1{ 2 "version": "1.0", 3 "parameters": { 4 "Region": { 5 "builtIn": "AWS::Region", 6 "required": false, 7 "documentation": "The AWS region used to dispatch the request.", 8 "type": "String" 9 }, 10 "UseDualStack": { 11 "builtIn": "AWS::UseDualStack", 12 "required": true, 13 "default": false, 14 "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", 15 "type": "Boolean" 16 }, 17 "UseFIPS": { 18 "builtIn": "AWS::UseFIPS", 19 "required": true, 20 "default": false, 21 "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", 22 "type": "Boolean" 23 }, 24 "Endpoint": { 25 "builtIn": "SDK::Endpoint", 26 "required": false, 27 "documentation": "Override the endpoint used to send this request", 28 "type": "String" 29 } 30 }, 31 "rules": [ 32 { 33 "conditions": [ 34 { 35 "fn": "isSet", 36 "argv": [ 37 { 38 "ref": "Endpoint" 39 } 40 ] 41 } 42 ], 43 "rules": [ 44 { 45 "conditions": [ 46 { 47 "fn": "booleanEquals", 48 "argv": [ 49 { 50 "ref": "UseFIPS" 51 }, 52 true 53 ] 54 } 55 ], 56 "error": "Invalid Configuration: FIPS and custom endpoint are not supported", 57 "type": "error" 58 }, 59 { 60 "conditions": [ 61 { 62 "fn": "booleanEquals", 63 "argv": [ 64 { 65 "ref": "UseDualStack" 66 }, 67 true 68 ] 69 } 70 ], 71 "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", 72 "type": "error" 73 }, 74 { 75 "conditions": [], 76 "endpoint": { 77 "url": { 78 "ref": "Endpoint" 79 }, 80 "properties": {}, 81 "headers": {} 82 }, 83 "type": "endpoint" 84 } 85 ], 86 "type": "tree" 87 }, 88 { 89 "conditions": [ 90 { 91 "fn": "isSet", 92 "argv": [ 93 { 94 "ref": "Region" 95 } 96 ] 97 } 98 ], 99 "rules": [ 100 { 101 "conditions": [ 102 { 103 "fn": "aws.partition", 104 "argv": [ 105 { 106 "ref": "Region" 107 } 108 ], 109 "assign": "PartitionResult" 110 } 111 ], 112 "rules": [ 113 { 114 "conditions": [ 115 { 116 "fn": "stringEquals", 117 "argv": [ 118 { 119 "fn": "getAttr", 120 "argv": [ 121 { 122 "ref": "PartitionResult" 123 }, 124 "name" 125 ] 126 }, 127 "aws" 128 ] 129 }, 130 { 131 "fn": "booleanEquals", 132 "argv": [ 133 { 134 "ref": "UseFIPS" 135 }, 136 false 137 ] 138 }, 139 { 140 "fn": "booleanEquals", 141 "argv": [ 142 { 143 "ref": "UseDualStack" 144 }, 145 false 146 ] 147 } 148 ], 149 "endpoint": { 150 "url": "https://iam.amazonaws.com", 151 "properties": { 152 "authSchemes": [ 153 { 154 "name": "sigv4", 155 "signingName": "iam", 156 "signingRegion": "us-east-1" 157 } 158 ] 159 }, 160 "headers": {} 161 }, 162 "type": "endpoint" 163 }, 164 { 165 "conditions": [ 166 { 167 "fn": "stringEquals", 168 "argv": [ 169 { 170 "fn": "getAttr", 171 "argv": [ 172 { 173 "ref": "PartitionResult" 174 }, 175 "name" 176 ] 177 }, 178 "aws" 179 ] 180 }, 181 { 182 "fn": "booleanEquals", 183 "argv": [ 184 { 185 "ref": "UseFIPS" 186 }, 187 true 188 ] 189 }, 190 { 191 "fn": "booleanEquals", 192 "argv": [ 193 { 194 "ref": "UseDualStack" 195 }, 196 false 197 ] 198 } 199 ], 200 "endpoint": { 201 "url": "https://iam-fips.amazonaws.com", 202 "properties": { 203 "authSchemes": [ 204 { 205 "name": "sigv4", 206 "signingName": "iam", 207 "signingRegion": "us-east-1" 208 } 209 ] 210 }, 211 "headers": {} 212 }, 213 "type": "endpoint" 214 }, 215 { 216 "conditions": [ 217 { 218 "fn": "stringEquals", 219 "argv": [ 220 { 221 "fn": "getAttr", 222 "argv": [ 223 { 224 "ref": "PartitionResult" 225 }, 226 "name" 227 ] 228 }, 229 "aws-cn" 230 ] 231 }, 232 { 233 "fn": "booleanEquals", 234 "argv": [ 235 { 236 "ref": "UseFIPS" 237 }, 238 false 239 ] 240 }, 241 { 242 "fn": "booleanEquals", 243 "argv": [ 244 { 245 "ref": "UseDualStack" 246 }, 247 false 248 ] 249 } 250 ], 251 "endpoint": { 252 "url": "https://iam.cn-north-1.amazonaws.com.cn", 253 "properties": { 254 "authSchemes": [ 255 { 256 "name": "sigv4", 257 "signingName": "iam", 258 "signingRegion": "cn-north-1" 259 } 260 ] 261 }, 262 "headers": {} 263 }, 264 "type": "endpoint" 265 }, 266 { 267 "conditions": [ 268 { 269 "fn": "stringEquals", 270 "argv": [ 271 { 272 "fn": "getAttr", 273 "argv": [ 274 { 275 "ref": "PartitionResult" 276 }, 277 "name" 278 ] 279 }, 280 "aws-us-gov" 281 ] 282 }, 283 { 284 "fn": "booleanEquals", 285 "argv": [ 286 { 287 "ref": "UseFIPS" 288 }, 289 false 290 ] 291 }, 292 { 293 "fn": "booleanEquals", 294 "argv": [ 295 { 296 "ref": "UseDualStack" 297 }, 298 false 299 ] 300 } 301 ], 302 "endpoint": { 303 "url": "https://iam.us-gov.amazonaws.com", 304 "properties": { 305 "authSchemes": [ 306 { 307 "name": "sigv4", 308 "signingName": "iam", 309 "signingRegion": "us-gov-west-1" 310 } 311 ] 312 }, 313 "headers": {} 314 }, 315 "type": "endpoint" 316 }, 317 { 318 "conditions": [ 319 { 320 "fn": "stringEquals", 321 "argv": [ 322 { 323 "fn": "getAttr", 324 "argv": [ 325 { 326 "ref": "PartitionResult" 327 }, 328 "name" 329 ] 330 }, 331 "aws-us-gov" 332 ] 333 }, 334 { 335 "fn": "booleanEquals", 336 "argv": [ 337 { 338 "ref": "UseFIPS" 339 }, 340 true 341 ] 342 }, 343 { 344 "fn": "booleanEquals", 345 "argv": [ 346 { 347 "ref": "UseDualStack" 348 }, 349 false 350 ] 351 } 352 ], 353 "endpoint": { 354 "url": "https://iam.us-gov.amazonaws.com", 355 "properties": { 356 "authSchemes": [ 357 { 358 "name": "sigv4", 359 "signingName": "iam", 360 "signingRegion": "us-gov-west-1" 361 } 362 ] 363 }, 364 "headers": {} 365 }, 366 "type": "endpoint" 367 }, 368 { 369 "conditions": [ 370 { 371 "fn": "stringEquals", 372 "argv": [ 373 { 374 "fn": "getAttr", 375 "argv": [ 376 { 377 "ref": "PartitionResult" 378 }, 379 "name" 380 ] 381 }, 382 "aws-iso" 383 ] 384 }, 385 { 386 "fn": "booleanEquals", 387 "argv": [ 388 { 389 "ref": "UseFIPS" 390 }, 391 false 392 ] 393 }, 394 { 395 "fn": "booleanEquals", 396 "argv": [ 397 { 398 "ref": "UseDualStack" 399 }, 400 false 401 ] 402 } 403 ], 404 "endpoint": { 405 "url": "https://iam.us-iso-east-1.c2s.ic.gov", 406 "properties": { 407 "authSchemes": [ 408 { 409 "name": "sigv4", 410 "signingName": "iam", 411 "signingRegion": "us-iso-east-1" 412 } 413 ] 414 }, 415 "headers": {} 416 }, 417 "type": "endpoint" 418 }, 419 { 420 "conditions": [ 421 { 422 "fn": "stringEquals", 423 "argv": [ 424 { 425 "fn": "getAttr", 426 "argv": [ 427 { 428 "ref": "PartitionResult" 429 }, 430 "name" 431 ] 432 }, 433 "aws-iso-b" 434 ] 435 }, 436 { 437 "fn": "booleanEquals", 438 "argv": [ 439 { 440 "ref": "UseFIPS" 441 }, 442 false 443 ] 444 }, 445 { 446 "fn": "booleanEquals", 447 "argv": [ 448 { 449 "ref": "UseDualStack" 450 }, 451 false 452 ] 453 } 454 ], 455 "endpoint": { 456 "url": "https://iam.us-isob-east-1.sc2s.sgov.gov", 457 "properties": { 458 "authSchemes": [ 459 { 460 "name": "sigv4", 461 "signingName": "iam", 462 "signingRegion": "us-isob-east-1" 463 } 464 ] 465 }, 466 "headers": {} 467 }, 468 "type": "endpoint" 469 }, 470 { 471 "conditions": [ 472 { 473 "fn": "stringEquals", 474 "argv": [ 475 { 476 "fn": "getAttr", 477 "argv": [ 478 { 479 "ref": "PartitionResult" 480 }, 481 "name" 482 ] 483 }, 484 "aws-iso-e" 485 ] 486 }, 487 { 488 "fn": "booleanEquals", 489 "argv": [ 490 { 491 "ref": "UseFIPS" 492 }, 493 false 494 ] 495 }, 496 { 497 "fn": "booleanEquals", 498 "argv": [ 499 { 500 "ref": "UseDualStack" 501 }, 502 false 503 ] 504 } 505 ], 506 "endpoint": { 507 "url": "https://iam.eu-isoe-west-1.cloud.adc-e.uk", 508 "properties": { 509 "authSchemes": [ 510 { 511 "name": "sigv4", 512 "signingName": "iam", 513 "signingRegion": "eu-isoe-west-1" 514 } 515 ] 516 }, 517 "headers": {} 518 }, 519 "type": "endpoint" 520 }, 521 { 522 "conditions": [ 523 { 524 "fn": "stringEquals", 525 "argv": [ 526 { 527 "fn": "getAttr", 528 "argv": [ 529 { 530 "ref": "PartitionResult" 531 }, 532 "name" 533 ] 534 }, 535 "aws-iso-f" 536 ] 537 }, 538 { 539 "fn": "booleanEquals", 540 "argv": [ 541 { 542 "ref": "UseFIPS" 543 }, 544 false 545 ] 546 }, 547 { 548 "fn": "booleanEquals", 549 "argv": [ 550 { 551 "ref": "UseDualStack" 552 }, 553 false 554 ] 555 } 556 ], 557 "endpoint": { 558 "url": "https://iam.us-isof-south-1.csp.hci.ic.gov", 559 "properties": { 560 "authSchemes": [ 561 { 562 "name": "sigv4", 563 "signingName": "iam", 564 "signingRegion": "us-isof-south-1" 565 } 566 ] 567 }, 568 "headers": {} 569 }, 570 "type": "endpoint" 571 }, 572 { 573 "conditions": [ 574 { 575 "fn": "booleanEquals", 576 "argv": [ 577 { 578 "ref": "UseFIPS" 579 }, 580 true 581 ] 582 }, 583 { 584 "fn": "booleanEquals", 585 "argv": [ 586 { 587 "ref": "UseDualStack" 588 }, 589 true 590 ] 591 } 592 ], 593 "rules": [ 594 { 595 "conditions": [ 596 { 597 "fn": "booleanEquals", 598 "argv": [ 599 true, 600 { 601 "fn": "getAttr", 602 "argv": [ 603 { 604 "ref": "PartitionResult" 605 }, 606 "supportsFIPS" 607 ] 608 } 609 ] 610 }, 611 { 612 "fn": "booleanEquals", 613 "argv": [ 614 true, 615 { 616 "fn": "getAttr", 617 "argv": [ 618 { 619 "ref": "PartitionResult" 620 }, 621 "supportsDualStack" 622 ] 623 } 624 ] 625 } 626 ], 627 "rules": [ 628 { 629 "conditions": [], 630 "endpoint": { 631 "url": "https://iam-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", 632 "properties": {}, 633 "headers": {} 634 }, 635 "type": "endpoint" 636 } 637 ], 638 "type": "tree" 639 }, 640 { 641 "conditions": [], 642 "error": "FIPS and DualStack are enabled, but this partition does not support one or both", 643 "type": "error" 644 } 645 ], 646 "type": "tree" 647 }, 648 { 649 "conditions": [ 650 { 651 "fn": "booleanEquals", 652 "argv": [ 653 { 654 "ref": "UseFIPS" 655 }, 656 true 657 ] 658 } 659 ], 660 "rules": [ 661 { 662 "conditions": [ 663 { 664 "fn": "booleanEquals", 665 "argv": [ 666 { 667 "fn": "getAttr", 668 "argv": [ 669 { 670 "ref": "PartitionResult" 671 }, 672 "supportsFIPS" 673 ] 674 }, 675 true 676 ] 677 } 678 ], 679 "rules": [ 680 { 681 "conditions": [], 682 "endpoint": { 683 "url": "https://iam-fips.{Region}.{PartitionResult#dnsSuffix}", 684 "properties": {}, 685 "headers": {} 686 }, 687 "type": "endpoint" 688 } 689 ], 690 "type": "tree" 691 }, 692 { 693 "conditions": [], 694 "error": "FIPS is enabled but this partition does not support FIPS", 695 "type": "error" 696 } 697 ], 698 "type": "tree" 699 }, 700 { 701 "conditions": [ 702 { 703 "fn": "booleanEquals", 704 "argv": [ 705 { 706 "ref": "UseDualStack" 707 }, 708 true 709 ] 710 } 711 ], 712 "rules": [ 713 { 714 "conditions": [ 715 { 716 "fn": "booleanEquals", 717 "argv": [ 718 true, 719 { 720 "fn": "getAttr", 721 "argv": [ 722 { 723 "ref": "PartitionResult" 724 }, 725 "supportsDualStack" 726 ] 727 } 728 ] 729 } 730 ], 731 "rules": [ 732 { 733 "conditions": [], 734 "endpoint": { 735 "url": "https://iam.{Region}.{PartitionResult#dualStackDnsSuffix}", 736 "properties": {}, 737 "headers": {} 738 }, 739 "type": "endpoint" 740 } 741 ], 742 "type": "tree" 743 }, 744 { 745 "conditions": [], 746 "error": "DualStack is enabled but this partition does not support DualStack", 747 "type": "error" 748 } 749 ], 750 "type": "tree" 751 }, 752 { 753 "conditions": [], 754 "endpoint": { 755 "url": "https://iam.{Region}.{PartitionResult#dnsSuffix}", 756 "properties": {}, 757 "headers": {} 758 }, 759 "type": "endpoint" 760 } 761 ], 762 "type": "tree" 763 } 764 ], 765 "type": "tree" 766 }, 767 { 768 "conditions": [], 769 "error": "Invalid Configuration: Missing Region", 770 "type": "error" 771 } 772 ] 773}