{ "typeName" : "AWS::Redshift::EndpointAccess", "description" : "Resource schema for a Redshift-managed VPC endpoint.", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-redshift", "definitions" : { "VpcSecurityGroup" : { "description" : "Describes the members of a VPC security group.", "type" : "object", "properties" : { "VpcSecurityGroupId" : { "type" : "string", "description" : "The identifier of the VPC security group." }, "Status" : { "type" : "string", "description" : "The status of the VPC security group." } }, "additionalProperties" : false }, "NetworkInterface" : { "description" : "Describes a network interface.", "type" : "object", "properties" : { "NetworkInterfaceId" : { "type" : "string", "description" : "The network interface identifier." }, "SubnetId" : { "type" : "string", "description" : "The subnet identifier." }, "PrivateIpAddress" : { "type" : "string", "description" : "The IPv4 address of the network interface within the subnet." }, "AvailabilityZone" : { "type" : "string", "description" : "The Availability Zone." } }, "additionalProperties" : false } }, "properties" : { "Address" : { "description" : "The DNS address of the endpoint.", "type" : "string" }, "ClusterIdentifier" : { "description" : "A unique identifier for the cluster. You use this identifier to refer to the cluster for any subsequent cluster operations such as deleting or modifying. All alphabetical characters must be lower case, no hypens at the end, no two consecutive hyphens. Cluster name should be unique for all clusters within an AWS account", "type" : "string" }, "VpcSecurityGroups" : { "description" : "A list of Virtual Private Cloud (VPC) security groups to be associated with the endpoint.", "type" : "array", "insertionOrder" : false, "items" : { "$ref" : "#/definitions/VpcSecurityGroup" } }, "ResourceOwner" : { "description" : "The AWS account ID of the owner of the cluster.", "type" : "string", "pattern" : "^\\d{12}$" }, "EndpointStatus" : { "description" : "The status of the endpoint.", "type" : "string" }, "EndpointName" : { "description" : "The name of the endpoint.", "type" : "string", "pattern" : "^(?=^[a-z][a-z0-9]*(-[a-z0-9]+)*$).{1,30}$" }, "EndpointCreateTime" : { "description" : "The time (UTC) that the endpoint was created.", "type" : "string" }, "SubnetGroupName" : { "description" : "The subnet group name where Amazon Redshift chooses to deploy the endpoint.", "type" : "string", "pattern" : "^(?=^[a-zA-Z0-9-]+$).{1,255}$" }, "Port" : { "description" : "The port number on which the cluster accepts incoming connections.", "type" : "integer" }, "VpcSecurityGroupIds" : { "description" : "A list of vpc security group ids to apply to the created endpoint access.", "type" : "array", "insertionOrder" : false, "items" : { "type" : "string" } }, "VpcEndpoint" : { "description" : "The connection endpoint for connecting to an Amazon Redshift cluster through the proxy.", "type" : "object", "properties" : { "VpcEndpointId" : { "type" : "string", "description" : "The connection endpoint ID for connecting an Amazon Redshift cluster through the proxy." }, "VpcId" : { "type" : "string", "description" : "The VPC identifier that the endpoint is associated." }, "NetworkInterfaces" : { "type" : "array", "insertionOrder" : false, "description" : "One or more network interfaces of the endpoint. Also known as an interface endpoint.", "items" : { "$ref" : "#/definitions/NetworkInterface" } } }, "additionalProperties" : false } }, "tagging" : { "taggable" : false }, "additionalProperties" : false, "required" : [ "ClusterIdentifier", "SubnetGroupName", "EndpointName", "VpcSecurityGroupIds" ], "primaryIdentifier" : [ "/properties/EndpointName" ], "createOnlyProperties" : [ "/properties/EndpointName", "/properties/ClusterIdentifier", "/properties/ResourceOwner", "/properties/SubnetGroupName" ], "readOnlyProperties" : [ "/properties/Address", "/properties/EndpointStatus", "/properties/EndpointCreateTime", "/properties/Port", "/properties/VpcSecurityGroups", "/properties/VpcSecurityGroups/*/VpcSecurityGroupId", "/properties/VpcSecurityGroups/*/Status", "/properties/VpcEndpoint", "/properties/VpcEndpoint/VpcEndpointId", "/properties/VpcEndpoint/VpcId", "/properties/VpcEndpoint/NetworkInterfaces/*/NetworkInterfaceId", "/properties/VpcEndpoint/NetworkInterfaces/*/PrivateIpAddress", "/properties/VpcEndpoint/NetworkInterfaces/*/SubnetId", "/properties/VpcEndpoint/NetworkInterfaces/*/AvailabilityZone" ], "handlers" : { "create" : { "permissions" : [ "redshift:CreateEndpointAccess", "ec2:CreateClientVpnEndpoint", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets" ], "timeoutInMinutes" : 60 }, "read" : { "permissions" : [ "redshift:DescribeEndpointAccess", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets" ] }, "update" : { "permissions" : [ "redshift:ModifyEndpointAccess", "ec2:ModifyClientVpnEndpoint", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets" ], "timeoutInMinutes" : 60 }, "delete" : { "permissions" : [ "redshift:DeleteEndpointAccess", "ec2:DeleteClientVpnEndpoint", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets" ], "timeoutInMinutes" : 60 }, "list" : { "permissions" : [ "redshift:DescribeEndpointAccess", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets" ] } } }