{
  "typeName" : "AWS::Connect::User",
  "description" : "Resource Type definition for AWS::Connect::User",
  "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-connect",
  "definitions" : {
    "FirstName" : {
      "description" : "The first name. This is required if you are using Amazon Connect or SAML for identity management.",
      "type" : "string"
    },
    "LastName" : {
      "description" : "The last name. This is required if you are using Amazon Connect or SAML for identity management.",
      "type" : "string"
    },
    "Email" : {
      "description" : "The email address. If you are using SAML for identity management and include this parameter, an error is returned.",
      "type" : "string"
    },
    "SecondaryEmail" : {
      "description" : "The secondary email address. If you provide a secondary email, the user receives email notifications -- other than password reset notifications -- to this email address instead of to their primary email address.",
      "type" : "string",
      "pattern" : "(?=^.{0,265}$)[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,63}"
    },
    "Mobile" : {
      "description" : "The mobile phone number.",
      "type" : "string",
      "pattern" : "^\\+[1-9]\\d{1,14}$"
    },
    "SecurityProfileArn" : {
      "description" : "The identifier of the security profile for the user.",
      "type" : "string",
      "pattern" : "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/security-profile/[-a-zA-Z0-9]*$"
    },
    "AfterContactWorkTimeLimit" : {
      "description" : "The After Call Work (ACW) timeout setting, in seconds.",
      "type" : "integer",
      "minimum" : 0
    },
    "AutoAccept" : {
      "description" : "The Auto accept setting.",
      "type" : "boolean"
    },
    "DeskPhoneNumber" : {
      "description" : "The phone number for the user's desk phone.",
      "type" : "string"
    },
    "PhoneType" : {
      "description" : "The phone type.",
      "type" : "string",
      "enum" : [ "SOFT_PHONE", "DESK_PHONE" ]
    },
    "UserIdentityInfo" : {
      "description" : "Contains information about the identity of a user.",
      "type" : "object",
      "additionalProperties" : false,
      "properties" : {
        "FirstName" : {
          "$ref" : "#/definitions/FirstName"
        },
        "LastName" : {
          "$ref" : "#/definitions/LastName"
        },
        "Email" : {
          "$ref" : "#/definitions/Email"
        },
        "SecondaryEmail" : {
          "$ref" : "#/definitions/SecondaryEmail"
        },
        "Mobile" : {
          "$ref" : "#/definitions/Mobile"
        }
      }
    },
    "UserPhoneConfig" : {
      "description" : "Contains information about the phone configuration settings for a user.",
      "type" : "object",
      "additionalProperties" : false,
      "properties" : {
        "AfterContactWorkTimeLimit" : {
          "$ref" : "#/definitions/AfterContactWorkTimeLimit"
        },
        "AutoAccept" : {
          "$ref" : "#/definitions/AutoAccept"
        },
        "DeskPhoneNumber" : {
          "$ref" : "#/definitions/DeskPhoneNumber"
        },
        "PhoneType" : {
          "$ref" : "#/definitions/PhoneType"
        }
      },
      "required" : [ "PhoneType" ]
    },
    "Tag" : {
      "description" : "A key-value pair to associate with a resource.",
      "type" : "object",
      "additionalProperties" : false,
      "properties" : {
        "Key" : {
          "type" : "string",
          "description" : "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ",
          "minLength" : 1,
          "maxLength" : 128,
          "pattern" : "^(?!aws:)[a-zA-Z+-=._:/]+$"
        },
        "Value" : {
          "type" : "string",
          "description" : "The value for the tag. You can specify a value that is maximum of 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ",
          "maxLength" : 256
        }
      },
      "required" : [ "Key", "Value" ]
    }
  },
  "properties" : {
    "InstanceArn" : {
      "description" : "The identifier of the Amazon Connect instance.",
      "type" : "string",
      "pattern" : "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$"
    },
    "DirectoryUserId" : {
      "description" : "The identifier of the user account in the directory used for identity management.",
      "type" : "string"
    },
    "HierarchyGroupArn" : {
      "description" : "The identifier of the hierarchy group for the user.",
      "type" : "string",
      "pattern" : "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent-group/[-a-zA-Z0-9]*$"
    },
    "Username" : {
      "description" : "The user name for the account.",
      "type" : "string",
      "minLength" : 1,
      "maxLength" : 64,
      "pattern" : "[a-zA-Z0-9\\_\\-\\.\\@]+"
    },
    "Password" : {
      "description" : "The password for the user account. A password is required if you are using Amazon Connect for identity management. Otherwise, it is an error to include a password.",
      "type" : "string",
      "pattern" : "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)[a-zA-Z\\d\\S]{8,64}$"
    },
    "RoutingProfileArn" : {
      "description" : "The identifier of the routing profile for the user.",
      "type" : "string",
      "pattern" : "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/routing-profile/[-a-zA-Z0-9]*$"
    },
    "IdentityInfo" : {
      "description" : "The information about the identity of the user.",
      "$ref" : "#/definitions/UserIdentityInfo"
    },
    "PhoneConfig" : {
      "description" : "The phone settings for the user.",
      "$ref" : "#/definitions/UserPhoneConfig"
    },
    "SecurityProfileArns" : {
      "type" : "array",
      "minItems" : 1,
      "maxItems" : 10,
      "uniqueItems" : true,
      "insertionOrder" : false,
      "description" : "One or more security profile arns for the user",
      "items" : {
        "$ref" : "#/definitions/SecurityProfileArn"
      }
    },
    "UserArn" : {
      "description" : "The Amazon Resource Name (ARN) for the user.",
      "type" : "string",
      "pattern" : "^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*/agent/[-a-zA-Z0-9]*$"
    },
    "Tags" : {
      "type" : "array",
      "maxItems" : 50,
      "uniqueItems" : true,
      "insertionOrder" : false,
      "description" : "One or more tags.",
      "items" : {
        "$ref" : "#/definitions/Tag"
      }
    }
  },
  "required" : [ "InstanceArn", "PhoneConfig", "RoutingProfileArn", "SecurityProfileArns", "Username" ],
  "handlers" : {
    "create" : {
      "permissions" : [ "connect:CreateUser", "connect:TagResource" ]
    },
    "read" : {
      "permissions" : [ "connect:DescribeUser" ]
    },
    "delete" : {
      "permissions" : [ "connect:DeleteUser", "connect:UntagResource" ]
    },
    "update" : {
      "permissions" : [ "connect:UpdateUserIdentityInfo", "connect:UpdateUserPhoneConfig", "connect:UpdateUserRoutingProfile", "connect:UpdateUserSecurityProfiles", "connect:UpdateUserHierarchy", "connect:TagResource", "connect:UntagResource" ]
    }
  },
  "additionalProperties" : false,
  "primaryIdentifier" : [ "/properties/UserArn" ],
  "readOnlyProperties" : [ "/properties/UserArn" ],
  "writeOnlyProperties" : [ "/properties/Password" ]
}