{"resources":{"cloudformation":{"id":"cloudformation","fields":{"output":{"name":"output","type":"\u001bcloudformation.output","title":"AWS CloudFormation output","desc":"Examine a single Outputs section entry: name and the properties body (Value, Description, Export, Condition) — useful for spotting outputs that leak resource ARNs, secrets, or sensitive state across stacks.","provider":"go.mondoo.com/mql/v13/providers/cloudformation","is_implicit_resource":true},"parameter":{"name":"parameter","type":"\u001bcloudformation.parameter","title":"AWS CloudFormation parameter declaration","desc":"Examine a single entry from the `Parameters` section: type, default, allowed-values / allowed-pattern constraints, length and value bounds, the `NoEcho` flag, and any constraint description. This is the primary surface for policies that enforce strong input typing, secret masking (`NoEcho: true` for credential-shaped parameters), and bounded inputs.","provider":"go.mondoo.com/mql/v13/providers/cloudformation","is_implicit_resource":true},"resource":{"name":"resource","type":"\u001bcloudformation.resource","title":"AWS CloudFormation resource declaration","desc":"Examine a single declared resource: logical name, AWS resource type, condition, full properties body, attributes, dependsOn list, and the documentation URL — the unit IaC policies match against to enforce resource-shape rules (encryption, public access, tags, etc.).","provider":"go.mondoo.com/mql/v13/providers/cloudformation","is_implicit_resource":true},"template":{"name":"template","type":"\u001bcloudformation.template","title":"AWS CloudFormation template","desc":"Top-level entry point for static analysis of a CloudFormation template (or SAM template via Transform). Exposes the template metadata (AWSTemplateFormatVersion, Transform, Description), the parameter / mapping / condition / rule / global / metadata sections, the declared resources, the outputs, and the full set of resource types referenced — the surface for IaC policy checks of AWS infrastructure-as-code.","provider":"go.mondoo.com/mql/v13/providers/cloudformation","is_implicit_resource":true}},"is_extension":true},"cloudformation.output":{"id":"cloudformation.output","name":"cloudformation.output","fields":{"condition":{"name":"condition","type":"\u0007","is_mandatory":true,"title":"`Condition` name that gates whether this output is produced","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"`Description` field from the Outputs entry","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"exportName":{"name":"exportName","type":"\u0007","is_mandatory":true,"title":"`Export.Name` value","desc":"Empty when the output is not exported across stacks. Audits commonly forbid exporting sensitive resource ARNs (databases, KMS keys) so they can't be picked up by unrelated stacks.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Output name","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"properties":{"name":"properties","type":"\u001a\u0007\n","is_mandatory":true,"title":"Output properties","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"value":{"name":"value","type":"\n","is_mandatory":true,"title":"The `Value` expression","desc":"Returned as a `dict` because the value may be a literal, a `Ref`, a `Fn::GetAtt`, or any other intrinsic-function call. Audits commonly pattern-match against the shape to detect outputs that leak resource ARNs or sensitive references.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"}},"title":"AWS CloudFormation output","desc":"Examine a single Outputs section entry: name and the properties body (Value, Description, Export, Condition) — useful for spotting outputs that leak resource ARNs, secrets, or sensitive state across stacks.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"cloudformation.parameter":{"id":"cloudformation.parameter","name":"cloudformation.parameter","fields":{"allowedPattern":{"name":"allowedPattern","type":"\u0007","is_mandatory":true,"title":"`AllowedPattern` regular expression (String parameters only)","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"allowedValues":{"name":"allowedValues","type":"\u0019\n","is_mandatory":true,"title":"`AllowedValues` constraint","desc":"Heterogeneous list (strings, numbers) preserved as `dict`. Empty when the constraint is not set.","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"constraintDescription":{"name":"constraintDescription","type":"\u0007","is_mandatory":true,"title":"`ConstraintDescription` shown when validation fails","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"default":{"name":"default","type":"\n","is_mandatory":true,"title":"`Default` value","desc":"Returned as a `dict` because the value may be a string, number, or list depending on `type`. Empty when the parameter is required.","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"`Description` text","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"maxLength":{"name":"maxLength","type":"\u0005","is_mandatory":true,"title":"`MaxLength` constraint (String parameters)","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"maxValue":{"name":"maxValue","type":"\u0005","is_mandatory":true,"title":"`MaxValue` constraint (Number parameters)","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"minLength":{"name":"minLength","type":"\u0005","is_mandatory":true,"title":"`MinLength` constraint (String parameters)","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"minValue":{"name":"minValue","type":"\u0005","is_mandatory":true,"title":"`MinValue` constraint (Number parameters)","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Parameter name","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"noEcho":{"name":"noEcho","type":"\u0004","is_mandatory":true,"title":"`NoEcho` flag","desc":"When true, the parameter value is masked in stack events, the console, and the CLI. Required by most audit policies on parameters that hold passwords, API keys, or other credentials.","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Parameter type","desc":"`String`, `Number`, `List\u003cNumber\u003e`, `CommaDelimitedList`, or any of the AWS-specific parameter types (`AWS::EC2::KeyPair::KeyName`, `AWS::SSM::Parameter::Value\u003cString\u003e`, etc.).","provider":"go.mondoo.com/mql/v13/providers/cloudformation"}},"title":"AWS CloudFormation parameter declaration","desc":"Examine a single entry from the `Parameters` section: type, default, allowed-values / allowed-pattern constraints, length and value bounds, the `NoEcho` flag, and any constraint description. This is the primary surface for policies that enforce strong input typing, secret masking (`NoEcho: true` for credential-shaped parameters), and bounded inputs.","min_provider_version":"13.0.13","defaults":"name type","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"cloudformation.resource":{"id":"cloudformation.resource","name":"cloudformation.resource","fields":{"attributes":{"name":"attributes","type":"\u001a\u0007\n","is_mandatory":true,"title":"Resource attributes","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"condition":{"name":"condition","type":"\u0007","is_mandatory":true,"title":"Resource condition","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"creationPolicy":{"name":"creationPolicy","type":"\n","is_mandatory":true,"title":"`CreationPolicy` attribute","desc":"Nested object with `AutoScalingCreationPolicy` and `ResourceSignal` sub-sections used to wait for resource readiness before reporting CREATE_COMPLETE. Empty when not declared.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"deletionPolicy":{"name":"deletionPolicy","type":"\u0007","is_mandatory":true,"title":"`DeletionPolicy` attribute","desc":"One of `Delete`, `Retain`, `RetainExceptOnCreate`, or `Snapshot`. Empty when the attribute is not declared (CloudFormation then applies the `Delete` default). Stateful resources such as `AWS::RDS::DBInstance` or `AWS::S3::Bucket` typically require `Retain` to avoid accidental data loss on stack deletion.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"dependsOn":{"name":"dependsOn","type":"\u0019\u0007","is_mandatory":true,"title":"Resource dependencies (DependsOn)","min_provider_version":"13.0.1","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"documentation":{"name":"documentation","type":"\u0007","is_mandatory":true,"title":"Resource documentation URL","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource name","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"properties":{"name":"properties","type":"\u001a\u0007\n","is_mandatory":true,"title":"Resource properties","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"resourceMetadata":{"name":"resourceMetadata","type":"\n","is_mandatory":true,"title":"`Metadata` attribute","desc":"Stores resource-specific metadata such as `AWS::CloudFormation::Init` or interface designer hints. Empty when not declared.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Resource type","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"updatePolicy":{"name":"updatePolicy","type":"\n","is_mandatory":true,"title":"`UpdatePolicy` attribute","desc":"Used by `AWS::AutoScaling::AutoScalingGroup`, `AWS::ElastiCache::ReplicationGroup`, `AWS::Lambda::Alias`, and a few others to control update behavior. Empty when not declared.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"updateReplacePolicy":{"name":"updateReplacePolicy","type":"\u0007","is_mandatory":true,"title":"`UpdateReplacePolicy` attribute","desc":"One of `Delete`, `Retain`, `RetainExceptOnCreate`, or `Snapshot`. Empty when not declared. Controls what happens to the existing physical resource when an update forces replacement.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"}},"title":"AWS CloudFormation resource declaration","desc":"Examine a single declared resource: logical name, AWS resource type, condition, full properties body, attributes, dependsOn list, and the documentation URL — the unit IaC policies match against to enforce resource-shape rules (encryption, public access, tags, etc.).","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"cloudformation.template":{"id":"cloudformation.template","name":"cloudformation.template","fields":{"conditions":{"name":"conditions","type":"\u001a\u0007\n","title":"Template conditions","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Template description","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"globals":{"name":"globals","type":"\u001a\u0007\n","title":"Template globals","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"mappings":{"name":"mappings","type":"\u001a\u0007\n","title":"Template mappings","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"metadata":{"name":"metadata","type":"\u001a\u0007\n","title":"Template metadata","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"outputs":{"name":"outputs","type":"\u0019\u001bcloudformation.output","title":"Template outputs","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"parameterList":{"name":"parameterList","type":"\u0019\u001bcloudformation.parameter","title":"Parameter declarations as typed objects","desc":"Iterate the `Parameters` section as `cloudformation.parameter` records exposing type, default, allowed values / patterns, length and value bounds, and the `NoEcho` flag — useful for policy that needs to reason about how a stack accepts input. Use `parameters` (the dict form) when you need a key-keyed view of the same data.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"parameters":{"name":"parameters","type":"\u001a\u0007\n","title":"Template parameters","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"resources":{"name":"resources","type":"\u0019\u001bcloudformation.resource","title":"Template resources","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"rules":{"name":"rules","type":"\u001a\u0007\n","title":"Template rules for parameter validation","min_provider_version":"13.0.1","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"transform":{"name":"transform","type":"\u0019\u0007","is_mandatory":true,"title":"Template macros","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"types":{"name":"types","type":"\u0019\u0007","title":"Supported resource types","provider":"go.mondoo.com/mql/v13/providers/cloudformation"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Template format version","provider":"go.mondoo.com/mql/v13/providers/cloudformation"}},"title":"AWS CloudFormation template","desc":"Top-level entry point for static analysis of a CloudFormation template (or SAM template via Transform). Exposes the template metadata (AWSTemplateFormatVersion, Transform, Description), the parameter / mapping / condition / rule / global / metadata sections, the declared resources, the outputs, and the full set of resource types referenced — the surface for IaC policy checks of AWS infrastructure-as-code.","min_provider_version":"11.0.0","defaults":"description","provider":"go.mondoo.com/mql/v13/providers/cloudformation"}}}