=<#%=<#%~#%=#=#%%~#%~#~storing^#<<%@=<%@=%%@=%%@~<<%@~<%@~overA<<>=<<>~<<~<<<>=<<&&=<<||=<<**=<<^^=<<^=<~<<&&~<<||~<<**~<<^^~<<^~<%%=%%~&~ilensiplenslensALensALens' AnIndexedLensAnIndexedLens'Control.Lens.SetterimapOfmapOfassignA.@= imodifying%@=.@~%@~isetsisetiover icensoring censoringipassingpassingscribe<>=<>~