This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Connect::SecurityProfile Creates a security profile. For information about security profiles, see [Security Profiles](https://docs.aws.amazon.com/connect/latest/adminguide/connect-security-profiles.html) in the *Amazon Connect Administrator Guide*. For a mapping of the API name and user interface name of the security profile permissions, see [List of security profile permissions](https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-list.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Connect::SecurityProfile", "Properties" : { "[AllowedAccessControlHierarchyGroupId](#cfn-connect-securityprofile-allowedaccesscontrolhierarchygroupid)" : String, "[AllowedAccessControlTags](#cfn-connect-securityprofile-allowedaccesscontroltags)" : [ Tag, ... ], "[AllowedFlowModules](#cfn-connect-securityprofile-allowedflowmodules)" : [ FlowModule, ... ], "[Applications](#cfn-connect-securityprofile-applications)" : [ Application, ... ], "[Description](#cfn-connect-securityprofile-description)" : String, "[GranularAccessControlConfiguration](#cfn-connect-securityprofile-granularaccesscontrolconfiguration)" : GranularAccessControlConfiguration, "[HierarchyRestrictedResources](#cfn-connect-securityprofile-hierarchyrestrictedresources)" : [ String, ... ], "[InstanceArn](#cfn-connect-securityprofile-instancearn)" : String, "[Permissions](#cfn-connect-securityprofile-permissions)" : [ String, ... ], "[SecurityProfileName](#cfn-connect-securityprofile-securityprofilename)" : String, "[TagRestrictedResources](#cfn-connect-securityprofile-tagrestrictedresources)" : [ String, ... ], "[Tags](#cfn-connect-securityprofile-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::Connect::SecurityProfile Properties: [AllowedAccessControlHierarchyGroupId](#cfn-connect-securityprofile-allowedaccesscontrolhierarchygroupid): String [AllowedAccessControlTags](#cfn-connect-securityprofile-allowedaccesscontroltags): - Tag [AllowedFlowModules](#cfn-connect-securityprofile-allowedflowmodules): - FlowModule [Applications](#cfn-connect-securityprofile-applications): - Application [Description](#cfn-connect-securityprofile-description): String [GranularAccessControlConfiguration](#cfn-connect-securityprofile-granularaccesscontrolconfiguration): GranularAccessControlConfiguration [HierarchyRestrictedResources](#cfn-connect-securityprofile-hierarchyrestrictedresources): - String [InstanceArn](#cfn-connect-securityprofile-instancearn): String [Permissions](#cfn-connect-securityprofile-permissions): - String [SecurityProfileName](#cfn-connect-securityprofile-securityprofilename): String [TagRestrictedResources](#cfn-connect-securityprofile-tagrestrictedresources): - String [Tags](#cfn-connect-securityprofile-tags): - Tag ``` ## Properties `AllowedAccessControlHierarchyGroupId` The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect. *Required*: No *Type*: String *Pattern*: `^[a-zA-Z0-9-]+$` *Minimum*: `0` *Maximum*: `127` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AllowedAccessControlTags` The list of tags that a security profile uses to restrict access to resources in Amazon Connect. *Required*: No *Type*: Array of [Tag](aws-properties-connect-securityprofile-tag.md) *Maximum*: `2` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AllowedFlowModules` Property description not available. *Required*: No *Type*: Array of [FlowModule](aws-properties-connect-securityprofile-flowmodule.md) *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Applications` Property description not available. *Required*: No *Type*: Array of [Application](aws-properties-connect-securityprofile-application.md) *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Description` The description of the security profile. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `250` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `GranularAccessControlConfiguration` The granular access control configuration for the security profile, including data table permissions. *Required*: No *Type*: [GranularAccessControlConfiguration](aws-properties-connect-securityprofile-granularaccesscontrolconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `HierarchyRestrictedResources` The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: `User`. *Required*: No *Type*: Array of String *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InstanceArn` The identifier of the Amazon Connect instance. *Required*: Yes *Type*: String *Pattern*: `^arn:aws[-a-z0-9]*:connect:[-a-z0-9]*:[0-9]{12}:instance/[-a-zA-Z0-9]*$` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Permissions` Permissions assigned to the security profile. For a list of valid permissions, see [List of security profile permissions](https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-list.html). *Required*: No *Type*: Array of String *Maximum*: `500` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SecurityProfileName` The name for the security profile. *Required*: Yes *Type*: String *Pattern*: `^[ a-zA-Z0-9_@-]+$` *Minimum*: `1` *Maximum*: `127` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `TagRestrictedResources` The list of resources that a security profile applies tag restrictions to in Amazon Connect. *Required*: No *Type*: Array of String *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The tags used to organize, track, or control access for this resource. For example, \$1 "Tags": \$1"key1":"value1", "key2":"value2"\$1 \$1. *Required*: No *Type*: Array of [Tag](aws-properties-connect-securityprofile-tag.md) *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the name of the security profile. For example: `{ "Ref": "mySecurityProfileName" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `LastModifiedRegion` The AWS Region where this resource was last modified. `LastModifiedTime` The timestamp when this resource was last modified. `SecurityProfileArn` The Amazon Resource Name (ARN) of the security profile. # AWS::Connect::SecurityProfile Application This API is in preview release for Amazon Connect and is subject to change. A third-party application's metadata. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ApplicationPermissions](#cfn-connect-securityprofile-application-applicationpermissions)" : [ String, ... ], "[Namespace](#cfn-connect-securityprofile-application-namespace)" : String, "[Type](#cfn-connect-securityprofile-application-type)" : String } ``` ### YAML ``` [ApplicationPermissions](#cfn-connect-securityprofile-application-applicationpermissions): - String [Namespace](#cfn-connect-securityprofile-application-namespace): String [Type](#cfn-connect-securityprofile-application-type): String ``` ## Properties `ApplicationPermissions` The permissions that the agent is granted on the application. For third-party applications, only the `ACCESS` permission is supported. For MCP Servers, the permissions are tool Identifiers accepted by MCP Server. *Required*: Yes *Type*: Array of String *Maximum*: `10` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Namespace` Namespace of the application that you want to give access to. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` Type of Application. *Required*: No *Type*: String *Allowed values*: `MCP | THIRD_PARTY_APPLICATION` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Connect::SecurityProfile DataTableAccessControlConfiguration A data table access control configuration. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PrimaryAttributeAccessControlConfiguration](#cfn-connect-securityprofile-datatableaccesscontrolconfiguration-primaryattributeaccesscontrolconfiguration)" : PrimaryAttributeAccessControlConfigurationItem } ``` ### YAML ``` [PrimaryAttributeAccessControlConfiguration](#cfn-connect-securityprofile-datatableaccesscontrolconfiguration-primaryattributeaccesscontrolconfiguration): PrimaryAttributeAccessControlConfigurationItem ``` ## Properties `PrimaryAttributeAccessControlConfiguration` The configuration's primary attribute access control configuration. *Required*: No *Type*: [PrimaryAttributeAccessControlConfigurationItem](aws-properties-connect-securityprofile-primaryattributeaccesscontrolconfigurationitem.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Connect::SecurityProfile FlowModule A list of Flow Modules an AI Agent can invoke as a tool ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FlowModuleId](#cfn-connect-securityprofile-flowmodule-flowmoduleid)" : String, "[Type](#cfn-connect-securityprofile-flowmodule-type)" : String } ``` ### YAML ``` [FlowModuleId](#cfn-connect-securityprofile-flowmodule-flowmoduleid): String [Type](#cfn-connect-securityprofile-flowmodule-type): String ``` ## Properties `FlowModuleId` If of Flow Modules invocable as tool *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` Only Type we support is MCP. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Connect::SecurityProfile GranularAccessControlConfiguration Contains granular access control configuration for security profiles, including data table access permissions. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DataTableAccessControlConfiguration](#cfn-connect-securityprofile-granularaccesscontrolconfiguration-datatableaccesscontrolconfiguration)" : DataTableAccessControlConfiguration } ``` ### YAML ``` [DataTableAccessControlConfiguration](#cfn-connect-securityprofile-granularaccesscontrolconfiguration-datatableaccesscontrolconfiguration): DataTableAccessControlConfiguration ``` ## Properties `DataTableAccessControlConfiguration` The access control configuration for data tables. *Required*: No *Type*: [DataTableAccessControlConfiguration](aws-properties-connect-securityprofile-datatableaccesscontrolconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Connect::SecurityProfile PrimaryAttributeAccessControlConfigurationItem A primary attribute access control configuration item. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[PrimaryAttributeValues](#cfn-connect-securityprofile-primaryattributeaccesscontrolconfigurationitem-primaryattributevalues)" : [ PrimaryAttributeValue, ... ] } ``` ### YAML ``` [PrimaryAttributeValues](#cfn-connect-securityprofile-primaryattributeaccesscontrolconfigurationitem-primaryattributevalues): - PrimaryAttributeValue ``` ## Properties `PrimaryAttributeValues` The item's primary attribute values. *Required*: Yes *Type*: Array of [PrimaryAttributeValue](aws-properties-connect-securityprofile-primaryattributevalue.md) *Minimum*: `1` *Maximum*: `5` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Connect::SecurityProfile PrimaryAttributeValue A primary attribute value. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AccessType](#cfn-connect-securityprofile-primaryattributevalue-accesstype)" : String, "[AttributeName](#cfn-connect-securityprofile-primaryattributevalue-attributename)" : String, "[Values](#cfn-connect-securityprofile-primaryattributevalue-values)" : [ String, ... ] } ``` ### YAML ``` [AccessType](#cfn-connect-securityprofile-primaryattributevalue-accesstype): String [AttributeName](#cfn-connect-securityprofile-primaryattributevalue-attributename): String [Values](#cfn-connect-securityprofile-primaryattributevalue-values): - String ``` ## Properties `AccessType` The value's access type. *Required*: Yes *Type*: String *Allowed values*: `ALLOW` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AttributeName` The value's attribute name. *Required*: Yes *Type*: String *Pattern*: `^(?!aws:|connect:)[\p{L}\p{Z}\p{N}\-_.:=@'|]+$` *Minimum*: `1` *Maximum*: `127` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Values` The value's values. *Required*: Yes *Type*: Array of String *Minimum*: `1 | 1` *Maximum*: `1000 | 2` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Connect::SecurityProfile Tag A key-value pair to associate with a resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-connect-securityprofile-tag-key)" : String, "[Value](#cfn-connect-securityprofile-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-connect-securityprofile-tag-key): String [Value](#cfn-connect-securityprofile-tag-value): String ``` ## Properties `Key` The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, \$1, ., /, =, \$1, and - *Required*: Yes *Type*: String *Pattern*: `^(?!aws:)[a-zA-Z+-=._:/]+$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, \$1, ., /, =, \$1, and - *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)