{
  "typeName" : "AWS::Route53Resolver::FirewallRuleGroup",
  "description" : "Resource schema for AWS::Route53Resolver::FirewallRuleGroup.",
  "definitions" : {
    "FirewallRule" : {
      "description" : "Firewall Rule associating the Rule Group to a Domain List",
      "type" : "object",
      "properties" : {
        "FirewallDomainListId" : {
          "description" : "ResourceId",
          "type" : "string",
          "minLength" : 1,
          "maxLength" : 64
        },
        "Priority" : {
          "description" : "Rule Priority",
          "type" : "integer"
        },
        "Action" : {
          "description" : "Rule Action",
          "type" : "string",
          "enum" : [ "ALLOW", "BLOCK", "ALERT" ]
        },
        "BlockResponse" : {
          "description" : "BlockResponse",
          "type" : "string",
          "enum" : [ "NODATA", "NXDOMAIN", "OVERRIDE" ]
        },
        "BlockOverrideDomain" : {
          "description" : "BlockOverrideDomain",
          "type" : "string",
          "minLength" : 1,
          "maxLength" : 255
        },
        "BlockOverrideDnsType" : {
          "description" : "BlockOverrideDnsType",
          "type" : "string",
          "enum" : [ "CNAME" ]
        },
        "BlockOverrideTtl" : {
          "description" : "BlockOverrideTtl",
          "type" : "integer",
          "minimum" : 0,
          "maximum" : 604800
        }
      },
      "required" : [ "FirewallDomainListId", "Priority", "Action" ],
      "additionalProperties" : false
    },
    "Tag" : {
      "description" : "A key-value pair to associate with a resource.",
      "type" : "object",
      "properties" : {
        "Key" : {
          "description" : "The key name of the tag. You can specify a value that is 1 to 127 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.",
          "type" : "string",
          "minLength" : 1,
          "maxLength" : 127
        },
        "Value" : {
          "description" : "The value for the tag. You can specify a value that is 1 to 255 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.",
          "type" : "string",
          "minLength" : 0,
          "maxLength" : 255
        }
      },
      "required" : [ "Key", "Value" ],
      "additionalProperties" : false
    }
  },
  "properties" : {
    "Id" : {
      "description" : "ResourceId",
      "type" : "string",
      "minLength" : 1,
      "maxLength" : 64
    },
    "Arn" : {
      "description" : "Arn",
      "type" : "string",
      "minLength" : 1,
      "maxLength" : 600
    },
    "Name" : {
      "description" : "FirewallRuleGroupName",
      "type" : "string",
      "pattern" : "(?!^[0-9]+$)([a-zA-Z0-9\\-_' ']+)",
      "minLength" : 1,
      "maxLength" : 64
    },
    "RuleCount" : {
      "description" : "Count",
      "type" : "integer"
    },
    "Status" : {
      "description" : "ResolverFirewallRuleGroupAssociation, possible values are COMPLETE, DELETING, UPDATING, and INACTIVE_OWNER_ACCOUNT_CLOSED.",
      "type" : "string",
      "enum" : [ "COMPLETE", "DELETING", "UPDATING", "INACTIVE_OWNER_ACCOUNT_CLOSED" ]
    },
    "StatusMessage" : {
      "description" : "FirewallRuleGroupStatus",
      "type" : "string"
    },
    "OwnerId" : {
      "description" : "AccountId",
      "type" : "string",
      "minLength" : 12,
      "maxLength" : 32
    },
    "ShareStatus" : {
      "description" : "ShareStatus, possible values are NOT_SHARED, SHARED_WITH_ME, SHARED_BY_ME.",
      "type" : "string",
      "enum" : [ "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME" ]
    },
    "CreatorRequestId" : {
      "description" : "The id of the creator request.",
      "type" : "string",
      "minLength" : 1,
      "maxLength" : 255
    },
    "CreationTime" : {
      "description" : "Rfc3339TimeString",
      "type" : "string",
      "minLength" : 20,
      "maxLength" : 40
    },
    "ModificationTime" : {
      "description" : "Rfc3339TimeString",
      "type" : "string",
      "minLength" : 20,
      "maxLength" : 40
    },
    "FirewallRules" : {
      "description" : "FirewallRules",
      "type" : "array",
      "insertionOrder" : false,
      "uniqueItems" : true,
      "items" : {
        "$ref" : "#/definitions/FirewallRule"
      }
    },
    "Tags" : {
      "description" : "Tags",
      "type" : "array",
      "insertionOrder" : false,
      "uniqueItems" : true,
      "items" : {
        "$ref" : "#/definitions/Tag"
      }
    }
  },
  "createOnlyProperties" : [ "/properties/Name" ],
  "readOnlyProperties" : [ "/properties/Id", "/properties/Arn", "/properties/RuleCount", "/properties/Status", "/properties/StatusMessage", "/properties/OwnerId", "/properties/ShareStatus", "/properties/CreatorRequestId", "/properties/CreationTime", "/properties/ModificationTime" ],
  "primaryIdentifier" : [ "/properties/Id" ],
  "additionalProperties" : false,
  "handlers" : {
    "create" : {
      "permissions" : [ "route53resolver:CreateFirewallRuleGroup", "route53resolver:CreateFirewallRule", "route53resolver:TagResource" ]
    },
    "read" : {
      "permissions" : [ "route53resolver:GetFirewallRuleGroup", "route53resolver:ListFirewallRules", "route53resolver:ListTagsForResource" ]
    },
    "list" : {
      "permissions" : [ "route53resolver:ListFirewallRules", "route53resolver:GetFirewallRuleGroup", "route53resolver:TagResource" ]
    },
    "delete" : {
      "permissions" : [ "route53resolver:DeleteFirewallRuleGroup", "route53resolver:DeleteFirewallRule", "route53resolver:UntagResource" ]
    },
    "update" : {
      "permissions" : [ "route53resolver:CreateFirewallRule", "route53resolver:DeleteFirewallRule", "route53resolver:UpdateFirewallRule", "route53resolver:TagResource", "route53resolver:UntagResource" ]
    }
  }
}