{
  "typeName" : "AWS::DataSync::LocationEFS",
  "description" : "Resource schema for AWS::DataSync::LocationEFS.",
  "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-datasync.git",
  "definitions" : {
    "Ec2Config" : {
      "additionalProperties" : false,
      "description" : "The subnet and security group that DataSync uses to access target EFS file system.",
      "type" : "object",
      "properties" : {
        "SecurityGroupArns" : {
          "description" : "The Amazon Resource Names (ARNs) of the security groups that are configured for the Amazon EC2 resource.",
          "type" : "array",
          "items" : {
            "type" : "string",
            "pattern" : "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:security-group/.*$",
            "maxLength" : 128
          },
          "minItems" : 1,
          "maxItems" : 5,
          "insertionOrder" : false
        },
        "SubnetArn" : {
          "description" : "The ARN of the subnet that DataSync uses to access the target EFS file system.",
          "type" : "string",
          "pattern" : "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:subnet/.*$",
          "maxLength" : 128
        }
      },
      "required" : [ "SecurityGroupArns", "SubnetArn" ]
    },
    "Tag" : {
      "additionalProperties" : false,
      "description" : "A key-value pair to associate with a resource.",
      "type" : "object",
      "properties" : {
        "Key" : {
          "type" : "string",
          "description" : "The key for an AWS resource tag.",
          "pattern" : "^[a-zA-Z0-9\\s+=._:/-]+$",
          "maxLength" : 256,
          "minLength" : 1
        },
        "Value" : {
          "type" : "string",
          "description" : "The value for an AWS resource tag.",
          "pattern" : "^[a-zA-Z0-9\\s+=._:@/-]+$",
          "maxLength" : 256,
          "minLength" : 1
        }
      },
      "required" : [ "Key", "Value" ]
    }
  },
  "properties" : {
    "Ec2Config" : {
      "$ref" : "#/definitions/Ec2Config"
    },
    "EfsFilesystemArn" : {
      "description" : "The Amazon Resource Name (ARN) for the Amazon EFS file system.",
      "type" : "string",
      "pattern" : "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]*:[0-9]{12}:file-system/fs-.*$",
      "maxLength" : 128
    },
    "AccessPointArn" : {
      "description" : "The Amazon Resource Name (ARN) for the Amazon EFS Access point that DataSync uses when accessing the EFS file system.",
      "type" : "string",
      "pattern" : "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$",
      "maxLength" : 128
    },
    "FileSystemAccessRoleArn" : {
      "description" : "The Amazon Resource Name (ARN) of the AWS IAM role that the DataSync will assume when mounting the EFS file system.",
      "type" : "string",
      "pattern" : "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$",
      "maxLength" : 128
    },
    "InTransitEncryption" : {
      "description" : "Protocol that is used for encrypting the traffic exchanged between the DataSync Agent and the EFS file system.",
      "type" : "string",
      "enum" : [ "NONE", "TLS1_2" ]
    },
    "Subdirectory" : {
      "description" : "A subdirectory in the location's path. This subdirectory in the EFS file system is used to read data from the EFS source location or write data to the EFS destination.",
      "type" : "string",
      "maxLength" : 4096,
      "pattern" : "^[a-zA-Z0-9_\\-\\+\\./\\(\\)\\$\\p{Zs}]+$"
    },
    "Tags" : {
      "description" : "An array of key-value pairs to apply to this resource.",
      "type" : "array",
      "maxItems" : 50,
      "uniqueItems" : true,
      "insertionOrder" : false,
      "items" : {
        "$ref" : "#/definitions/Tag"
      }
    },
    "LocationArn" : {
      "description" : "The Amazon Resource Name (ARN) of the Amazon EFS file system location that is created.",
      "type" : "string",
      "pattern" : "^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$",
      "maxLength" : 128
    },
    "LocationUri" : {
      "description" : "The URL of the EFS location that was described.",
      "type" : "string",
      "pattern" : "^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9.\\-/]+$",
      "maxLength" : 4356
    }
  },
  "additionalProperties" : false,
  "tagging" : {
    "taggable" : true,
    "tagOnCreate" : true,
    "tagUpdatable" : true,
    "cloudFormationSystemTags" : true,
    "tagProperty" : "/properties/Tags"
  },
  "required" : [ "Ec2Config" ],
  "readOnlyProperties" : [ "/properties/LocationArn", "/properties/LocationUri" ],
  "primaryIdentifier" : [ "/properties/LocationArn" ],
  "createOnlyProperties" : [ "/properties/Ec2Config", "/properties/EfsFilesystemArn", "/properties/Subdirectory", "/properties/FileSystemAccessRoleArn", "/properties/InTransitEncryption", "/properties/AccessPointArn" ],
  "writeOnlyProperties" : [ "/properties/EfsFilesystemArn", "/properties/Subdirectory" ],
  "handlers" : {
    "create" : {
      "permissions" : [ "datasync:CreateLocationEfs", "datasync:DescribeLocationEfs", "datasync:ListTagsForResource", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ]
    },
    "read" : {
      "permissions" : [ "datasync:DescribeLocationEfs", "datasync:ListTagsForResource" ]
    },
    "update" : {
      "permissions" : [ "datasync:DescribeLocationEfs", "datasync:ListTagsForResource", "datasync:TagResource", "datasync:UntagResource" ]
    },
    "delete" : {
      "permissions" : [ "datasync:DeleteLocation" ]
    },
    "list" : {
      "permissions" : [ "datasync:ListLocations" ]
    }
  }
}