aws-cloudformation · github-actions · Aug 30, 2025
diff --git a/server/schema/resources.schema.json b/server/schema/resources.schema.json
diff --git a/server/schema/resources/aws-accessanalyzer-analyzer.json b/server/schema/resources/aws-accessanalyzer-analyzer.json
@@ -142,6 +142,69 @@
       "additionalProperties": false,
       "markdownDescription": "The criteria for an analysis rule for an analyzer.\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
     },
+    "InternalAccessAnalysisRuleCriteria": {
+      "description": "The criteria for an analysis rule for an internal access analyzer.",
+      "type": "object",
+      "properties": {
+        "AccountIds": {
+          "description": "A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.",
+          "type": "array",
+          "insertionOrder": false,
+          "items": {
+            "type": "string",
+            "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\n"
+          },
+          "markdownDescription": "A list of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers and cannot include the organization owner account.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+        },
+        "ResourceArns": {
+          "description": "A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.",
+          "type": "array",
+          "insertionOrder": false,
+          "items": {
+            "type": "string",
+            "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\n"
+          },
+          "markdownDescription": "A list of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+        },
+        "ResourceTypes": {
+          "description": "A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.",
+          "type": "array",
+          "insertionOrder": false,
+          "items": {
+            "type": "string",
+            "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption\n"
+          },
+          "markdownDescription": "A list of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+        }
+      },
+      "additionalProperties": false,
+      "markdownDescription": "The criteria for an analysis rule for an internal access analyzer.\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+    },
+    "InternalAccessConfiguration": {
+      "description": "Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates internal access within your AWS environment.",
+      "type": "object",
+      "properties": {
+        "InternalAccessAnalysisRule": {
+          "description": "Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.",
+          "type": "object",
+          "properties": {
+            "Inclusions": {
+              "description": "A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.",
+              "type": "array",
+              "insertionOrder": false,
+              "items": {
+                "$ref": "#/definitions/InternalAccessAnalysisRuleCriteria"
+              },
+              "markdownDescription": "A list of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
+            }
+          },
+          "additionalProperties": false,
+          "markdownDescription": "Contains information about analysis rules for the internal access analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+        }
+      },
+      "additionalProperties": false,
+      "markdownDescription": "Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates internal access within your AWS environment.\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+    },
     "UnusedAccessConfiguration": {
       "description": "The Configuration for Unused Access Analyzer",
       "type": "object",
@@ -210,18 +273,21 @@
       "markdownDescription": "An array of key-value pairs to apply to this resource.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
     },
     "Type": {
-      "description": "The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS",
+      "description": "The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS, ACCOUNT_UNUSED_ACCESS and ORGANIZATION_UNUSED_ACCESS",
       "type": "string",
       "minLength": 0,
       "maxLength": 1024,
-      "markdownDescription": "The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS or ORGANIZATION_UNUSED_ACCESS\n\n---\n\nRequired: Yes  \nType: String  \nMaximum Length: 1024  \nUpdate requires: Replacement\n"
+      "markdownDescription": "The type of the analyzer, must be one of ACCOUNT, ORGANIZATION, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS, ACCOUNT_UNUSED_ACCESS and ORGANIZATION_UNUSED_ACCESS\n\n---\n\nRequired: Yes  \nType: String  \nMaximum Length: 1024  \nUpdate requires: Replacement\n"
     },
     "AnalyzerConfiguration": {
       "description": "The configuration for the analyzer",
       "type": "object",
       "properties": {
         "UnusedAccessConfiguration": {
           "$ref": "#/definitions/UnusedAccessConfiguration"
+        },
+        "InternalAccessConfiguration": {
+          "$ref": "#/definitions/InternalAccessConfiguration"
         }
       },
       "additionalProperties": false,

diff --git a/server/schema/resources/aws-acmpca-certificate.json b/server/schema/resources/aws-acmpca-certificate.json
@@ -99,7 +99,7 @@
       "markdownDescription": "Array of X.509 extensions for a certificate.\n\n---\n\nRequired: No  \nType: Array  \nUpdate requires: No interruption\n"
     },
     "CustomExtension": {
-      "description": "Specifies the X.509 extension information for a certificate.\n Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough`` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).",
+      "description": "Specifies the X.509 extension information for a certificate.\n Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough``[template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).",
       "type": "object",
       "additionalProperties": false,
       "properties": {
@@ -123,7 +123,7 @@
         "ObjectIdentifier",
         "Value"
       ],
-      "markdownDescription": "Specifies the X.509 extension information for a certificate.\n Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough`` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
+      "markdownDescription": "Specifies the X.509 extension information for a certificate.\n Extensions present in ``CustomExtensions`` follow the ``ApiPassthrough``[template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations).\n\n---\n\nRequired: No  \nUpdate requires: No interruption\n"
     },
     "GeneralNameList": {
       "type": "array",