chore(release): 2.154.0 #31176
Merged
chore(release): 2.154.0 #31176
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(description based on #30479) ### Reason for this change Add support for newly supported 8.0.mysql_aurora.3.07.1. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.3071.html ### Description of changes Add a new version as a new property to AuroraMysqlEngineVersion class. ### Description of how you validated changes I used the AWS CLI to verify that the new version is available. ```bash $ aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[?EngineVersion=='8.0.mysql_aurora.3.07.1']" [ { "Engine": "aurora-mysql", "EngineVersion": "8.0.mysql_aurora.3.07.1", "DBParameterGroupFamily": "aurora-mysql8.0", "DBEngineDescription": "Aurora MySQL", "DBEngineVersionDescription": "Aurora MySQL 3.07.1 (compatible with MySQL 8.0.36)", "ValidUpgradeTarget": [], "ExportableLogTypes": [ "audit", "error", "general", "slowquery" ], "SupportsLogExportsToCloudwatchLogs": true, "SupportsReadReplica": false, "SupportedEngineModes": [ "provisioned" ], "SupportedFeatureNames": [ "Bedrock" ], "Status": "available", "SupportsParallelQuery": true, "SupportsGlobalDatabases": true, "MajorEngineVersion": "8.0", "SupportsBabelfish": false, "SupportsLimitlessDatabase": false, "SupportsCertificateRotationWithoutRestart": true, "SupportedCACertificateIdentifiers": [ "rds-ca-2019", "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], "SupportsLocalWriteForwarding": true, "SupportsIntegrations": true } ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Add support for newly supported aurora-postgresql16 16.3. ### Description of changes Add a new version as a new property to AuroraPostgresEngineVersion class. (see https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-versions.html) The change already happened with #30242 and was reverted by #30296 as the version was not available. ### Description of how you validated changes The version 16.3 is available now: ```bash $ aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[?EngineVersion=='16.3']" [ { "Engine": "aurora-postgresql", "EngineVersion": "16.3", "DBParameterGroupFamily": "aurora-postgresql16", "DBEngineDescription": "Aurora (PostgreSQL)", "DBEngineVersionDescription": "Aurora PostgreSQL (Compatible with PostgreSQL 16.3)", "ValidUpgradeTarget": [], "ExportableLogTypes": [ "postgresql" ], "SupportsLogExportsToCloudwatchLogs": true, "SupportsReadReplica": false, "SupportedEngineModes": [ "provisioned" ], "SupportedFeatureNames": [ "Comprehend", "Lambda", "s3Export", "s3Import", "SageMaker" ], "Status": "available", "SupportsParallelQuery": false, "SupportsGlobalDatabases": true, "MajorEngineVersion": "16", "SupportsBabelfish": true, "SupportsLimitlessDatabase": false, "SupportsCertificateRotationWithoutRestart": true, "SupportedCACertificateIdentifiers": [ "rds-ca-2019", "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], "SupportsLocalWriteForwarding": true, "SupportsIntegrations": false } ] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-amazonmq
│ └ resources
│ ├[~] resource AWS::AmazonMQ::Broker
│ │ └ properties
│ │ ├ AutoMinorVersionUpgrade: - boolean (required)
│ │ │ + boolean
│ │ └ EngineVersion: - string (required)
│ │ + string
│ └[~] resource AWS::AmazonMQ::Configuration
│ └ properties
│ └ EngineVersion: - string (required, immutable)
│ + string (immutable)
├[~] service aws-apptest
│ └ resources
│ └[~] resource AWS::AppTest::TestCase
│ └ types
│ ├[~] type M2ManagedActionProperties
│ │ ├ - documentation: Specifies the AWS Mainframe Modernization managed action properties.
│ │ │ + documentation: Specifies the Mainframe Modernization managed action properties.
│ │ └ properties
│ │ ├ ForceStop: (documentation changed)
│ │ └ ImportDataSetLocation: (documentation changed)
│ ├[~] type M2ManagedApplicationAction
│ │ ├ - documentation: Specifies the AWS Mainframe Modernization managed application action.
│ │ │ + documentation: Specifies the Mainframe Modernization managed application action.
│ │ └ properties
│ │ ├ ActionType: (documentation changed)
│ │ ├ Properties: (documentation changed)
│ │ └ Resource: (documentation changed)
│ ├[~] type M2NonManagedApplicationAction
│ │ ├ - documentation: Specifies the AWS Mainframe Modernization non-managed application action.
│ │ │ + documentation: Specifies the Mainframe Modernization non-managed application action.
│ │ └ properties
│ │ ├ ActionType: (documentation changed)
│ │ └ Resource: (documentation changed)
│ └[~] type ResourceAction
│ └ properties
│ ├ M2ManagedApplicationAction: (documentation changed)
│ └ M2NonManagedApplicationAction: (documentation changed)
├[~] service aws-arczonalshift
│ └ resources
│ └[+] resource AWS::ARCZonalShift::AutoshiftObserverNotificationStatus
│ ├ name: AutoshiftObserverNotificationStatus
│ │ cloudFormationType: AWS::ARCZonalShift::AutoshiftObserverNotificationStatus
│ │ documentation: Definition of AWS::ARCZonalShift::AutoshiftObserverNotificationStatus Resource Type
│ ├ properties
│ │ └Status: string (required, immutable)
│ └ attributes
│ ├AccountId: string
│ └Region: string
├[~] service aws-batch
│ └ resources
│ └[~] resource AWS::Batch::JobDefinition
│ └ types
│ └[~] type NodeRangeProperty
│ └ properties
│ └[+] EksProperties: EksProperties
├[~] service aws-bedrock
│ └ resources
│ ├[+] resource AWS::Bedrock::Flow
│ │ ├ name: Flow
│ │ │ cloudFormationType: AWS::Bedrock::Flow
│ │ │ documentation: Creates a prompt flow that you can use to send an input through various steps to yield an output. You define a flow by configuring nodes, each of which corresponds to a step of the flow, and creating connections between the nodes to create paths to different outputs. You can define the flow in one of the following ways:
│ │ │ - Define a [FlowDefinition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-flow-flowdefinition.html) in the `Definition` property.
│ │ │ - Provide the definition in the `DefinitionString` property as a JSON-formatted string matching the [FlowDefinition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-flow-flowdefinition.html) property.
│ │ │ - Provide an Amazon S3 location in the `DefinitionS3Location` property that matches the [FlowDefinition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-flow-flowdefinition.html) .
│ │ │ If you use the `DefinitionString` or `DefinitionS3Location` property, you can use the `DefinitionSubstitutions` property to define key-value pairs to replace at runtime.
│ │ │ For more information, see [How it works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-how-it-works.html) and [Create a prompt flow in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-create.html) in the Amazon Bedrock User Guide.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ │ ├ properties
│ │ │ ├Definition: FlowDefinition
│ │ │ ├DefinitionString: string
│ │ │ ├DefinitionS3Location: S3Location
│ │ │ ├DefinitionSubstitutions: Map<string, string | integer | boolean>
│ │ │ ├Description: string
│ │ │ ├ExecutionRoleArn: string (required)
│ │ │ ├Name: string (required)
│ │ │ ├CustomerEncryptionKeyArn: string
│ │ │ ├Tags: Map<string, string>
│ │ │ └TestAliasTags: Map<string, string>
│ │ ├ attributes
│ │ │ ├Arn: string
│ │ │ ├CreatedAt: string
│ │ │ ├Id: string
│ │ │ ├Status: string
│ │ │ ├UpdatedAt: string
│ │ │ └Version: string
│ │ └ types
│ │ ├type FlowDefinition
│ │ │├ documentation: The definition of the nodes and connections between nodes in the flow.
│ │ ││ name: FlowDefinition
│ │ │└ properties
│ │ │ ├Nodes: Array<FlowNode>
│ │ │ └Connections: Array<FlowConnection>
│ │ ├type FlowNode
│ │ │├ documentation: Contains configurations about a node in the flow.
│ │ ││ name: FlowNode
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ ├Type: string (required)
│ │ │ ├Configuration: FlowNodeConfiguration
│ │ │ ├Inputs: Array<FlowNodeInput>
│ │ │ └Outputs: Array<FlowNodeOutput>
│ │ ├type FlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a node in your flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: FlowNodeConfiguration
│ │ │└ properties
│ │ │ ├Input: json
│ │ │ ├Output: json
│ │ │ ├KnowledgeBase: KnowledgeBaseFlowNodeConfiguration
│ │ │ ├Condition: ConditionFlowNodeConfiguration
│ │ │ ├Lex: LexFlowNodeConfiguration
│ │ │ ├Prompt: PromptFlowNodeConfiguration
│ │ │ └LambdaFunction: LambdaFunctionFlowNodeConfiguration
│ │ ├type KnowledgeBaseFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a knowledge base node in a flow. This node takes a query as the input and returns, as the output, the retrieved responses directly (as an array) or a response generated based on the retrieved responses. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: KnowledgeBaseFlowNodeConfiguration
│ │ │└ properties
│ │ │ ├KnowledgeBaseId: string (required)
│ │ │ └ModelId: string
│ │ ├type ConditionFlowNodeConfiguration
│ │ │├ documentation: Defines a condition node in your flow. You can specify conditions that determine which node comes next in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: ConditionFlowNodeConfiguration
│ │ │└ properties
│ │ │ └Conditions: Array<FlowCondition> (required)
│ │ ├type FlowCondition
│ │ │├ documentation: Defines a condition in the condition node.
│ │ ││ name: FlowCondition
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ └Expression: string
│ │ ├type LexFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a Lex node in the flow. You specify a Amazon Lex bot to invoke. This node takes an utterance as the input and returns as the output the intent identified by the Amazon Lex bot. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: LexFlowNodeConfiguration
│ │ │└ properties
│ │ │ ├BotAliasArn: string (required)
│ │ │ └LocaleId: string (required)
│ │ ├type PromptFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a prompt node in the flow. You can use a prompt from Prompt management or you can define one in this node. If the prompt contains variables, the inputs into this node will fill in the variables. The output from this node is the response generated by the model. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: PromptFlowNodeConfiguration
│ │ │└ properties
│ │ │ └SourceConfiguration: PromptFlowNodeSourceConfiguration (required)
│ │ ├type PromptFlowNodeSourceConfiguration
│ │ │├ documentation: Contains configurations for a prompt and whether it is from Prompt management or defined inline.
│ │ ││ name: PromptFlowNodeSourceConfiguration
│ │ │└ properties
│ │ │ ├Resource: PromptFlowNodeResourceConfiguration
│ │ │ └Inline: PromptFlowNodeInlineConfiguration
│ │ ├type PromptFlowNodeResourceConfiguration
│ │ │├ documentation: Contains configurations for a prompt from Prompt management to use in a node.
│ │ ││ name: PromptFlowNodeResourceConfiguration
│ │ │└ properties
│ │ │ └PromptArn: string (required)
│ │ ├type PromptFlowNodeInlineConfiguration
│ │ │├ documentation: Contains configurations for a prompt defined inline in the node.
│ │ ││ name: PromptFlowNodeInlineConfiguration
│ │ │└ properties
│ │ │ ├TemplateType: string (required)
│ │ │ ├TemplateConfiguration: PromptTemplateConfiguration (required)
│ │ │ ├ModelId: string (required)
│ │ │ └InferenceConfiguration: PromptInferenceConfiguration
│ │ ├type PromptTemplateConfiguration
│ │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) .
│ │ ││ name: PromptTemplateConfiguration
│ │ │└ properties
│ │ │ └Text: TextPromptTemplateConfiguration (required)
│ │ ├type TextPromptTemplateConfiguration
│ │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` .
│ │ ││ name: TextPromptTemplateConfiguration
│ │ │└ properties
│ │ │ ├Text: string (required)
│ │ │ └InputVariables: Array<PromptInputVariable>
│ │ ├type PromptInputVariable
│ │ │├ documentation: Contains information about a variable in the prompt.
│ │ ││ name: PromptInputVariable
│ │ │└ properties
│ │ │ └Name: string
│ │ ├type PromptInferenceConfiguration
│ │ │├ documentation: Contains inference configurations for the prompt.
│ │ ││ name: PromptInferenceConfiguration
│ │ │└ properties
│ │ │ └Text: PromptModelInferenceConfiguration (required)
│ │ ├type PromptModelInferenceConfiguration
│ │ │├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) .
│ │ ││ name: PromptModelInferenceConfiguration
│ │ │└ properties
│ │ │ ├Temperature: number
│ │ │ ├TopP: number
│ │ │ ├TopK: number
│ │ │ ├MaxTokens: number
│ │ │ └StopSequences: Array<string>
│ │ ├type LambdaFunctionFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a Lambda function node in the flow. You specify the Lambda function to invoke and the inputs into the function. The output is the response that is defined in the Lambda function. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: LambdaFunctionFlowNodeConfiguration
│ │ │└ properties
│ │ │ └LambdaArn: string (required)
│ │ ├type FlowNodeInput
│ │ │├ documentation: Contains configurations for an input to a node.
│ │ ││ name: FlowNodeInput
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ ├Type: string (required)
│ │ │ └Expression: string (required)
│ │ ├type FlowNodeOutput
│ │ │├ documentation: Contains configurations for an output from a node.
│ │ ││ name: FlowNodeOutput
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ └Type: string (required)
│ │ ├type FlowConnection
│ │ │├ documentation: Contains information about a connection between two nodes in the flow.
│ │ ││ name: FlowConnection
│ │ │└ properties
│ │ │ ├Type: string (required)
│ │ │ ├Name: string (required)
│ │ │ ├Source: string (required)
│ │ │ ├Target: string (required)
│ │ │ └Configuration: FlowConnectionConfiguration
│ │ ├type FlowConnectionConfiguration
│ │ │├ documentation: The configuration of the connection.
│ │ ││ name: FlowConnectionConfiguration
│ │ │└ properties
│ │ │ ├Data: FlowDataConnectionConfiguration
│ │ │ └Conditional: FlowConditionalConnectionConfiguration
│ │ ├type FlowDataConnectionConfiguration
│ │ │├ documentation: The configuration of a connection originating from a node that isn't a Condition node.
│ │ ││ name: FlowDataConnectionConfiguration
│ │ │└ properties
│ │ │ ├SourceOutput: string (required)
│ │ │ └TargetInput: string (required)
│ │ ├type FlowConditionalConnectionConfiguration
│ │ │├ documentation: The configuration of a connection between a condition node and another node.
│ │ ││ name: FlowConditionalConnectionConfiguration
│ │ │└ properties
│ │ │ └Condition: string (required)
│ │ └type S3Location
│ │ ├ documentation: The S3 location of the flow definition.
│ │ │ name: S3Location
│ │ └ properties
│ │ ├Bucket: string (required)
│ │ ├Key: string (required)
│ │ └Version: string
│ ├[+] resource AWS::Bedrock::FlowAlias
│ │ ├ name: FlowAlias
│ │ │ cloudFormationType: AWS::Bedrock::FlowAlias
│ │ │ documentation: Creates an alias of a flow for deployment. For more information, see [Deploy a flow in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-deploy.html) in the Amazon Bedrock User Guide.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ │ ├ properties
│ │ │ ├FlowArn: string (required, immutable)
│ │ │ ├Description: string
│ │ │ ├Name: string (required)
│ │ │ ├RoutingConfiguration: Array<FlowAliasRoutingConfigurationListItem> (required)
│ │ │ └Tags: Map<string, string>
│ │ ├ attributes
│ │ │ ├Arn: string
│ │ │ ├CreatedAt: string
│ │ │ ├FlowId: string
│ │ │ ├Id: string
│ │ │ └UpdatedAt: string
│ │ └ types
│ │ └type FlowAliasRoutingConfigurationListItem
│ │ ├ documentation: Contains information about a version that the alias maps to.
│ │ │ name: FlowAliasRoutingConfigurationListItem
│ │ └ properties
│ │ └FlowVersion: string
│ ├[+] resource AWS::Bedrock::FlowVersion
│ │ ├ name: FlowVersion
│ │ │ cloudFormationType: AWS::Bedrock::FlowVersion
│ │ │ documentation: Creates a version of the flow that you can deploy. For more information, see [Deploy a flow in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-deploy.html) in the Amazon Bedrock User Guide.
│ │ ├ properties
│ │ │ ├FlowArn: string (required, immutable)
│ │ │ └Description: string (immutable)
│ │ ├ attributes
│ │ │ ├CreatedAt: string
│ │ │ ├Definition: FlowDefinition
│ │ │ ├ExecutionRoleArn: string
│ │ │ ├FlowId: string
│ │ │ ├Name: string
│ │ │ ├Status: string
│ │ │ └Version: string
│ │ └ types
│ │ ├type FlowDefinition
│ │ │├ documentation: The definition of the nodes and connections between nodes in the flow.
│ │ ││ name: FlowDefinition
│ │ │└ properties
│ │ │ ├Nodes: Array<FlowNode>
│ │ │ └Connections: Array<FlowConnection>
│ │ ├type FlowNode
│ │ │├ documentation: Contains configurations about a node in the flow.
│ │ ││ name: FlowNode
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ ├Type: string (required)
│ │ │ ├Configuration: FlowNodeConfiguration
│ │ │ ├Inputs: Array<FlowNodeInput>
│ │ │ └Outputs: Array<FlowNodeOutput>
│ │ ├type FlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a node in your flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: FlowNodeConfiguration
│ │ │└ properties
│ │ │ ├Input: json
│ │ │ ├Output: json
│ │ │ ├KnowledgeBase: KnowledgeBaseFlowNodeConfiguration
│ │ │ ├Condition: ConditionFlowNodeConfiguration
│ │ │ ├Lex: LexFlowNodeConfiguration
│ │ │ ├Prompt: PromptFlowNodeConfiguration
│ │ │ └LambdaFunction: LambdaFunctionFlowNodeConfiguration
│ │ ├type KnowledgeBaseFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a knowledge base node in a flow. This node takes a query as the input and returns, as the output, the retrieved responses directly (as an array) or a response generated based on the retrieved responses. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: KnowledgeBaseFlowNodeConfiguration
│ │ │└ properties
│ │ │ ├KnowledgeBaseId: string (required)
│ │ │ └ModelId: string
│ │ ├type ConditionFlowNodeConfiguration
│ │ │├ documentation: Defines a condition node in your flow. You can specify conditions that determine which node comes next in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: ConditionFlowNodeConfiguration
│ │ │└ properties
│ │ │ └Conditions: Array<FlowCondition> (required)
│ │ ├type FlowCondition
│ │ │├ documentation: Defines a condition in the condition node.
│ │ ││ name: FlowCondition
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ └Expression: string
│ │ ├type LexFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a Lex node in the flow. You specify a Amazon Lex bot to invoke. This node takes an utterance as the input and returns as the output the intent identified by the Amazon Lex bot. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: LexFlowNodeConfiguration
│ │ │└ properties
│ │ │ ├BotAliasArn: string (required)
│ │ │ └LocaleId: string (required)
│ │ ├type PromptFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a prompt node in the flow. You can use a prompt from Prompt management or you can define one in this node. If the prompt contains variables, the inputs into this node will fill in the variables. The output from this node is the response generated by the model. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: PromptFlowNodeConfiguration
│ │ │└ properties
│ │ │ └SourceConfiguration: PromptFlowNodeSourceConfiguration (required)
│ │ ├type PromptFlowNodeSourceConfiguration
│ │ │├ documentation: Contains configurations for a prompt and whether it is from Prompt management or defined inline.
│ │ ││ name: PromptFlowNodeSourceConfiguration
│ │ │└ properties
│ │ │ ├Resource: PromptFlowNodeResourceConfiguration
│ │ │ └Inline: PromptFlowNodeInlineConfiguration
│ │ ├type PromptFlowNodeResourceConfiguration
│ │ │├ documentation: Contains configurations for a prompt from Prompt management to use in a node.
│ │ ││ name: PromptFlowNodeResourceConfiguration
│ │ │└ properties
│ │ │ └PromptArn: string (required)
│ │ ├type PromptFlowNodeInlineConfiguration
│ │ │├ documentation: Contains configurations for a prompt defined inline in the node.
│ │ ││ name: PromptFlowNodeInlineConfiguration
│ │ │└ properties
│ │ │ ├TemplateType: string (required)
│ │ │ ├TemplateConfiguration: PromptTemplateConfiguration (required)
│ │ │ ├ModelId: string (required)
│ │ │ └InferenceConfiguration: PromptInferenceConfiguration
│ │ ├type PromptTemplateConfiguration
│ │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) .
│ │ ││ name: PromptTemplateConfiguration
│ │ │└ properties
│ │ │ └Text: TextPromptTemplateConfiguration (required)
│ │ ├type TextPromptTemplateConfiguration
│ │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` .
│ │ ││ name: TextPromptTemplateConfiguration
│ │ │└ properties
│ │ │ ├Text: string (required)
│ │ │ └InputVariables: Array<PromptInputVariable>
│ │ ├type PromptInputVariable
│ │ │├ documentation: Contains information about a variable in the prompt.
│ │ ││ name: PromptInputVariable
│ │ │└ properties
│ │ │ └Name: string
│ │ ├type PromptInferenceConfiguration
│ │ │├ documentation: Contains inference configurations for the prompt.
│ │ ││ name: PromptInferenceConfiguration
│ │ │└ properties
│ │ │ └Text: PromptModelInferenceConfiguration (required)
│ │ ├type PromptModelInferenceConfiguration
│ │ │├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) .
│ │ ││ name: PromptModelInferenceConfiguration
│ │ │└ properties
│ │ │ ├Temperature: number
│ │ │ ├TopP: number
│ │ │ ├TopK: number
│ │ │ ├MaxTokens: number
│ │ │ └StopSequences: Array<string>
│ │ ├type LambdaFunctionFlowNodeConfiguration
│ │ │├ documentation: Contains configurations for a Lambda function node in the flow. You specify the Lambda function to invoke and the inputs into the function. The output is the response that is defined in the Lambda function. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide.
│ │ ││ name: LambdaFunctionFlowNodeConfiguration
│ │ │└ properties
│ │ │ └LambdaArn: string (required)
│ │ ├type FlowNodeInput
│ │ │├ documentation: Contains configurations for an input to a node.
│ │ ││ name: FlowNodeInput
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ ├Type: string (required)
│ │ │ └Expression: string (required)
│ │ ├type FlowNodeOutput
│ │ │├ documentation: Contains configurations for an output from a node.
│ │ ││ name: FlowNodeOutput
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ └Type: string (required)
│ │ ├type FlowConnection
│ │ │├ documentation: Contains information about a connection between two nodes in the flow.
│ │ ││ name: FlowConnection
│ │ │└ properties
│ │ │ ├Type: string (required)
│ │ │ ├Name: string (required)
│ │ │ ├Source: string (required)
│ │ │ ├Target: string (required)
│ │ │ └Configuration: FlowConnectionConfiguration
│ │ ├type FlowConnectionConfiguration
│ │ │├ documentation: The configuration of the connection.
│ │ ││ name: FlowConnectionConfiguration
│ │ │└ properties
│ │ │ ├Data: FlowDataConnectionConfiguration
│ │ │ └Conditional: FlowConditionalConnectionConfiguration
│ │ ├type FlowDataConnectionConfiguration
│ │ │├ documentation: The configuration of a connection originating from a node that isn't a Condition node.
│ │ ││ name: FlowDataConnectionConfiguration
│ │ │└ properties
│ │ │ ├SourceOutput: string (required)
│ │ │ └TargetInput: string (required)
│ │ └type FlowConditionalConnectionConfiguration
│ │ ├ documentation: The configuration of a connection between a condition node and another node.
│ │ │ name: FlowConditionalConnectionConfiguration
│ │ └ properties
│ │ └Condition: string (required)
│ ├[~] resource AWS::Bedrock::Guardrail
│ │ ├ properties
│ │ │ └[+] ContextualGroundingPolicyConfig: ContextualGroundingPolicyConfig
│ │ └ types
│ │ ├[+] type ContextualGroundingFilterConfig
│ │ │ ├ documentation: A config for grounding filter.
│ │ │ │ name: ContextualGroundingFilterConfig
│ │ │ └ properties
│ │ │ ├Type: string (required)
│ │ │ └Threshold: number (required)
│ │ └[+] type ContextualGroundingPolicyConfig
│ │ ├ documentation: Contextual grounding policy config for a guardrail.
│ │ │ name: ContextualGroundingPolicyConfig
│ │ └ properties
│ │ └FiltersConfig: Array<ContextualGroundingFilterConfig> (required)
│ ├[~] resource AWS::Bedrock::KnowledgeBase
│ │ └ types
│ │ ├[+] type BedrockEmbeddingModelConfiguration
│ │ │ ├ documentation: The vector configuration details for the Bedrock embeddings model.
│ │ │ │ name: BedrockEmbeddingModelConfiguration
│ │ │ └ properties
│ │ │ └Dimensions: integer
│ │ ├[+] type EmbeddingModelConfiguration
│ │ │ ├ documentation: The configuration details for the embeddings model.
│ │ │ │ name: EmbeddingModelConfiguration
│ │ │ └ properties
│ │ │ └BedrockEmbeddingModelConfiguration: BedrockEmbeddingModelConfiguration
│ │ └[~] type VectorKnowledgeBaseConfiguration
│ │ └ properties
│ │ └[+] EmbeddingModelConfiguration: EmbeddingModelConfiguration
│ ├[+] resource AWS::Bedrock::Prompt
│ │ ├ name: Prompt
│ │ │ cloudFormationType: AWS::Bedrock::Prompt
│ │ │ documentation: Creates a prompt in your prompt library that you can add to a flow. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) , [Create a prompt using Prompt management](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-create.html) and [Prompt flows in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/flows.html) in the Amazon Bedrock User Guide.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"}
│ │ ├ properties
│ │ │ ├DefaultVariant: string
│ │ │ ├Description: string
│ │ │ ├Name: string (required)
│ │ │ ├Variants: Array<PromptVariant>
│ │ │ ├Tags: Map<string, string>
│ │ │ └CustomerEncryptionKeyArn: string
│ │ ├ attributes
│ │ │ ├Arn: string
│ │ │ ├CreatedAt: string
│ │ │ ├Id: string
│ │ │ ├UpdatedAt: string
│ │ │ └Version: string
│ │ └ types
│ │ ├type PromptVariant
│ │ │├ documentation: Contains details about a variant of the prompt.
│ │ ││ name: PromptVariant
│ │ │└ properties
│ │ │ ├Name: string (required)
│ │ │ ├TemplateType: string (required)
│ │ │ ├TemplateConfiguration: PromptTemplateConfiguration
│ │ │ ├ModelId: string
│ │ │ └InferenceConfiguration: PromptInferenceConfiguration
│ │ ├type PromptTemplateConfiguration
│ │ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) .
│ │ ││ name: PromptTemplateConfiguration
│ │ │└ properties
│ │ │ └Text: TextPromptTemplateConfiguration (required)
│ │ ├type TextPromptTemplateConfiguration
│ │ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` .
│ │ ││ name: TextPromptTemplateConfiguration
│ │ │└ properties
│ │ │ ├Text: string
│ │ │ ├TextS3Location: TextS3Location
│ │ │ └InputVariables: Array<PromptInputVariable>
│ │ ├type TextS3Location
│ │ │├ documentation: The Amazon S3 location of the prompt text.
│ │ ││ name: TextS3Location
│ │ │└ properties
│ │ │ ├Bucket: string (required)
│ │ │ ├Key: string (required)
│ │ │ └Version: string
│ │ ├type PromptInputVariable
│ │ │├ documentation: Contains information about a variable in the prompt.
│ │ ││ name: PromptInputVariable
│ │ │└ properties
│ │ │ └Name: string
│ │ ├type PromptInferenceConfiguration
│ │ │├ documentation: Contains inference configurations for the prompt.
│ │ ││ name: PromptInferenceConfiguration
│ │ │└ properties
│ │ │ └Text: PromptModelInferenceConfiguration (required)
│ │ └type PromptModelInferenceConfiguration
│ │ ├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) .
│ │ │ name: PromptModelInferenceConfiguration
│ │ └ properties
│ │ ├Temperature: number
│ │ ├TopP: number
│ │ ├TopK: number
│ │ ├MaxTokens: number
│ │ └StopSequences: Array<string>
│ └[+] resource AWS::Bedrock::PromptVersion
│ ├ name: PromptVersion
│ │ cloudFormationType: AWS::Bedrock::PromptVersion
│ │ documentation: Creates a static snapshot of your prompt that can be deployed to production. For more information, see [Deploy prompts using Prompt management by creating versions](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management-deploy.html) in the Amazon Bedrock User Guide.
│ ├ properties
│ │ ├PromptArn: string (required, immutable)
│ │ └Description: string (immutable)
│ ├ attributes
│ │ ├Arn: string
│ │ ├CreatedAt: string
│ │ ├PromptId: string
│ │ ├UpdatedAt: string
│ │ ├Version: string
│ │ ├Name: string
│ │ ├DefaultVariant: string
│ │ └Variants: Array<PromptVariant>
│ └ types
│ ├type PromptVariant
│ │├ documentation: Contains details about a variant of the prompt.
│ ││ name: PromptVariant
│ │└ properties
│ │ ├Name: string (required)
│ │ ├TemplateType: string (required)
│ │ ├TemplateConfiguration: PromptTemplateConfiguration
│ │ ├ModelId: string
│ │ └InferenceConfiguration: PromptInferenceConfiguration
│ ├type PromptTemplateConfiguration
│ │├ documentation: Contains the message for a prompt. For more information, see [Prompt management in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-management.html) .
│ ││ name: PromptTemplateConfiguration
│ │└ properties
│ │ └Text: TextPromptTemplateConfiguration (required)
│ ├type TextPromptTemplateConfiguration
│ │├ documentation: Contains configurations for a text prompt template. To include a variable, enclose a word in double curly braces as in `{{variable}}` .
│ ││ name: TextPromptTemplateConfiguration
│ │└ properties
│ │ ├Text: string (required)
│ │ └InputVariables: Array<PromptInputVariable>
│ ├type PromptInputVariable
│ │├ documentation: Contains information about a variable in the prompt.
│ ││ name: PromptInputVariable
│ │└ properties
│ │ └Name: string
│ ├type PromptInferenceConfiguration
│ │├ documentation: Contains inference configurations for the prompt.
│ ││ name: PromptInferenceConfiguration
│ │└ properties
│ │ └Text: PromptModelInferenceConfiguration (required)
│ └type PromptModelInferenceConfiguration
│ ├ documentation: Contains inference configurations related to model inference for a prompt. For more information, see [Inference parameters](https://docs.aws.amazon.com/bedrock/latest/userguide/inference-parameters.html) .
│ │ name: PromptModelInferenceConfiguration
│ └ properties
│ ├Temperature: number
│ ├TopP: number
│ ├TopK: number
│ ├MaxTokens: number
│ └StopSequences: Array<string>
├[~] service aws-cleanrooms
│ └ resources
│ ├[~] resource AWS::CleanRooms::ConfiguredTable
│ │ ├ properties
│ │ │ └ AnalysisRules: (documentation changed)
│ │ └ types
│ │ ├[~] type AnalysisRuleAggregation
│ │ │ └ properties
│ │ │ └[+] AdditionalAnalyses: string
│ │ ├[~] type AnalysisRuleCustom
│ │ │ └ properties
│ │ │ ├[+] AdditionalAnalyses: string
│ │ │ └[+] DisallowedOutputColumns: Array<string>
│ │ └[~] type AnalysisRuleList
│ │ └ properties
│ │ └[+] AdditionalAnalyses: string
│ ├[~] resource AWS::CleanRooms::ConfiguredTableAssociation
│ │ ├ properties
│ │ │ └[+] ConfiguredTableAssociationAnalysisRules: Array<ConfiguredTableAssociationAnalysisRule>
│ │ └ types
│ │ ├[+] type ConfiguredTableAssociationAnalysisRule
│ │ │ ├ documentation: An analysis rule for a configured table association. This analysis rule specifies how data from the table can be used within its associated collaboration. In the console, the `ConfiguredTableAssociationAnalysisRule` is referred to as the *collaboration analysis rule* .
│ │ │ │ name: ConfiguredTableAssociationAnalysisRule
│ │ │ └ properties
│ │ │ ├Type: string (required)
│ │ │ └Policy: ConfiguredTableAssociationAnalysisRulePolicy (required)
│ │ ├[+] type ConfiguredTableAssociationAnalysisRuleAggregation
│ │ │ ├ documentation: The configured table association analysis rule applied to a configured table with the aggregation analysis rule.
│ │ │ │ name: ConfiguredTableAssociationAnalysisRuleAggregation
│ │ │ └ properties
│ │ │ ├AllowedResultReceivers: Array<string>
│ │ │ └AllowedAdditionalAnalyses: Array<string>
│ │ ├[+] type ConfiguredTableAssociationAnalysisRuleCustom
│ │ │ ├ documentation: The configured table association analysis rule applied to a configured table with the custom analysis rule.
│ │ │ │ name: ConfiguredTableAssociationAnalysisRuleCustom
│ │ │ └ properties
│ │ │ ├AllowedResultReceivers: Array<string>
│ │ │ └AllowedAdditionalAnalyses: Array<string>
│ │ ├[+] type ConfiguredTableAssociationAnalysisRuleList
│ │ │ ├ documentation: The configured table association analysis rule applied to a configured table with the list analysis rule.
│ │ │ │ name: ConfiguredTableAssociationAnalysisRuleList
│ │ │ └ properties
│ │ │ ├AllowedResultReceivers: Array<string>
│ │ │ └AllowedAdditionalAnalyses: Array<string>
│ │ ├[+] type ConfiguredTableAssociationAnalysisRulePolicy
│ │ │ ├ documentation: Controls on the query specifications that can be run on an associated configured table.
│ │ │ │ name: ConfiguredTableAssociationAnalysisRulePolicy
│ │ │ └ properties
│ │ │ └V1: ConfiguredTableAssociationAnalysisRulePolicyV1 (required)
│ │ └[+] type ConfiguredTableAssociationAnalysisRulePolicyV1
│ │ ├ documentation: Controls on the query specifications that can be run on an associated configured table.
│ │ │ name: ConfiguredTableAssociationAnalysisRulePolicyV1
│ │ └ properties
│ │ ├List: ConfiguredTableAssociationAnalysisRuleList
│ │ ├Aggregation: ConfiguredTableAssociationAnalysisRuleAggregation
│ │ └Custom: ConfiguredTableAssociationAnalysisRuleCustom
│ ├[+] resource AWS::CleanRooms::IdMappingTable
│ │ ├ name: IdMappingTable
│ │ │ cloudFormationType: AWS::CleanRooms::IdMappingTable
│ │ │ documentation: Describes information about the ID mapping table.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├InputReferenceConfig: IdMappingTableInputReferenceConfig (required, immutable)
│ │ │ ├MembershipIdentifier: string (required, immutable)
│ │ │ ├Description: string
│ │ │ ├Name: string (required, immutable)
│ │ │ ├KmsKeyArn: string
│ │ │ └Tags: Array<tag>
│ │ ├ attributes
│ │ │ ├IdMappingTableIdentifier: string
│ │ │ ├Arn: string
│ │ │ ├MembershipArn: string
│ │ │ ├CollaborationIdentifier: string
│ │ │ ├CollaborationArn: string
│ │ │ └InputReferenceProperties: IdMappingTableInputReferenceProperties
│ │ └ types
│ │ ├type IdMappingTableInputReferenceConfig
│ │ │├ documentation: Provides the input reference configuration for the ID mapping table.
│ │ ││ name: IdMappingTableInputReferenceConfig
│ │ │└ properties
│ │ │ ├InputReferenceArn: string (required)
│ │ │ └ManageResourcePolicies: boolean (required)
│ │ ├type IdMappingTableInputReferenceProperties
│ │ │├ documentation: The input reference properties for the ID mapping table.
│ │ ││ name: IdMappingTableInputReferenceProperties
│ │ │└ properties
│ │ │ └IdMappingTableInputSource: Array<IdMappingTableInputSource> (required)
│ │ └type IdMappingTableInputSource
│ │ ├ documentation: The input source of the ID mapping table.
│ │ │ name: IdMappingTableInputSource
│ │ └ properties
│ │ ├IdNamespaceAssociationId: string (required)
│ │ └Type: string (required)
│ ├[+] resource AWS::CleanRooms::IdNamespaceAssociation
│ │ ├ name: IdNamespaceAssociation
│ │ │ cloudFormationType: AWS::CleanRooms::IdNamespaceAssociation
│ │ │ documentation: Provides information to create the ID namespace association.
│ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ ├ properties
│ │ │ ├MembershipIdentifier: string (required, immutable)
│ │ │ ├InputReferenceConfig: IdNamespaceAssociationInputReferenceConfig (required, immutable)
│ │ │ ├Tags: Array<tag>
│ │ │ ├Name: string (required)
│ │ │ ├Description: string
│ │ │ └IdMappingConfig: IdMappingConfig
│ │ ├ attributes
│ │ │ ├IdNamespaceAssociationIdentifier: string
│ │ │ ├Arn: string
│ │ │ ├MembershipArn: string
│ │ │ ├CollaborationIdentifier: string
│ │ │ ├CollaborationArn: string
│ │ │ └InputReferenceProperties: IdNamespaceAssociationInputReferenceProperties
│ │ └ types
│ │ ├type IdNamespaceAssociationInputReferenceConfig
│ │ │├ documentation: Provides the information for the ID namespace association input reference configuration.
│ │ ││ name: IdNamespaceAssociationInputReferenceConfig
│ │ │└ properties
│ │ │ ├InputReferenceArn: string (required)
│ │ │ └ManageResourcePolicies: boolean (required)
│ │ ├type IdMappingConfig
│ │ │├ documentation: The configuration settings for the ID mapping table.
│ │ ││ name: IdMappingConfig
│ │ │└ properties
│ │ │ └AllowUseAsDimensionColumn: boolean (required)
│ │ └type IdNamespaceAssociationInputReferenceProperties
│ │ ├ documentation: Provides the information for the ID namespace association input reference properties.
│ │ │ name: IdNamespaceAssociationInputReferenceProperties
│ │ └ properties
│ │ ├IdNamespaceType: string
│ │ └IdMappingWorkflowsSupported: Array<json>
│ └[~] resource AWS::CleanRooms::Membership
│ └ types
│ └[~] type MembershipProtectedQueryOutputConfiguration
│ └ properties
│ └ S3: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│ └[~] resource AWS::CloudFormation::StackSet
│ └ types
│ └[~] type OperationPreferences
│ └ properties
│ └[+] ConcurrencyMode: string
├[~] service aws-cloudtrail
│ └ resources
│ ├[~] resource AWS::CloudTrail::EventDataStore
│ │ └ types
│ │ └[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] resource AWS::CloudTrail::Trail
│ └ types
│ └[~] type AdvancedFieldSelector
│ └ properties
│ └ Field: (documentation changed)
├[~] service aws-cloudwatch
│ └ resources
│ └[~] resource AWS::CloudWatch::Dashboard
│ └ attributes
│ └[-] Id: string
├[~] service aws-codepipeline
│ └ resources
│ ├[~] resource AWS::CodePipeline::Pipeline
│ │ ├ properties
│ │ │ └ ExecutionMode: - string
│ │ │ + string (default="SUPERSEDED")
│ │ ├ attributes
│ │ │ └[-] Id: string
│ │ └ types
│ │ └[~] type FailureConditions
│ │ └ properties
│ │ └ Result: - string (required)
│ │ + string
│ └[~] resource AWS::CodePipeline::Webhook
│ ├ properties
│ │ └ Authentication: (documentation changed)
│ └ types
│ └[~] type WebhookAuthConfiguration
│ └ properties
│ └ SecretToken: (documentation changed)
├[~] service aws-cognito
│ └ resources
│ └[~] resource AWS::Cognito::UserPoolUICustomizationAttachment
│ └ attributes
│ └[-] Id: string
├[~] service aws-connect
│ └ resources
│ └[~] resource AWS::Connect::SecurityProfile
│ └ - documentation: Creates a security profile.
│ + documentation: Creates a security profile.
│ For information about security profiles, see [Security Profiles](https://docs.aws.amazon.com/connect/latest/adminguide/connect-security-profiles.html) in the *Amazon Connect Administrator Guide* . For a mapping of the API name and user interface name of the security profile permissions, see [List of security profile permissions](https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-list.html) .
├[~] service aws-deadline
│ └ resources
│ ├[~] resource AWS::Deadline::Farm
│ │ └ properties
│ │ └ DisplayName: (documentation changed)
│ ├[~] resource AWS::Deadline::Fleet
│ │ └ properties
│ │ ├ DisplayName: (documentation changed)
│ │ └ FarmId: - string (immutable)
│ │ + string (required, immutable)
│ ├[~] resource AWS::Deadline::MeteredProduct
│ │ ├ properties
│ │ │ ├[-] Family: string
│ │ │ ├[-] Port: integer
│ │ │ └[-] Vendor: string
│ │ └ attributes
│ │ ├[+] Family: string
│ │ ├[+] Port: integer
│ │ └[+] Vendor: string
│ ├[~] resource AWS::Deadline::Monitor
│ │ └ properties
│ │ └ DisplayName: (documentation changed)
│ ├[~] resource AWS::Deadline::Queue
│ │ └ properties
│ │ ├ DisplayName: (documentation changed)
│ │ └ FarmId: - string (immutable)
│ │ + string (required, immutable)
│ └[~] resource AWS::Deadline::StorageProfile
│ └ properties
│ ├ DisplayName: (documentation changed)
│ └ FarmId: - string (immutable)
│ + string (required, immutable)
├[~] service aws-dms
│ └ resources
│ └[~] resource AWS::DMS::ReplicationConfig
│ └ properties
│ ├ ComputeConfig: - ComputeConfig
│ │ + ComputeConfig (required)
│ ├ ReplicationConfigIdentifier: - string
│ │ + string (required)
│ ├ ReplicationType: - string
│ │ + string (required)
│ ├ SourceEndpointArn: - string
│ │ + string (required)
│ ├ TableMappings: - json
│ │ + json (required)
│ └ TargetEndpointArn: - string
│ + string (required)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::EIPAssociation
│ │ └ properties
│ │ └ EIP: (documentation changed)
│ ├[~] resource AWS::EC2::Subnet
│ │ └ properties
│ │ └ EnableDns64: (documentation changed)
│ ├[~] resource AWS::EC2::TrafficMirrorFilterRule
│ │ ├ - tagInformation: undefined
│ │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ │ └ properties
│ │ └[+] Tags: Array<tag>
│ └[~] resource AWS::EC2::VPNConnection
│ └ properties
│ └[+] EnableAcceleration: boolean (immutable)
├[~] service aws-ecr
│ └ resources
│ ├[~] resource AWS::ECR::Repository
│ │ └ types
│ │ └[~] type EncryptionConfiguration
│ │ ├ - documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
│ │ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
│ │ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* .
│ │ │ + documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
│ │ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.
│ │ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* .
│ │ └ properties
│ │ └ EncryptionType: (documentation changed)
│ └[~] resource AWS::ECR::RepositoryCreationTemplate
│ ├ - documentation: AWS::ECR::RepositoryCreationTemplate is used to create repository with configuration from a pre-defined template.
│ │ + documentation: The details of the repository creation template associated with the request.
│ ├ properties
│ │ ├ AppliedFor: (documentation changed)
│ │ ├[+] CustomRoleArn: string
│ │ ├ Description: (documentation changed)
│ │ ├ EncryptionConfiguration: (documentation changed)
│ │ ├ ImageTagMutability: (documentation changed)
│ │ ├ LifecyclePolicy: (documentation changed)
│ │ ├ Prefix: (documentation changed)
│ │ ├ RepositoryPolicy: (documentation changed)
│ │ └ ResourceTags: (documentation changed)
│ ├ attributes
│ │ ├ CreatedAt: (documentation changed)
│ │ └ UpdatedAt: (documentation changed)
│ └ types
│ └[~] type EncryptionConfiguration
│ ├ - documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
│ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part.
│ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* .
│ │ + documentation: The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.
│ │ By default, when no encryption configuration is set or the `AES256` encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES256 encryption algorithm. This does not require any action on your part.
│ │ For more control over the encryption of the contents of your repository, you can use server-side encryption with AWS Key Management Service key stored in AWS Key Management Service ( AWS KMS ) to encrypt your images. For more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* .
│ └ properties
│ └ EncryptionType: (documentation changed)
├[~] service aws-eks
│ └ resources
│ └[~] resource AWS::EKS::Cluster
│ ├ properties
│ │ └[+] UpgradePolicy: UpgradePolicy
│ └ types
│ └[+] type UpgradePolicy
│ ├ documentation: An object representing the Upgrade Policy to use for the cluster.
│ │ name: UpgradePolicy
│ └ properties
│ └SupportType: string
├[~] service aws-elasticache
│ └ resources
│ ├[~] resource AWS::ElastiCache::CacheCluster
│ │ ├ properties
│ │ │ ├ AutoMinorVersionUpgrade: (documentation changed)
│ │ │ ├ CacheNodeType: (documentation changed)
│ │ │ ├ IpDiscovery: (documentation changed)
│ │ │ ├ NetworkType: (documentation changed)
│ │ │ ├ SnapshotArns: (documentation changed)
│ │ │ └ SnapshotName: (documentation changed)
│ │ └ attributes
│ │ ├ ConfigurationEndpoint.Address: (documentation changed)
│ │ ├ ConfigurationEndpoint.Port: (documentation changed)
│ │ ├ RedisEndpoint.Address: (documentation changed)
│ │ └ RedisEndpoint.Port: (documentation changed)
│ ├[~] resource AWS::ElastiCache::GlobalReplicationGroup
│ │ ├ properties
│ │ │ ├ AutomaticFailoverEnabled: (documentation changed)
│ │ │ └ EngineVersion: (documentation changed)
│ │ └ types
│ │ └[~] type ReshardingConfiguration
│ │ └ properties
│ │ └ NodeGroupId: (documentation changed)
│ ├[~] resource AWS::ElastiCache::ParameterGroup
│ │ └ attributes
│ │ └[-] Id: string
│ ├[~] resource AWS::ElastiCache::ReplicationGroup
│ │ ├ - documentation: The `AWS::ElastiCache::ReplicationGroup` resource creates an Amazon ElastiCache Redis replication group. A Redis (cluster mode disabled) replication group is a collection of cache clusters, where one of the clusters is a primary read-write cluster and the others are read-only replicas.
│ │ │ A Redis (cluster mode enabled) cluster is comprised of from 1 to 90 shards (API/CLI: node groups). Each shard has a primary node and up to 5 read-only replica nodes. The configuration can range from 90 shards and 0 replicas to 15 shards and 5 replicas, which is the maximum number or replicas allowed.
│ │ │ The node or shard limit can be increased to a maximum of 500 per cluster if the Redis engine version is 5.0.6 or higher. For example, you can choose to configure a 500 node cluster that ranges between 83 shards (one primary and 5 replicas per shard) and 500 shards (single primary and no replicas). Make sure there are enough available IP addresses to accommodate the increase. Common pitfalls include the subnets in the subnet group have too small a CIDR range or the subnets are shared and heavily used by other clusters. For more information, see [Creating a Subnet Group](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.Creating.html) . For versions below 5.0.6, the limit is 250 per cluster.
│ │ │ To request a limit increase, see [Amazon Service Limits](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) and choose the limit type *Nodes per cluster per instance type* .
│ │ │ + documentation: The `AWS::ElastiCache::ReplicationGroup` resource creates an Amazon ElastiCache (Redis OSS) replication group. A Redis OSS (cluster mode disabled) replication group is a collection of cache clusters, where one of the clusters is a primary read-write cluster and the others are read-only replicas.
│ │ │ A Redis OSS (cluster mode enabled) cluster is comprised of from 1 to 90 shards (API/CLI: node groups). Each shard has a primary node and up to 5 read-only replica nodes. The configuration can range from 90 shards and 0 replicas to 15 shards and 5 replicas, which is the maximum number or replicas allowed.
│ │ │ The node or shard limit can be increased to a maximum of 500 per cluster if the Redis OSS engine version is 5.0.6 or higher. For example, you can choose to configure a 500 node cluster that ranges between 83 shards (one primary and 5 replicas per shard) and 500 shards (single primary and no replicas). Make sure there are enough available IP addresses to accommodate the increase. Common pitfalls include the subnets in the subnet group have too small a CIDR range or the subnets are shared and heavily used by other clusters. For more information, see [Creating a Subnet Group](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.Creating.html) . For versions below 5.0.6, the limit is 250 per cluster.
│ │ │ To request a limit increase, see [Amazon Service Limits](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) and choose the limit type *Nodes per cluster per instance type* .
│ │ ├ properties
│ │ │ ├ AtRestEncryptionEnabled: (documentation changed)
│ │ │ ├ AuthToken: (documentation changed)
│ │ │ ├ AutomaticFailoverEnabled: (documentation changed)
│ │ │ ├ AutoMinorVersionUpgrade: (documentation changed)
│ │ │ ├ CacheParameterGroupName: (documentation changed)
│ │ │ ├ ClusterMode: (documentation changed)
│ │ │ ├ IpDiscovery: (documentation changed)
│ │ │ ├ NetworkType: (documentation changed)
│ │ │ ├ NodeGroupConfiguration: (documentation changed)
│ │ │ ├ NumNodeGroups: (documentation changed)
│ │ │ ├ SnapshotArns: (documentation changed)
│ │ │ ├ SnapshottingClusterId: (documentation changed)
│ │ │ ├ TransitEncryptionEnabled: (documentation changed)
│ │ │ └ TransitEncryptionMode: (documentation changed)
│ │ ├ attributes
│ │ │ └ ConfigurationEndPoint.Address: (documentation changed)
│ │ └ types
│ │ └[~] type NodeGroupConfiguration
│ │ ├ - documentation: `NodeGroupConfiguration` is a property of the `AWS::ElastiCache::ReplicationGroup` resource that configures an Amazon ElastiCache (ElastiCache) Redis cluster node group.
│ │ │ + documentation: `NodeGroupConfiguration` is a property of the `AWS::ElastiCache::ReplicationGroup` resource that configures an Amazon ElastiCache (ElastiCache) Redis OSS cluster node group.
│ │ └ properties
│ │ └ NodeGroupId: (documentation changed)
│ ├[~] resource AWS::ElastiCache::ServerlessCache
│ │ └ properties
│ │ ├ DailySnapshotTime: (documentation changed)
│ │ ├ SnapshotRetentionLimit: (documentation changed)
│ │ └ UserGroupId: (documentation changed)
│ ├[~] resource AWS::ElastiCache::User
│ │ └ - documentation: For Redis engine version 6.0 onwards: Creates a Redis user. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) .
│ │ + documentation: For Redis OSS engine version 6.0 onwards: Creates a Redis OSS user. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html) .
│ └[~] resource AWS::ElastiCache::UserGroup
│ └ - documentation: For Redis engine version 6.0 onwards: Creates a Redis user group. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html)
│ + documentation: For Redis OSS engine version 6.0 onwards: Creates a Redis user group. For more information, see [Using Role Based Access Control (RBAC)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html)
├[~] service aws-emrserverless
│ └ resources
│ └[~] resource AWS::EMRServerless::Application
│ ├ properties
│ │ └[+] InteractiveConfiguration: InteractiveConfiguration
│ └ types
│ └[+] type InteractiveConfiguration
│ ├ documentation: The configuration to use to enable the different types of interactive use cases in an application.
│ │ name: InteractiveConfiguration
│ └ properties
│ ├LivyEndpointEnabled: boolean (default=false)
│ └StudioEnabled: boolean (default=false)
├[~] service aws-entityresolution
│ └ resources
│ ├[~] resource AWS::EntityResolution::IdMappingWorkflow
│ │ └ types
│ │ ├[+] type IdMappingRuleBasedProperties
│ │ │ ├ documentation: An object that defines the list of matching rules to run in an ID mapping workflow.
│ │ │ │ name: IdMappingRuleBasedProperties
│ │ │ └ properties
│ │ │ ├AttributeMatchingModel: string (required)
│ │ │ ├RuleDefinitionType: string
│ │ │ ├Rules: Array<Rule>
│ │ │ └RecordMatchingModel: string (required)
│ │ ├[~] type IdMappingTechniques
│ │ │ └ properties
│ │ │ └[+] RuleBasedProperties: IdMappingRuleBasedProperties
│ │ └[+] type Rule
│ │ ├ documentation: An object containing `RuleName` , and `MatchingKeys` .
│ │ │ name: Rule
│ │ └ properties
│ │ ├MatchingKeys: Array<string> (required)
│ │ └RuleName: string (required)
│ ├[~] resource AWS::EntityResolution::IdNamespace
│ │ └ types
│ │ ├[~] type IdNamespaceIdMappingWorkflowProperties
│ │ │ └ properties
│ │ │ └[+] RuleBasedProperties: NamespaceRuleBasedProperties
│ │ ├[+] type NamespaceRuleBasedProperties
│ │ │ ├ documentation: The rule-based properties of an ID namespace. These properties define how the ID namespace can be used in an ID mapping workflow.
│ │ │ │ name: NamespaceRuleBasedProperties
│ │ │ └ properties
│ │ │ ├Rules: Array<Rule>
│ │ │ ├RuleDefinitionTypes: Array<string>
│ │ │ ├AttributeMatchingModel: string
│ │ │ └RecordMatchingModels: Array<string>
│ │ └[+] type Rule
│ │ ├ documentation: An object containing `RuleName` , and `MatchingKeys` .
│ │ │ name: Rule
│ │ └ properties
│ │ ├RuleName: string (required)
│ │ └MatchingKeys: Array<string> (required)
│ ├[~] resource AWS::EntityResolution::MatchingWorkflow
│ │ └ types
│ │ └[~] type RuleBasedProperties
│ │ └ properties
│ │ └[+] MatchPurpose: string
│ └[~] resource AWS::EntityResolution::SchemaMapping
│ └ types
│ └[~] type SchemaInputAttribute
│ └ properties
│ └[+] Hashed: boolean
├[~] service aws-gamelift
│ └ resources
│ ├[~] resource AWS::GameLift::Fleet
│ │ ├ properties
│ │ │ └ Locations: (documentation changed)
│ │ └ types
│ │ └[~] type LocationConfiguration
│ │ └ properties
│ │ └ Location: (documentation changed)
│ └[~] resource AWS::GameLift::Location
│ └ properties
│ └ Tags: (documentation changed)
├[~] service aws-globalaccelerator
│ └ resources
│ └[~] resource AWS::GlobalAccelerator::CrossAccountAttachment
│ └ types
│ └[~] type Resource
│ └ properties
│ └[+] Cidr: string
├[~] service aws-glue
│ └ resources
│ └[~] resource AWS::Glue::Trigger
│ └ attributes
│ └ Id: (documentation changed)
├[~] service aws-iam
│ └ resources
│ └[~] resource AWS::IAM::OIDCProvider
│ └ properties
│ └ ThumbprintList: - Array<string> (required)
│ + Array<string>
├[~] service aws-inspectorv2
│ └ resources
│ └[~] resource AWS::InspectorV2::CisScanConfiguration
│ └ properties
│ ├ ScanName: - string
│ │ + string (required)
│ ├ Schedule: - Schedule
│ │ + Schedule (required)
│ ├ SecurityLevel: - string
│ │ + string (required)
│ └ Targets: - CisTargets
│ + CisTargets (required)
├[~] service aws-kinesisfirehose
│ └ resources
│ └[~] resource AWS::KinesisFirehose::DeliveryStream
│ ├ properties
│ │ └[+] IcebergDestinationConfiguration: IcebergDestinationConfiguration (immutable)
│ └ types
│ ├[+] type CatalogConfiguration
│ │ ├ documentation: Describes the containers where the destination Apache Iceberg Tables are persisted.
│ │ │ Amazon Data Firehose is in preview release and is subject to change.
│ │ │ name: CatalogConfiguration
│ │ └ properties
│ │ └CatalogArn: string
│ ├[+] type DestinationTableConfiguration
│ │ ├ documentation: Describes the configuration of a destination in Apache Iceberg Tables.
│ │ │ Amazon Data Firehose is in preview release and is subject to change.
│ │ │ name: DestinationTableConfiguration
│ │ └ properties
│ │ ├DestinationTableName: string (required)
│ │ ├DestinationDatabaseName: string (required)
│ │ ├S3ErrorOutputPrefix: string
│ │ └UniqueKeys: Array<string>
│ ├[+] type IcebergDestinationConfiguration
│ │ ├ documentation: Specifies the destination configure settings for Apache Iceberg Table.
│ │ │ Amazon Data Firehose is in preview release and is subject to change.
│ │ │ name: IcebergDestinationConfiguration
│ │ └ properties
│ │ ├DestinationTableConfigurationList: Array<DestinationTableConfiguration>
│ │ ├ProcessingConfiguration: ProcessingConfiguration
│ │ ├CloudWatchLoggingOptions: CloudWatchLoggingOptions
│ │ ├CatalogConfiguration: CatalogConfiguration (required)
│ │ ├RoleARN: string (required)
│ │ ├RetryOptions: RetryOptions
│ │ ├s3BackupMode: string
│ │ ├BufferingHints: BufferingHints
│ │ └S3Configuration: S3DestinationConfiguration (required)
│ ├[+] type SnowflakeBufferingHints
│ │ ├ documentation: Describes the buffering to perform before delivering data to the Snowflake destination. If you do not specify any value, Firehose uses the default values.
│ │ │ name: SnowflakeBufferingHints
│ │ └ properties
│ │ ├IntervalInSeconds: integer
│ │ └SizeInMBs: integer
│ └[~] type SnowflakeDestinationConfiguration
│ └ properties
│ ├[+] BufferingHints: SnowflakeBufferingHints
│ └ ProcessingConfiguration: (documentation changed)
├[~] service aws-lambda
│ └ resources
│ └[~] resource AWS::Lambda::Alias
│ ├ attributes
│ │ ├[+] AliasArn: string
│ │ └[-] Id: string
│ └ types
│ └[~] type AliasRoutingConfiguration
│ └ properties
│ └ AdditionalVersionWeights: - Array<VersionWeight> (required)
│ + Array<VersionWeight>
├[+] service aws-launchwizard
│ ├ capitalized: LaunchWizard
│ │ cloudFormationNamespace: AWS::LaunchWizard
│ │ name: aws-launchwizard
│ │ shortName: launchwizard
│ └ resources
│ └resource AWS::LaunchWizard::Deployment
│ ├ name: Deploym…
…s-cdk/aws-lambda-python-alpha/test/lambda-handler-project/lambda (#31026) Bumps [certifi](https:/certifi/python-certifi) from 2023.7.22 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https:/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https:/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https:/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https:/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https:/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https:/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https:/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https:/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https:/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https:/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https:/certifi/python-certifi/compare/2023.07.22...2024.07.04">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https:/aws/aws-cdk/network/alerts). </details>
…/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-service-account-sdk-call.js.snapshot/asset.0e38a6f1038236070a71ea121254b10165afd106e97d2a6dc7201c14c947c115 (#31027) Bumps [fast-xml-parser](https:/NaturalIntelligence/fast-xml-parser) to 4.4.1 and updates ancestor dependency [@aws-sdk/client-s3](https:/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3). These dependencies need to be updated together. Updates `fast-xml-parser` from 4.2.5 to 4.4.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https:/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">fast-xml-parser's changelog</a>.</em></p> <blockquote> <p>Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.</p> <p><strong>4.4.1 / 2024-07-28</strong></p> <ul> <li>v5 fix: maximum length limit to currency value</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/634">#634</a>: build attributes with oneListGroup and attributesGroupName (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/653">#653</a>)(By <a href="https:/a-rasin">Andreas Naziris</a>)</li> <li>fix: get oneListGroup to work as expected for array of strings (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/662">#662</a>)(By <a href="https:/a-rasin">Andreas Naziris</a>)</li> </ul> <p><strong>4.4.0 / 2024-05-18</strong></p> <ul> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/654">#654</a>: parse attribute list correctly for self closing stop node.</li> <li>fix: validator bug when closing tag is not opened. (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/647">#647</a>) (By <a href="https:/RyosukeFukatani">Ryosuke Fukatani</a>)</li> <li>fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/581">#581</a>: typings; return type of <code>tagValueProcessor</code> & <code>attributeValueProcessor</code> (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/582">#582</a>) (By <a href="">monholm</a>)</li> </ul> <p><strong>4.3.6 / 2024-03-16</strong></p> <ul> <li>Add support for parsing HTML numeric entities (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/645">#645</a>) (By <a href="https:/DerZade">Jonas Schade </a>)</li> </ul> <p><strong>4.3.5 / 2024-02-24</strong></p> <ul> <li>code for v5 is added for experimental use</li> </ul> <p><strong>4.3.4 / 2024-01-10</strong></p> <ul> <li>fix: Don't escape entities in CDATA sections (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/633">#633</a>) (By <a href="https:/wackbyte">wackbyte</a>)</li> </ul> <p><strong>4.3.3 / 2024-01-10</strong></p> <ul> <li>Remove unnecessary regex</li> </ul> <p><strong>4.3.2 / 2023-10-02</strong></p> <ul> <li>fix <code>jObj.hasOwnProperty</code> when give input is null (By <a href="https:/ardatan">Arda TANRIKULU</a>)</li> </ul> <p><strong>4.3.1 / 2023-09-24</strong></p> <ul> <li>revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.</li> </ul> <p><strong>4.3.0 / 2023-09-20</strong></p> <ul> <li>Fix stopNodes to work with removeNSPrefix (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/607">#607</a>) (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/608">#608</a>) (By [Craig Andrews]<a href="https:/candrews">https:/candrews</a>))</li> <li>Fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/610">#610</a> ignore properties set to Object.prototype</li> <li>Fix typings for builder and parser to make return type generic (By <a href="https:/sarahdayan">Sarah Dayan</a>)</li> </ul> <p><strong>4.2.7 / 2023-07-30</strong></p> <ul> <li>Fix: builder should set text node correctly when only textnode is present (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/589">#589</a>) (By <a href="https:/joneqian">qianqing</a>)</li> <li>Fix: Fix for null and undefined attributes when building xml (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/585">#585</a>) (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/598">#598</a>). A null or undefined value should be ignored. (By <a href="https:/cecia234">Eugenio Ceschia</a>)</li> </ul> <p><strong>4.2.6 / 2023-07-17</strong></p> <ul> <li>Fix: Remove trailing slash from jPath for self-closing tags (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/595">#595</a>) (By <a href="https:/m-radzikowski">Maciej Radzikowski</a>)</li> </ul> <p><strong>4.2.5 / 2023-06-22</strong></p> <ul> <li>change code implementation</li> </ul> <p><strong>4.2.4 / 2023-06-06</strong></p> <ul> <li>fix security bug</li> </ul> <p><strong>4.2.3 / 2023-06-05</strong></p> <ul> <li>fix security bug</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/d40e29cc4bbe637d7c95060b44f7a4d275facd01"><code>d40e29c</code></a> update package detail and browser bundles</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164"><code>d0bfe8a</code></a> fix maxlength for currency value</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/2c14fcf0482380646f67ba98ff658f11c914ac04"><code>2c14fcf</code></a> Update bug-report-or-unexpected-output.md</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/acf610f25d75ece793c4e24b4673e60871c04341"><code>acf610f</code></a> fix <a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/634">#634</a>: build attributes with oneListGroup and attributesGroupName (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/653">#653</a>)</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/931e91013b6ea6bb7425c3b1758dc50a6dfc730c"><code>931e910</code></a> fix: get oneListGroup to work as expected for array of strings (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/662">#662</a>)</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/b8e40c842bf63b7d4d706f016d00e259cbc4379e"><code>b8e40c8</code></a> Update ISSUE_TEMPLATE.md</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/a6265ba8563eac3080a48397dcbcd9c847b21df2"><code>a6265ba</code></a> chore: add trend image (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/658">#658</a>)</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/db1c5484808b1100224c258a40d1b07057f1d054"><code>db1c548</code></a> redesign README.md</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/338a2c62664f9c9474cf0ec9e47bdfc092ce7f5f"><code>338a2c6</code></a> Rename 1.Getting Started.md to 1.GettingStarted.md</li> <li><a href="https:/NaturalIntelligence/fast-xml-parser/commit/c762537495aa1c44c8d9088a0e2f6004b45116c7"><code>c762537</code></a> Rename v5 docs filenames (<a href="https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/659">#659</a>)</li> <li>Additional commits viewable in <a href="https:/NaturalIntelligence/fast-xml-parser/compare/v4.2.5...v4.4.1">compare view</a></li> </ul> </details> <br /> Updates `@aws-sdk/client-s3` from 3.421.0 to 3.623.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https:/aws/aws-sdk-js-v3/releases"><code>@aws-sdk/client-s3</code>'s releases</a>.</em></p> <blockquote> <h2>v3.623.0</h2> <h4>3.623.0(2024-08-02)</h4> <h5>Chores</h5> <ul> <li><strong>id-auth-sra:</strong> sigv4a compatibility for id-auth sra (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6342">#6342</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/9836a09e97bc7f260f75eb1c5ff831f671ce2ec8">9836a09e</a>)</li> <li><strong>lib-dynamodb:</strong> use pagination factory from core (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6345">#6345</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/922292b66614ea3a08779053ae8740dc28509d83">922292b6</a>)</li> </ul> <h5>New Features</h5> <ul> <li><strong>client-ivschat:</strong> updates cloudtrail event source for SDKs (<a href="https:/aws/aws-sdk-js-v3/commit/deeea907529f7e61df5fde40e02a0ec3522e4099">deeea907</a>)</li> <li><strong>client-ecs:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/21bdf2a90cfdfe588a6ea3b78ddddec3b83c80f5">21bdf2a9</a>)</li> <li><strong>client-cloudwatch:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/51a8423c2ffe82d60761db4af3fe5b421889f36e">51a8423c</a>)</li> <li><strong>client-glue:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/be78cf636d58c773dc908f6107bdd55ba2ad1783">be78cf63</a>)</li> <li><strong>client-route-53:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/39096d9a2d9ea2830180591946e7510c9cf1b292">39096d9a</a>)</li> <li><strong>client-ivs-realtime:</strong> updates cloudtrail event source for SDKs (<a href="https:/aws/aws-sdk-js-v3/commit/6e9c35b33af9ce8b8388551f657be14ec2ff762f">6e9c35b3</a>)</li> <li><strong>client-ssm:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/ae83e7797a2608bfe0fbcbbe82e61081c4cc0b87">ae83e779</a>)</li> <li><strong>client-kinesis:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/86c28e0e1fa4f9f2e3de5a50542d15c2a08b4d81">86c28e0e</a>)</li> <li><strong>client-waf-regional:</strong> Add v2 smoke tests and smithy smokeTests trait for SDK testing. (<a href="https:/aws/aws-sdk-js-v3/commit/52b9cf433f172459eb8ee83bae4c28a0102ced39">52b9cf43</a>)</li> <li><strong>client-resiliencehub:</strong> Customers are presented with the grouping recommendations and can determine if the recommendations are accurate and apply to their case. This feature simplifies onboarding by organizing resources into appropriate AppComponents. (<a href="https:/aws/aws-sdk-js-v3/commit/b8d8c647abda05b69e22a815f6f7bef6764a7afd">b8d8c647</a>)</li> <li><strong>client-ivs:</strong> updates cloudtrail event source for SDKs (<a href="https:/aws/aws-sdk-js-v3/commit/00374d584abd349251c98cb72da92647aa1ff6cc">00374d58</a>)</li> </ul> <h5>Bug Fixes</h5> <ul> <li><strong>client-transcribe-streaming:</strong> add plugin only for operations with streaming trait (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6349">#6349</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/6043d799e34725ca564963af4fdf965e8735fcbd">6043d799</a>)</li> </ul> <hr /> <p>For list of updated packages, view <strong>updated-packages.md</strong> in <strong>assets-3.623.0.zip</strong></p> <h2>v3.622.0</h2> <h4>3.622.0(2024-08-01)</h4> <h5>Chores</h5> <ul> <li><strong>codegen:</strong> <ul> <li>sync for command ref in context (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6347">#6347</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/245450eac77145cc1fe68f11adca49eb3315e826">245450ea</a>)</li> <li>move eventstream services to id-auth sra (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6340">#6340</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/6bf32b174df7452e98badae3f8aeab2a00c3b1a6">6bf32b17</a>)</li> </ul> </li> <li><strong>clients:</strong> enable identity-and-auth SRA by default (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6299">#6299</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/56ce5e5e87b54f93138eab03493a0229a2662636">56ce5e5e</a>)</li> <li><strong>turbo:</strong> update Turborepo devDependency to 2.0.9 (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6334">#6334</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/042b7dda6e75ef0fbed165172d0f0711ebc18cf9">042b7dda</a>)</li> </ul> <h5>Documentation Changes</h5> <ul> <li><strong>client-memorydb:</strong> Doc only update for changes to deletion API. (<a href="https:/aws/aws-sdk-js-v3/commit/bd90490bf502ee6698ec3bcf1611eb563511ec67">bd90490b</a>)</li> <li><strong>client-support:</strong> Doc only updates to CaseDetails (<a href="https:/aws/aws-sdk-js-v3/commit/c28e93909ca8b23ce8bbc72e6254e11f374d4a5a">c28e9390</a>)</li> <li><strong>client-controltower:</strong> Updated Control Tower service documentation for controlcatalog control ARN support with existing Control Tower public APIs (<a href="https:/aws/aws-sdk-js-v3/commit/2f7a96514e399aeef2f91f05b0d0991021b2c636">2f7a9651</a>)</li> <li><strong>supplemental-docs:</strong> add documentation for using queue names with SQS Client (<a href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/6337">#6337</a>) (<a href="https:/aws/aws-sdk-js-v3/commit/9f4b6df40e7643b626608cca7655191ff4341fcf">9f4b6df4</a>)</li> </ul> <h5>New Features</h5> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https:/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md"><code>@aws-sdk/client-s3</code>'s changelog</a>.</em></p> <blockquote> <h1><a href="https:/aws/aws-sdk-js-v3/compare/v3.622.0...v3.623.0">3.623.0</a> (2024-08-02)</h1> <p><strong>Note:</strong> Version bump only for package <code>@aws-sdk/client-s3</code></p> <h1><a href="https:/aws/aws-sdk-js-v3/compare/v3.621.0...v3.622.0">3.622.0</a> (2024-08-01)</h1> <p><strong>Note:</strong> Version bump only for package <code>@aws-sdk/client-s3</code></p> <h1><a href="https:/aws/aws-sdk-js-v3/compare/v3.620.1...v3.621.0">3.621.0</a> (2024-07-30)</h1> <p><strong>Note:</strong> Version bump only for package <code>@aws-sdk/client-s3</code></p> <h2><a href="https:/aws/aws-sdk-js-v3/compare/v3.620.0...v3.620.1">3.620.1</a> (2024-07-29)</h2> <p><strong>Note:</strong> Version bump only for package <code>@aws-sdk/client-s3</code></p> <h1><a href="https:/aws/aws-sdk-js-v3/compare/v3.619.0...v3.620.0">3.620.0</a> (2024-07-25)</h1> <p><strong>Note:</strong> Version bump only for package <code>@aws-sdk/client-s3</code></p> <h1><a href="https:/aws/aws-sdk-js-v3/compare/v3.616.0...v3.617.0">3.617.0</a> (2024-07-22)</h1> <p><strong>Note:</strong> Version bump only for package <code>@aws-sdk/client-s3</code></p> <h1><a href="https:/aws/aws-sdk-js-v3/compare/v3.615.0...v3.616.0">3.616.0</a> (2024-07-18)</h1> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https:/aws/aws-sdk-js-v3/commit/2acbcdb5deb9cd9133ec04e1794f37f3815c135a"><code>2acbcdb</code></a> Publish v3.623.0</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/fac05e1fbe8106fa56f1c3a0b4fde8ae32d5e4f1"><code>fac05e1</code></a> Publish v3.622.0</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/245450eac77145cc1fe68f11adca49eb3315e826"><code>245450e</code></a> chore(codegen): sync for command ref in context (<a href="https:/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/6347">#6347</a>)</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/56ce5e5e87b54f93138eab03493a0229a2662636"><code>56ce5e5</code></a> chore(clients): enable identity-and-auth SRA by default (<a href="https:/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/6299">#6299</a>)</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/d8f767af7d8f634f80c98ed1a7e91deb160adc10"><code>d8f767a</code></a> Publish v3.621.0</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/8dd7fb633c5333712bd18eb626fe1eb90939b0a7"><code>8dd7fb6</code></a> chore(codegen): bump smithy package versions (<a href="https:/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/6329">#6329</a>)</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/c3dd5111b9d749f1fc92c7d3215646fd3ad844cb"><code>c3dd511</code></a> Publish v3.620.1</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/0220bd055cbe0c8671d6e3afad31f2c22121b8df"><code>0220bd0</code></a> Publish v3.620.0</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/ff30a3e8e4cb165ea8e79203b4228b7d5ce6547b"><code>ff30a3e</code></a> chore(clients): codegen sync for eventstream header fix (<a href="https:/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3/issues/6310">#6310</a>)</li> <li><a href="https:/aws/aws-sdk-js-v3/commit/ac98acca73a3caf30ab802be9594bcc5ad0a0a8e"><code>ac98acc</code></a> Publish v3.617.0</li> <li>Additional commits viewable in <a href="https:/aws/aws-sdk-js-v3/commits/v3.623.0/clients/client-s3">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https:/aws/aws-cdk/network/alerts). </details>
…for Application Load Balancer (#30784) ### Issue # (if applicable) Closes #28206. ### Reason for this change To support mTLS for ALB ### Description of changes * Add `TrustStore` and `TrustStoreRevocation` class * Add `MutualAuthentication` property for `ApplicationListener` ### Description of how you validated changes add unit tests and integ tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None. ### Reason for this change Because, currently AWS Batch support Amazon Linux 2023, However, we can't use Amazon Linux 2023 for `ManagedEc2EcsComputeEnvironment`. https://docs.aws.amazon.com/batch/latest/APIReference/API_Ec2Configuration.html ### Description of changes Add the `EcsMachineImageType.ECS_AL2023`. ### Description of how you validated changes I could deploy ComputeEnvironment via integ-tests. Also, when I deploy with invalid ImageType, then I got the following error message. ``` Resource handler returned message: "Error executing request, Exception : Inva lid imageType in ComputeResources.ec2Configuration ``` ### Other We may should set `EcsMachineImageType.ECS_AL2023` as default under a feature flag. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add Eventbridge's missing VPC endpoints. I identified the missing VPC endpoints using the following procedure: 1. Retrieved a list of interface endpoints using the command below ```sh % aws ec2 describe-vpc-endpoint-services \ --filter Name=service-type,Values=Interface \ --query 'ServiceDetails[].[ServiceName,BaseEndpointDnsNames[0]]' \ --output json --region us-east-1| jq -r '.[] | @csv' // result "aws.api.us-east-1.bcm-data-exports","bcm-data-exports.us-east-1.vpce.amazonaws.com" "aws.api.us-east-1.freetier","freetier.us-east-1.vpce.amazonaws.com" "aws.api.us-east-1.kendra-ranking","kendra-ranking.us-east-1.vpce.amazonaws.com" "aws.api.us-east-1.qbusiness","qbusiness.us-east-1.vpce.amazonaws.com" // omit ``` 2. Obtained the differences by comparing the implementation with the list 3. Verified the differing endpoints exist in the documentation and added them to the implementation Ref: * https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html Note: * This PR doesn't include DynamoDB interface endpoint because #30162 already opened. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Update the list of regions where the CDK deploys the `AWS::CDK::Metadata` resource.
…#31007) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change For some invisible char in the Markdown, it wasn't rendered correctly. ### Description of changes I am unsure what was there, but replacing the "space" between `##` and `Enable` with a regular space (i.e., ' ') fixed it. ### Description of how you validated changes After this change, using the Markdown preview feature in my editor, as well as regular Markdown syntax highlighting, worked as expected. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Update the list of regions where the CDK deploys the `AWS::CDK::Metadata` resource.
Update the list of regions where the CDK deploys the `AWS::CDK::Metadata` resource.
### Issue # (if applicable) Closes [RFC#507](https:/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md). Issue#[5927](#5927) Tracking Ticket #30762 ### Reason for this change This PR implements below RFC for Full Control VPC configuration Implementing RFC [Full Control VPC](https:/aws/aws-cdk-rfcs/blob/57fd92a7f20e242b96885264c12567493f5e867f/text/0507-subnets.md) ### Description of changes Experimental API for VPC Lifecycle Doc: https:/cdklabs/team-internal/blob/main/docs/construct-library-lifecycle.md - Introduced a new alpha module for VPCV2 - Both new class VPCV2 and SubnetV2 implement IVPC and ISubnet for compatibility with other constructs - Introduced a new IPAM class to support IP address alllocation through IPAM pool. - Validations of IP ranges assigned to subnet. - L2 class(Route) to define custom routes under the subnet - L2s for gateways like Egress only IGW and NATGW. ### Next Steps: Iterate on the API with the feedback from community and team to make it ergonomic. Close on the features listed in [tracking ticket](#30762) Will follow the exit criteria for this experimental API as outlined in below doc: https:/cdklabs/team-internal/blob/main/docs/construct-library-lifecycle.md ### Description of how you validated changes Added unit tests with current coverage ~70% Added integration tests for subnet, vpc and routing features. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s-cdk/aws-lambda-python-alpha/test/lambda-handler-project/shared (#31052) Bumps [certifi](https:/certifi/python-certifi) from 2023.7.22 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https:/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https:/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https:/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https:/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https:/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https:/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https:/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https:/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https:/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https:/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https:/certifi/python-certifi/compare/2023.07.22...2024.07.04">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https:/aws/aws-cdk/network/alerts). </details>
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30331. ### Reason for this change This will improve the security group lookup functionality for importing existing security groups into a CDK stack. ### Description of changes I added the ability to lookup existing security groups via more filters. Filters are supported by the [DescribeSecurityGroups API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html), and using these filters can be immensely useful for looking up existing security groups, especially if your account or organization follows predictable rules regarding things like security group tags. ### Description of how you validated changes I added unit tests similar to the ones that test the normal lookup by ID or name. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30091 ### Reason for this change New DynamoDB feature that was just released ### Description of changes Added `maxReadRequestUnits` and `maxWriteRequestUnits` for PAY_PER_REQUEST tables ### Description of how you validated changes Tests on `integ.dynamodb.ondemand.ts` ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #26221 ### Reason for this change Previously, using `ec2.InitCommand.argvCommand()` would remove some duplicate strings in the input array. This produces an incorrect command in the template, leading to unexpected behaviour. ### Description of changes An additional line was added to the `deepMerge` function that is called in the `InitConfig.bindForType()` method, which checks the key of the input array, preventing it from becoming a set (removing duplicates) if it is a list of commands. ### Description of how you validated changes A unit test was added to generate an `AWS::CloudFormation::Init` resource identical to the one reproduced in the issue. The test was run and failed before the changes were made, and following the changes in `cfn-init.ts`, the test passed. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change ALB can output connection logs as well as access logs to the S3 bucket, but this is not yet supported by L2 Construct. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-connection-logs.html ### Description of changes The implementation is almost the same as for access logs. However, since connection logs are not supported by NLB, but only by ALB, the `logConnectionLogs` method is added to the `ApplicationLoadBalancer` instead of the `BaseLoadBalancer`. The needed BucketPolicy is described in the documentation only as follows, but to support buckets that still use the ACL, it is necessary to set the same policy that is currently set in the access logs. ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::elb-account-id:root" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket-name/prefix/AWSLogs/aws-account-id/*" } ] } ``` https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html#attach-bucket-policy-connection ### Description of how you validated changes add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-acmpca │ └ resources │ └[~] resource AWS::ACMPCA::CertificateAuthority │ └ types │ └[~] type CrlConfiguration │ └ properties │ ├[+] CustomPath: string │ ├[+] MaxPartitionSizeMB: integer │ ├[+] PartitioningEnabled: boolean │ └[+] RetainExpiredCertificates: boolean ├[~] service aws-auditmanager │ └ resources │ └[~] resource AWS::AuditManager::Assessment │ └ types │ ├[~] type AWSService │ │ ├ - documentation: The `AWSService` property type specifies an AWS service such as Amazon S3 , AWS CloudTrail , and so on. │ │ │ + documentation: The `AWSService` property type specifies an such as Amazon S3 , AWS CloudTrail , and so on. │ │ └ properties │ │ └ ServiceName: (documentation changed) │ └[~] type Scope │ └ properties │ └ AwsServices: (documentation changed) ├[~] service aws-chatbot │ └ resources │ └[~] resource AWS::Chatbot::SlackChannelConfiguration │ └ properties │ └ SlackChannelId: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type DataResource │ ├ - documentation: You can configure the `DataResource` in an `EventSelector` to log data events for the following three resource types: │ │ - `AWS::DynamoDB::Table` │ │ - `AWS::Lambda::Function` │ │ - `AWS::S3::Object` │ │ To log data events for all other resource types including objects stored in [directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) , you must use [AdvancedEventSelectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) . You must also use `AdvancedEventSelectors` if you want to filter on the `eventName` field. │ │ Configure the `DataResource` to specify the resource type and resource ARNs for which you want to log data events. │ │ > The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail. │ │ The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named `DOC-EXAMPLE-BUCKET1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events. │ │ - A user uploads an image file to `DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. │ │ - A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::DOC-EXAMPLE-BUCKET1` . │ │ - The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. │ │ The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions. │ │ - A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function. │ │ - The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event. │ │ - The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event. │ │ + documentation: You can configure the `DataResource` in an `EventSelector` to log data events for the following three resource types: │ │ - `AWS::DynamoDB::Table` │ │ - `AWS::Lambda::Function` │ │ - `AWS::S3::Object` │ │ To log data events for all other resource types including objects stored in [directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html) , you must use [AdvancedEventSelectors](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) . You must also use `AdvancedEventSelectors` if you want to filter on the `eventName` field. │ │ Configure the `DataResource` to specify the resource type and resource ARNs for which you want to log data events. │ │ > The total number of allowed data resources is 250. This number can be distributed between 1 and 5 event selectors, but the total cannot exceed 250 across all selectors for the trail. │ │ The following example demonstrates how logging works when you configure logging of all data events for a general purpose bucket named `amzn-s3-demo-bucket1` . In this example, the CloudTrail user specified an empty prefix, and the option to log both `Read` and `Write` data events. │ │ - A user uploads an image file to `amzn-s3-demo-bucket1` . │ │ - The `PutObject` API operation is an Amazon S3 object-level API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified an S3 bucket with an empty prefix, events that occur on any object in that bucket are logged. The trail processes and logs the event. │ │ - A user uploads an object to an Amazon S3 bucket named `arn:aws:s3:::amzn-s3-demo-bucket1` . │ │ - The `PutObject` API operation occurred for an object in an S3 bucket that the CloudTrail user didn't specify for the trail. The trail doesn’t log the event. │ │ The following example demonstrates how logging works when you configure logging of AWS Lambda data events for a Lambda function named *MyLambdaFunction* , but not for all Lambda functions. │ │ - A user runs a script that includes a call to the *MyLambdaFunction* function and the *MyOtherLambdaFunction* function. │ │ - The `Invoke` API operation on *MyLambdaFunction* is an Lambda API. It is recorded as a data event in CloudTrail. Because the CloudTrail user specified logging data events for *MyLambdaFunction* , any invocations of that function are logged. The trail processes and logs the event. │ │ - The `Invoke` API operation on *MyOtherLambdaFunction* is an Lambda API. Because the CloudTrail user did not specify logging data events for all Lambda functions, the `Invoke` operation for *MyOtherLambdaFunction* does not match the function specified for the trail. The trail doesn’t log the event. │ └ properties │ └ Values: (documentation changed) ├[~] service aws-codecommit │ └ resources │ └[~] resource AWS::CodeCommit::Repository │ └ - documentation: Creates a new, empty repository. │ + documentation: Creates a new, empty repository. │ > AWS CodeCommit is no longer available to new customers. Existing customers of AWS CodeCommit can continue to use the service as normal. [Learn more"](https://docs.aws.amazon.com/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider) ├[~] service aws-codeconnections │ └ resources │ └[~] resource AWS::CodeConnections::Connection │ └ attributes │ └ ConnectionArn: (documentation changed) ├[~] service aws-codepipeline │ └ resources │ ├[~] resource AWS::CodePipeline::Pipeline │ │ └ types │ │ ├[+] type BeforeEntryConditions │ │ │ ├ documentation: The conditions for making checks for entry to a stage. │ │ │ │ name: BeforeEntryConditions │ │ │ └ properties │ │ │ └Conditions: Array<Condition> │ │ ├[+] type Condition │ │ │ ├ documentation: The condition for the stage. A condition is made up of the rules and the result for the condition. │ │ │ │ name: Condition │ │ │ └ properties │ │ │ ├Result: string │ │ │ └Rules: Array<RuleDeclaration> │ │ ├[~] type FailureConditions │ │ │ └ properties │ │ │ └[+] Conditions: Array<Condition> │ │ ├[+] type RuleDeclaration │ │ │ ├ documentation: Represents information about the rule to be created for an associated condition. An example would be creating a new rule for an entry condition, such as a rule that checks for a test result before allowing the run to enter the deployment stage. │ │ │ │ name: RuleDeclaration │ │ │ └ properties │ │ │ ├RuleTypeId: RuleTypeId │ │ │ ├Configuration: json │ │ │ ├InputArtifacts: Array<InputArtifact> │ │ │ ├Region: string │ │ │ ├RoleArn: string │ │ │ └Name: string │ │ ├[+] type RuleTypeId │ │ │ ├ documentation: The ID for the rule type, which is made up of the combined values for category, owner, provider, and version. │ │ │ │ name: RuleTypeId │ │ │ └ properties │ │ │ ├Owner: string │ │ │ ├Category: string │ │ │ ├Version: string │ │ │ └Provider: string │ │ ├[~] type StageDeclaration │ │ │ └ properties │ │ │ ├[+] BeforeEntry: BeforeEntryConditions │ │ │ └[+] OnSuccess: SuccessConditions │ │ └[+] type SuccessConditions │ │ ├ documentation: The conditions for making checks that, if met, succeed a stage. │ │ │ name: SuccessConditions │ │ └ properties │ │ └Conditions: Array<Condition> │ └[~] resource AWS::CodePipeline::Webhook │ ├ properties │ │ └ Authentication: (documentation changed) │ └ types │ └[~] type WebhookAuthConfiguration │ └ properties │ └ SecretToken: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::LogDeliveryConfiguration │ │ ├ - documentation: The logging parameters of a user pool. │ │ │ + documentation: The logging parameters of a user pool returned in response to `GetLogDeliveryConfiguration` . │ │ ├ properties │ │ │ ├ LogConfigurations: (documentation changed) │ │ │ └ UserPoolId: (documentation changed) │ │ └ types │ │ ├[~] type CloudWatchLogsConfiguration │ │ │ └ - documentation: The CloudWatch logging destination of a user pool detailed activity logging configuration. │ │ │ + documentation: Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features. │ │ ├[+] type FirehoseConfiguration │ │ │ ├ name: FirehoseConfiguration │ │ │ └ properties │ │ │ └StreamArn: string │ │ ├[~] type LogConfiguration │ │ │ └ properties │ │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ │ ├ EventSource: (documentation changed) │ │ │ ├[+] FirehoseConfiguration: FirehoseConfiguration │ │ │ ├ LogLevel: (documentation changed) │ │ │ └[+] S3Configuration: S3Configuration │ │ └[+] type S3Configuration │ │ ├ name: S3Configuration │ │ └ properties │ │ └BucketArn: string │ └[~] resource AWS::Cognito::UserPool │ └ types │ └[~] type PasswordPolicy │ └ properties │ └[+] PasswordHistorySize: integer ├[~] service aws-datapipeline │ └ resources │ └[~] resource AWS::DataPipeline::Pipeline │ └ - documentation: The AWS::DataPipeline::Pipeline resource specifies a data pipeline that you can use to automate the movement and transformation of data. In each pipeline, you define pipeline objects, such as activities, schedules, data nodes, and resources. For information about pipeline objects and components that you can use, see [Pipeline Object Reference](https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-pipeline-objects.html) in the *AWS Data Pipeline Developer Guide* . │ The `AWS::DataPipeline::Pipeline` resource adds tasks, schedules, and preconditions to the specified pipeline. You can use `PutPipelineDefinition` to populate a new pipeline. │ `PutPipelineDefinition` also validates the configuration as it adds it to the pipeline. Changes to the pipeline are saved unless one of the following validation errors exist in the pipeline. │ - An object is missing a name or identifier field. │ - A string or reference field is empty. │ - The number of objects in the pipeline exceeds the allowed maximum number of objects. │ - The pipeline is in a FINISHED state. │ Pipeline object definitions are passed to the [PutPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_PutPipelineDefinition.html) action and returned by the [GetPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_GetPipelineDefinition.html) action. │ + documentation: The AWS::DataPipeline::Pipeline resource specifies a data pipeline that you can use to automate the movement and transformation of data. │ > AWS Data Pipeline is no longer available to new customers. Existing customers of AWS Data Pipeline can continue to use the service as normal. [Learn more](https://docs.aws.amazon.com/big-data/migrate-workloads-from-aws-data-pipeline/) │ In each pipeline, you define pipeline objects, such as activities, schedules, data nodes, and resources. │ The `AWS::DataPipeline::Pipeline` resource adds tasks, schedules, and preconditions to the specified pipeline. You can use `PutPipelineDefinition` to populate a new pipeline. │ `PutPipelineDefinition` also validates the configuration as it adds it to the pipeline. Changes to the pipeline are saved unless one of the following validation errors exist in the pipeline. │ - An object is missing a name or identifier field. │ - A string or reference field is empty. │ - The number of objects in the pipeline exceeds the allowed maximum number of objects. │ - The pipeline is in a FINISHED state. │ Pipeline object definitions are passed to the [PutPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_PutPipelineDefinition.html) action and returned by the [GetPipelineDefinition](https://docs.aws.amazon.com/datapipeline/latest/APIReference/API_GetPipelineDefinition.html) action. ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ └[~] type LaunchTemplateData │ │ └ properties │ │ └ ImageId: (documentation changed) │ ├[~] resource AWS::EC2::NetworkInsightsAnalysis │ │ └ types │ │ └[~] type AnalysisRouteTableRoute │ │ └ properties │ │ └ destinationPrefixListId: (documentation changed) │ ├[~] resource AWS::EC2::TransitGatewayAttachment │ │ └ types │ │ └[~] type Options │ │ └ properties │ │ └[-] SecurityGroupReferencingSupport: string │ ├[~] resource AWS::EC2::TransitGatewayMulticastGroupMember │ │ └ attributes │ │ └ SourceType: (documentation changed) │ ├[~] resource AWS::EC2::TransitGatewayMulticastGroupSource │ │ └ attributes │ │ └ MemberType: (documentation changed) │ └[~] resource AWS::EC2::VPCEndpoint │ └ - documentation: Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the [AWS PrivateLink User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/) . │ An endpoint of type `Interface` establishes connections between the subnets in your VPC and an AWS service , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. │ An endpoint of type `gateway` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) │ An endpoint of type `GatewayLoadBalancer` provides private connectivity between your VPC and virtual appliances from a service provider. │ + documentation: Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS , an AWS Marketplace Partner, or another AWS accounts in your organization. For more information, see the [AWS PrivateLink User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/) . │ An endpoint of type `Interface` establishes connections between the subnets in your VPC and an , your own service, or a service hosted by another AWS account . With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. │ An endpoint of type `gateway` serves as a target for a route in your route table for traffic destined for Amazon S3 or DynamoDB . You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to Amazon S3 , see [Why can't I connect to an S3 bucket using a gateway VPC endpoint?](https://docs.aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint) │ An endpoint of type `GatewayLoadBalancer` provides private connectivity between your VPC and virtual appliances from a service provider. ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ └[~] type AwsVpcConfiguration │ │ └ - documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ │ + documentation: An object representing the networking details for a task or service. For example `awsVpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` . │ └[~] resource AWS::ECS::TaskSet │ └ types │ └[~] type AwsVpcConfiguration │ └ - documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ + documentation: An object representing the networking details for a task or service. For example `awsVpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` . ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup │ └ types │ └[~] type TargetGroupAttribute │ └ properties │ └ Key: (documentation changed) ├[~] service aws-forecast │ └ resources │ ├[~] resource AWS::Forecast::Dataset │ │ └ - documentation: Creates an Amazon Forecast dataset. The information about the dataset that you provide helps Forecast understand how to consume the data for model training. This includes the following: │ │ - *`DataFrequency`* - How frequently your historical time-series data is collected. │ │ - *`Domain`* and *`DatasetType`* - Each dataset has an associated dataset domain and a type within the domain. Amazon Forecast provides a list of predefined domains and types within each domain. For each unique dataset domain and type within the domain, Amazon Forecast requires your data to include a minimum set of predefined fields. │ │ - *`Schema`* - A schema specifies the fields in the dataset, including the field name and data type. │ │ After creating a dataset, you import your training data into it and add the dataset to a dataset group. You use the dataset group to create a predictor. For more information, see [Importing datasets](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ │ To get a list of all your datasets, use the [ListDatasets](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasets.html) operation. │ │ For example Forecast datasets, see the [Amazon Forecast Sample GitHub repository](https://docs.aws.amazon.com/https:/aws-samples/amazon-forecast-samples) . │ │ > The `Status` of a dataset must be `ACTIVE` before you can import training data. Use the [DescribeDataset](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDataset.html) operation to get the status. │ │ + documentation: Creates an Amazon Forecast dataset. │ │ > Amazon Forecast is no longer available to new customers. Existing customers of Amazon Forecast can continue to use the service as normal. [Learn more"](https://docs.aws.amazon.com/machine-learning/transition-your-amazon-forecast-usage-to-amazon-sagemaker-canvas/) │ │ The information about the dataset that you provide helps Forecast understand how to consume the data for model training. This includes the following: │ │ - *`DataFrequency`* - How frequently your historical time-series data is collected. │ │ - *`Domain`* and *`DatasetType`* - Each dataset has an associated dataset domain and a type within the domain. Amazon Forecast provides a list of predefined domains and types within each domain. For each unique dataset domain and type within the domain, Amazon Forecast requires your data to include a minimum set of predefined fields. │ │ - *`Schema`* - A schema specifies the fields in the dataset, including the field name and data type. │ │ After creating a dataset, you import your training data into it and add the dataset to a dataset group. You use the dataset group to create a predictor. For more information, see [Importing datasets](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ │ To get a list of all your datasets, use the [ListDatasets](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasets.html) operation. │ │ For example Forecast datasets, see the [Amazon Forecast Sample GitHub repository](https://docs.aws.amazon.com/https:/aws-samples/amazon-forecast-samples) . │ │ > The `Status` of a dataset must be `ACTIVE` before you can import training data. Use the [DescribeDataset](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDataset.html) operation to get the status. │ └[~] resource AWS::Forecast::DatasetGroup │ └ - documentation: Creates a dataset group, which holds a collection of related datasets. You can add datasets to the dataset group when you create the dataset group, or later by using the [UpdateDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_UpdateDatasetGroup.html) operation. │ After creating a dataset group and adding datasets, you use the dataset group when you create a predictor. For more information, see [Dataset groups](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ To get a list of all your datasets groups, use the [ListDatasetGroups](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasetGroups.html) operation. │ > The `Status` of a dataset group must be `ACTIVE` before you can use the dataset group to create a predictor. To get the status, use the [DescribeDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDatasetGroup.html) operation. │ + documentation: Creates a dataset group, which holds a collection of related datasets. You can add datasets to the dataset group when you create the dataset group, or later by using the [UpdateDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_UpdateDatasetGroup.html) operation. │ > Amazon Forecast is no longer available to new customers. Existing customers of Amazon Forecast can continue to use the service as normal. [Learn more"](https://docs.aws.amazon.com/machine-learning/transition-your-amazon-forecast-usage-to-amazon-sagemaker-canvas/) │ After creating a dataset group and adding datasets, you use the dataset group when you create a predictor. For more information, see [Dataset groups](https://docs.aws.amazon.com/forecast/latest/dg/howitworks-datasets-groups.html) . │ To get a list of all your datasets groups, use the [ListDatasetGroups](https://docs.aws.amazon.com/forecast/latest/dg/API_ListDatasetGroups.html) operation. │ > The `Status` of a dataset group must be `ACTIVE` before you can use the dataset group to create a predictor. To get the status, use the [DescribeDatasetGroup](https://docs.aws.amazon.com/forecast/latest/dg/API_DescribeDatasetGroup.html) operation. ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ └ types │ └[~] type MSKSourceConfiguration │ └ properties │ └[+] ReadFromTimestamp: string ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::Function │ │ └ types │ │ └[~] type Code │ │ └ properties │ │ └[+] SourceKMSKeyArn: string │ └[~] resource AWS::Lambda::Permission │ └ properties │ ├ Principal: (documentation changed) │ ├ SourceAccount: (documentation changed) │ └ SourceArn: (documentation changed) ├[~] service aws-medialive │ └ resources │ └[~] resource AWS::MediaLive::Multiplexprogram │ └ attributes │ └ ChannelId: (documentation changed) ├[~] service aws-networkfirewall │ └ resources │ └[~] resource AWS::NetworkFirewall::LoggingConfiguration │ └ types │ └[~] type LogDestinationConfig │ └ properties │ └ LogType: (documentation changed) ├[~] service aws-networkmanager │ └ resources │ ├[~] resource AWS::NetworkManager::ConnectAttachment │ │ ├ properties │ │ │ ├[+] NetworkFunctionGroupName: string │ │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ │ └ types │ │ └[+] type ProposedNetworkFunctionGroupChange │ │ ├ documentation: Describes proposed changes to a network function group. │ │ │ name: ProposedNetworkFunctionGroupChange │ │ └ properties │ │ ├Tags: Array<tag> │ │ ├AttachmentPolicyRuleNumber: integer │ │ └NetworkFunctionGroupName: string │ ├[~] resource AWS::NetworkManager::CoreNetwork │ │ ├ attributes │ │ │ └[+] NetworkFunctionGroups: Array<CoreNetworkNetworkFunctionGroup> │ │ └ types │ │ ├[+] type CoreNetworkNetworkFunctionGroup │ │ │ ├ documentation: Describes a network function group. │ │ │ │ name: CoreNetworkNetworkFunctionGroup │ │ │ └ properties │ │ │ ├Name: string │ │ │ ├EdgeLocations: Array<string> │ │ │ └Segments: Segments │ │ └[+] type Segments │ │ ├ name: Segments │ │ └ properties │ │ ├SendTo: Array<string> │ │ └SendVia: Array<string> │ ├[~] resource AWS::NetworkManager::SiteToSiteVpnAttachment │ │ ├ properties │ │ │ ├[+] NetworkFunctionGroupName: string │ │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ │ └ types │ │ └[+] type ProposedNetworkFunctionGroupChange │ │ ├ documentation: Describes proposed changes to a network function group. │ │ │ name: ProposedNetworkFunctionGroupChange │ │ └ properties │ │ ├Tags: Array<tag> │ │ ├AttachmentPolicyRuleNumber: integer │ │ └NetworkFunctionGroupName: string │ ├[~] resource AWS::NetworkManager::TransitGatewayRouteTableAttachment │ │ ├ properties │ │ │ ├[+] NetworkFunctionGroupName: string │ │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ │ └ types │ │ └[+] type ProposedNetworkFunctionGroupChange │ │ ├ documentation: Describes proposed changes to a network function group. │ │ │ name: ProposedNetworkFunctionGroupChange │ │ └ properties │ │ ├Tags: Array<tag> │ │ ├AttachmentPolicyRuleNumber: integer │ │ └NetworkFunctionGroupName: string │ └[~] resource AWS::NetworkManager::VpcAttachment │ ├ properties │ │ └[+] ProposedNetworkFunctionGroupChange: ProposedNetworkFunctionGroupChange │ ├ attributes │ │ └[+] NetworkFunctionGroupName: string │ └ types │ └[+] type ProposedNetworkFunctionGroupChange │ ├ documentation: Describes proposed changes to a network function group. │ │ name: ProposedNetworkFunctionGroupChange │ └ properties │ ├Tags: Array<tag> │ ├AttachmentPolicyRuleNumber: integer │ └NetworkFunctionGroupName: string ├[~] service aws-osis │ └ resources │ └[~] resource AWS::OSIS::Pipeline │ └ types │ ├[~] type VpcAttachmentOptions │ │ ├ - documentation: Options for attaching a VPC to the pipeline. │ │ │ + documentation: Options for attaching a VPC to pipeline. │ │ └ properties │ │ └ AttachToVpc: (documentation changed) │ └[~] type VpcOptions │ └ properties │ └ VpcAttachmentOptions: (documentation changed) ├[~] service aws-pipes │ └ resources │ └[~] resource AWS::Pipes::Pipe │ └ types │ └[~] type S3LogDestination │ └ properties │ └ OutputFormat: (documentation changed) ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ └ properties │ ├ RestoreTime: (documentation changed) │ └ UseLatestRestorableTime: (documentation changed) ├[~] service aws-redshift │ └ resources │ └[~] resource AWS::Redshift::Cluster │ └ types │ └[~] type LoggingProperties │ └ properties │ ├[+] LogDestinationType: string │ └[+] LogExports: Array<string> ├[~] service aws-rolesanywhere │ └ resources │ └[~] resource AWS::RolesAnywhere::Profile │ └ properties │ └[+] AcceptRoleSessionName: boolean ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::ResolverRule │ └ properties │ ├[+] DelegationRecord: string │ └ DomainName: - string (required, immutable?) │ + string (immutable?) ├[~] service aws-s3 │ └ resources │ ├[~] resource AWS::S3::AccessPoint │ │ └ types │ │ └[~] type PublicAccessBlockConfiguration │ │ └ properties │ │ └ RestrictPublicBuckets: (documentation changed) │ ├[~] resource AWS::S3::Bucket │ │ └ types │ │ └[~] type PublicAccessBlockConfiguration │ │ └ properties │ │ └ RestrictPublicBuckets: (documentation changed) │ └[~] resource AWS::S3::MultiRegionAccessPoint │ └ types │ └[~] type PublicAccessBlockConfiguration │ └ properties │ └ RestrictPublicBuckets: (documentation changed) ├[~] service aws-s3objectlambda │ └ resources │ └[~] resource AWS::S3ObjectLambda::AccessPoint │ └ types │ └[~] type PublicAccessBlockConfiguration │ └ properties │ └ RestrictPublicBuckets: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ └[~] resource AWS::SageMaker::ModelPackage │ ├ properties │ │ └ ModelCard: (documentation changed) │ └ types │ ├[~] type ModelAccessConfig │ │ ├ - documentation: Specifies the access configuration file for the ML model. │ │ │ + documentation: The access configuration file to control access to the ML model. You can explicitly accept the model end-user license agreement (EULA) within the `ModelAccessConfig` . │ │ │ - If you are a Jumpstart user, see the [End-user license agreements](https://docs.aws.amazon.com/sagemaker/latest/dg/jumpstart-foundation-models-choose.html#jumpstart-foundation-models-choose-eula) section for more details on accepting the EULA. │ │ │ - If you are an AutoML user, see the *Optional Parameters* section of *Create an AutoML job to fine-tune text generation models using the API* for details on [How to set the EULA acceptance when fine-tuning a model using the AutoML API](https://docs.aws.amazon.com/sagemaker/latest/dg/autopilot-create-experiment-finetune-llms.html#autopilot-llms-finetuning-api-optional-params) . │ │ └ properties │ │ └ AcceptEula: (documentation changed) │ ├[~] type ModelCard │ │ ├ - documentation: The model card associated with the model package. │ │ │ + documentation: An Amazon SageMaker Model Card. │ │ └ properties │ │ └ ModelCardStatus: (documentation changed) │ ├[~] type ModelDataSource │ │ └ - documentation: Specifies the location of ML model data to deploy during endpoint creation. │ │ + documentation: Specifies the location of ML model data to deploy. If specified, you must specify one and only one of the available data sources. │ └[~] type S3ModelDataSource │ └ properties │ ├ CompressionType: (documentation changed) │ ├ ModelAccessConfig: (documentation changed) │ └ S3DataType: (documentation changed) ├[~] service aws-securityhub │ └ resources │ ├[~] resource AWS::SecurityHub::AutomationRule │ │ └ types │ │ └[~] type AutomationRulesFindingFilters │ │ └ properties │ │ └ ResourceId: (documentation changed) │ ├[~] resource AWS::SecurityHub::ConfigurationPolicy │ │ └ types │ │ └[~] type Policy │ │ └ properties │ │ └ SecurityHub: (documentation changed) │ ├[~] resource AWS::SecurityHub::Insight │ │ └ types │ │ └[~] type AwsSecurityFindingFilters │ │ └ properties │ │ └ ComplianceSecurityControlId: (documentation changed) │ └[~] resource AWS::SecurityHub::SecurityControl │ └ properties │ └ SecurityControlId: (documentation changed) └[~] service aws-ssm └ resources └[~] resource AWS::SSM::PatchBaseline └ types └[~] type Rule └ properties ├ ApproveAfterDays: (documentation changed) └ ApproveUntilDate: (documentation changed) ```
…s-cdk/aws-lambda-python-alpha/test/lambda-handler-pipenv (#31087) Bumps [certifi](https:/certifi/python-certifi) from 2023.7.22 to 2024.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https:/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"><code>bd81538</code></a> 2024.07.04 (<a href="https://redirect.github.com/certifi/python-certifi/issues/295">#295</a>)</li> <li><a href="https:/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3"><code>06a2cbf</code></a> Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/294">#294</a>)</li> <li><a href="https:/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23"><code>13bba02</code></a> Bump actions/checkout from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/293">#293</a>)</li> <li><a href="https:/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554"><code>e8abcd0</code></a> Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/292">#292</a>)</li> <li><a href="https:/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1"><code>124f4ad</code></a> 2024.06.02 (<a href="https://redirect.github.com/certifi/python-certifi/issues/291">#291</a>)</li> <li><a href="https:/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a"><code>c2196ce</code></a> --- (<a href="https://redirect.github.com/certifi/python-certifi/issues/290">#290</a>)</li> <li><a href="https:/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2"><code>fefdeec</code></a> Bump actions/checkout from 4.1.4 to 4.1.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/289">#289</a>)</li> <li><a href="https:/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf"><code>3c5fb15</code></a> Bump actions/download-artifact from 4.1.6 to 4.1.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/286">#286</a>)</li> <li><a href="https:/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1"><code>4a9569a</code></a> Bump actions/checkout from 4.1.2 to 4.1.4 (<a href="https://redirect.github.com/certifi/python-certifi/issues/287">#287</a>)</li> <li><a href="https:/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3"><code>1fc8086</code></a> Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (<a href="https://redirect.github.com/certifi/python-certifi/issues/288">#288</a>)</li> <li>Additional commits viewable in <a href="https:/certifi/python-certifi/compare/2023.07.22...2024.07.04">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https:/aws/aws-cdk/network/alerts). </details>
### Issue # (if applicable) Closes #31081. ### Reason for this change Per [PostgreSQL version 16.4 on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-versions.html#postgresql-versions-version164), PostgreSQL version 16.4 is now available on Amazon RDS. Executing AWS CLI command `aws rds describe-db-engine-versions --engine postgres --output table --query 'DBEngineVersions[*].{Engine:Engine,EngineVersion:EngineVersion}'` also lists `16.4` as one of the supported versions. ### Description of changes Added `16.4` version to [PostgresEngineVersion](https:/aws/aws-cdk/blob/501a4f1a81983992ec04a1acbed84d09e9470f8c/packages/aws-cdk-lib/aws-rds/lib/instance-engine.ts#L1014C14-L1014C35) class. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Some typo fixes in the CloudFrontWebDistribution docs. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes . ### Reason for this change Update bug template for users to inform about the code changes that resulted in breaking changes. ### Description of changes - Adding checkbox to indicate whether this bug is a regression - Add option of an input for adding last known CDK version - Add GH workflow to run when an issue is opened or edit, workflow will add label `potential-regression` on the basis whether checkbox is selected in [issue template or not.](https:/shikha372/aws-cdk/blob/regression_template/.github/ISSUE_TEMPLATE/bug-report.yml) ### Description of how you validated changes Validated template [here](https:/shikha372/aws-cdk/blob/regression_template/.github/ISSUE_TEMPLATE/bug-report.yml) Label : potential-regression (will be created after approval) Label will removed if this option is unchecked and added if this option is checked. Verified with sample issue in personal repo [here](https:/shikha372/aws-cdk/actions/runs/10326894628), can be tested on sample [github issue ](shikha372#2 in personal repo. Result will be seen in [github actions](https:/shikha372/aws-cdk/actions). Sample issue: shikha372#2 Sample run: https:/shikha372/aws-cdk/actions/runs/10326894628/job/28591182838 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add new foundation model. Ref: * https://aws.amazon.com/about-aws/whats-new/2024/08/titan-image-generator-v2-amazon-bedrock/ * https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…MySQL, and SQL Server (#31095) Add the instance engines that were added in the following updates. #### PostgreSQL [Amazon RDS for PostgreSQL supports minor versions 16.4, 15.8, 14.13, 13.16, and 12.20 ](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-for-postgresql-supports-minor-versions/) * 16.4 was added in #31088 #### MySQL [Amazon RDS for MySQL supports new minor version 8.0.39 ](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-mysql-new-minor-version-8-0-39/) * Note: 8.0.38 does not exist ([Ref](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Concepts.VersionMgmt.html)). #### SQL Server [Amazon RDS for SQL Server supports minor versions 2016 GDR, 2017 CU31 GDR, 2019 GDR, 2022 GDR](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-rds-sql-server-minor-versions-gdr/) [Amazon RDS for SQL Server supports minor version 2019 CU27 ](https://aws.amazon.com/about-aws/whats-new/2024/07/amazon-rds-sql-server-minor-version-2019-cu27/?nc1=h_ls) * The exact engine names were obtained using the following command: ```sh % aws rds describe-db-engine-versions --engine sqlserver-ee --query 'DBEngineVersions[*].EngineVersion' --output table --region us-east-1 // result -------------------------- |DescribeDBEngineVersions| +------------------------+ // omit | 13.00.6441.1.v1 | // omit | 14.00.3471.2.v1 | // omit | 15.00.4375.4.v1 | | 15.00.4382.1.v1 | // omit | 16.00.4131.2.v1 | +------------------------+ ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… and 12.19 (#31094) Add the cluster engines that were added in the following update. [Amazon Aurora supports PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 ](https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-aurora-postgresql-new-version-support/) * 16.3 was added in #31003 * 15.7 was added in #31085 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…deprecate AlbTarget due to ALB listener race conditions (#17208) (#30396) ### Issue # (if applicable) Closes #17208 . ### Description of changes - This PR replaces `AlbTarget` with `AlbListenerTarget`, allowing us to automatically add a dependency between the provided ALB listener and the associated NLB target group. Without such a dependency stacks may fail to deploy if the listener is not created when the target group attempts to be created. - Also, As described - #17208 (comment) , it will handle graceful deletion of resources. ### Description of how you validated changes - Added UnitTests - Ran integrationTests as below, ``` $ yarn integ aws-elasticloadbalancingv2-targets/test/integ.alb-listner-target.js --update-on-failed ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR only includes the removal of cdk-assets. In order to keep PRs small and clean, this does not include the documentation updates for how to find and contribute to cdk-assets for cloud-assembly-schema. That will be a separate PR. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) Bumps [tj-actions/changed-files](https:/tj-actions/changed-files) from 44.5.6 to 44.5.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https:/tj-actions/changed-files/releases">tj-actions/changed-files's releases</a>.</em></p> <blockquote> <h2>v44.5.7</h2> <h2>What's Changed</h2> <ul> <li>Upgraded to v44.5.6 by <a href="https:/tj-actions-bot"><code>@tj-actions-bot</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2204">tj-actions/changed-files#2204</a></li> <li>chore(deps): update typescript-eslint monorepo to v7.17.0 by <a href="https:/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2205">tj-actions/changed-files#2205</a></li> <li>chore(deps): update dependency <code>@types/node</code> to v20.14.12 by <a href="https:/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2208">tj-actions/changed-files#2208</a></li> <li>fix(deps): update dependency yaml to v2.5.0 by <a href="https:/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2209">tj-actions/changed-files#2209</a></li> <li>fix: error with pull_request closed test by <a href="https:/jackton1"><code>@jackton1</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2211">tj-actions/changed-files#2211</a></li> <li>fix(deps): update dependency <code>@stdlib/utils-convert-path</code> to v0.2.2 by <a href="https:/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2212">tj-actions/changed-files#2212</a></li> <li>chore(deps): update dependency <code>@types/node</code> to v20.14.13 by <a href="https:/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2213">tj-actions/changed-files#2213</a></li> <li>chore(deps): update typescript-eslint monorepo to v7.18.0 by <a href="https:/renovate"><code>@renovate</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2216">tj-actions/changed-files#2216</a></li> <li>chore(deps-dev): bump <code>@types/node</code> from 20.14.13 to 22.0.0 by <a href="https:/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/tj-actions/changed-files/pull/2215">tj-actions/changed-files#2215</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https:/tj-actions/changed-files/compare/v44...v44.5.7">https:/tj-actions/changed-files/compare/v44...v44.5.7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https:/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1><a href="https:/tj-actions/changed-files/compare/v44.5.6...v44.5.7">44.5.7</a> - (2024-07-30)</h1> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>deps:</strong> Update dependency <code>@stdlib/utils-convert-path</code> to v0.2.2 (<a href="https:/tj-actions/changed-files/commit/e4fe134b735e3c67d244091a6c505cbb39b32212">e4fe134</a>) - (renovate[bot])</li> <li>Error with pull_request closed test (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2211">#2211</a>) (<a href="https:/tj-actions/changed-files/commit/f5a7145f2ba7e6d42d799f0270017afc09189f64">f5a7145</a>) - (Tonye Jack)</li> <li><strong>deps:</strong> Update dependency yaml to v2.5.0 (<a href="https:/tj-actions/changed-files/commit/28fd03b28d647c18884fa609756e9aa323da9598">28fd03b</a>) - (renovate[bot])</li> </ul> <h2>➕ Add</h2> <ul> <li>Added missing changes and modified dist assets. (<a href="https:/tj-actions/changed-files/commit/a77ecbc238d92fd078cf5deee43b895a3a5b3fef">a77ecbc</a>) - (GitHub Action)</li> <li>Added missing changes and modified dist assets. (<a href="https:/tj-actions/changed-files/commit/10471793b2c8356c90f4ddf302561e23d57582ac">1047179</a>) - (GitHub Action)</li> </ul> <h2>⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps-dev:</strong> Bump <code>@types/node</code> from 20.14.13 to 22.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2215">#2215</a>) (<a href="https:/tj-actions/changed-files/commit/c65cd883420fd2eb864698a825fc4162dd94482c">c65cd88</a>) - (dependabot[bot])</li> <li><strong>deps:</strong> Update typescript-eslint monorepo to v7.18.0 (<a href="https:/tj-actions/changed-files/commit/9f928e3005748ed5c45dcdb97c101a4547f612d0">9f928e3</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency <code>@types/node</code> to v20.14.13 (<a href="https:/tj-actions/changed-files/commit/fb1b47b72779e62a69dc98934f3e07e01eb78735">fb1b47b</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency <code>@types/node</code> to v20.14.12 (<a href="https:/tj-actions/changed-files/commit/4db04c76fac5b37cc0308020af9c651f2447a026">4db04c7</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update typescript-eslint monorepo to v7.17.0 (<a href="https:/tj-actions/changed-files/commit/f79274f27befa7e1bf6d5eb1c4964c0f65cea226">f79274f</a>) - (renovate[bot])</li> </ul> <h2>⬆️ Upgrades</h2> <ul> <li>Upgraded to v44.5.6 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2204">#2204</a>)</li> </ul> <p>Co-authored-by: jackton1 <a href="mailto:[email protected]">[email protected]</a> (<a href="https:/tj-actions/changed-files/commit/f1d2215d5d3ce1f57b3ad38a3db65d0e2cfbdb38">f1d2215</a>) - (tj-actions[bot])</p> <h1><a href="https:/tj-actions/changed-files/compare/v44.5.5...v44.5.6">44.5.6</a> - (2024-07-18)</h1> <h2>🐛 Bug Fixes</h2> <ul> <li>Remove unused code (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2202">#2202</a>) (<a href="https:/tj-actions/changed-files/commit/6b2903bdce6310cfbddd87c418f253cf29b2dec9">6b2903b</a>) - (Tonye Jack)</li> <li><strong>deps:</strong> Update dependency <code>@octokit/rest</code> to v21.0.1 (<a href="https:/tj-actions/changed-files/commit/56b5e13a32a8099659d9f0de4b06bc1fe9b60d3b">56b5e13</a>) - (renovate[bot])</li> </ul> <h2>⚙️ Miscellaneous Tasks</h2> <ul> <li><strong>deps:</strong> Update dependency ts-jest to v29.2.3 (<a href="https:/tj-actions/changed-files/commit/dc82617b247f7d2e5734aa9c0a0e5b800e58c1d8">dc82617</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency eslint-plugin-prettier to v5.2.1 (<a href="https:/tj-actions/changed-files/commit/1797e9a1ea6596c1ae24e354e3d27b60332efcda">1797e9a</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency <code>@types/node</code> to v20.14.11 (<a href="https:/tj-actions/changed-files/commit/9e63ef55ed3d63a5d2a83c405c415505f18fc6ea">9e63ef5</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency <code>@types/lodash</code> to v4.17.7 (<a href="https:/tj-actions/changed-files/commit/f1afcaced6b0126bdec60471b68db60065446b50">f1afcac</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update typescript-eslint monorepo to v7.16.1 (<a href="https:/tj-actions/changed-files/commit/e42a3d1b0ac3775d2029e7f164e9969b2d0b70a3">e42a3d1</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency prettier to v3.3.3 (<a href="https:/tj-actions/changed-files/commit/f0eedff3627914fdcdf6458fad3b3d27fdff3f4a">f0eedff</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update codacy/codacy-analysis-cli-action action to v4.4.5 (<a href="https:/tj-actions/changed-files/commit/f6d7b721fdaf52c025f2ffecd8ed077ef7dbb8a8">f6d7b72</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update codacy/codacy-analysis-cli-action action to v4.4.4 (<a href="https:/tj-actions/changed-files/commit/6f59461624f15e6b5588a64c5e2e6116135e331b">6f59461</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update codacy/codacy-analysis-cli-action action to v4.4.2 (<a href="https:/tj-actions/changed-files/commit/443dcaf814b84471f1737342017b67aee4917773">443dcaf</a>) - (renovate[bot])</li> <li><strong>deps:</strong> Update dependency ts-jest to v29.2.2 (<a href="https:/tj-actions/changed-files/commit/6f8dfa84e8e84bd9098c4348fbe396887cdd0f38">6f8dfa8</a>) - (renovate[bot])</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https:/tj-actions/changed-files/commit/c65cd883420fd2eb864698a825fc4162dd94482c"><code>c65cd88</code></a> chore(deps-dev): bump <code>@types/node</code> from 20.14.13 to 22.0.0 (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2215">#2215</a>)</li> <li><a href="https:/tj-actions/changed-files/commit/9f928e3005748ed5c45dcdb97c101a4547f612d0"><code>9f928e3</code></a> chore(deps): update typescript-eslint monorepo to v7.18.0</li> <li><a href="https:/tj-actions/changed-files/commit/fb1b47b72779e62a69dc98934f3e07e01eb78735"><code>fb1b47b</code></a> chore(deps): update dependency <code>@types/node</code> to v20.14.13</li> <li><a href="https:/tj-actions/changed-files/commit/a77ecbc238d92fd078cf5deee43b895a3a5b3fef"><code>a77ecbc</code></a> Added missing changes and modified dist assets.</li> <li><a href="https:/tj-actions/changed-files/commit/e4fe134b735e3c67d244091a6c505cbb39b32212"><code>e4fe134</code></a> fix(deps): update dependency <code>@stdlib/utils-convert-path</code> to v0.2.2</li> <li><a href="https:/tj-actions/changed-files/commit/f5a7145f2ba7e6d42d799f0270017afc09189f64"><code>f5a7145</code></a> fix: error with pull_request closed test (<a href="https://redirect.github.com/tj-actions/changed-files/issues/2211">#2211</a>)</li> <li><a href="https:/tj-actions/changed-files/commit/10471793b2c8356c90f4ddf302561e23d57582ac"><code>1047179</code></a> Added missing changes and modified dist assets.</li> <li><a href="https:/tj-actions/changed-files/commit/28fd03b28d647c18884fa609756e9aa323da9598"><code>28fd03b</code></a> fix(deps): update dependency yaml to v2.5.0</li> <li><a href="https:/tj-actions/changed-files/commit/4db04c76fac5b37cc0308020af9c651f2447a026"><code>4db04c7</code></a> chore(deps): update dependency <code>@types/node</code> to v20.14.12</li> <li><a href="https:/tj-actions/changed-files/commit/f79274f27befa7e1bf6d5eb1c4964c0f65cea226"><code>f79274f</code></a> chore(deps): update typescript-eslint monorepo to v7.17.0</li> <li>Additional commits viewable in <a href="https:/tj-actions/changed-files/compare/6b2903bdce6310cfbddd87c418f253cf29b2dec9...c65cd883420fd2eb864698a825fc4162dd94482c">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
…mResourceConfig (#31041) ### Reason for this change CDK vended custom resources may or may not have Cloudwatch logGroup set with a retention period. Modify all CDK-vended custom resources with `CustomResourceConfig` and to modify retention period with `addLogRetentionLifetime` method. `CustomResourceConfig.of(app).addLogRetentionLifetime(logs.RetentionDays.TEN_YEARS);` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…sion 6 required" (#31092) ### Issue # (if applicable) Closes #17942. ### Reason for this change The CDK CLI shows the stack template, which includes the CFN Rule `CheckBootstrapVersion`. This rule will fail a deployment if the bootstrap is not right. Customers think this rule is an error message. ### Description of changes Obscure this `CheckBootstrapVersion` Rule from the template when we print it, if it exists. If it is the only Rule, remove the `Rules` section entirely. ### Description of how you validated changes Manual testing, unit tests, and CLI integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #17526 ### Reason for this change Show user-friendly error message faster (before deployment) ### Description of changes Added format and length validation according to [AWS::Lambda::Function FileSystemConfig document](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-filesystemconfig.html#cfn-lambda-function-filesystemconfig-localmountpath)  ### Description of how you validated changes - Added unit test - No integration test because I think it is overkill ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…values (#31115) ### Issue # (if applicable) Closes #31113 ### Reason for this change There are three `PredefinedMetricType` values missing from the enum: * SageMakerInferenceComponentConcurrentRequestsPerCopyHighResolution * SageMakerVariantConcurrentRequestsPerModelHighResolution * WorkSpacesAverageUserSessionsCapacityUtilization https://docs.aws.amazon.com/autoscaling/application/APIReference/API_PredefinedMetricSpecification.html ### Description of changes Adds the missing enums ### Description of how you validated changes Added unit tests ### Checklist - [ X ] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue #30914 Closes #30914. ### Reason for this change When customers call this API to setup S3 notification configuration for SQS/SNS/Lambda S3 sends s3:TestEvent in order to validate permissions. (For Lambda it does dryrun function invocation instead) However, some customers do not want to do that and test permissions during CDK deployment. Internal reference: `49359101-0e5e-43f3-99eb-3c6c5ed68db1` For example, one customer does not want these test events because they have alarm on unconsumed messages in SQS and they do not have any SQS consumers. And they update notification configuration frequently, which leads to many test events in the queue. See internal ticket: `P142186522` ### Description of changes Expose skip destination validation property when calling PutBucketNotification API in Bucket props. ### Description of how you validated changes Unit test updated. Updated integration tests. Note that 2 integration tests I had to fix and run them with `--disable-update-workflow` flag because they were failing: - `integ.s3.imported-bucket.js` test failed because someone already created bucket `cdk-integration-test-s3-imported-bucket-name` - `integ.bucket-notifications.js` test failed because of overlapping suffix error (not sure how it was passing previously): ``` ❌ cdk-integ-lambda-bucket-s3-notifications failed: Error: The stack named cdk-integ-lambda-bucket-s3-notifications failed to deploy: UPDATE_FAILED (The following resource(s) failed to update: [Construct1IntegUnmanagedBucket1Notifications4A1599D7]. ): Received response status [FAILED] from custom resource. Message returned: Error: An error occurred (InvalidArgument) when calling the PutBucketNotificationConfiguration operation: Configuration is ambiguously defined. Cannot have overlapping suffixes in two rules if the prefixes are overlapping for the same event type.. See the details in CloudWatch Log Stream: 2024/07/22/[$LATEST]e6a16cf979dd4671998e7d911769ff42 (RequestId: 19f6fcd7-d31d-4fbf-9f4a-e3b7cba1cd2b), Rolling back the failed resource only., Received response status [FAILED] from custom resource. Message returned: Error: An error occurred (InvalidArgument) when calling the PutBucketNotificationConfiguration operation: Configuration is ambiguously defined. Cannot have overlapping suffixes in two rules if the prefixes are overlapping for the same event type.. See the details in CloudWatch Log Stream: 2024/07/22/[$LATEST]c30efd0375d64b8088e0ee64d63ce4db (RequestId: 19f6fcd7-d31d-4fbf-9f4a-e3b7cba1cd2b) ``` ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
AWS [introduced](https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/) SSM Parameter Store cross-account sharing in Feb 2024. Under the hood, the sharing account has to create an AWS RAM ResourceShare for the principal of the consuming account and the consuming account has to accept the sharing invite. The only approach to access that sharing parameter is through CfnParameter. Dynamic Reference is NOT supported. This PR adds `StringParameter.fromStringParameterArn()` method so we can use the API like ```ts const remoteParameterArn = 'arn:aws:ssm:us-east-1:123456789012:parameter/dummyName'; const sharedParam = StringParameter.fromStringParameterArn(scope, id, remoteParameterArn); new cdk.CfnOutput(this, 'ParamValue', { value: sharedParam.stringValue }); ``` Note: 1. The only option to consume sharing parameters in CFN is template parameter. `StringParameter.fromStringParameterArn()` would synthesize CfnParameter like: ```yaml SharedParameter: Description: a shared golden AMI from centralised accounts Type: "AWS::SSM::Parameter::Value<String>" Default: "arn:aws:ssm:us-east-1:123456789012:parameter/sharedParameterName" ``` And the `Default` value has to be a static string. It can't be an unresolved token. 2. For full use case(sharing, accepting and consuming), check out `integ.parameter-store-string-sharing.ts` for more details. ### Issue # (if applicable) Closes #29292 ### Reason for this change ### Description of changes ### Description of how you validated changes Debugger ```json { "version": "0.2.0", "configurations": [ { "type": "node", "request": "launch", "name": "Jest", "program": "${workspaceFolder}/node_modules/jest/bin/jest.js", "cwd": "${workspaceFolder}/packages/aws-cdk-lib", "args": [ "--verbose", "-i", "--no-cache", "test/parameter.test.ts", ], "console": "integratedTerminal", "internalConsoleOptions": "neverOpen", "skipFiles": [ "<node_internals>/**" ], "outFiles": [ "${workspaceFolder}/**/*.(m|c|)js", "!**/node_modules/**" ], } ] } ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) n/a ### Reason for this change In April 2023, S3 changed the defaults for S3 buckets so Object Ownership is set to the Bucket owner enforced setting and all ACLs are disabled (see [blog](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/)). See current docs as well: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html ### Description of changes Update `objectOwnership` docstring to reflect the updated default setting. No change in CDK behaviour. ### Description of how you validated changes n/a ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
add `ashishdhingra` into the list of `contribution/core` label ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…r trust and trustForLookup (#31159) ### Issue Closes #30404 ### Reason for this change `trust` and `trustForLookup` options are overwriting `qualifier`, so it's impossible to bootstrap a new account with these options. ### Description of changes Fix the assignment. ### Description of how you validated changes Manual test. The testing infrastructure currently doesn't support this kind of test I think. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
… with CustomResourceConfig (#31149) ### Reason for this change CDK vended custom resources LogGroup are left to retain. Modify all CDK-vended custom resources with `CustomResourceConfig` and to modify LogGroup removal policy with `addRemovalPolicy` method. `CustomResourceConfig.of(app).addRemovalPolicy(cdk.RemovalPolicy.DESTROY);` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This points users to the correct repo for the source code. No other changes have yet been made to this README. The contents of this README will be automatically updated to the contents of the README in the source code on every version update. This change also includes removal of a file that shouldn't have been committed (.jsii.tabl.json) and the revert of unintended changes to the jest config. ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https:/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https:/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-apigatewayv2 │ └ resources │ └[~] resource AWS::ApiGatewayV2::Integration │ ├ properties │ │ ├ RequestParameters: - json │ │ │ + Map<string, string> ⇐ json │ │ ├ RequestTemplates: - json │ │ │ + Map<string, string> ⇐ json │ │ └ ResponseParameters: - json │ │ + Map<string, Array<ResponseParameter>> ⇐ json │ ├ attributes │ │ └[+] IntegrationId: string │ └ types │ └[~] type ResponseParameter │ ├ - documentation: undefined │ │ + documentation: response parameter │ └ properties │ ├ Destination: - string (required) │ │ + string │ └ Source: - string (required) │ + string ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::DataSource │ │ └ types │ │ ├[~] type ChunkingConfiguration │ │ │ └ properties │ │ │ ├ HierarchicalChunkingConfiguration: (documentation changed) │ │ │ └ SemanticChunkingConfiguration: (documentation changed) │ │ ├[~] type CustomTransformationConfiguration │ │ │ ├ - documentation: Settings for customizing steps in the data source content ingestion pipeline. │ │ │ │ + documentation: Settings for customizing steps in the data source content ingestion pipeline. │ │ │ │ You can configure the data source to process documents with a Lambda function after they are parsed and converted into chunks. When you add a post-chunking transformation, the service stores chunked documents in an S3 bucket and invokes a Lambda function to process them. │ │ │ │ To process chunked documents with a Lambda function, define an S3 bucket path for input and output objects, and a transformation that specifies the Lambda function to invoke. You can use the Lambda function to customize how chunks are split, and the metadata for each chunk. │ │ │ └ properties │ │ │ ├ IntermediateStorage: (documentation changed) │ │ │ └ Transformations: (documentation changed) │ │ ├[~] type HierarchicalChunkingConfiguration │ │ │ └ - documentation: Configurations for when you choose hierarchical chunking. If you set the chunkingStrategy as NONE, exclude this field. │ │ │ + documentation: Settings for hierarchical document chunking for a data source. Hierarchical chunking splits documents into layers of chunks where the first layer contains large chunks, and the second layer contains smaller chunks derived from the first layer. │ │ │ You configure the number of tokens to overlap, or repeat across adjacent chunks. For example, if you set overlap tokens to 60, the last 60 tokens in the first chunk are also included at the beginning of the second chunk. For each layer, you must also configure the maximum number of tokens in a chunk. │ │ ├[~] type IntermediateStorage │ │ │ └ properties │ │ │ └ S3Location: (documentation changed) │ │ ├[~] type ParsingConfiguration │ │ │ └ - documentation: Settings for parsing document contents │ │ │ + documentation: Settings for parsing document contents. By default, the service converts the contents of each document into text before splitting it into chunks. To improve processing of PDF files with tables and images, you can configure the data source to convert the pages of text into images and use a model to describe the contents of each page. │ │ │ To use a model to parse PDF documents, set the parsing strategy to `BEDROCK_FOUNDATION_MODEL` and specify the model to use by ARN. You can also override the default parsing prompt with instructions for how to interpret images and tables in your documents. The following models are supported. │ │ │ - Anthropic Claude 3 Sonnet - `anthropic.claude-3-sonnet-20240229-v1:0` │ │ │ - Anthropic Claude 3 Haiku - `anthropic.claude-3-haiku-20240307-v1:0` │ │ │ You can get the ARN of a model with the [ListFoundationModels](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html) action. Standard model usage charges apply for the foundation model parsing strategy. │ │ ├[~] type S3Location │ │ │ └ properties │ │ │ └ URI: (documentation changed) │ │ ├[~] type SemanticChunkingConfiguration │ │ │ └ - documentation: Configurations for when you choose semantic chunking. If you set the chunkingStrategy as NONE, exclude this field. │ │ │ + documentation: Settings for semantic document chunking for a data source. Semantic chunking splits a document into into smaller documents based on groups of similar content derived from the text with natural language processing. │ │ │ With semantic chunking, each sentence is compared to the next to determine how similar they are. You specify a threshold in the form of a percentile, where adjacent sentences that are less similar than that percentage of sentence pairs are divided into separate chunks. For example, if you set the threshold to 90, then the 10 percent of sentence pairs that are least similar are split. So if you have 101 sentences, 100 sentence pairs are compared, and the 10 with the least similarity are split, creating 11 chunks. These chunks are further split if they exceed the max token size. │ │ │ You must also specify a buffer size, which determines whether sentences are compared in isolation, or within a moving context window that includes the previous and following sentence. For example, if you set the buffer size to `1` , the embedding for sentence 10 is derived from sentences 9, 10, and 11 combined. │ │ ├[~] type Transformation │ │ │ └ - documentation: A Lambda function that processes documents. │ │ │ + documentation: A custom processing step for documents moving through a data source ingestion pipeline. To process documents after they have been converted into chunks, set the step to apply to `POST_CHUNKING` . │ │ ├[~] type TransformationFunction │ │ │ └ properties │ │ │ └ TransformationLambdaConfiguration: (documentation changed) │ │ └[~] type VectorIngestionConfiguration │ │ └ properties │ │ ├ CustomTransformationConfiguration: (documentation changed) │ │ └ ParsingConfiguration: (documentation changed) │ └[~] resource AWS::Bedrock::Guardrail │ └ types │ ├[~] type ContextualGroundingFilterConfig │ │ ├ - documentation: A config for grounding filter. │ │ │ + documentation: The filter configuration details for the guardrails contextual grounding filter. │ │ └ properties │ │ ├ Threshold: (documentation changed) │ │ └ Type: (documentation changed) │ └[~] type ContextualGroundingPolicyConfig │ └ - documentation: Contextual grounding policy config for a guardrail. │ + documentation: The policy configuration details for the guardrails contextual grounding policy. ├[~] service aws-codebuild │ └ resources │ ├[~] resource AWS::CodeBuild::Project │ │ └ types │ │ ├[~] type Source │ │ │ └ properties │ │ │ └ Auth: (documentation changed) │ │ └[~] type SourceAuth │ │ ├ - documentation: `SourceAuth` is a property of the [AWS CodeBuild Project Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html) property type that specifies authorization settings for AWS CodeBuild to access the source code to be built. │ │ │ `SourceAuth` is for use by the CodeBuild console only. Do not get or set it directly. │ │ │ + documentation: `SourceAuth` is a property of the [AWS CodeBuild Project Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html) property type that specifies authorization settings for AWS CodeBuild to access the source code to be built. │ │ └ properties │ │ ├ Resource: (documentation changed) │ │ └ Type: (documentation changed) │ └[~] resource AWS::CodeBuild::SourceCredential │ └ properties │ ├ AuthType: (documentation changed) │ └ Token: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::IPAM │ │ └ properties │ │ └[+] EnablePrivateGua: boolean │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ properties │ │ └ TagSpecifications: (documentation changed) │ ├[~] resource AWS::EC2::SubnetCidrBlock │ │ └ attributes │ │ ├ IpSource: (documentation changed) │ │ └ Ipv6AddressAttribute: (documentation changed) │ └[~] resource AWS::EC2::VPCCidrBlock │ └ attributes │ ├[+] IpSource: string │ └[+] Ipv6AddressAttribute: string ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ ├[~] type LogConfiguration │ │ │ └ - documentation: The log configuration for the container. This parameter maps to `LogConfig` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the `--log-driver` option to [`docker run`](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/) . │ │ │ By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation. │ │ │ Understand the following when specifying a log configuration for your containers. │ │ │ - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. │ │ │ For tasks on AWS Fargate , the supported log drivers are `awslogs` , `splunk` , and `awsfirelens` . │ │ │ For tasks hosted on Amazon EC2 instances, the supported log drivers are `awslogs` , `fluentd` , `gelf` , `json-file` , `journald` , `syslog` , `splunk` , and `awsfirelens` . │ │ │ - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. │ │ │ - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the `ECS_AVAILABLE_LOGGING_DRIVERS` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. │ │ │ + documentation: The log configuration for the container. This parameter maps to `LogConfig` in the docker conainer create command and the `--log-driver` option to docker run. │ │ │ By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. │ │ │ Understand the following when specifying a log configuration for your containers. │ │ │ - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. │ │ │ For tasks on AWS Fargate , the supported log drivers are `awslogs` , `splunk` , and `awsfirelens` . │ │ │ For tasks hosted on Amazon EC2 instances, the supported log drivers are `awslogs` , `fluentd` , `gelf` , `json-file` , `journald` , `syslog` , `splunk` , and `awsfirelens` . │ │ │ - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. │ │ │ - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the `ECS_AVAILABLE_LOGGING_DRIVERS` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. │ │ └[~] type ServiceConnectConfiguration │ │ └ properties │ │ └ LogConfiguration: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ ├ - documentation: Registers a new task definition from the supplied `family` and `containerDefinitions` . Optionally, you can add data volumes to your containers with the `volumes` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ You can specify a role for your task with the `taskRoleArn` parameter. When you specify a role for a task, its containers can then use the latest versions of the AWS CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ You can specify a Docker networking mode for the containers in your task definition with the `networkMode` parameter. The available network modes correspond to those described in [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#/network-settings) in the Docker run reference. If you specify the `awsvpc` network mode, the task is allocated an elastic network interface, and you must specify a `NetworkConfiguration` when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ + documentation: Registers a new task definition from the supplied `family` and `containerDefinitions` . Optionally, you can add data volumes to your containers with the `volumes` parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ You can specify a role for your task with the `taskRoleArn` parameter. When you specify a role for a task, its containers can then use the latest versions of the AWS CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ You can specify a Docker networking mode for the containers in your task definition with the `networkMode` parameter. If you specify the `awsvpc` network mode, the task is allocated an elastic network interface, and you must specify a [NetworkConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_NetworkConfiguration.html) when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ ├ properties │ │ │ ├ IpcMode: (documentation changed) │ │ │ ├ NetworkMode: (documentation changed) │ │ │ ├ PidMode: (documentation changed) │ │ │ └ TaskRoleArn: (documentation changed) │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ properties │ │ │ ├ Command: (documentation changed) │ │ │ ├ Cpu: (documentation changed) │ │ │ ├ DisableNetworking: (documentation changed) │ │ │ ├ DnsSearchDomains: (documentation changed) │ │ │ ├ DnsServers: (documentation changed) │ │ │ ├ DockerLabels: (documentation changed) │ │ │ ├ DockerSecurityOptions: (documentation changed) │ │ │ ├ EntryPoint: (documentation changed) │ │ │ ├ Environment: (documentation changed) │ │ │ ├ EnvironmentFiles: (documentation changed) │ │ │ ├ ExtraHosts: (documentation changed) │ │ │ ├ HealthCheck: (documentation changed) │ │ │ ├ Hostname: (documentation changed) │ │ │ ├ Image: (documentation changed) │ │ │ ├ Interactive: (documentation changed) │ │ │ ├ Links: (documentation changed) │ │ │ ├ MemoryReservation: (documentation changed) │ │ │ ├ MountPoints: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ Privileged: (documentation changed) │ │ │ ├ PseudoTerminal: (documentation changed) │ │ │ ├ ReadonlyRootFilesystem: (documentation changed) │ │ │ ├ SystemControls: (documentation changed) │ │ │ ├ User: (documentation changed) │ │ │ ├ VolumesFrom: (documentation changed) │ │ │ └ WorkingDirectory: (documentation changed) │ │ ├[~] type DockerVolumeConfiguration │ │ │ └ properties │ │ │ ├ Driver: (documentation changed) │ │ │ ├ DriverOpts: (documentation changed) │ │ │ └ Labels: (documentation changed) │ │ ├[~] type HealthCheck │ │ │ ├ - documentation: The `HealthCheck` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the `HEALTHCHECK` parameter of [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/) . │ │ │ │ > The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. │ │ │ │ If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. │ │ │ │ The following are notes about container health check support: │ │ │ │ - Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) . │ │ │ │ - Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [AWS Fargate Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) . │ │ │ │ - Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer. │ │ │ │ + documentation: The `HealthCheck` property specifies an object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile). This configuration maps to the `HEALTHCHECK` parameter of docker run. │ │ │ │ > The Amazon ECS container agent only monitors and reports on the health checks specified in the task definition. Amazon ECS does not monitor Docker health checks that are embedded in a container image and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image. │ │ │ │ If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it. │ │ │ │ The following are notes about container health check support: │ │ │ │ - Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see [Updating the Amazon ECS Container Agent](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html) . │ │ │ │ - Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see [AWS Fargate Platform Versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) . │ │ │ │ - Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer. │ │ │ └ properties │ │ │ └ Command: (documentation changed) │ │ ├[~] type KernelCapabilities │ │ │ ├ - documentation: The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more information about the default capabilities and the non-default available capabilities, see [Runtime privilege and Linux capabilities](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities) in the *Docker run reference* . For more detailed information about these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page. │ │ │ │ + documentation: The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition.. For more detailed information about these Linux capabilities, see the [capabilities(7)](https://docs.aws.amazon.com/http://man7.org/linux/man-pages/man7/capabilities.7.html) Linux manual page. │ │ │ └ properties │ │ │ ├ Add: (documentation changed) │ │ │ └ Drop: (documentation changed) │ │ ├[~] type LinuxParameters │ │ │ └ properties │ │ │ ├ Devices: (documentation changed) │ │ │ ├ InitProcessEnabled: (documentation changed) │ │ │ ├ MaxSwap: (documentation changed) │ │ │ ├ SharedMemorySize: (documentation changed) │ │ │ ├ Swappiness: (documentation changed) │ │ │ └ Tmpfs: (documentation changed) │ │ └[~] type SystemControl │ │ └ - documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the `--sysctl` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#security-configuration) . For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ │ + documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in tthe docker conainer create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ └[~] resource AWS::ECS::TaskSet │ └ - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ > On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition. │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . │ + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ > On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition. │ For information about the maximum number of task sets and other quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . ├[~] service aws-glue │ └ resources │ └[~] resource AWS::Glue::Trigger │ └ attributes │ └[-] Id: string ├[~] service aws-lambda │ └ resources │ └[~] resource AWS::Lambda::Function │ └ properties │ └[+] RecursiveLoop: string ├[~] service aws-redshift │ └ resources │ └[~] resource AWS::Redshift::Cluster │ └ types │ └[~] type LoggingProperties │ └ properties │ ├ LogDestinationType: (documentation changed) │ └ LogExports: (documentation changed) └[~] service aws-systemsmanagersap └ resources └[~] resource AWS::SystemsManagerSAP::Application └ properties └ DatabaseArn: (documentation changed) ```
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
aws-cdk-automation
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG