-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(release): 2.157.0 #31379
Merged
Merged
chore(release): 2.157.0 #31379
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Issue # (if applicable) None. ### Reason for this change Amazon Redshift Serverless supports AWS PrivateLink at 8/30. https://aws.amazon.com/jp/about-aws/whats-new/2024/08/amazon-redshift-serverless-aws-privatelink/ ### Description of changes I've added `redshift-serverless` and `redshift-serverless-fips`. ### Description of how you validated changes I checked latest endpoint information. ```sh $ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames | grep redshift "com.amazonaws.us-east-1.redshift", "com.amazonaws.us-east-1.redshift-data", "com.amazonaws.us-east-1.redshift-data-fips", "com.amazonaws.us-east-1.redshift-fips", "com.amazonaws.us-east-1.redshift-serverless", // newly added "com.amazonaws.us-east-1.redshift-serverless-fips", // newly added ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…hQL APIs (#31326) ### Issue # (if applicable) N/A ### Reason for this change AppSync now support `DEBUG` and `INFO` logging levels. Announcement: [AWS AppSync enhances API monitoring with new DEBUG and INFO logging levels](https://aws.amazon.com/about-aws/whats-new/2024/09/aws-appsync-api-monitoring-debug-info-logging-levels/) ### Description of changes * Added `INFO` and `DEBUG` to the FieldLogLevel enum. * Added README, unit tests, and integration tests for FieldLogLevel as they were missing. ### Description of how you validated changes Add unit tests and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change Update the contributing guide with quick start. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Add missing changelog since the original PR was titled as `chore` but should have been `feat`. ### Description of changes Update changelog.md ### Description of how you validated changes Viewed the changelog.md file and looks fine. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ons (#31013) ### Issue # (if applicable) Closes #30994. ### Reason for this change [SecurityGroupProps](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-ec2/lib/security-group.ts#L272) supports `allowAllIpv6Outbound` property. The existing Lambda [FunctionOptions](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L146C18-L146C33) only supports [allowAllOutbound](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L296C12-L296C28), which is used in [configureVpc()](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1464C11-L1464C23) while creating a new `SecurityGroup` [here](https://github.com/aws/aws-cdk/blob/9295a85a8fb893d7f5eae06108b68df864096c4c/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1503). ### Description of changes Added new property `allowAllIpv6Outbound` to `FunctionOptions`. ### Description of how you validated changes Added unit and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
I saw this while reading the [EC2 instance docs](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Instance.html#userdatacausesreplacement).
While working on #31351, I discovered. The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add new minor versions. Ref: [Amazon RDS for MariaDB supports minors 10.11.9, 10.6.19, 10.5.26](https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-rds-mariadb-minors-10/) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…en using writer property for database cluster (#31354) ### Issue # (if applicable) Closes #31304 . ### Reason for this change Proxy Target Group should depend on and wait for Aurora instances to be ready before creating CloudFormation resource. (see the issue). Now, the dependency is added when using a legacy `instanceProps`, but not added when using a `writer` property. https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539 (The cluster has `CfnDBInstance` directly when using the `instanceProps`, but it has `AuroraClusterInstance` with `CfnDBInstance` as `defaultChild` when using the `writer`. So the cluster doesn't have the `CfnDBInstance` directly in the latter case.) ### Description of changes Added the dependency when using a `writer` property instead of `instanceProps`. ### Description of how you validated changes Both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change There some interface vpc endpoints which is not supported by AWS CDK. ### Description of changes I've added the following VPC endpoints. - airflow.api-fips - airflow.env-fips - applicationinsights - emr-serverless-services.livy - pcs - pcs-fips - pi - pi-fips - q - rbin - service.user-subscriptions - ssm-fips - ssm-quicksetup - timestream-influxdb-fips - wellarchitected Since a PR has already been created for the following endpoints, this PR does not address them. - kinesis-streams-fips (#31350) - dynamodb (#30162) ### Description of how you validated changes These endpoints are obtained from AWS CLI. ```sh $ aws ec2 describe-vpc-endpoint-services --filters Name=service-type,Values=Interface Name=owner,Values=amazon --region us-east-1 --query ServiceNames ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ams (#31350) Add FIPS 140-3 enabled interface VPC endpoint for KDS. Ref * https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-kinesis-data-streams-fips-140-3-interface-vpc-endpoint/ * https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ction (#31367) ### Reason for this change Follow-up to #31001. The user need to run `associate-alias` cli command manually when moving an alternate domain name. Adding a warning will help users not to forget. ### Description of changes Add a warning annotation when `domainNames` is empty. ### Description of how you validated changes Added an expectation to validate the warning. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-acmpca │ └ resources │ └[~] resource AWS::ACMPCA::CertificateAuthority │ ├ properties │ │ └ RevocationConfiguration: (documentation changed) │ └ types │ ├[~] type CrlConfiguration │ │ └ properties │ │ ├[-] CustomPath: string │ │ ├[-] PartitioningEnabled: boolean │ │ └[-] RetainExpiredCertificates: boolean │ └[~] type RevocationConfiguration │ └ - documentation: Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* . │ > The following requirements apply to revocation configurations. │ > │ > - A configuration disabling CRLs or OCSP must contain only the `Enabled=False` parameter, and will fail if other parameters such as `CustomCname` or `ExpirationInDays` are included. │ > - In a CRL configuration, the `S3BucketName` parameter must conform to the [Amazon S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) . │ > - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in a CNAME. │ > - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://". │ + documentation: Certificate revocation information used by the [CreateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html) and [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) actions. Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) in the *AWS Private CA API Reference* and [Setting up a certificate revocation method](https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html) in the *AWS Private CA User Guide* . │ The following requirements and constraints apply to revocation configurations. │ - A configuration disabling CRLs or OCSP must contain only the `Enabled=False` parameter, and will fail if other parameters such as `CustomCname` or `ExpirationInDays` are included. │ - In a CRL configuration, the `S3BucketName` parameter must conform to the [Amazon S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) . │ - A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in a CNAME. │ - In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://". │ - To revoke a certificate, delete the resource from your template, and call the AWS Private CA [RevokeCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html) API and specify the resource's certificate authority ARN. ├[~] service aws-amplify │ └ resources │ └[~] resource AWS::Amplify::App │ ├ properties │ │ └[+] CacheConfig: CacheConfig │ └ types │ └[+] type CacheConfig │ ├ name: CacheConfig │ └ properties │ └Type: string ├[~] service aws-apigatewayv2 │ └ resources │ └[~] resource AWS::ApiGatewayV2::Integration │ ├ properties │ │ └ ResponseParameters: - Map<string, Array<ResponseParameter>> ⇐ json │ │ + Map<string, ResponseParameterMap> ⇐ json │ ├ attributes │ │ └[+] Id: string │ └ types │ ├[~] type ResponseParameter │ │ ├ - documentation: Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match the pattern `<action>:<header>.<location>` or `overwrite.statuscode` . The action can be `append` , `overwrite` or `remove` . The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see [Transforming API requests and responses](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) . │ │ │ + documentation: response parameter │ │ └ properties │ │ ├ Destination: (documentation changed) │ │ └ Source: (documentation changed) │ └[+] type ResponseParameterMap │ ├ documentation: map of response parameter lists │ │ name: ResponseParameterMap │ └ properties │ └ResponseParameters: Array<ResponseParameter> ├[~] service aws-appintegrations │ └ resources │ └[~] resource AWS::AppIntegrations::Application │ └ properties │ └ Namespace: - string │ + string (required) ├[~] service aws-applicationsignals │ └ resources │ └[~] resource AWS::ApplicationSignals::ServiceLevelObjective │ ├ properties │ │ └[+] RequestBasedSli: RequestBasedSli │ ├ attributes │ │ └[+] EvaluationType: string │ └ types │ ├[+] type MonitoredRequestCountMetric │ │ ├ documentation: This structure defines the metric that is used as the "good request" or "bad request" value for a request-based SLO. This value observed for the metric defined in `TotalRequestCountMetric` is divided by the number found for `MonitoredRequestCountMetric` to determine the percentage of successful requests that this SLO tracks. │ │ │ name: MonitoredRequestCountMetric │ │ └ properties │ │ ├GoodCountMetric: Array<MetricDataQuery> │ │ └BadCountMetric: Array<MetricDataQuery> │ ├[+] type RequestBasedSli │ │ ├ documentation: This structure contains information about the performance metric that a request-based SLO monitors. │ │ │ name: RequestBasedSli │ │ └ properties │ │ ├RequestBasedSliMetric: RequestBasedSliMetric (required) │ │ ├MetricThreshold: number │ │ └ComparisonOperator: string │ └[+] type RequestBasedSliMetric │ ├ documentation: This structure contains the information about the metric that is used for a request-based SLO. │ │ name: RequestBasedSliMetric │ └ properties │ ├KeyAttributes: Map<string, string> │ ├OperationName: string │ ├MetricType: string │ ├TotalRequestCountMetric: Array<MetricDataQuery> │ └MonitoredRequestCountMetric: MonitoredRequestCountMetric ├[~] service aws-appsync │ └ resources │ └[~] resource AWS::AppSync::GraphQLApi │ └ types │ └[~] type LogConfig │ └ properties │ └ FieldLogLevel: (documentation changed) ├[~] service aws-autoscaling │ └ resources │ ├[~] resource AWS::AutoScaling::AutoScalingGroup │ │ └ properties │ │ └ HealthCheckType: (documentation changed) │ └[~] resource AWS::AutoScaling::ScalingPolicy │ └ types │ ├[~] type TargetTrackingMetricDataQuery │ │ └ - documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. │ │ `TargetTrackingMetricDataQuery` is used with the [AWS::AutoScaling::ScalingPolicy CustomizedMetricSpecification](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-scalingpolicy-customizedmetricspecification.html) property type. │ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. │ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . │ │ + documentation: The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp. │ │ You can use `TargetTrackingMetricDataQuery` structures with a `PutScalingPolicy` operation when you specify a `TargetTrackingConfiguration` in the request. │ │ You can call for a single metric or perform math expressions on multiple metrics. Any expressions used in a metric specification must eventually return a single time series. │ │ For more information, see the [Create a target tracking scaling policy for Amazon EC2 Auto Scaling using metric math](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-target-tracking-metric-math.html) in the *Amazon EC2 Auto Scaling User Guide* . │ └[~] type TargetTrackingMetricStat │ └ - documentation: `TargetTrackingMetricStat` is a property of the [AWS::AutoScaling::ScalingPolicy TargetTrackingMetricDataQuery](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-scalingpolicy-targettrackingmetricdataquery.html) property type. │ This structure defines the CloudWatch metric to return, along with the statistic and unit. │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . │ + documentation: This structure defines the CloudWatch metric to return, along with the statistic and unit. │ `TargetTrackingMetricStat` is a property of the `TargetTrackingMetricDataQuery` object. │ For more information about the CloudWatch terminology below, see [Amazon CloudWatch concepts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html) in the *Amazon CloudWatch User Guide* . ├[~] service aws-backup │ └ resources │ └[~] resource AWS::Backup::RestoreTestingPlan │ └ properties │ └[+] ScheduleStatus: string ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::ComputeEnvironment │ └ properties │ └[+] Context: string ├[~] service aws-bedrock │ └ resources │ ├[~] resource AWS::Bedrock::Flow │ │ ├ attributes │ │ │ └[+] Validations: Array<FlowValidation> │ │ └ types │ │ ├[+] type AgentFlowNodeConfiguration │ │ │ ├ documentation: Defines an agent node in your flow. You specify the agent to invoke at this point in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ │ │ name: AgentFlowNodeConfiguration │ │ │ └ properties │ │ │ └AgentAliasArn: string (required) │ │ ├[~] type FlowNodeConfiguration │ │ │ └ properties │ │ │ ├[+] Agent: AgentFlowNodeConfiguration │ │ │ ├[+] Collector: json │ │ │ ├[+] Iterator: json │ │ │ ├[+] Retrieval: RetrievalFlowNodeConfiguration │ │ │ └[+] Storage: StorageFlowNodeConfiguration │ │ ├[+] type FlowValidation │ │ │ ├ documentation: Contains information about validation of the flow. │ │ │ │ This data type is used in the following API operations: │ │ │ │ - [GetFlow response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetFlow.html#API_agent_GetFlow_ResponseSyntax) │ │ │ │ - [GetFlowVersion response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetFlowVersion.html#API_agent_GetFlowVersion_ResponseSyntax) │ │ │ │ name: FlowValidation │ │ │ └ properties │ │ │ └Message: string (required) │ │ ├[+] type RetrievalFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Retrieval node in a flow. This node retrieves data from the Amazon S3 location that you specify and returns it as the output. │ │ │ │ name: RetrievalFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: RetrievalFlowNodeServiceConfiguration (required) │ │ ├[+] type RetrievalFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location from which to retrieve data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ ├[+] type RetrievalFlowNodeServiceConfiguration │ │ │ ├ documentation: Contains configurations for the service to use for retrieving data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeServiceConfiguration │ │ │ └ properties │ │ │ └S3: RetrievalFlowNodeS3Configuration │ │ ├[+] type StorageFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Storage node in a flow. This node stores the input in an Amazon S3 location that you specify. │ │ │ │ name: StorageFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: StorageFlowNodeServiceConfiguration (required) │ │ ├[+] type StorageFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location in which to store the input into the node. │ │ │ │ name: StorageFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ └[+] type StorageFlowNodeServiceConfiguration │ │ ├ documentation: Contains configurations for the service to use for storing the input into the node. │ │ │ name: StorageFlowNodeServiceConfiguration │ │ └ properties │ │ └S3: StorageFlowNodeS3Configuration │ ├[~] resource AWS::Bedrock::FlowVersion │ │ ├ attributes │ │ │ └[+] CustomerEncryptionKeyArn: string │ │ └ types │ │ ├[+] type AgentFlowNodeConfiguration │ │ │ ├ documentation: Defines an agent node in your flow. You specify the agent to invoke at this point in the flow. For more information, see [Node types in Amazon Bedrock works](https://docs.aws.amazon.com/bedrock/latest/userguide/flows-nodes.html) in the Amazon Bedrock User Guide. │ │ │ │ name: AgentFlowNodeConfiguration │ │ │ └ properties │ │ │ └AgentAliasArn: string (required) │ │ ├[~] type FlowNodeConfiguration │ │ │ └ properties │ │ │ ├[+] Agent: AgentFlowNodeConfiguration │ │ │ ├[+] Collector: json │ │ │ ├[+] Iterator: json │ │ │ ├[+] Retrieval: RetrievalFlowNodeConfiguration │ │ │ └[+] Storage: StorageFlowNodeConfiguration │ │ ├[+] type RetrievalFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Retrieval node in a flow. This node retrieves data from the Amazon S3 location that you specify and returns it as the output. │ │ │ │ name: RetrievalFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: RetrievalFlowNodeServiceConfiguration (required) │ │ ├[+] type RetrievalFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location from which to retrieve data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ ├[+] type RetrievalFlowNodeServiceConfiguration │ │ │ ├ documentation: Contains configurations for the service to use for retrieving data to return as the output from the node. │ │ │ │ name: RetrievalFlowNodeServiceConfiguration │ │ │ └ properties │ │ │ └S3: RetrievalFlowNodeS3Configuration │ │ ├[+] type StorageFlowNodeConfiguration │ │ │ ├ documentation: Contains configurations for a Storage node in a flow. This node stores the input in an Amazon S3 location that you specify. │ │ │ │ name: StorageFlowNodeConfiguration │ │ │ └ properties │ │ │ └ServiceConfiguration: StorageFlowNodeServiceConfiguration (required) │ │ ├[+] type StorageFlowNodeS3Configuration │ │ │ ├ documentation: Contains configurations for the Amazon S3 location in which to store the input into the node. │ │ │ │ name: StorageFlowNodeS3Configuration │ │ │ └ properties │ │ │ └BucketName: string (required) │ │ └[+] type StorageFlowNodeServiceConfiguration │ │ ├ documentation: Contains configurations for the service to use for storing the input into the node. │ │ │ name: StorageFlowNodeServiceConfiguration │ │ └ properties │ │ └S3: StorageFlowNodeS3Configuration │ └[~] resource AWS::Bedrock::PromptVersion │ ├ - tagInformation: undefined │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ ├ properties │ │ └[+] Tags: Map<string, string> │ └ attributes │ └[+] CustomerEncryptionKeyArn: string ├[~] service aws-chatbot │ └ resources │ ├[~] resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration │ │ └ properties │ │ └ TeamId: (documentation changed) │ └[~] resource AWS::Chatbot::SlackChannelConfiguration │ └ properties │ └ SlackWorkspaceId: (documentation changed) ├[~] service aws-cloudformation │ └ resources │ ├[~] resource AWS::CloudFormation::ModuleVersion │ │ └ attributes │ │ ├ Schema: (documentation changed) │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::PublicTypeVersion │ │ └ properties │ │ └ PublicVersionNumber: (documentation changed) │ ├[~] resource AWS::CloudFormation::Publisher │ │ └ properties │ │ └ ConnectionArn: (documentation changed) │ ├[~] resource AWS::CloudFormation::ResourceVersion │ │ └ attributes │ │ ├ ProvisioningType: (documentation changed) │ │ └ Visibility: (documentation changed) │ ├[~] resource AWS::CloudFormation::Stack │ │ └ properties │ │ ├ NotificationARNs: (documentation changed) │ │ └ Tags: (documentation changed) │ ├[~] resource AWS::CloudFormation::StackSet │ │ └ properties │ │ └ Tags: (documentation changed) │ └[~] resource AWS::CloudFormation::TypeActivation │ └ - documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *CloudFormation User Guide* . │ + documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html#registry-set-configuration) in the *AWS CloudFormation User Guide* . ├[~] service aws-datasync │ └ resources │ ├[~] resource AWS::DataSync::LocationEFS │ │ ├ properties │ │ │ ├ AccessPointArn: (documentation changed) │ │ │ ├ Ec2Config: (documentation changed) │ │ │ ├ EfsFilesystemArn: (documentation changed) │ │ │ ├ FileSystemAccessRoleArn: (documentation changed) │ │ │ ├ InTransitEncryption: (documentation changed) │ │ │ └ Subdirectory: (documentation changed) │ │ └ types │ │ └[~] type Ec2Config │ │ └ - documentation: The subnet and security groups that AWS DataSync uses to access your Amazon EFS file system. │ │ + documentation: The subnet and security groups that AWS DataSync uses to connect to one of your Amazon EFS file system's [mount targets](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html) . │ └[~] resource AWS::DataSync::Task │ └ types │ └[~] type TaskSchedule │ └ properties │ └ ScheduleExpression: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::NetworkInsightsAnalysis │ │ └ types │ │ └[~] type AnalysisRouteTableRoute │ │ └ properties │ │ └ destinationPrefixListId: (documentation changed) │ ├[~] resource AWS::EC2::Subnet │ │ ├ properties │ │ │ └[-] Ipv6CidrBlocks: Array<string> │ │ └ attributes │ │ └ Ipv6CidrBlocks: (documentation changed) │ └[~] resource AWS::EC2::VPNConnection │ └ properties │ ├[+] LocalIpv4NetworkCidr: string (immutable) │ ├[+] LocalIpv6NetworkCidr: string (immutable) │ ├[+] OutsideIpAddressType: string (immutable) │ ├[+] RemoteIpv4NetworkCidr: string (immutable) │ ├[+] RemoteIpv6NetworkCidr: string (immutable) │ ├[+] TransportTransitGatewayAttachmentId: string (immutable) │ └[+] TunnelInsideIpVersion: string (immutable) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::CapacityProvider │ │ └ types │ │ └[~] type ManagedScaling │ │ └ properties │ │ └ MaximumScalingStepSize: (documentation changed) │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ ├[~] type AwsVpcConfiguration │ │ │ └ properties │ │ │ ├ SecurityGroups: (documentation changed) │ │ │ └ Subnets: (documentation changed) │ │ ├[~] type DeploymentConfiguration │ │ │ └ properties │ │ │ ├ MaximumPercent: (documentation changed) │ │ │ └ MinimumHealthyPercent: (documentation changed) │ │ ├[~] type LogConfiguration │ │ │ └ - documentation: The log configuration for the container. This parameter maps to `LogConfig` in the docker conainer create command and the `--log-driver` option to docker run. │ │ │ By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. │ │ │ Understand the following when specifying a log configuration for your containers. │ │ │ - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. │ │ │ For tasks on AWS Fargate , the supported log drivers are `awslogs` , `splunk` , and `awsfirelens` . │ │ │ For tasks hosted on Amazon EC2 instances, the supported log drivers are `awslogs` , `fluentd` , `gelf` , `json-file` , `journald` , `syslog` , `splunk` , and `awsfirelens` . │ │ │ - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. │ │ │ - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the `ECS_AVAILABLE_LOGGING_DRIVERS` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. │ │ │ + documentation: The log configuration for the container. This parameter maps to `LogConfig` in the docker container create command and the `--log-driver` option to docker run. │ │ │ By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. │ │ │ Understand the following when specifying a log configuration for your containers. │ │ │ - Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent. │ │ │ For tasks on AWS Fargate , the supported log drivers are `awslogs` , `splunk` , and `awsfirelens` . │ │ │ For tasks hosted on Amazon EC2 instances, the supported log drivers are `awslogs` , `fluentd` , `gelf` , `json-file` , `journald` , `syslog` , `splunk` , and `awsfirelens` . │ │ │ - This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. │ │ │ - For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the `ECS_AVAILABLE_LOGGING_DRIVERS` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ - For tasks that are on AWS Fargate , because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to. │ │ └[~] type ServiceConnectConfiguration │ │ └ properties │ │ └ LogConfiguration: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ properties │ │ │ ├ Command: (documentation changed) │ │ │ ├ Cpu: (documentation changed) │ │ │ ├ DisableNetworking: (documentation changed) │ │ │ ├ DnsSearchDomains: (documentation changed) │ │ │ ├ DnsServers: (documentation changed) │ │ │ ├ DockerLabels: (documentation changed) │ │ │ ├ DockerSecurityOptions: (documentation changed) │ │ │ ├ EntryPoint: (documentation changed) │ │ │ ├ Environment: (documentation changed) │ │ │ ├ ExtraHosts: (documentation changed) │ │ │ ├ HealthCheck: (documentation changed) │ │ │ ├ Hostname: (documentation changed) │ │ │ ├ Image: (documentation changed) │ │ │ ├ Interactive: (documentation changed) │ │ │ ├ Links: (documentation changed) │ │ │ ├ MemoryReservation: (documentation changed) │ │ │ ├ MountPoints: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ Privileged: (documentation changed) │ │ │ ├ PseudoTerminal: (documentation changed) │ │ │ ├ ReadonlyRootFilesystem: (documentation changed) │ │ │ ├[+] RestartPolicy: RestartPolicy │ │ │ ├ SystemControls: (documentation changed) │ │ │ ├ User: (documentation changed) │ │ │ ├ VolumesFrom: (documentation changed) │ │ │ └ WorkingDirectory: (documentation changed) │ │ ├[~] type DockerVolumeConfiguration │ │ │ └ properties │ │ │ ├ Driver: (documentation changed) │ │ │ └ Labels: (documentation changed) │ │ ├[~] type FSxAuthorizationConfig │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The authorization configuration details for Amazon FSx for Windows File Server file system. See [FSxWindowsFileServerVolumeConfiguration](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_FSxWindowsFileServerVolumeConfiguration.html) in the *Amazon ECS API Reference* . │ │ │ │ For more information and the input format, see [Amazon FSx for Windows File Server Volumes](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ └ properties │ │ │ ├ CredentialsParameter: (documentation changed) │ │ │ └ Domain: (documentation changed) │ │ ├[~] type HealthCheck │ │ │ └ properties │ │ │ └ Command: (documentation changed) │ │ ├[~] type KernelCapabilities │ │ │ └ properties │ │ │ ├ Add: (documentation changed) │ │ │ └ Drop: (documentation changed) │ │ ├[~] type LinuxParameters │ │ │ └ properties │ │ │ └ Devices: (documentation changed) │ │ ├[+] type RestartPolicy │ │ │ ├ documentation: You can enable a restart policy for each container defined in your task definition, to overcome transient failures faster and maintain task availability. When you enable a restart policy for a container, Amazon ECS can restart the container if it exits, without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ │ │ name: RestartPolicy │ │ │ └ properties │ │ │ ├IgnoredExitCodes: Array<integer> │ │ │ ├RestartAttemptPeriod: integer │ │ │ └Enabled: boolean │ │ ├[~] type SystemControl │ │ │ └ - documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in tthe docker conainer create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ │ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ │ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ │ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ │ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ │ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ │ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ │ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ │ │ + documentation: A list of namespaced kernel parameters to set in the container. This parameter maps to `Sysctls` in tthe docker container create command and the `--sysctl` option to docker run. For example, you can configure `net.ipv4.tcp_keepalive_time` setting to maintain longer lived connections. │ │ │ We don't recommend that you specify network-related `systemControls` parameters for multiple containers in a single task that also uses either the `awsvpc` or `host` network mode. Doing this has the following disadvantages: │ │ │ - For tasks that use the `awsvpc` network mode including Fargate, if you set `systemControls` for any container, it applies to all containers in the task. If you set different `systemControls` for multiple containers in a single task, the container that's started last determines which `systemControls` take effect. │ │ │ - For tasks that use the `host` network mode, the network namespace `systemControls` aren't supported. │ │ │ If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see [IPC mode](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) . │ │ │ - For tasks that use the `host` IPC mode, IPC namespace `systemControls` aren't supported. │ │ │ - For tasks that use the `task` IPC mode, IPC namespace `systemControls` values apply to all containers within a task. │ │ │ > This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate. │ │ └[~] type Ulimit │ │ └ properties │ │ ├ HardLimit: (documentation changed) │ │ └ SoftLimit: (documentation changed) │ └[~] resource AWS::ECS::TaskSet │ └ types │ └[~] type AwsVpcConfiguration │ └ properties │ ├ SecurityGroups: (documentation changed) │ └ Subnets: (documentation changed) ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::TargetGroup │ └ properties │ └ TargetGroupAttributes: (documentation changed) ├[~] service aws-entityresolution │ └ resources │ ├[~] resource AWS::EntityResolution::IdNamespace │ │ └ types │ │ └[~] type NamespaceRuleBasedProperties │ │ └ properties │ │ └ RecordMatchingModels: (documentation changed) │ └[~] resource AWS::EntityResolution::MatchingWorkflow │ ├ properties │ │ └[+] IncrementalRunConfig: IncrementalRunConfig │ └ types │ └[+] type IncrementalRunConfig │ ├ documentation: An object which defines an incremental run type and has only `incrementalRunType` as a field. │ │ name: IncrementalRunConfig │ └ properties │ └IncrementalRunType: string (required) ├[~] service aws-glue │ └ resources │ └[~] resource AWS::Glue::Database │ └ attributes │ └[-] Id: string ├[~] service aws-groundstation │ └ resources │ ├[~] resource AWS::GroundStation::DataflowEndpointGroup │ │ └ types │ │ └[~] type AwsGroundStationAgentEndpoint │ │ ├ - documentation: undefined │ │ │ + documentation: Information about AwsGroundStationAgentEndpoint. │ │ └ properties │ │ ├ AgentStatus: (documentation changed) │ │ ├ AuditResults: (documentation changed) │ │ ├ EgressAddress: (documentation changed) │ │ ├ IngressAddress: (documentation changed) │ │ └ Name: (documentation changed) │ └[~] resource AWS::GroundStation::MissionProfile │ └ types │ └[~] type StreamsKmsKey │ ├ - documentation: undefined │ │ + documentation: KMS key info. │ └ properties │ ├ KmsAliasArn: (documentation changed) │ └ KmsKeyArn: (documentation changed) ├[~] service aws-guardduty │ └ resources │ ├[~] resource AWS::GuardDuty::Filter │ │ └ properties │ │ └ DetectorId: (documentation changed) │ ├[~] resource AWS::GuardDuty::IPSet │ │ └ properties │ │ └ DetectorId: (documentation changed) │ ├[~] resource AWS::GuardDuty::Master │ │ └ properties │ │ └ DetectorId: (documentation changed) │ └[~] resource AWS::GuardDuty::ThreatIntelSet │ └ properties │ └ DetectorId: (documentation changed) ├[~] service aws-iotfleetwise │ └ resources │ └[~] resource AWS::IoTFleetWise::Campaign │ └ types │ ├[~] type DataDestinationConfig │ │ └ properties │ │ └[+] MqttTopicConfig: MqttTopicConfig │ └[+] type MqttTopicConfig │ ├ name: MqttTopicConfig │ └ properties │ ├MqttTopicArn: string (required) │ └ExecutionRoleArn: string (required) ├[~] service aws-lambda │ └ resources │ ├[~] resource AWS::Lambda::Function │ │ ├ - documentation: The `AWS::Lambda::Function` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html) . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. │ │ │ You set the package type to `Image` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) . For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. │ │ │ You set the package type to `Zip` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip) . For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html) . │ │ │ You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with `UpdateFunctionCode` , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. │ │ │ Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a `AWS::Lambda::Version` or a `AWS::Lambda::Alias` . │ │ │ For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* │ │ │ + documentation: The `AWS::Lambda::Function` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html) . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. │ │ │ You set the package type to `Image` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) . For these functions, include the URI of the container image in the Amazon ECR registry in the [`ImageUri` property of the `Code` property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-imageuri) . You do not need to specify the handler and runtime properties. │ │ │ You set the package type to `Zip` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip) . For these functions, specify the Amazon S3 location of your .zip file in the `Code` property. Alternatively, for Node.js and Python functions, you can define your function inline in the [`ZipFile` property of the `Code` property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html#cfn-lambda-function-code-zipfile) . In both cases, you must also specify the handler and runtime properties. │ │ │ You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with `UpdateFunctionCode` , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. │ │ │ When you update a `AWS::Lambda::Function` resource, CloudFormation calls the [UpdateFunctionConfiguration](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionConfiguration.html) and [UpdateFunctionCode](https://docs.aws.amazon.com/lambda/latest/api/API_UpdateFunctionCode.html) Lambda APIs under the hood. Because these calls happen sequentially, and invocations can happen between these calls, your function may encounter errors in the time between the calls. For example, if you remove an environment variable, and the code that references that environment variable in the same CloudFormation update, you may see invocation errors related to a missing environment variable. To work around this, you can invoke your function against a version or alias by default, rather than the `$LATEST` version. │ │ │ Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a `AWS::Lambda::Version` or a `AWS::Lambda::Alias` . │ │ │ For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* │ │ └ properties │ │ ├ Code: (documentation changed) │ │ └ KmsKeyArn: (documentation changed) │ └[~] resource AWS::Lambda::Url │ └ properties │ └ TargetFunctionArn: (documentation changed) ├[~] service aws-macie │ └ resources │ ├[~] resource AWS::Macie::AllowList │ │ └ types │ │ └[~] type Criteria │ │ └ - documentation: Specifies the criteria for an allow list, which is a list that defines specific text or a text pattern to ignore when inspecting data sources for sensitive data. The criteria can be: │ │ - The location and name of an Amazon Simple Storage Service ( Amazon S3 ) object that lists specific, predefined text to ignore ( `S3WordsList` ), or │ │ - A regular expression ( `Regex` ) that defines a text pattern to ignore. │ │ The criteria must specify either an S3 object or a regular expression. It can't specify both. │ │ + documentation: Specifies the criteria for an allow list, which is a list that defines specific text or a text pattern to ignore when inspecting data sources for sensitive data. The criteria can be: │ │ - The location and name of an Amazon Simple Storage Service ( Amazon S3 ) object that lists specific predefined text to ignore ( `S3WordsList` ), or │ │ - A regular expression ( `Regex` ) that defines a text pattern to ignore. │ │ The criteria must specify either an S3 object or a regular expression. It can't specify both. │ └[~] resource AWS::Macie::FindingsFilter │ ├ - documentation: The `AWS::Macie::FindingsFilter` resource specifies a findings filter. In Amazon Macie , a *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. The criteria can help you identify and focus on findings that have specific characteristics, such as severity, type, or the name of an affected AWS resource. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ │ An `AWS::Macie::Session` resource must exist for an AWS account before you can create an `AWS::Macie::FindingsFilter` resource for the account. Use a [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to ensure that an `AWS::Macie::Session` resource is created before other Macie resources are created for an account. For example, `"DependsOn": "Session"` . │ │ + documentation: The `AWS::Macie::FindingsFilter` resource specifies a findings filter. In Amazon Macie , a *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. The criteria can help you identify and focus on findings that have specific characteristics, such as severity, type, or the name of an affected AWS resource. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering Macie findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ │ An `AWS::Macie::Session` resource must exist for an AWS account before you can create an `AWS::Macie::FindingsFilter` resource for the account. Use a [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to ensure that an `AWS::Macie::Session` resource is created before other Macie resources are created for an account. For example, `"DependsOn": "Session"` . │ └ types │ ├[~] type CriterionAdditionalProperties │ │ └ - documentation: Specifies a condition that defines the property, operator, and one or more values to use in a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ │ + documentation: Specifies a condition that defines the property, operator, and one or more values to use in a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering Macie findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ └[~] type FindingCriteria │ └ - documentation: Specifies, as a map, one or more property-based conditions for a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . │ + documentation: Specifies, as a map, one or more property-based conditions for a findings filter. A *findings filter* , also referred to as a *filter rule* , is a set of custom criteria that specifies which findings to include or exclude from the results of a query for findings. You can also configure a findings filter to suppress (automatically archive) findings that match the filter's criteria. For more information, see [Filtering Macie findings](https://docs.aws.amazon.com/macie/latest/user/findings-filter-overview.html) in the *Amazon Macie User Guide* . ├[~] service aws-medialive │ └ resources │ └[~] resource AWS::MediaLive::Input │ ├ properties │ │ └[+] SrtSettings: SrtSettingsRequest │ └ types │ ├[+] type SrtCallerDecryptionRequest │ │ ├ name: SrtCallerDecryptionRequest │ │ └ properties │ │ ├Algorithm: string │ │ └PassphraseSecretArn: string │ ├[+] type SrtCallerSourceRequest │ │ ├ name: SrtCallerSourceRequest │ │ └ properties │ │ ├SrtListenerPort: string │ │ ├StreamId: string │ │ ├MinimumLatency: integer │ │ ├Decryption: SrtCallerDecryptionRequest │ │ └SrtListenerAddress: string │ └[+] type SrtSettingsRequest │ ├ name: SrtSettingsRequest │ └ properties │ └SrtCallerSources: Array<SrtCallerSourceRequest> ├[~] service aws-mediapackagev2 │ └ resources │ └[~] resource AWS::MediaPackageV2::OriginEndpoint │ └ properties │ └ ContainerType: - string │ + string (required) ├[~] service aws-neptune │ └ resources │ └[~] resource AWS::Neptune::DBCluster │ └ properties │ ├ KmsKeyId: (documentation changed) │ └ StorageEncrypted: (documentation changed) ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ ├ properties │ │ └[+] SkipShardMigrationWait: boolean │ └ types │ ├[~] type AdvancedSecurityOptionsInput │ │ └ properties │ │ └[+] JWTOptions: JWTOptions │ └[+] type JWTOptions │ ├ name: JWTOptions │ └ properties │ ├Enabled: boolean │ ├PublicKey: string │ ├SubjectKey: string │ └RolesKey: string ├[+] service aws-pcaconnectorscep │ ├ capitalized: PCAConnectorSCEP │ │ cloudFormationNamespace: AWS::PCAConnectorSCEP │ │ name: aws-pcaconnectorscep │ │ shortName: pcaconnectorscep │ └ resources │ ├resource AWS::PCAConnectorSCEP::Challenge │ │├ name: Challenge │ ││ cloudFormationType: AWS::PCAConnectorSCEP::Challenge │ ││ documentation: Represents a SCEP Challenge that is used for certificate enrollment │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │├ properties │ ││ ├ConnectorArn: string (required, immutable) │ ││ └Tags: Map<string, string> │ │└ attributes │ │ └ChallengeArn: string │ └resource AWS::PCAConnectorSCEP::Connector │ ├ name: Connector │ │ cloudFormationType: AWS::PCAConnectorSCEP::Connector │ │ documentation: Represents a Connector that allows certificate issuance through Simple Certificate Enrollment Protocol (SCEP) │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ ├ properties │ │ ├CertificateAuthorityArn: string (required, immutable) │ │ ├MobileDeviceManagement: MobileDeviceManagement (immutable) │ │ └Tags: Map<string, string> │ ├ attributes │ │ ├ConnectorArn: string │ │ ├Endpoint: string │ │ ├OpenIdConfiguration: OpenIdConfiguration │ │ └Type: string │ └ types │ ├type MobileDeviceManagement │ │├ name: MobileDeviceManagement │ │└ properties │ │ └Intune: IntuneConfiguration (required) │ ├type IntuneConfiguration │ │├ name: IntuneConfiguration │ │└ properties │ │ ├AzureApplicationId: string (required) │ │ └Domain: string (required) │ └type OpenIdConfiguration │ ├ name: OpenIdConfiguration │ └ properties │ ├Issuer: string │ ├Subject: string │ └Audience: string ├[~] service aws-personalize │ └ resources │ └[~] resource AWS::Personalize::Solution │ └ - documentation: > After you create a solution, you can’t change its configuration. By default, all new solutions use automatic training. With automatic training, you incur training costs while your solution is active. You can't stop automatic training for a solution. To avoid unnecessary costs, make sure to delete the solution when you are finished. For information about training costs, see [Amazon Personalize pricing](https://docs.aws.amazon.com/https://aws.amazon.com/personalize/pricing/) . │ An object that provides information about a solution. A solution includes the custom recipe, customized parameters, and trained models (Solution Versions) that Amazon Personalize uses to generate recommendations. │ After you create a solution, you can’t change its configuration. If you need to make changes, you can [clone the solution](https://docs.aws.amazon.com/personalize/latest/dg/cloning-solution.html) with the Amazon Personalize console or create a new one. │ + documentation: > By default, all new solutions use automatic training. With automatic training, you incur training costs while your solution is active. To avoid unnecessary costs, when you are finished you can [update the solution](https://docs.aws.amazon.com/personalize/latest/dg/API_UpdateSolution.html) to turn off automatic training. For information about training costs, see [Amazon Personalize pricing](https://docs.aws.amazon.com/https://aws.amazon.com/personalize/pricing/) . │ An object that provides information about a solution. A solution includes the custom recipe, customized parameters, and trained models (Solution Versions) that Amazon Personalize uses to generate recommendations. │ After you create a solution, you can’t change its configuration. If you need to make changes, you can [clone the solution](https://docs.aws.amazon.com/personalize/latest/dg/cloning-solution.html) with the Amazon Personalize console or create a new one. ├[~] service aws-pipes │ └ resources │ └[~] resource AWS::Pipes::Pipe │ └ types │ ├[~] type PipeSourceDynamoDBStreamParameters │ │ └ properties │ │ ├ MaximumRecordAgeInSeconds: (documentation changed) │ │ ├ MaximumRetryAttempts: (documentation changed) │ │ ├ OnPartialBatchItemFailure: (documentation changed) │ │ └ ParallelizationFactor: (documentation changed) │ ├[~] type PipeSourceKinesisStreamParameters │ │ └ properties │ │ ├ MaximumRecordAgeInSeconds: (documentation changed) │ │ ├ MaximumRetryAttempts: (documentation changed) │ │ ├ OnPartialBatchItemFailure: (documentation changed) │ │ ├ ParallelizationFactor: (documentation changed) │ │ └ StartingPosition: (documentation changed) │ ├[~] type PipeSourceManagedStreamingKafkaParameters │ │ └ properties │ │ └ StartingPosition: (documentation changed) │ └[~] type PipeSourceSelfManagedKafkaParameters │ └ properties │ ├ AdditionalBootstrapServers: - Array<string> │ │ + Array<string> (immutable) │ ├ ConsumerGroupID: - string │ │ + string (immutable) │ ├ StartingPosition: - string │ │ + string (immutable) │ │ (documentation changed) │ └ TopicName: - string (required) │ + string (required, immutable) ├[~] service aws-qbusiness │ └ resources │ ├[~] resource AWS::QBusiness::Application │ │ ├ properties │ │ │ ├[+] AutoSubscriptionConfiguration: AutoSubscriptionConfiguration │ │ │ ├[+] ClientIdsForOIDC: Array<string> (immutable) │ │ │ ├[+] IamIdentityProviderArn: string (immutable) │ │ │ ├[+] IdentityType: string (immutable) │ │ │ ├[+] PersonalizationConfiguration: PersonalizationConfiguration │ │ │ └ QAppsConfiguration: (documentation changed) │ │ └ types │ │ ├[+] type AutoSubscriptionConfiguration │ │ │ ├ documentation: Subscription configuration information for an Amazon Q Business application using IAM identity federation for user management. │ │ │ │ name: AutoSubscriptionConfiguration │ │ │ └ properties │ │ │ ├AutoSubscribe: string (required) │ │ │ └DefaultSubscriptionType: string │ │ ├[+] type PersonalizationConfiguration │ │ │ ├ documentation: Configuration information about chat response personalization. For more information, see [Personalizing chat responses](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/personalizing-chat-responses.html) . │ │ │ │ name: PersonalizationConfiguration │ │ │ └ properties │ │ │ └PersonalizationControlMode: string (required) │ │ └[~] type QAppsConfiguration │ │ └ - documentation: Configuration information about Amazon Q Apps. (preview feature) │ │ + documentation: Configuration information about Amazon Q Apps. │ └[~] resource AWS::QBusiness::WebExperience │ ├ properties │ │ └[+] IdentityProviderConfiguration: IdentityProviderConfiguration │ └ types │ ├[+] type IdentityProviderConfiguration │ │ ├ documentation: Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. │ │ │ name: IdentityProviderConfiguration │ │ └ properties │ │ ├SamlConfiguration: SamlProviderConfiguration │ │ └OpenIDConnectConfiguration: OpenIDConnectProviderConfiguration │ ├[+] type OpenIDConnectProviderConfiguration │ │ ├ documentation: Information about the OIDC-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. │ │ │ name: OpenIDConnectProviderConfiguration │ │ └ properties │ │ ├SecretsArn: string (required) │ │ └SecretsRole: string (required) │ └[+] type SamlProviderConfiguration │ ├ documentation: Information about the SAML 2.0-compliant identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. │ │ name: SamlProviderConfiguration │ └ properties │ └AuthenticationUrl: string (required) ├[~] service aws-quicksight │ └ resources │ ├[~] resource AWS::QuickSight::Analysis │ │ └ types │ │ ├[+] type CategoryInnerFilter │ │ │ ├ documentation: A `CategoryInnerFilter` filters text values for the `NestedFilter` . │ │ │ │ name: CategoryInnerFilter │ │ │ └ properties │ │ │ ├Configuration: CategoryFilterConfiguration (required) │ │ │ ├Column: ColumnIdentifier (required) │ │ │ └DefaultFilterControlConfiguration: DefaultFilterControlConfiguration │ │ ├[~] type ColumnTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type FieldTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type Filter │ │ │ └ properties │ │ │ └[+] NestedFilter: NestedFilter │ │ ├[+] type InnerFilter │ │ │ ├ documentation: The `InnerFilter` defines the subset of data to be used with the `NestedFilter` . │ │ │ │ name: InnerFilter │ │ │ └ properties │ │ │ └CategoryInnerFilter: CategoryInnerFilter │ │ ├[~] type LineChartConfiguration │ │ │ └ properties │ │ │ └[+] SingleAxisOptions: SingleAxisOptions │ │ ├[+] type NestedFilter │ │ │ ├ documentation: A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter. │ │ │ │ name: NestedFilter │ │ │ └ properties │ │ │ ├Column: ColumnIdentifier (required) │ │ │ ├InnerFilter: InnerFilter (required) │ │ │ ├IncludeInnerSet: boolean (required, default=false) │ │ │ └FilterId: string (required) │ │ └[+] type SingleAxisOptions │ │ └ name: SingleAxisOptions │ ├[~] resource AWS::QuickSight::Dashboard │ │ └ types │ │ ├[+] type CategoryInnerFilter │ │ │ ├ documentation: A `CategoryInnerFilter` filters text values for the `NestedFilter` . │ │ │ │ name: CategoryInnerFilter │ │ │ └ properties │ │ │ ├Configuration: CategoryFilterConfiguration (required) │ │ │ ├Column: ColumnIdentifier (required) │ │ │ └DefaultFilterControlConfiguration: DefaultFilterControlConfiguration │ │ ├[~] type ColumnTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type FieldTooltipItem │ │ │ └ properties │ │ │ └[+] TooltipTarget: string │ │ ├[~] type Filter │ │ │ └ properties │ │ │ └[+] NestedFilter: NestedFilter │ │ ├[+] type InnerFilter │ │ │ ├ documentation: The `InnerFilter` defines the subset of data to be used with the `NestedFilter` . │ │ │ │ name: InnerFilter │ │ │ └ properties │ │ │ └CategoryInnerFilter: CategoryInnerFilter │ │ ├[~] type LineChartConfiguration │ │ │ └ properties │ │ │ └[+] SingleAxisOptions: SingleAxisOptions │ │ ├[+] type NestedFilter │ │ │ ├ documentation: A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter. │ │ │ │ name: NestedFilter │ │ │ └ properties │ │ │ ├Column: ColumnIdentifier (required) │ │ │ ├InnerFilter: InnerFilter (required) │ │ │ ├IncludeInnerSet: boolean (required, default=false) │ │ │ └FilterId: string (required) │ │ └[+] type SingleAxisOptions │ │ └ name: SingleAxisOptions │ └[~] resource AWS::QuickSight::Template │ └ types │ ├[+] type CategoryInnerFilter │ │ ├ documentation: A `CategoryInnerFilter` filters text values for the `NestedFilter` . │ │ │ name: CategoryInnerFilter │ │ └ properties │ │ ├Configuration: CategoryFilterConfiguration (required) │ │ ├Column: ColumnIdentifier (required) │ │ └DefaultFilterControlConfiguration: DefaultFilterControlConfiguration │ ├[~] type ColumnTooltipItem │ │ └ properties │ …
aws-cdk-automation
added
auto-approve
pr/no-squash
This PR should be merged instead of squash-merging it
labels
Sep 9, 2024
aws-cdk-automation
had a problem deploying
to
test-pipeline
September 9, 2024 23:42
— with
GitHub Actions
Failure
Leo10Gama
added
pr/do-not-merge
This PR should not be merged at this time.
and removed
pr/do-not-merge
This PR should not be merged at this time.
labels
Sep 9, 2024
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Comments on closed issues and PRs are hard for our team to see. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG