chore(release): 2.138.0 #29892

aws-cdk-automation · 2024-04-18T16:34:38Z

### Issue # (if applicable) (aws-appsync): addRdsDataSource doesnt support taking a DatabaseCluster Closes #29302 ### Reason for this change AppSync CDK construct currently accept only IServerlessCluster for RDS source as cluster type. However, with Aurora V2, serverless aurora clusters such as postgres aurora v14 and above are construct using the DatabaseCluster construct and as such AppSync.addRdsDataSource() method need ability to support both type of cluster interfaces. ### Description of changes To support the change I created a second props to support IDatabaseCluster in addition to IServerlessCluster already supported and I overloaded the constructor to support both type of props. However, to make the change possible, some modification to aws-rds were also required: 1 - Need IDatabaseCluster interface to have grantDataApiAccess() method published as part of the interface (the method was there but not published in the interface, when IServerlessCLuster interface have it published. 2 - need DatabaseCluster.grantDataApiAccess() to follow the same IAM permission pattern than ServerlessCluster.grantDataApiAccess() to have consistency. ServerlessCluster.grantDataApiAccess() method is adding automatically the required permission to secret manager if Data API is enabled. However, DatabaseCluster.grantDataApiAccess() do not. As such without the change it will have been required for end users to add that IAM permission to secret manager as an extra line when they will have assigned a serverless V2 cluster to AppSync datasource. To keep the experience unified across the 2 type of RDS clusters, i updated the method to have that IAM permission embedded. ### Description of how you validated changes - Unit test created for the new feature - Unit test updated and validated for RDS changes - Integration test created for the new feature I run all unit test and the integration test successfully. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

### Issue # (if applicable) Closes #27527 ### Reason for this change The current `NatInstanceProviderV2.securityGroup` property is unusable, given the dependency loop between the construct props (`NatInstanceProviderV2` > `VPC` > `SecurityGroup` > `NatInstanceProviderV2`). When creating the integration for #29729, adding a getter for the instances generated by the provider to update the instance role was required to test the `userData` overload. This solution also allows to bypass the circular dependency describe above, given that both the VPC and the instances are generated once the VPC is created with the `natGatewayProvider`. ### Description of changes * Deprecate `NatInstanceProviderV2.securityGroup` * Add `@example` tag to demo `NatInstanceProviderV2.gatewayInstances` * Update `README` to demo setting the security group * Update integ to test the demo ### Description of how you validated changes Updated integration test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.137.0/CHANGELOG.md)

The packages added below also impact the CLI and should be run through that test pipeline. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ttern is not impacted by sdk upgrade (#29795) ### Reason for this change For upgrading sdkv2 to sdkv3, I have confirmed that the [pattern](https://docs.aws.amazon.com/step-functions/latest/dg/supported-services-awssdk.html) used by step function task is not impacted by the migration and will remain the same. Adding a comment to add historical context for anyone revisiting this package for another sdk upgrade. ### Description of changes Just added comments. No code changes. ### Description of how you validated changes No tests added for comments ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…29654) ### Issue # (if applicable) N/A ### Reason for this change Customers that specify `Catch` fields in their CustomState's `stateJson` do not have Catchers defined in the rendered state definition. The reason for this is that the `Catch` fields from the `stateJson` is overridden by Catchers added through `addCatch()`. ### Description of changes This change updates the way the state's `Catch` field is rendered to merge Catchers provided inline with those provided through `addCatch()`. Catchers from `addCatch()` will be rendered first, followed by those provided inline. This is consistent with the merge behaviour for Retriers. ### Description of how you validated changes Unit test coverage for Catchers provided just inline, just through `addCatch()`, and a combination of both. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…bda-python-alpha/test/lambda-handler-project/lambda (#29803) Bumps [idna](https://github.com/kjd/idna) from 2.10 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ <ul> <li>Update to Unicode 15.0.0</li> <li>Migrate to pyproject.toml for build information (PEP 621)</li> <li>Correct another instance where generic exception was raised instead of IDNAError for malformed input</li> <li>Source distribution uses zeroized file ownership for improved reproducibility</li> </ul> Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ <ul> <li>Update to Unicode 14.0.0</li> <li>Update to in-line type annotations</li> <li>Throw IDNAError exception correctly for some malformed input</li> <li>Advertise support for Python 3.10</li> <li>Improve testing regime on Github</li> </ul> </blockquote> ... (truncated) </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v2.10...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=2.10&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…bda-python-alpha/test/lambda-handler (#29804) Bumps [idna](https://github.com/kjd/idna) from 2.10 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ <ul> <li>Update to Unicode 15.0.0</li> <li>Migrate to pyproject.toml for build information (PEP 621)</li> <li>Correct another instance where generic exception was raised instead of IDNAError for malformed input</li> <li>Source distribution uses zeroized file ownership for improved reproducibility</li> </ul> Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ <ul> <li>Update to Unicode 14.0.0</li> <li>Update to in-line type annotations</li> <li>Throw IDNAError exception correctly for some malformed input</li> <li>Advertise support for Python 3.10</li> <li>Improve testing regime on Github</li> </ul> </blockquote> ... (truncated) </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v2.10...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=2.10&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…bda-python-alpha/test/lambda-handler-custom-build (#29801) Bumps [idna](https://github.com/kjd/idna) from 2.10 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ <ul> <li>Update to Unicode 15.0.0</li> <li>Migrate to pyproject.toml for build information (PEP 621)</li> <li>Correct another instance where generic exception was raised instead of IDNAError for malformed input</li> <li>Source distribution uses zeroized file ownership for improved reproducibility</li> </ul> Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ <ul> <li>Update to Unicode 14.0.0</li> <li>Update to in-line type annotations</li> <li>Throw IDNAError exception correctly for some malformed input</li> <li>Advertise support for Python 3.10</li> <li>Improve testing regime on Github</li> </ul> </blockquote> ... (truncated) </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v2.10...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=2.10&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…bda-python-alpha/test/lambda-handler-project/shared (#29802) Bumps [idna](https://github.com/kjd/idna) from 2.10 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. 3.4 (2022-09-14) ++++++++++++++++ <ul> <li>Update to Unicode 15.0.0</li> <li>Migrate to pyproject.toml for build information (PEP 621)</li> <li>Correct another instance where generic exception was raised instead of IDNAError for malformed input</li> <li>Source distribution uses zeroized file ownership for improved reproducibility</li> </ul> Thanks to Seth Michael Larson for contributions to this release. 3.3 (2021-10-13) ++++++++++++++++ <ul> <li>Update to Unicode 14.0.0</li> <li>Update to in-line type annotations</li> <li>Throw IDNAError exception correctly for some malformed input</li> <li>Advertise support for Python 3.10</li> <li>Improve testing regime on Github</li> </ul> </blockquote> ... (truncated) </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v2.10...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=2.10&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…da-python-alpha/test/lambda-handler-poetry (#29805) Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v3.4...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=3.4&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…da-python-alpha/test/lambda-handler-dockercopy (#29806) Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v3.4...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=3.4&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

…da-python-alpha/test/lambda-handler-pipenv (#29807) Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/kjd/idna/releases">idna's releases</a>. <blockquote> <h2>v3.7</h2> <h2>What's Changed</h2> <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. Full Changelog: <a href="https://github.com/kjd/idna/compare/v3.6...v3.7">https://github.com/kjd/idna/compare/v3.6...v3.7</a> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>. <blockquote> 3.7 (2024-04-11) ++++++++++++++++ <ul> <li>Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]</li> </ul> Thanks to Guido Vranken for reporting the issue. 3.6 (2023-11-25) ++++++++++++++++ <ul> <li>Fix regression to include tests in source distribution.</li> </ul> 3.5 (2023-11-24) ++++++++++++++++ <ul> <li>Update to Unicode 15.1.0</li> <li>String codec name is now "idna2008" as overriding the system codec "idna" was not working.</li> <li>Fix typing error for codec encoding</li> <li>"setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.</li> <li>Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.</li> <li>Added security reporting protocol for project</li> </ul> Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release. </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"><code>1d365e1</code></a> Release v3.7</li> <li><a href="https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6"><code>c1b3154</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/172">#172</a> from kjd/optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623"><code>0394ec7</code></a> Merge branch 'master' into optimize-contextj</li> <li><a href="https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966"><code>cd58a23</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/152">#152</a> from elliotwutingfeng/dev</li> <li><a href="https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7"><code>5beb28b</code></a> More efficient resolution of joiner contexts</li> <li><a href="https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b"><code>1b12148</code></a> Update ossf/scorecard-action to v2.3.1</li> <li><a href="https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067"><code>d516b87</code></a> Update Github actions/checkout to v4</li> <li><a href="https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7"><code>c095c75</code></a> Merge branch 'master' into dev</li> <li><a href="https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98"><code>60a0a4c</code></a> Fix typo in GitHub Actions workflow key</li> <li><a href="https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201"><code>5918a0e</code></a> Merge branch 'master' into dev</li> <li>Additional commits viewable in <a href="https://github.com/kjd/idna/compare/v3.4...v3.7">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=idna&package-manager=pip&previous-version=3.4&new-version=3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

### Reason for this change The removed case `'throws when a core construct is added as cdk8s chart'` is the same as `'throws when a non cdk8s chart construct is added as cdk8s chart'`. ### Description of changes Removed duplicates. ### Description of how you validated changes Just removed the case. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…y Group reference (#29620) ### Issue # (if applicable) Closes #23796 ### Reason for this change In #23591 `installLatestAwsSdk`. This results in a resource update for custom resources. The custom resource that fetches the security groups does not have an onUpdate handler (https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-globalaccelerator/lib/_accelerator-security-group.ts#L32). When the empty object is returned, this results in an update failure in CloudFormation because the specific property isn't available and so it will fail with error below: ``` CustomResource attribute error: Vendor response doesn't contain SecurityGroups.0.GroupId key in object ``` When the update occurs, the response object does not have a `SecurityGroups.0.GroupId` field, resulting in failures when `SecurityGroups` is referenced. ### Description of changes Update the onCreate to onUpdate for custom resources to mitigate the CloudFormation update failure. Documentations: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.custom_resources.AwsCustomResource.html#oncreate. Similar fix for Cognito: #23798 ### Description of how you validated changes The integration test is updated with the latest assets. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29714 ### Reason for this change Currently, to set the TracingConfig, it is necessary to configure it via L1. So, add TracingConfig props to L2. ### Description of changes added TracingConfig props to topic.ts, sns.test.ts, integ.sns.ts, and README.md for AWS SNS. ### Description of how you validated changes I confirmed with unit test and integ test that it works as expected. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…29820) ### Issue # (if applicable) Closes #29813 ### Reason for this change improve the fromFunctionArn() to better handle the input ARN ### Description of changes fromFunctionArn() does not handle the ARN correctly if the input ARN has trailing version or alias. ### Description of how you validated changes See unit tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) None as far as I can tell ### Reason for this change The web console lists commonly used ports when adding a rule to a security group, this aims to reproduce this simple quality of life shortcut. It can also help with code readability, and might save people from a typo ### Description of changes * Add well-known static `Port` instances * Intersection of the AWS web console listed ports and the [IANA Service Name and Transport Protocol Port Number Registry](https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt) ### Description of how you validated changes Compared the AWS web console values to the IANA list, and added a unit test to make sure the alias behaved properly ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…te `Logging` class (#29648) ### Reason for this change SDK v2 and v3 handlers for `AwsCustomResource` log the event object passed to the handler, API responses, and caught /uncaught errors for each SDK call made. This can potentially result in logging sensitive information that a user may wish to hide. This PR introduces a new `logging` property on the `AwsSdkCall` interface that can be used to provide more control over logging in the SDK v2 and v3 handlers on a per SDK call basis. The `logging` flag is configurable via a new `Logging` class which exposes two static methods: - all: all logging during lambda execution is turned on - withDataHidden: hides all logged data associated with the API call response. This includes the raw response as well as the `Data` field on the response object Additional logging configurations can be added in the future. ### Description of changes Added a `logging` flag to the `AwsSdkCall` interface which is configurable via the new `Logging` class. The `Logging` class has an internal `render` method which renders the specified logging configuration which is passed as part of the `create`, `update`, and `delete` `ResourceProperties` to the lambda handler. These `logging` properties are then used throughout the handler to control what is logged based on their value ### Description of how you validated changes * A new integ test with `logging` as `withDataHidden` was added * Unit tests to ensure calling `render` on a `Logging` instance produces the expected result * Unit tests to ensure that using `logging` with `AwsSdkCall` while using `AwsCustomResource` produces the correct CloudFormation template ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-amplify │ └ resources │ └[~] resource AWS::Amplify::Domain │ ├ properties │ │ ├[-] Certificate: Certificate │ │ └[-] UpdateStatus: string │ └ attributes │ ├[+] Certificate: Certificate │ └[+] UpdateStatus: string ├[~] service aws-appconfig │ └ resources │ ├[~] resource AWS::AppConfig::Application │ │ └ - documentation: The `AWS::AppConfig::Application` resource creates an application. In AWS AppConfig , an application is simply an organizational construct like a folder. This organizational construct has a relationship with some unit of executable code. For example, you could create an application called MyMobileApp to organize and manage configuration data for a mobile application installed by your users. │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ - Create an application │ │ - Create an environment │ │ - Create a configuration profile │ │ - Create a deployment strategy │ │ - Deploy the configuration │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ + documentation: The `AWS::AppConfig::Application` resource creates an application. In AWS AppConfig , an application is simply an organizational construct like a folder. This organizational construct has a relationship with some unit of executable code. For example, you could create an application called MyMobileApp to organize and manage configuration data for a mobile application installed by your users. │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ - Create an application │ │ - Create an environment │ │ - Create a configuration profile │ │ - Choose a pre-defined deployment strategy or create your own │ │ - Deploy the configuration │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ ├[~] resource AWS::AppConfig::ConfigurationProfile │ │ ├ - documentation: The `AWS::AppConfig::ConfigurationProfile` resource creates a configuration profile that enables AWS AppConfig to access the configuration source. Valid configuration sources include AWS Systems Manager (SSM) documents, SSM Parameter Store parameters, and Amazon S3 . A configuration profile includes the following information. │ │ │ - The Uri location of the configuration data. │ │ │ - The AWS Identity and Access Management ( IAM ) role that provides access to the configuration data. │ │ │ - A validator for the configuration data. Available validators include either a JSON Schema or the Amazon Resource Name (ARN) of an AWS Lambda function. │ │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ │ - Create an application │ │ │ - Create an environment │ │ │ - Create a configuration profile │ │ │ - Create a deployment strategy │ │ │ - Deploy the configuration │ │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ │ + documentation: The `AWS::AppConfig::ConfigurationProfile` resource creates a configuration profile that enables AWS AppConfig to access the configuration source. Valid configuration sources include AWS Systems Manager (SSM) documents, SSM Parameter Store parameters, and Amazon S3 . A configuration profile includes the following information. │ │ │ - The Uri location of the configuration data. │ │ │ - The AWS Identity and Access Management ( IAM ) role that provides access to the configuration data. │ │ │ - A validator for the configuration data. Available validators include either a JSON Schema or the Amazon Resource Name (ARN) of an AWS Lambda function. │ │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ │ - Create an application │ │ │ - Create an environment │ │ │ - Create a configuration profile │ │ │ - Choose a pre-defined deployment strategy or create your own │ │ │ - Deploy the configuration │ │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ └ attributes │ │ └ KmsKeyArn: (documentation changed) │ ├[~] resource AWS::AppConfig::Deployment │ │ ├ - documentation: The `AWS::AppConfig::Deployment` resource starts a deployment. Starting a deployment in AWS AppConfig calls the `StartDeployment` API action. This call includes the IDs of the AWS AppConfig application, the environment, the configuration profile, and (optionally) the configuration data version to deploy. The call also includes the ID of the deployment strategy to use, which determines how the configuration data is deployed. │ │ │ AWS AppConfig monitors the distribution to all hosts and reports status. If a distribution fails, then AWS AppConfig rolls back the configuration. │ │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ │ - Create an application │ │ │ - Create an environment │ │ │ - Create a configuration profile │ │ │ - Create a deployment strategy │ │ │ - Deploy the configuration │ │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ │ + documentation: The `AWS::AppConfig::Deployment` resource starts a deployment. Starting a deployment in AWS AppConfig calls the `StartDeployment` API action. This call includes the IDs of the AWS AppConfig application, the environment, the configuration profile, and (optionally) the configuration data version to deploy. The call also includes the ID of the deployment strategy to use, which determines how the configuration data is deployed. │ │ │ AWS AppConfig monitors the distribution to all hosts and reports status. If a distribution fails, then AWS AppConfig rolls back the configuration. │ │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ │ - Create an application │ │ │ - Create an environment │ │ │ - Create a configuration profile │ │ │ - Choose a pre-defined deployment strategy or create your own │ │ │ - Deploy the configuration │ │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ ├ properties │ │ │ └ DynamicExtensionParameters: (documentation changed) │ │ └ types │ │ └[~] type DynamicExtensionParameters │ │ ├ - documentation: undefined │ │ │ + documentation: A map of dynamic extension parameter names to values to pass to associated extensions with `PRE_START_DEPLOYMENT` actions. │ │ └ properties │ │ ├ ExtensionReference: (documentation changed) │ │ ├ ParameterName: (documentation changed) │ │ └ ParameterValue: (documentation changed) │ ├[~] resource AWS::AppConfig::DeploymentStrategy │ │ ├ - documentation: The `AWS::AppConfig::DeploymentStrategy` resource creates an AWS AppConfig deployment strategy. A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes: the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time. │ │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ │ - Create an application │ │ │ - Create an environment │ │ │ - Create a configuration profile │ │ │ - Create a deployment strategy │ │ │ - Deploy the configuration │ │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ │ + documentation: The `AWS::AppConfig::DeploymentStrategy` resource creates an AWS AppConfig deployment strategy. A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes: the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time. │ │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ │ - Create an application │ │ │ - Create an environment │ │ │ - Create a configuration profile │ │ │ - Choose a pre-defined deployment strategy or create your own │ │ │ - Deploy the configuration │ │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ └ attributes │ │ └ Id: (documentation changed) │ ├[~] resource AWS::AppConfig::Environment │ │ └ - documentation: The `AWS::AppConfig::Environment` resource creates an environment, which is a logical deployment group of AWS AppConfig targets, such as applications in a `Beta` or `Production` environment. You define one or more environments for each AWS AppConfig application. You can also define environments for application subcomponents such as the `Web` , `Mobile` and `Back-end` components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration. │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ - Create an application │ │ - Create an environment │ │ - Create a configuration profile │ │ - Create a deployment strategy │ │ - Deploy the configuration │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ │ + documentation: The `AWS::AppConfig::Environment` resource creates an environment, which is a logical deployment group of AWS AppConfig targets, such as applications in a `Beta` or `Production` environment. You define one or more environments for each AWS AppConfig application. You can also define environments for application subcomponents such as the `Web` , `Mobile` and `Back-end` components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration. │ │ AWS AppConfig requires that you create resources and deploy a configuration in the following order: │ │ - Create an application │ │ - Create an environment │ │ - Create a configuration profile │ │ - Choose a pre-defined deployment strategy or create your own │ │ - Deploy the configuration │ │ For more information, see [AWS AppConfig](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* . │ └[~] resource AWS::AppConfig::Extension │ └ types │ └[~] type Action │ ├ - documentation: An action defines the tasks that the extension performs during the AWS AppConfig workflow. Each action includes an action point such as `ON_CREATE_HOSTED_CONFIGURATION` , `PRE_DEPLOYMENT` , or `ON_DEPLOYMENT` . Each action also includes a name, a URI to an AWS Lambda function, and an Amazon Resource Name (ARN) for an AWS Identity and Access Management assume role. You specify the name, URI, and ARN for each *action point* defined in the extension. You can specify the following actions for an extension: │ │ - `PRE_CREATE_HOSTED_CONFIGURATION_VERSION` │ │ - `PRE_START_DEPLOYMENT` │ │ - `ON_DEPLOYMENT_START` │ │ - `ON_DEPLOYMENT_STEP` │ │ - `ON_DEPLOYMENT_BAKING` │ │ - `ON_DEPLOYMENT_COMPLETE` │ │ - `ON_DEPLOYMENT_ROLLED_BACK` │ │ + documentation: The actions defined in the extension. │ └ properties │ └ Description: (documentation changed) ├[~] service aws-apprunner │ └ resources │ └[~] resource AWS::AppRunner::VpcConnector │ └ properties │ └ Tags: (documentation changed) ├[~] service aws-aps │ └ resources │ ├[~] resource AWS::APS::RuleGroupsNamespace │ │ └ properties │ │ └ Workspace: (documentation changed) │ └[~] resource AWS::APS::Scraper │ ├ - documentation: Resource Type definition for AWS::APS::Scraper │ │ + documentation: A scraper is a fully-managed agentless collector that discovers and pulls metrics automatically. A scraper pulls metrics from Prometheus-compatible sources within an Amazon EKS cluster, and sends them to your Amazon Managed Service for Prometheus workspace. Scrapers are flexible. You can configure the scraper to control what metrics are collected, the frequency of collection, what transformations are applied to the metrics, and more. │ │ An IAM role will be created for you that Amazon Managed Service for Prometheus uses to access the metrics in your cluster. You must configure this role with a policy that allows it to scrape metrics from your cluster. For more information, see [Configuring your Amazon EKS cluster](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-collector-how-to.html#AMP-collector-eks-setup) in the *Amazon Managed Service for Prometheus User Guide* . │ │ The `scrapeConfiguration` parameter contains the YAML configuration for the scraper. │ │ > For more information about collectors, including what metrics are collected, and how to configure the scraper, see [Using an AWS managed collector](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-collector-how-to.html) in the *Amazon Managed Service for Prometheus User Guide* . │ ├ properties │ │ ├ Alias: (documentation changed) │ │ ├ Destination: (documentation changed) │ │ ├ ScrapeConfiguration: (documentation changed) │ │ ├ Source: (documentation changed) │ │ └ Tags: (documentation changed) │ ├ attributes │ │ ├ Arn: (documentation changed) │ │ ├ RoleArn: (documentation changed) │ │ └ ScraperId: (documentation changed) │ └ types │ ├[~] type AmpConfiguration │ │ ├ - documentation: Configuration for Amazon Managed Prometheus metrics destination │ │ │ + documentation: The `AmpConfiguration` structure defines the Amazon Managed Service for Prometheus instance a scraper should send metrics to. │ │ └ properties │ │ └ WorkspaceArn: (documentation changed) │ ├[~] type Destination │ │ ├ - documentation: Scraper metrics destination │ │ │ + documentation: Where to send the metrics from a scraper. │ │ └ properties │ │ └ AmpConfiguration: (documentation changed) │ ├[~] type EksConfiguration │ │ ├ - documentation: Configuration for EKS metrics source │ │ │ + documentation: The `EksConfiguration` structure describes the connection to the Amazon EKS cluster from which a scraper collects metrics. │ │ └ properties │ │ ├ ClusterArn: (documentation changed) │ │ ├ SecurityGroupIds: (documentation changed) │ │ └ SubnetIds: (documentation changed) │ ├[~] type ScrapeConfiguration │ │ ├ - documentation: Scraper configuration │ │ │ + documentation: A scrape configuration for a scraper, base 64 encoded. For more information, see [Scraper configuration](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-collector-how-to.html#AMP-collector-configuration) in the *Amazon Managed Service for Prometheus User Guide* . │ │ └ properties │ │ └ ConfigurationBlob: (documentation changed) │ └[~] type Source │ ├ - documentation: Scraper metrics source │ │ + documentation: The source of collected metrics for a scraper. │ └ properties │ └ EksConfiguration: (documentation changed) ├[~] service aws-b2bi │ └ resources │ ├[~] resource AWS::B2BI::Capability │ │ └ types │ │ └[~] type X12Details │ │ └ properties │ │ └ Version: (documentation changed) │ └[~] resource AWS::B2BI::Transformer │ └ types │ └[~] type X12Details │ └ properties │ └ Version: (documentation changed) ├[~] service aws-backup │ └ resources │ ├[~] resource AWS::Backup::BackupVault │ │ └ properties │ │ └ BackupVaultTags: (documentation changed) │ ├[~] resource AWS::Backup::Framework │ │ └ properties │ │ └ FrameworkTags: (documentation changed) │ ├[~] resource AWS::Backup::RestoreTestingPlan │ │ └ types │ │ └[~] type RestoreTestingRecoveryPointSelection │ │ ├ - documentation: Required: Algorithm; Required: Recovery point types; IncludeVaults(one or more). Optional: SelectionWindowDays ('30' if not specified);ExcludeVaults (list of selectors), defaults to empty list if not listed. │ │ │ + documentation: `RecoveryPointSelection` has five parameters (three required and two optional). The values you specify determine which recovery point is included in the restore test. You must indicate with `Algorithm` if you want the latest recovery point within your `SelectionWindowDays` or if you want a random recovery point, and you must indicate through `IncludeVaults` from which vaults the recovery points can be chosen. │ │ │ `Algorithm` ( *required* ) Valid values: " `LATEST_WITHIN_WINDOW` " or " `RANDOM_WITHIN_WINDOW` ". │ │ │ `Recovery point types` ( *required* ) Valid values: " `SNAPSHOT` " and/or " `CONTINUOUS` ". Include `SNAPSHOT` to restore only snapshot recovery points; include `CONTINUOUS` to restore continuous recovery points (point in time restore / PITR); use both to restore either a snapshot or a continuous recovery point. The recovery point will be determined by the value for `Algorithm` . │ │ │ `IncludeVaults` ( *required* ). You must include one or more backup vaults. Use the wildcard ["*"] or specific ARNs. │ │ │ `SelectionWindowDays` ( *optional* ) Value must be an integer (in days) from 1 to 365. If not included, the value defaults to `30` . │ │ │ `ExcludeVaults` ( *optional* ). You can choose to input one or more specific backup vault ARNs to exclude those vaults' contents from restore eligibility. Or, you can include a list of selectors. If this parameter and its value are not included, it defaults to empty list. │ │ └ properties │ │ └ RecoveryPointTypes: (documentation changed) │ └[~] resource AWS::Backup::RestoreTestingSelection │ └ types │ └[~] type KeyValue │ └ properties │ ├ Key: (documentation changed) │ └ Value: (documentation changed) ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ └ types │ ├[+] type ImagePullSecret │ │ ├ name: ImagePullSecret │ │ └ properties │ │ └Name: string (required) │ ├[~] type PodProperties │ │ └ properties │ │ └[+] ImagePullSecrets: Array<ImagePullSecret> │ └[~] type SecurityContext │ └ properties │ └[+] AllowPrivilegeEscalation: boolean ├[+] service aws-bcmdataexports │ ├ capitalized: BCMDataExports │ │ cloudFormationNamespace: AWS::BCMDataExports │ │ name: aws-bcmdataexports │ │ shortName: bcmdataexports │ └ resources │ └resource AWS::BCMDataExports::Export │ ├ name: Export │ │ cloudFormationType: AWS::BCMDataExports::Export │ │ documentation: Creates a data export and specifies the data query, the delivery preference, and any optional resource tags. │ │ A `DataQuery` consists of both a `QueryStatement` and `TableConfigurations` . │ │ The `QueryStatement` is an SQL statement. Data Exports only supports a limited subset of the SQL syntax. For more information on the SQL syntax that is supported, see [Data query](https://docs.aws.amazon.com/cur/latest/userguide/de-data-query.html) . To view the available tables and columns, see the [Data Exports table dictionary](https://docs.aws.amazon.com/cur/latest/userguide/de-table-dictionary.html) . │ │ The `TableConfigurations` is a collection of specified `TableProperties` for the table being queried in the `QueryStatement` . TableProperties are additional configurations you can provide to change the data and schema of a table. Each table can have different TableProperties. However, tables are not required to have any TableProperties. Each table property has a default value that it assumes if not specified. For more information on table configurations, see [Data query](https://docs.aws.amazon.com/cur/latest/userguide/de-data-query.html) . To view the table properties available for each table, see the [Data Exports table dictionary](https://docs.aws.amazon.com/cur/latest/userguide/de-table-dictionary.html) or use the `ListTables` API to get a response of all tables and their available properties. │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├Export: Export (required) │ │ └Tags: Array<ResourceTag> │ ├ attributes │ │ └ExportArn: string │ └ types │ ├type Export │ │├ documentation: The details that are available for an export. │ ││ name: Export │ │└ properties │ │ ├ExportArn: string │ │ ├Name: string (required, immutable) │ │ ├Description: string │ │ ├DataQuery: DataQuery (required) │ │ ├DestinationConfigurations: DestinationConfigurations (required) │ │ └RefreshCadence: RefreshCadence (required, immutable) │ ├type DataQuery │ │├ documentation: The SQL query of column selections and row filters from the data table you want. │ ││ name: DataQuery │ │└ properties │ │ ├QueryStatement: string (required) │ │ └TableConfigurations: Map<string, Map<string, string>> (immutable) │ ├type DestinationConfigurations │ │├ documentation: The destinations used for data exports. │ ││ name: DestinationConfigurations │ │└ properties │ │ └S3Destination: S3Destination (required) │ ├type S3Destination │ │├ documentation: Describes the destination Amazon Simple Storage Service (Amazon S3) bucket name and object keys of a data exports file. │ ││ name: S3Destination │ │└ properties │ │ ├S3Bucket: string (required) │ │ ├S3Prefix: string (required) │ │ ├S3Region: string (required) │ │ └S3OutputConfigurations: S3OutputConfigurations (required) │ ├type S3OutputConfigurations │ │├ documentation: The compression type, file format, and overwrite preference for the data export. │ ││ name: S3OutputConfigurations │ │└ properties │ │ ├OutputType: string (required) │ │ ├Format: string (required) │ │ ├Compression: string (required) │ │ └Overwrite: string (required) │ ├type RefreshCadence │ │├ documentation: The cadence for AWS to update the data export in your S3 bucket. │ ││ name: RefreshCadence │ │└ properties │ │ └Frequency: string (required) │ └type ResourceTag │ ├ documentation: The tag structure that contains a tag key and value. │ │ name: ResourceTag │ └ properties │ ├Key: string (required) │ └Value: string (required) ├[+] service aws-bedrock │ ├ capitalized: Bedrock │ │ cloudFormationNamespace: AWS::Bedrock │ │ name: aws-bedrock │ │ shortName: bedrock │ └ resources │ ├resource AWS::Bedrock::Agent │ │├ name: Agent │ ││ cloudFormationType: AWS::Bedrock::Agent │ ││ documentation: Specifies an agent as a resource in a top-level template. Minimally, you must specify the following properties: │ ││ - AgentName – Specify a name for the agent. │ ││ - AgentResourceRoleArn – Specify the Amazon Resource Name (ARN) of the service role with permissions to invoke API operations on the agent. For more information, see [Create a service role for Agents for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-permissions.html) . │ ││ - FoundationModel – Specify the model ID of a foundation model to use when invoking the agent. For more information, see [Supported regions and models for Agents for Amazon Bedrock](https://docs.aws.amazon.com//bedrock/latest/userguide/agents-supported.html) . │ ││ For more information about using agents in Amazon Bedrock , see [Agents for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/agents.html) . │ ││ See the *Properties* section below for descriptions of both the required and optional properties. │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │├ properties │ ││ ├ActionGroups: Array<AgentActionGroup> │ ││ ├AgentName: string (required) │ ││ ├AgentResourceRoleArn: string │ ││ ├AutoPrepare: boolean (default=false) │ ││ ├CustomerEncryptionKeyArn: string │ ││ ├SkipResourceInUseCheckOnDelete: boolean (default=false) │ ││ ├Description: string │ ││ ├FoundationModel: string │ ││ ├IdleSessionTTLInSeconds: number │ ││ ├Instruction: string │ ││ ├KnowledgeBases: Array<AgentKnowledgeBase> │ ││ ├PromptOverrideConfiguration: PromptOverrideConfiguration │ ││ └Tags: Map<string, string> │ │├ attributes │ ││ ├AgentArn: string │ ││ ├AgentId: string │ ││ ├AgentStatus: string │ ││ ├AgentVersion: string │ ││ ├CreatedAt: string │ ││ ├FailureReasons: Array<string> │ ││ ├PreparedAt: string │ ││ ├RecommendedActions: Array<string> │ ││ └UpdatedAt: string │ │└ types │ │ ├type AgentActionGroup │ │ │├ documentation: Contains details about an action group. │ │ ││ name: AgentActionGroup │ │ │└ properties │ │ │ ├ActionGroupName: string (required) │ │ │ ├Description: string │ │ │ ├ParentActionGroupSignature: string │ │ │ ├ActionGroupExecutor: ActionGroupExecutor │ │ │ ├ApiSchema: APISchema │ │ │ ├ActionGroupState: string │ │ │ └SkipResourceInUseCheckOnDelete: boolean (default=false) │ │ ├type ActionGroupExecutor │ │ │├ documentation: Contains details about the Lambda function containing the business logic that is carried out upon invoking the action. │ │ ││ name: ActionGroupExecutor │ │ │└ properties │ │ │ └Lambda: string (required) │ │ ├type APISchema │ │ │├ documentation: Contains details about the OpenAPI schema for the action group. For more information, see [Action group OpenAPI schemas](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-api-schema.html) . You can either include the schema directly in the `payload` field or you can upload it to an S3 bucket and specify the S3 bucket location in the `s3` field. │ │ ││ name: APISchema │ │ │└ properties │ │ │ ├S3: S3Identifier │ │ │ └Payload: string │ │ ├type S3Identifier │ │ │├ documentation: Contains information about the S3 object containing the resource. │ │ ││ name: S3Identifier │ │ │└ properties │ │ │ ├S3BucketName: string │ │ │ └S3ObjectKey: string │ │ ├type AgentKnowledgeBase │ │ │├ documentation: Contains details about a knowledge base that is associated with an agent. │ │ ││ name: AgentKnowledgeBase │ │ │└ properties │ │ │ ├KnowledgeBaseId: string (required) │ │ │ ├Description: string (required) │ │ │ └KnowledgeBaseState: string │ │ ├type PromptOverrideConfiguration │ │ │├ documentation: Contains configurations to override prompts in different parts of an agent sequence. For more information, see [Advanced prompts](https://docs.aws.amazon.com/bedrock/latest/userguide/advanced-prompts.html) . │ │ ││ name: PromptOverrideConfiguration │ │ │└ properties │ │ │ ├PromptConfigurations: Array<PromptConfiguration> (required) │ │ │ └OverrideLambda: string │ │ ├type PromptConfiguration │ │ │├ documentation: Contains configurations to override a prompt template in one part of an agent sequence. For more information, see [Advanced prompts](https://docs.aws.amazon.com/bedrock/latest/userguide/advanced-prompts.html) . │ │ ││ name: PromptConfiguration │ │ │└ properties │ │ │ ├PromptType: string │ │ │ ├PromptCreationMode: string │ │ │ ├PromptState: string │ │ │ ├BasePromptTemplate: string │ │ │ ├InferenceConfiguration: InferenceConfiguration │ │ │ └ParserMode: string │ │ └type InferenceConfiguration │ │ ├ documentation: Contains inference parameters to use when the agent invokes a foundation model in the part of the agent sequence defined by the `promptType` . For more information, see [Inference parameters for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html) . │ │ │ name: InferenceConfiguration │ │ └ properties │ │ ├Temperature: number │ │ ├TopP: number │ │ ├TopK: number │ │ ├MaximumLength: number │ │ └StopSequences: Array<string> │ ├resource AWS::Bedrock::AgentAlias │ │├ name: AgentAlias │ ││ cloudFormationType: AWS::Bedrock::AgentAlias │ ││ documentation: Specifies an agent alias as a resource in a top-level template. Minimally, you must specify the following properties: │ ││ - AgentAliasName – Specify a name for the alias. │ ││ For more information about creating aliases for an agent in Amazon Bedrock , see [Deploy an Amazon Bedrock agent](https://docs.aws.amazon.com/bedrock/latest/userguide/agents-deploy.html) . │ ││ See the *Properties* section below for descriptions of both the required and optional properties. │ ││ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ │├ properties │ ││ ├AgentAliasName: string (required) │ ││ ├AgentId: string (required, immutable) │ ││ ├Description: string │ ││ ├RoutingConfiguration: Array<AgentAliasRoutingConfigurationListItem> │ ││ └Tags: Map<string, string> │ │├ attributes │ ││ ├AgentAliasArn: string │ ││ ├AgentAliasHistoryEvents: Array<AgentAliasHistoryEvent> │ ││ ├AgentAliasId: string │ ││ ├AgentAliasStatus: string │ ││ ├CreatedAt: string │ ││ └UpdatedAt: string │ │└ types │ │ ├type AgentAliasHistoryEvent │ │ │├ documentation: Contains details about the history of the alias. │ │ ││ name: AgentAliasHistoryEvent │ │ │└ properties │ │ │ ├RoutingConfiguration: Array<AgentAliasRoutingConfigurationListItem> │ │ │ ├EndDate: string │ │ │ └StartDate: string │ │ └type AgentAliasRoutingConfigurationListItem │ │ ├ documentation: Contains details about the routing configuration of the alias. │ │ │ name: AgentAliasRoutingConfigurationListItem │ │ └ properties │ │ └AgentVersion: string (required) │ ├resource AWS::Bedrock::DataSource │ │├ name: DataSource │ ││ cloudFormationType: AWS::Bedrock::DataSource │ ││ documentation: Specifies a data source as a resource in a top-level template. Minimally, you must specify the following properties: │ ││ - Name – Specify a name for the data source. │ ││ - KnowledgeBaseId – Specify the ID of the knowledge base for the data source to belong to. │ ││ - DataSourceConfiguration – Specify information about the Amazon S3 bucket containing the data source. The following sub-properties are required: │ ││ - Type – Specify the value `S3` . │ ││ For more information about setting up data sources in Amazon Bedrock , see [Set up a data source for your knowledge base](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-ds.html) . │ ││ See the *Properties* section below for descriptions of both the required and optional properties. │ │├ properties │ ││ ├DataSourceConfiguration: DataSourceConfiguration (required) │ ││ ├Description: string │ ││ ├KnowledgeBaseId: string (required, immutable) │ ││ ├Name: string (required) │ ││ ├ServerSideEncryptionConfiguration: ServerSideEncryptionConfiguration │ ││ └VectorIngestionConfiguration: VectorIngestionConfiguration (immutable) │ │├ attributes │ ││ ├DataSourceId: string │ ││ ├DataSourceStatus: string │ ││ ├CreatedAt: string │ ││ └UpdatedAt: string │ │└ types │ │ ├type DataSourceConfiguration │ │ │├ documentation: Contains details about how a data source is stored. │ │ ││ name: DataSourceConfiguration │ │ │└ properties │ │ │ ├Type: string (required) │ │ │ └S3Configuration: S3DataSourceConfiguration (required) │ │ ├type S3DataSourceConfiguration │ │ │├ documentation: Contains information about the S3 configuration of the data source. │ │ ││ name: S3DataSourceConfiguration │ │ │└ properties │ │ │ ├BucketArn: string (required) │ │ │ └InclusionPrefixes: Array<string> │ │ ├type ServerSideEncryptionConfiguration │ │ │├ documentation: Contains the configuration for server-side encryption. │ │ ││ name: ServerSideEncryptionConfiguration │ │ │└ properties │ │ │ └KmsKeyArn: string │ │ ├type VectorIngestionConfiguration │ │ │├ documentation: Contains details about how to ingest the documents in a data source. │ │ ││ name: VectorIngestionConfiguration │ │ │└ properties │ │ │ └ChunkingConfiguration: ChunkingConfiguration │ │ ├type ChunkingConfiguration │ │ │├ documentation: Details about how to chunk the documents in the data source. A *chunk* refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. │ │ ││ name: ChunkingConfiguration │ │ │└ properties │ │ │ ├ChunkingStrategy: string (required) │ │ │ └FixedSizeChunkingConfiguration: FixedSizeChunkingConfiguration │ │ └type FixedSizeChunkingConfiguration │ │ ├ documentation: Configurations for when you choose fixed-size chunking. If you set the `chunkingStrategy` as `NONE` , exclude this field. │ │ │ name: FixedSizeChunkingConfiguration │ │ └ properties │ │ ├MaxTokens: integer (required) │ │ └OverlapPercentage: integer (required) │ └resource AWS::Bedrock::KnowledgeBase │ ├ name: KnowledgeBase │ │ cloudFormationType: AWS::Bedrock::KnowledgeBase │ │ documentation: Specifies a knowledge base as a resource in a top-level template. Minimally, you must specify the following properties: │ │ - Name – Specify a name for the knowledge base. │ │ - RoleArn – Specify the Amazon Resource Name (ARN) of the IAM role with permissions to invoke API operations on the knowledge base. For more information, see [Create a service role for Knowledge base for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/kb-permissions.html) . │ │ - KnowledgeBaseConfiguration – Specify the embeddings configuration of the knowledge base. The following sub-properties are required: │ │ - Type – Specify the value `VECTOR` . │ │ - StorageConfiguration – Specify information about the vector store in which the data source is stored. The following sub-properties are required: │ │ - Type – Specify the vector store service that you are using. │ │ > Redis Enterprise Cloud vector stores are currently unsupported in AWS CloudFormation . │ │ For more information about using knowledge bases in Amazon Bedrock , see [Knowledge base for Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base.html) . │ │ See the *Properties* section below for descriptions of both the required and optional properties. │ │ tagInformation: {"tagPropertyName":"Tags","variant":"map"} │ ├ properties │ │ ├Description: string │ │ ├KnowledgeBaseConfiguration: KnowledgeBaseConfiguration (required, immutable) │ │ ├Name: string (required) │ │ ├RoleArn: string (required) │ │ └Tags: Map<string, string> │ ├ attributes │ │ ├KnowledgeBaseId: string │ │ ├KnowledgeBaseArn: string │ │ ├CreatedAt: string │ │ ├UpdatedAt: string │ │ ├FailureReasons: Array<string> │ │ └Status: string │ └ types │ ├type KnowledgeBaseConfiguration │ │├ documentation: Contains details about the embeddings configuration of the knowledge base. │ ││ name: KnowledgeBaseConfiguration │ │└ properties │ │ ├Type: string (required) │ │ └VectorKnowledgeBaseConfiguration: VectorKnowledgeBaseConfiguration (required) │ └type VectorKnowledgeBaseConfiguration │ ├ documentation: Contains details about the model used to create vector embeddings for the knowledge base. │ │ name: VectorKnowledgeBaseConfiguration │ └ properties │ └EmbeddingModelArn: string (required) ├[~] service aws-chatbot │ └ resources │ └[~] resource AWS::Chatbot::MicrosoftTeamsChannelConfiguration │ └ properties │ └ TeamsChannelId: (documentation changed) ├[~] service aws-cleanrooms │ └ resources │ ├[~] resource AWS::CleanRooms::ConfiguredTable │ │ └ types │ │ └[~] type DifferentialPrivacy │ │ ├ - documentation: undefined │ │ │ + documentation: The analysis method for the configured tables. The only valid value is currently `DIRECT_QUERY`. │ │ └ properties │ │ └ Columns: (documentation changed) │ └[+] resource AWS::CleanRooms::PrivacyBudgetTemplate │ ├ name: PrivacyBudgetTemplate │ │ cloudFormationType: AWS::CleanRooms::PrivacyBudgetTemplate │ │ documentation: An object that defines the privacy budget template. │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├Tags: Array<tag> │ │ ├AutoRefresh: string (required, immutable) │ │ ├PrivacyBudgetType: string (required, immutable) │ │ ├Parameters: Parameters (required) │ │ └MembershipIdentifier: string (required, immutable) │ ├ attributes │ │ ├CollaborationArn: string │ │ ├CollaborationIdentifier: string │ │ ├PrivacyBudgetTemplateIdentifier: string │ │ ├Arn: string │ │ └MembershipArn: string │ └ types │ └type Parameters │ ├ documentation: Specifies the epislon and noise parameters for the privacy budget template. │ │ name: Parameters │ └ properties │ ├Epsilon: integer (required) │ └UsersNoisePerQuery: integer (required) ├[+] service aws-cleanroomsml │ ├ capitalized: CleanRoomsML │ │ cloudFormationNamespace: AWS::CleanRoomsML │ │ name: aws-cleanroomsml │ │ shortName: cleanroomsml │ └ resources │ └resource AWS::CleanRoomsML::TrainingDataset │ ├ name: TrainingDataset │ │ cloudFormationType: AWS::CleanRoomsML::TrainingDataset │ │ documentation: Defines the information necessary to create a training dataset. In Clean Rooms ML, the `TrainingDataset` is metadata that points to a Glue table, which is read only during `AudienceModel` creation. │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├Description: string (immutable) │ │ ├Name: string (required, immutable) │ │ ├RoleArn: string (required, immutable) │ │ ├Tags: Array<tag> │ │ └TrainingData: Array<Dataset> (required, immutable) │ ├ attributes │ │ ├Status: string │ │ └TrainingDatasetArn: string │ └ types │ ├type Dataset │ │├ documentation: Defines where the training dataset is located, what type of data it contains, and how to access the data. │ ││ name: Dataset │ │└ properties │ │ ├Type: string (required) │ │ └InputConfig: DatasetInputConfig (required) │ ├type DatasetInputConfig │ │├ documentation: Defines the Glue data source and schema mapping information. │ ││ name: DatasetInputConfig │ │└ properties │ │ ├Schema: Array<ColumnSchema> (required) │ │ └DataSource: DataSource (required) │ ├type ColumnSchema │ │├ documentation: Metadata for a column. │ ││ name: ColumnSchema │ │└ properties │ │ ├ColumnName: string (required) │ │ └ColumnTypes: Array<string> (required) │ ├type DataSource │ │├ documentation: Defines information about the Glue data source that contains the training data. │ ││ name: DataSource │ │└ properties │ │ └GlueDataSource: GlueDataSource (required) │ └type GlueDataSource │ ├ documentation: Defines the Glue data source that contains the training data. │ │ name: GlueDataSource │ └ properties │ ├TableName: string (required) │ ├DatabaseName: string (required) │ └CatalogId: string ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ properties │ │ └ AdvancedEventSelectors: (documentation changed) │ └[~] resource AWS::CloudTrail::Trail │ └ properties │ ├ S3BucketName: (documentation changed) │ └ S3KeyPrefix: (documentation changed) ├[~] service aws-cloudwatch │ └ resources │ ├[~] resource AWS::CloudWatch::Alarm │ │ ├ - tagInformation: undefined │ │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ └ properties │ │ └[+] Tags: Array<tag> │ ├[~] resource AWS::CloudWatch::AnomalyDetector │ │ └ types │ │ └[~] type SingleMetricAnomalyDetector │ │ └ properties │ │ └ AccountId: (documentation changed) │ └[~] resource AWS::CloudWatch::CompositeAlarm │ ├ - documentation: The `AWS::CloudWatch::CompositeAlarm` type creates or updates a composite alarm. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met. │ │ The alarms specified in a composite alarm's rule expression can include metric alarms and other composite alarms. │ │ Using composite alarms can reduce alarm noise. You can create multiple metric alarms, and also create a composite alarm and set up alerts only for the composite alarm. For example, you could create a composite alarm that goes into ALARM state only when more than one of the underlying metric alarms are in ALARM state. │ │ Currently, the only alarm actions that can be taken by composite alarms are notifying SNS topics. │ │ When this operation creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed. For a composite alarm, this initial time after creation is the only time that the alarm can be in INSUFFICIENT_DATA state. │ │ When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm. │ │ + documentation: The `AWS::CloudWatch::CompositeAlarm` type creates or updates a composite alarm. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met. │ │ The alarms specified in a composite alarm's rule expression can include metric alarms and other composite alarms. │ │ Using composite alarms can reduce alarm noise. You can create multiple metric alarms, and also create a composite alarm and set up alerts only for the composite alarm. For example, you could create a composite alarm that goes into ALARM state only when more than one of the underlying metric alarms are in ALARM state. │ │ When this operation creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed. For a composite alarm, this initial time after creation is the only time that the alarm can be in INSUFFICIENT_DATA state. │ │ When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm. │ │ - tagInformation: undefined │ │ + tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ └ properties │ └[+] Tags: Array<tag> ├[~] service aws-codebuild │ └ resources │ ├[~] resource AWS::CodeBuild::Project │ │ └ types │ │ ├[~] type Environment │ │ │ └ properties │ │ │ └ ComputeType: (documentation changed) │ │ ├[~] type Source │ │ │ └ properties │ │ │ └ Location: (documentation changed) │ │ └[~] type WebhookFilter │ │ └ properties │ │ └ Type: (documentation changed) │ └[~] resource AWS::CodeBuild::SourceCredential │ └ properties │ └ Token: (documentation changed) ├[+] service aws-codeconnections │ ├ capitalized: CodeConnections │ │ cloudFormationNamespace: AWS::CodeConnections │ │ name: aws-codeconnections │ │ shortName: codeconnections │ └ resources │ └resource AWS::CodeConnections::Connection │ ├ name: Connection │ │ cloudFormationType: AWS::CodeConnections::Connection │ │ documentation: A resource that is used to connect third-party source providers with services like CodePipeline. │ │ Note: A connection created through AWS CloudFormation , the CLI, or the SDK is in `PENDING` status by default. You can make its status `AVAILABLE` by updating the connection in the console. │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ ├ properties │ │ ├ConnectionName: string (required, immutable) │ │ ├ProviderType: string (immutable) │ │ ├HostArn: string (immutable) │ │ └Tags: Array<tag> │ └ attributes │ ├ConnectionArn: string │ ├ConnectionStatus: string │ └OwnerAccountId: string ├[+] service aws-deadline │ ├ capitalized: Deadline │ │ cloudFormationNamespace: AWS::Deadline │ │ name: aws-deadline │ │ shortName: deadline │ └ resources │ ├resource AWS::Deadline::Farm │ │├ name: Farm │ ││ cloudFormationType: AWS::Deadline::Farm │ ││ documentation: Creates a farm to allow space for queues and fleets. Farms are the space where the components of your renders gather and are pieced together in the cloud. Farms contain budgets and allow you to enforce permissions. Deadline Cloud farms are a useful container for large projects. │ │├ properties │ ││ ├Description: string (default="") │ ││ ├DisplayName: string (required) │ ││ └KmsKeyArn: string (immutable) │ │└ attributes │ │ ├FarmId: string │ │ └Arn: string │ ├resource AWS::Deadline::Fleet │ │├ name: Fleet │ ││ cloudFormationType: AWS::Deadline::Fleet │ ││ documentation: Creates a fleet. Fleets gather information relating to compute, or capacity, for renders within your farms. You can choose to manage your own capacity or opt to have fleets fully managed by Deadline Cloud. │ │├ properties │ ││ ├Configuration: FleetConfiguration (required) │ ││ ├Description: string (default="") │ ││ ├DisplayName: string (required) │ ││ ├FarmId: string (immutable) │ ││ ├MaxWorkerCount: integer (required) │ ││ ├MinWorkerCount: integer (default=0) │ ││ └RoleArn: string (required) │ │├ attributes │ ││ ├Capabilities: FleetCapabilities │ ││ ├FleetId: string │ ││ ├Status: string │ ││ ├WorkerCount: integer │ ││ └Arn: string │ │└ types │ │ ├type FleetCapabilities │ │ │├ documentation: The amounts and attributes of fleets. │ │ ││ name: FleetCapabilities │ │ │└ properties │ │ │ ├Amounts: Array<FleetAmountCapability> │ │ │ └Attributes: Array<FleetAttributeCapability> │ │ ├type FleetAmountCapability │ │ │├ documentation: The fleet amount and attribute capabilities. │ │ ││ name: FleetAmountCapability │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ ├Min: number (required) │ │ │ └Max: number │ │ ├type FleetAttributeCapability │ │ │├ documentation: Defines the fleet's capability name, minimum, and maximum. │ │ ││ name: FleetAttributeCapability │ │ │└ properties │ │ │ ├Name: string (required) │ │ │ └Values: Array<string> (required) │ │ ├type FleetConfiguration │ │ │├ documentation: Fleet configuration details. │ │ ││ name: FleetConfiguration │ │ │└ properties │ │ │ ├CustomerManaged: CustomerManagedFleetConfiguration │ │ │ └ServiceManagedEc2: ServiceManagedEc2FleetConfiguration │ │ ├type CustomerManagedFleetConfiguration │ │ │├ documentation: The details of a customer managed fleet configuration. │ │ ││ name: CustomerManagedFleetConfiguration │ │ │└ properties │ │ │ ├Mode: string (required) │ │ │ ├WorkerCapabilities: CustomerManagedWorkerCapabilities (required) │ │ │ └StorageProfileId: string │ │ ├type CustomerManagedWorkerCapabilities │ │ │├ documentation: The worker capabilities for a customer managed workflow. │ │ ││ name: CustomerManagedWorkerCapabilities │ │ │└ properties │ │ │ ├VCpuCount: VCpuCountRange (required) │ │ │ ├MemoryMiB: MemoryMiBRange (required) │ │ │ ├AcceleratorTypes: Array<string> │ │ │ ├AcceleratorCount: AcceleratorCountRange │ │ │ ├AcceleratorTotalMemoryMiB: AcceleratorTotalMemoryMiBRange │ │ │ ├OsFamily: string (required) │ │ │ ├CpuArchitectureType: string (required) │ │ │ ├CustomAmounts: Array<FleetAmountCapability> │ │ │ └CustomAttributes: Array<FleetAttributeCapability> │ │ ├type VCpuCountRange │ │ │├ documentation: The allowable range of vCPU processing power for the fleet. │ │ ││ name: VCpuCountRange │ │ │└ properties │ │ │ ├Min: integer (required) │ │ │ └Max: integer │ │ ├type MemoryMiBRange │ │ │├ documentation: The range of memory in MiB. │ │ ││ name: MemoryMiBRange │ │ │└ properties │ │ │ ├Min: integer (required) │ │ │ └Max: integer │ │ ├type AcceleratorCountRange │ │ │├ documentation: The range for the GPU fleet acceleration. │ │ ││ name: AcceleratorCountRange │ │ │└ properties │ │ │ ├Min: integer (required) │ │ │ └Max: integer │ │ ├type AcceleratorTotalMemoryMiBRange │ │ │├ documentation: The range for memory, in MiB, to use for the accelerator. │ │ ││ name: AcceleratorTotalMemoryMiBRange │ │ │└ properties │ │ │ ├Min: integer (required) │ │ │ └Max: integer │ │ ├type ServiceManagedEc2FleetConfiguration │ │ │├ documentation: The configuration details for a service managed Amazon EC2 fleet. │ │ ││ name: ServiceManagedEc2FleetConfiguration │ │ │└ properties │ │ │ ├InstanceCapabilities: ServiceManagedEc2InstanceCapabilities (required) │ │ │ └InstanceMarketOptions: ServiceManagedEc2InstanceMarketOptions (required) │ │ ├type ServiceManagedEc2InstanceCapabilities │ │ │├ documentation: The Amazon EC2 instance capabilities. │ │ ││ name: ServiceManagedEc2InstanceCapabilities │ │ │└ properties │ │ │ ├VCpuCount: VCpuCountRange (required) │ │ │ ├MemoryMiB: MemoryMiBRange (required) │ │ │ ├OsFamily: string (required) │ │ │ ├CpuArchitectureType: string (required) │ │ │ ├RootEbsVolume: Ec2EbsVolume │ │ │ ├AllowedInstanceTypes: Array<string> │ │ │ ├ExcludedInstanceTypes: Array<string> │ │ │ ├CustomAmounts: Array<FleetAmountCapability> │ │ │ └CustomAttributes: Array<FleetAttributeCapability> │ │ ├type Ec2EbsVolume │ │ │├ documentation: Specifies the EBS volume. │ │ ││ name: Ec2EbsVolume │ │ │└ properties │ │ │ ├SizeGiB: integer (default=250) │ │ │ ├Iops: integer (default=3000) │ │ │ └ThroughputMiB: integer (default=125) │ │ └type ServiceManagedEc2InstanceMarketOptions │ │ ├ documentation: The details of the Amazon EC2 instance market options for a service managed fleet. │ │ │ name: ServiceManagedEc2InstanceMarketOptions │ │ └ properties │ │ └Type: string (required) │ ├resource AWS::Deadline::LicenseEndpoint │ │├ name: LicenseEndpoint │ ││ cloudFormationType: AWS::Deadline::LicenseEndpoint │ ││ documentation: Creates a license endpoint to integrate your various licensed software used for rendering on Deadline Cloud. │ │├ properties │ ││ ├SecurityGroupIds: Array<string> (required, immutable) │ ││ ├SubnetIds: Array<string> (required, immutable) │ ││ └VpcId: string (required, immutable) │ │└ attributes │ │ ├DnsName: string │ │ ├LicenseEndpointId: string │ │ ├Status: string │ │ ├StatusMessage: string │ │ └Arn: string │ ├resource AWS::Deadline::MeteredProduct │ │├ name: MeteredProduct │ ││ cloudFormationType: AWS::Deadline::MeteredProduct │ ││ documentation: Adds a metered product. │ │├ properties │ ││ ├LicenseEndpointId: string (immutable) │ ││ ├ProductId: string (immutable) │ ││ ├Port: integer │ ││ ├Family: string │ ││ └Vendor: string │ │└ attributes │ │ └Arn: string │ ├resource AWS::Deadline::Queue │ │├ name: Queue │ ││ cloudFormationType: AWS::Deadline::Queue │ ││ documentation: Creates a queue to coordinate the order in which jobs run on a farm. A queue can also specify where to pull resources and indicate where to output completed jobs. │ │├ properties │ ││ ├AllowedStorageProfileIds: Array<string> │ ││ ├DefaultBudgetAction: string (default="NONE") │ ││ ├Description: string (default="") │ ││ ├DisplayName: string (required) │ ││ ├FarmId: string (immutable) │ ││ ├JobAttachmentSettings: JobAttachmentSettings │ ││ ├JobRunAsUser: JobRunAsUser │ ││ ├RequiredFileSystemLocationNames: Array<string> │ ││ └RoleArn: string │ │├ attributes │ ││ ├QueueId: string │ ││ └Arn: string │ │└ types │ │ ├type JobAttachmentSettings │ │ │├ documentation: The job attachment settings. These are the Amazon S3 bucket name and the Amazon S3 prefix. │ │ ││ name: JobAttachmentSettings │ │ │└ properties │ │ │ ├S3BucketName: string (required) │ │ │ └RootPrefix: string (required) │ │ ├type JobRunAsUser │ │ │├ documentation: Identifies the user for a job. │ │ ││ name: JobRunAsUser │ │ │└ properties │ │ │ ├Posix: PosixUser │ │ │ ├Windows: WindowsUser │ │ │ └RunAs: string (required) │ │ ├type PosixUser │ │ │├ documentation: The POSIX user. │ │ ││ name: PosixUser │ │ │└ properties │ │ │ ├User: string (required) │ │ │ └Group: string (required) │ │ └type WindowsUser │ │ ├ documentation: The Windows user details. │ │ │ name: WindowsUser │ │ └ properties │ │ ├User: string (required) │ │ └PasswordArn: string (required) │ ├resource AWS::Deadline::QueueEnvironment │ │├ name: QueueEnvironment │ ││ cloudFormationType: AWS::Deadline::QueueEnvironment │ ││ documentation: Creates an environment for a queue that defines how jobs in the queue run. │ │├ properties │ ││ ├FarmId: string (required, immutable) │ ││ ├Priority: integer (required) │ ││ ├QueueId: string (required, immutable) │ ││ ├Template: string (required) │ ││ └TemplateType: string (required) │ │└ attributes │ │ ├Name: string │ │ └QueueEnvironmentId: string │ ├resource AWS::Deadline::QueueFleetAssociation │ │├ name: QueueFleetAssociation │ ││ cloudFormationType: AWS::Deadline::QueueFleetAssociation │ ││ documentation: Creates an association between a queue and a fleet. │ │└ properties │ │ ├FarmId: string (required, immutable) │ │ ├FleetId: string (required, immutable) │ │ └QueueId: string (required, immutable) │ └resource AWS::Deadline::StorageProfile │ ├ name: StorageProfile │ │ cloudFormationType: AWS::Deadline::StorageProfile │ │ documentation: Creates a storage profile that specifies the operating system, file type, and file location of resources used on a farm. │ ├ properties │ │ ├DisplayName: string (required) │ │ ├FarmId: string (immutable) │ │ ├FileSystemLocations: Array<FileSystemLocation> │ │ └OsFamily: string (required) │ ├ attributes │ │ └StorageProfileId: string │ └ types │ └type FileSystemLocation │ ├ documentation: The details of the file system location for the resource. │ │ name: FileSystemLocation │ └ properties │ ├Name: string (required) │ ├Path: string (required) │ └Type: string (required) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::CustomerGateway │ │ └ properties │ │ └[+] CertificateArn: string (immutable) │ ├[~] resource AWS::EC2::Instance │ │ ├ properties │ │ │ ├ ElasticGpuSpecifications: (documentation changed) │ │ │ ├ ElasticInferenceAccelerators: (documentation changed) │ │ │ └ SubnetId: (documentation changed) │ │ ├ attributes │ │ │ └[-] Id: string │ │ └ types │ │ ├[~] type LaunchTemplateSpecification │ │ │ └ - documentation: Specifies a launch template to use when launching an Amazon EC2 instance. │ │ │ You must specify the following: │ │ │ - The ID or the name of the launch template, but not both. │ │ │ - The version of the launch template. │ │ │ `LaunchTemplateSpecification` is a property of the [AWS::EC2::Instance](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html) resource. │ │ │ For information about creating a launch template, see [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) and [Create a launch template](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template) in the *Amazon EC2 User Guide* . │ │ │ For examples of launch templates, see [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#aws-resource-ec2-launchtemplate--examples) . │ │ │ + documentation: Specifies a launch template to use when launching an Amazon EC2 instance. │ │ │ You must specify the following: │ │ │ - The ID or the name of the launch template, but not both. │ │ │ - The version of the launch template. │ │ │ For information about creating a launch template, see [AWS::EC2::LaunchTemplate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) and [Create a launch template](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#create-launch-template) in the *Amazon EC2 User Guide* . │ │ │ For example launch templates, see the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#aws-resource-ec2-launchtemplate--examples) for `AWS::EC2::LaunchTemplate` . │ │ └[~] type NetworkInterface │ │ └ properties │ │ └ SubnetId: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ ├[~] type LaunchTemplateData │ │ │ └ properties │ │ │ ├ NetworkInterfaces: (documentation changed) │ │ │ ├ SecurityGroupIds: (documentation changed) │ │ │ └ SecurityGroups: (documentation changed) │ │ └[~] type MaintenanceOptions │ │ └ properties │ │ └[-] RebootMigration: string │ ├[~] resource AWS::EC2::SecurityGroup │ │ ├ - documentation: Specifies a security group. To create a security group, use the [VpcId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-vpcid) property to specify the VPC for which to create the security group. │ │ │ If you do not specify an egress rule, we add egress rules that allow IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules. If you later remove your egress rules, we restore the default egress rules. │ │ │ This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) . │ │ │ > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow. │ │ │ + documentation: Specifies a security group. To create a security group, use the [VpcId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-vpcid) property to specify the VPC for which to create the security group. │ │ │ If you do not specify an egress rule, we add egress rules that allow IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules. │ │ │ This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) . │ │ │ > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which AWS CloudFormation doesn't allow. │ │ └ types │ │ └[~] type Egress │ │ └ properties │ │ └[-] SourceSecurityGroupId: string │ ├[~] resource AWS::EC2::SpotFleet │ │ ├ - documentation: Specifies a Spot Fleet request. │ │ │ The Spot Fleet request specifies the total target capacity and the On-Demand target capacity. Amazon EC2 calculates the difference between the total capacity and On-Demand capacity, and launches the difference as Spot capacity. │ │ │ You can submit a single request that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. │ │ │ By default, the Spot Fleet requests Spot Instances in the Spot Instance pool where the price per unit is the lowest. Each launch specification can include its own instance weighting that reflects the value of the instance type to your application workload. │ │ │ Alternatively, you can specify that the Spot Fleet distribute the target capacity across the Spot pools included in its launch specifications. By ensuring that the Spot Instances in your Spot Fleet are in different Spot pools, you can improve the availability of your fleet. │ │ │ You can specify tags for the Spot Fleet request and instances launched by the fleet. You cannot tag other resource types in a Spot Fleet request because only the `spot-fleet-request` and `instance` resource types are supported. │ │ │ For more information, see [Spot Fleet](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet.html) in the *Amazon EC2 User Guide for Linux Instances* . │ │ │ > We strongly discourage using the RequestSpotFleet API because it is a legacy API wit…

### Reason for this change The AWS SDK V2 is being deprecated. We need to remove all uses of it from the CDK. ### Description of changes The `compare-log` unit test for the `aws-eks` `compareLogging.ts` was using `CreateClusterRequest` and `LogTypes` from AWS SDK V2. I've updated the code to use the `CreateClusterRequest` and `LogType` from AWS SDK V3. Additionally, with this change, `aws-sdk` is no longer needed as a dependency for `@aws-cdk/custom-resource-handlers`. ### Description of how you validated changes This change does not impact `compareLogging.ts`. Consequently, we just need to verify that the unit tests in `compare-log.test.ts` are still successful. I have validated that these are still passing. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This upgrades lerna to v8 and nx to v18. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…reaks esbuild (#29561) ### Issue # (if applicable) Closes #29559 . ### Reason for this change NodejsFunction fails to build in projects with spaces in path ### Description of changes Updated how it maps esbuild arguments from bundling props ### Description of how you validated changes Tried building the NodejsFunction ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This adds an `HttpInvoke` Step Functions task construct, which allows calling public APIs as described [here](https://docs.aws.amazon.com/step-functions/latest/dg/connect-third-party-apis.html). - Accepts an Event Bridge API Destination `IConnection`, setting required permissions to use its credentials. - Grants permission to invoke the root path for the endpoint (`apiRoot` prop). This allows passing the relative endpoint path at execution time (`apiEndpoint` prop). - Defines an enum for the allowed options for the URL encoding style of arrays, used when encoding the request body. Closes #28278 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This makes it possible to enable DNSSEC signing for a Route 53 hosted zone. A new `KeySigningKey` construct is created to enable generally creating KSKs. Additionally, an `enableDnssec` method is added to `HostedZone` that provides an easier interface. The later will create the KSK and further create the necessary `AWS::Route53::DNSSEC` resource to actually enable signing on the resource. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…9706) Just an idea/I was curious. Personally, when I stumbled upon this error I got a bit confused because I wasn't sure what instanceProps was. I think the message 'Provide either vpc or instanceProps.vpc, but not both" provides the same explanation for both cases? Or we rephrase the error message to not use "If instanceProps was provided", because the code can figure whether instanceProps was provided with another if condition Then the message would just be "VPC must be provided". Hence, someone who is unaware of instanceProps, doesn't need to be notified of it. Just an idea though and it's nitpicking! Thoughts? ### Reason for this change Better error message when running into this error ### Description of changes Consolidated logs statements ### Description of how you validated changes I have not validated anything because this was just an idea/I was curious ### Checklist - [X ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…eprecated (#29580) ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change AWS CodeBuild Docker images `AMAZON_LINUX_2_ARM_3` aka `AMAZON_LINUX_2_STANDARD_3_0` aka `aws/codebuild/amazonlinux2-aarch64-standard:3.0` and `AMAZON_LINUX_2_ARM_2` aka `AMAZON_LINUX_2_STANDARD_2_0` aka `aws/codebuild/amazonlinux2-aarch64-standard:2.0`are not deprecated but the currently actively maintained ones according to https://github.com/aws/aws-codebuild-docker-images and https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html ### Description of changes I removed the JSDoc Deprecated flag for the currently active images and added their image names as a comment so that one can find the images also using those references. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Part of: #29186 (comment) ### Reason for this change `aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https-idle-timeout` was failed with certificate error (#29186 (comment)). It is enough to set `idleTimeout` property to test loadbalancer with idleTimeout. `aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https` is also failed with certificate error so I will fix at another PR #29649. ### Description of changes - Rename `aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https-idle-timeout.ts` to `aws-ecs-patterns/test/fargate/integ.alb-fargate-service-idle-timeout.ts` - Remove unnecessary property - Run `yarn integ` ### Description of how you validated changes - Pass integ test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

#29847) ### Issue # (if applicable) Closes #29843 ### Reason for this change The AWS SDK V2 is being deprecated. The `sdk-v2-to-v3-adapter` was created as a way to migrate `AwsCustomResource` to use AWS SDK V3 without introducing breaking changes. The documentation for the adapter does not provide enough detail about what it is used for and what functionality it provides. Additionally, the naming of the adapter should convey that it is used to provide an abstraction over all SDK versions, not just SDK V2 to SDK V3. ### Description of changes The `sdk-v2-to-v3-adapter` was changed to `aws-custom-resource-sdk-adapter`. Any usage of `sdk-v2-to-v3-adapter` was updated to now use `aws-custom-resource-sdk-adapter`. The `README` for `aws-custom-resource-sdk-adapter` was improved to provide an overview of the tooling that exists as part of the adapter. ### Description of how you validated changes No new unit tests or integ tests were needed as part of this PR. The current build is succeeding which means that the naming update has not introduced a breaking change. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…sSdkCall` in unit tests (#29860) ### Reason for this change #29648 introduced a change to the `AwsSdkCall` representation used in the v2 and v3 handler code. Our handler unit tests use `satisfies` to validate that the event object satisfies `AwsSdkCall`. All unit tests and the build still pass, but the linter calls out that the event object doesn't actually satisfy `AwsSdkCall`. #29845 removed the dependency `@aws-cdk/custom-resource-handlers` had on `aws-sdk`. We should add this as devDependency since we're using `aws-sdk` in v2 handler mocks. ### Description of changes I added `logApiResponseData` property to the event objects being tested to make the event satisfy `AwsSdkCall`. I added `aws-sdk` as a dev dependency. We will remove this as part of the v2 handler removal. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

….userPool() (#29025) ### Reason for this change `IdentityPoolProviderUrl.userPool()` requires a string `url` currently. The description is "User Pool Provider Url". It should be ``` `${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}` ```. `UserPool` has an attribute `userPoolProviderUrl` which description is "User Pool Provider Url", but confusingly, it cannot be specified to `IdentityPoolProviderUrl.userPool()`. The format of the identity provider identifier isn't well documented. See [SetIdentityPoolRoles API reference](https://docs.aws.amazon.com/cognitoidentity/latest/APIReference/API_SetIdentityPoolRoles.html) for example of User Pool's identity provider identifier. ### Description of changes This PR fixes `IdentityPoolProviderUrl.userPool()` to accept `UserPool` and `UserPoolClient` instead of a string `url`. It generates a correct identifier described above. ### Description of how you validated changes Existing integration test generates an identifier as described above. The snapshot won't be changed by this PR. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: The argument of `IdentityPoolProviderUrl.userPool()` has been changed from `url: string` to `userPool: UserPool, userPoolClient: UserPoolClient`. If you want to specify custom identifier string, use `IdentityPoolProviderUrl.custom()` instead. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

We should be running the integ test pipeline when we have changes in that package. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…Saml` (#29588) ### Issue # (if applicable) Closes #29494. Closes #29598. #29598 is really close issue and I tried to resolve it in this PR. If it is not good to resolve multiple issues in 1 PR, I would separate this PR. ### Reason for this change [`UserPoolIdentityProviderSaml` can configure `ProviderDetails`](https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#aws-resource-cognito-userpoolidentityprovider-properties) but there are some items that is not configurable from AWS CDK. - `EncryptedResponses` - `RequestSigningAlgorithm` - `IDPInit` ### Description of changes Add 3 properties to `UserPoolIdentityProviderSamlProps`. - `encryptedResponses` - `requestSigningAlgorithm` - `idpInitiated` ### Description of how you validated changes Added both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…29778) ### Issue # (if applicable) Closes #28460. ### Reason for this change Current implementation will not identity helm charts stored in ECR on AWS CN regions, and will treat ECR as simple, unauthorized repository. ### Description of changes This change add support of ECR on AWS CN region by adding a optional suffix of .cn to the regex. ### Description of how you validated changes Run the affected regex against helm repo in ECR China (123456789012.dkr.ecr.cn-northwest-1.amazonaws.com.cn) ``` import re repository = 'oci://123456789012.dkr.ecr.cn-northwest-1.amazonaws.com.cn' private_ecr_pattern = 'oci://(?P<registry>\d+\.dkr\.ecr\.(?P<region>[a-z0-9\-]+)\.amazonaws\.com(\.cn)?)*' private_registry = re.match(private_ecr_pattern, repository).groupdict() print(private_registry['registry']) ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…icationListener.addAction() (#29746) ### Issue # (if applicable) Closes #29496 ### Reason for this change See #29513 (props based solution instead of feature-flag) ### Description of changes Adds a `removeSuffix` property to addAction method to address problems due to logicalId inconsistency. ### Description of how you validated changes UTs. Per IT document, integration tests are not necessary. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue # (if applicable) Closes #29869 ### Reason for this change Without it, it breaks java users who rely on tagging name to generate resource id. ### Description of changes Provide a default value using the initial `tagValue` users provide. ### Description of how you validated changes Existing tests all pass. Essentially changing it back to the original state. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

aws-cdk-automation · 2024-04-18T17:02:07Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
Commit ID: 8ff7859
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify · 2024-04-18T17:02:28Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

sebastien6 and others added 30 commits April 10, 2024 21:42

chore: npm-check-updates && yarn upgrade (#29703)

0906049

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

Merge branch 'main' into merge-back/2.137.0

3c00fb3

chore(merge-back): 2.137.0 (#29789)

3d3c742

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.137.0/CHANGELOG.md)

chore: upgrade lerna to new major version (#29848)

8e2cbae

This upgrades lerna to v8 and nx to v18. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

wafuwafu13 and others added 12 commits April 17, 2024 02:51

chore: npm-check-updates && yarn upgrade (#29864)

6cd1e1f

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

chore(release): 2.138.0

8ff7859

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Apr 18, 2024

aws-cdk-automation requested a review from a team April 18, 2024 16:34

github-actions bot approved these changes Apr 18, 2024

View reviewed changes

github-actions bot added the p2 label Apr 18, 2024

aws-cdk-automation had a problem deploying to test-pipeline April 18, 2024 16:35 — with GitHub Actions Failure

mergify bot merged commit 6b41c8b into v2-release Apr 18, 2024
28 of 29 checks passed

mergify bot deleted the bump/2.138.0 branch April 18, 2024 17:02

github-actions bot mentioned this pull request Apr 22, 2024

Weekly PR metrics report #29922

Closed

github-actions bot mentioned this pull request May 1, 2024

Monthly PR metrics report #30026

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.138.0 #29892

chore(release): 2.138.0 #29892

aws-cdk-automation commented Apr 18, 2024 •

edited

Loading

aws-cdk-automation commented Apr 18, 2024

mergify bot commented Apr 18, 2024

chore(release): 2.138.0 #29892

chore(release): 2.138.0 #29892

Conversation

aws-cdk-automation commented Apr 18, 2024 • edited Loading

aws-cdk-automation commented Apr 18, 2024

AWS CodeBuild CI Report

mergify bot commented Apr 18, 2024

aws-cdk-automation commented Apr 18, 2024 •

edited

Loading