chore(release): 2.143.0 #30321
Merged
chore(release): 2.143.0 #30321
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ttings (#30217) ### Issue # (if applicable) Internal ticket tracking V1142791950 ### Reason for this change Originally in this PR #25840, we added default deployment alarm settings to fix an issue where adding deployment alarms, deploying your CFN stack, then removing the deployment alarms from the CFN template, and deploying again WILL NOT remove the deployment alarms from the service. ECS now already supports default deployment alarm settings. We will remove the default setting of deploymentAlarms. Reason for removing this default behaviour is for region build where the deployment alarm service may not be available in new regions but is set by default by CDK. ### Description of changes Remove default deployment alarm. ### Description of how you validated changes All new tests and integration tests pass. ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30131 ### Reason for this change Postgres version 15.2 is deprecated. ### Description of changes Any and all references to Postgres 15.2 now reference 16.2 instead. ### Description of how you validated changes Ran all changed integ and unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30183 ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…eam for imported deliverystream (#30189) ### Issue # (if applicable) Closes #25451 ### Reason for this change Current events targets implementation only support L1 Delivery Stream as the input. We should support L2 IDeliveryStream as well for imported kinesis firehose stream. ### Description of changes Add a V2 class to support kinesis firehose stream. ### Description of how you validated changes New tests and existing tests pass. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…0168) ### Description of changes Add three AuroraPostgreSQL version. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.html#AuroraPostgreSQL.Updates.20180305.1218X https://docs.aws.amazon.com/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.html#AuroraPostgreSQL.Updates.20180305.1314 https://docs.aws.amazon.com/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.html#AuroraPostgreSQL.Updates.20180305.14110 ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) Reverts: [30093](#30093)
### Description of changes ### Description of how you validated changes Add engine version. https://docs.aws.amazon.com/neptune/latest/userguide/engine-releases-1.3.1.0.html ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ient Construct (#30178) ### Issue # (if applicable) N/A ### Reason for this change Missing property in the UserClient Construct https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnUserPoolClient.html#enablepropagateadditionalusercontextdata ### Description of changes Add missing property ### Description of how you validated changes Add unit test and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…nyAllIgwTraffic set (#29956) ### Issue # (if applicable) Closes #30247 . ### Reason for this change Integ test for NLB attributes ([integ.nlb-attributes.ts](https://github.com/aws/aws-cdk/blob/4f1c94b27ef7f4ceccea0ff39625c0e8add31c9f/packages/%40aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts)) fails to deploy due to an error. The error occurs when `denyAllIgwTraffic` is explicitly set for load balancers with Ipv4 addressing, the `ipv6.deny_all_igw_traffic` attribute is set. ### Description of changes - Remove the denyAllIgwTraffic setting from integ.nlb-attribute.ts - Instead, set denyAllIgwTraffic in integ.nlb.dualstack.internal.ts. - Raise an error during synthesis if `denyAllIgwTraffic` is set on a load balancer that does not use dual stack addressing. ### Description of how you validated changes - Added new unit tests for different combinations of `denyAllIgwTraffic` and `ipAddressType` - Updated existing integration test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change
In our EKS documentation, we note that you need to add a temporary policy to the cluster admin role for
successful replacement when renaming a cluster. The temporary policy we recommend adding to the cluster admin role is:
```ts
cluster.adminRole.addToPolicy(new iam.PolicyStatement({
actions: [
'eks:DeleteCluster',
],
resources: [
Stack.of(this).formatArn({ service: 'eks', resource: 'cluster', resourceName: 'foo' }),
]
}))
```
Changing the cluster name is an update that requires replacement. This will cause the old cluster to be automatically deleted by CloudFormation upon success. Since this policy doesn't have the `eks:DescribeCluster` action, the delete will fail:
<img width="893" alt="image" src="https://github.com/aws/aws-cdk/assets/131073567/bb3cf3ff-3a6d-48f9-b84d-c6d0b8a495a7">
### Description of changes
Added `eks:DescribeCluster` to the actions of the recommended temporary policy.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30142 . ### Reason for this change Missing property in the L2 Construct. ### Description of changes Add jobStateTimeLimitActions property to the JobQueue Construct. ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #29614. ### Reason for this change Dualstack NLB is not supported in `NetworkLoadBalancedServiceBase`. ### Description of changes - Add `ipAddressType` to `NetworkLoadBalancedServiceBaseProps`. - default value is `IpAddressType.Ipv4` ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Similar to #28733 , this PR bumps the default version for aws-cn partition ro `1.1.237` as the current version comes with deprecated lambda python runtime. ``` aws --profile bjs serverlessrepo get-application --application-id arn:aws-cn:serverlessrepo:cn-north-1:193023089310:applications/SecretsManagerRDSPostgreSQLRotationSingleUser --query Version.SemanticVersion --output text 1.1.237 ``` I was evaluating a fix for #30200 but unfortunately that would require a lot of refactor so I am opening this tiny PR to get it bumped. internal tracking: P128811127 Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ### How to find the serverless `applicationId` and `semanticVersion` 1. Go to the serverlessrepo console and search `SecretsManagerRDSPostgreSQLRotationSingleUser`. Make sure to check `Show apps that create custom IAM roles or resource policies` <img width="434" alt="image" src="https://github.com/aws/aws-cdk/assets/278432/f3fbd9e8-64b0-4c84-b877-dc5bdef1e9f8"> 2. Click into the application 3. Find the `applicationId` from the URL. For example, in `us-east-1` the id is `arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser` 4. Find out the semanticVersion using AWS CLI: ```sh $ appid='arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser' $ aws serverlessrepo get-application --application-id $appid --query Version.SemanticVersion --output text ``` ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change RDS can be upgraded/created to Postgres 16.3 via the console/CLI but not CDK. ### Description of changes Added Postgres 16.3 support for RDS clusters and instances. Updated examples to use Postgres 16.3. ### Description of how you validated changes Tests have been updated to use Postgres 16.3. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…lt for sdk v3 lambda runtimes (#30117) Closes #29497 Related to #29538 ### Reason for this change The `AWS_NODEJS_CONNECTION_REUSE_ENABLED` does not exist in SDK v3. Including it in the environment can add to cold start times. ### Description of changes For Lambda runtimes >= Node 18, do not set the variable by default. If set explicitly, give the user a warning. We can plan to simplify this logic & deprecate the property after we deprecate Node 16 and remove it as the default runtime for this construct. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…event target does not set required permissions (#30279) ### Issue #25583 Closes #25583 ### Reason for this change Add documentation to clarify that imported topics have to have the required permissions set manually. ### Description of changes Added docstring. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…-lib/aws-lambda/test/python-lambda-handler (#30288) Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.0</h2> <h2>2.32.0 (2024-05-20)</h2> <h2>🐍 PYCON US 2024 EDITION 🐍</h2> <p><strong>Security</strong></p> <ul> <li>Fixed an issue where setting <code>verify=False</code> on the first request from a Session will cause subsequent requests to the <em>same origin</em> to also ignore cert verification, regardless of the value of <code>verify</code>. (<a href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li><code>verify=True</code> now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li>Requests now supports optional use of character detection (<code>chardet</code> or <code>charset_normalizer</code>) when repackaged or vendored. This enables <code>pip</code> and other projects to minimize their vendoring surface area. The <code>Response.text()</code> and <code>apparent_encoding</code> APIs will default to <code>utf-8</code> if neither library is present. (<a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (<a href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li> <li>Fixed deserialization bug in JSONDecodeError. (<a href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li> <li>Fixed bug where an extra leading <code>/</code> (path separator) could lead urllib3 to unnecessarily reparse the request URI. (<a href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Requests has officially added support for CPython 3.12 (<a href="https://redirect.github.com/psf/requests/issues/6503">#6503</a>)</li> <li>Requests has officially added support for PyPy 3.9 and 3.10 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> <li>Requests has officially dropped support for CPython 3.7 (<a href="https://redirect.github.com/psf/requests/issues/6642">#6642</a>)</li> <li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <p><strong>Packaging</strong></p> <ul> <li>Requests has started adopting some modern packaging practices. The source files for the projects (formerly <code>requests</code>) is now located in <code>src/requests</code> in the Requests sdist. (<a href="https://redirect.github.com/psf/requests/issues/6506">#6506</a>)</li> <li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using <code>hatchling</code>. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/matthewarmand"><code>@matthewarmand</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6258">psf/requests#6258</a></li> <li><a href="https://github.com/cpzt"><code>@cpzt</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6456">psf/requests#6456</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.0 (2024-05-20)</h2> <p><strong>Security</strong></p> <ul> <li>Fixed an issue where setting <code>verify=False</code> on the first request from a Session will cause subsequent requests to the <em>same origin</em> to also ignore cert verification, regardless of the value of <code>verify</code>. (<a href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li><code>verify=True</code> now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li>Requests now supports optional use of character detection (<code>chardet</code> or <code>charset_normalizer</code>) when repackaged or vendored. This enables <code>pip</code> and other projects to minimize their vendoring surface area. The <code>Response.text()</code> and <code>apparent_encoding</code> APIs will default to <code>utf-8</code> if neither library is present. (<a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (<a href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li> <li>Fixed deserialization bug in JSONDecodeError. (<a href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li> <li>Fixed bug where an extra leading <code>/</code> (path separator) could lead urllib3 to unnecessarily reparse the request URI. (<a href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Requests has officially added support for CPython 3.12 (<a href="https://redirect.github.com/psf/requests/issues/6503">#6503</a>)</li> <li>Requests has officially added support for PyPy 3.9 and 3.10 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> <li>Requests has officially dropped support for CPython 3.7 (<a href="https://redirect.github.com/psf/requests/issues/6642">#6642</a>)</li> <li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <p><strong>Packaging</strong></p> <ul> <li>Requests has started adopting some modern packaging practices. The source files for the projects (formerly <code>requests</code>) is now located in <code>src/requests</code> in the Requests sdist. (<a href="https://redirect.github.com/psf/requests/issues/6506">#6506</a>)</li> <li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using <code>hatchling</code>. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/d6ebc4a2f1f68b7e355fb7e4dd5ffc0845547f9f"><code>d6ebc4a</code></a> v2.32.0</li> <li><a href="https://github.com/psf/requests/commit/9a40d1277807f0a4f26c9a37eea8ec90faa8aadc"><code>9a40d12</code></a> Avoid reloading root certificates to improve concurrent performance (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li><a href="https://github.com/psf/requests/commit/0c030f78d24f29a459dbf39b28b4cc765e2153d7"><code>0c030f7</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a> from nateprewitt/no_char_detection</li> <li><a href="https://github.com/psf/requests/commit/555b870eb19d497ddb67042645420083ec8efb02"><code>555b870</code></a> Allow character detection dependencies to be optional in post-packaging steps</li> <li><a href="https://github.com/psf/requests/commit/d6dded3f00afcf56a7e866cb0732799045301eb0"><code>d6dded3</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6700">#6700</a> from franekmagiera/update-redirect-to-invalid-uri-test</li> <li><a href="https://github.com/psf/requests/commit/bf24b7d8d17da34be720c19e5978b2d3bf94a53b"><code>bf24b7d</code></a> Use an invalid URI that will not cause httpbin to throw 500</li> <li><a href="https://github.com/psf/requests/commit/2d5f54779ad174035c5437b3b3c1146b0eaf60fe"><code>2d5f547</code></a> Pin 3.8 and 3.9 runners back to macos-13 (<a href="https://redirect.github.com/psf/requests/issues/6688">#6688</a>)</li> <li><a href="https://github.com/psf/requests/commit/f1bb07d39b74d6444e333879f8b8a3d9dd4d2311"><code>f1bb07d</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6687">#6687</a> from psf/dependabot/github_actions/github/codeql-act...</li> <li><a href="https://github.com/psf/requests/commit/60047ade64b0b882cbc94e047198818ab580911e"><code>60047ad</code></a> Bump github/codeql-action from 3.24.0 to 3.25.0</li> <li><a href="https://github.com/psf/requests/commit/31ebb8102c00f8cf8b396a6356743cca4362e07b"><code>31ebb81</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6682">#6682</a> from frenzymadness/pytest8</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.31.0...v2.32.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>
…k/aws-lambda-python-alpha/test/lambda-handler-dockercopy (#30289) Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/releases">requests's releases</a>.</em></p> <blockquote> <h2>v2.32.0</h2> <h2>2.32.0 (2024-05-20)</h2> <h2>🐍 PYCON US 2024 EDITION 🐍</h2> <p><strong>Security</strong></p> <ul> <li>Fixed an issue where setting <code>verify=False</code> on the first request from a Session will cause subsequent requests to the <em>same origin</em> to also ignore cert verification, regardless of the value of <code>verify</code>. (<a href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li><code>verify=True</code> now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li>Requests now supports optional use of character detection (<code>chardet</code> or <code>charset_normalizer</code>) when repackaged or vendored. This enables <code>pip</code> and other projects to minimize their vendoring surface area. The <code>Response.text()</code> and <code>apparent_encoding</code> APIs will default to <code>utf-8</code> if neither library is present. (<a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (<a href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li> <li>Fixed deserialization bug in JSONDecodeError. (<a href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li> <li>Fixed bug where an extra leading <code>/</code> (path separator) could lead urllib3 to unnecessarily reparse the request URI. (<a href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Requests has officially added support for CPython 3.12 (<a href="https://redirect.github.com/psf/requests/issues/6503">#6503</a>)</li> <li>Requests has officially added support for PyPy 3.9 and 3.10 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> <li>Requests has officially dropped support for CPython 3.7 (<a href="https://redirect.github.com/psf/requests/issues/6642">#6642</a>)</li> <li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <p><strong>Packaging</strong></p> <ul> <li>Requests has started adopting some modern packaging practices. The source files for the projects (formerly <code>requests</code>) is now located in <code>src/requests</code> in the Requests sdist. (<a href="https://redirect.github.com/psf/requests/issues/6506">#6506</a>)</li> <li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using <code>hatchling</code>. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/matthewarmand"><code>@matthewarmand</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6258">psf/requests#6258</a></li> <li><a href="https://github.com/cpzt"><code>@cpzt</code></a> made their first contribution in <a href="https://redirect.github.com/psf/requests/pull/6456">psf/requests#6456</a></li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.32.0 (2024-05-20)</h2> <p><strong>Security</strong></p> <ul> <li>Fixed an issue where setting <code>verify=False</code> on the first request from a Session will cause subsequent requests to the <em>same origin</em> to also ignore cert verification, regardless of the value of <code>verify</code>. (<a href="https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56">https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56</a>)</li> </ul> <p><strong>Improvements</strong></p> <ul> <li><code>verify=True</code> now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li>Requests now supports optional use of character detection (<code>chardet</code> or <code>charset_normalizer</code>) when repackaged or vendored. This enables <code>pip</code> and other projects to minimize their vendoring surface area. The <code>Response.text()</code> and <code>apparent_encoding</code> APIs will default to <code>utf-8</code> if neither library is present. (<a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a>)</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (<a href="https://redirect.github.com/psf/requests/issues/6589">#6589</a>)</li> <li>Fixed deserialization bug in JSONDecodeError. (<a href="https://redirect.github.com/psf/requests/issues/6629">#6629</a>)</li> <li>Fixed bug where an extra leading <code>/</code> (path separator) could lead urllib3 to unnecessarily reparse the request URI. (<a href="https://redirect.github.com/psf/requests/issues/6644">#6644</a>)</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Requests has officially added support for CPython 3.12 (<a href="https://redirect.github.com/psf/requests/issues/6503">#6503</a>)</li> <li>Requests has officially added support for PyPy 3.9 and 3.10 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> <li>Requests has officially dropped support for CPython 3.7 (<a href="https://redirect.github.com/psf/requests/issues/6642">#6642</a>)</li> <li>Requests has officially dropped support for PyPy 3.7 and 3.8 (<a href="https://redirect.github.com/psf/requests/issues/6641">#6641</a>)</li> </ul> <p><strong>Documentation</strong></p> <ul> <li>Various typo fixes and doc improvements.</li> </ul> <p><strong>Packaging</strong></p> <ul> <li>Requests has started adopting some modern packaging practices. The source files for the projects (formerly <code>requests</code>) is now located in <code>src/requests</code> in the Requests sdist. (<a href="https://redirect.github.com/psf/requests/issues/6506">#6506</a>)</li> <li>Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using <code>hatchling</code>. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/d6ebc4a2f1f68b7e355fb7e4dd5ffc0845547f9f"><code>d6ebc4a</code></a> v2.32.0</li> <li><a href="https://github.com/psf/requests/commit/9a40d1277807f0a4f26c9a37eea8ec90faa8aadc"><code>9a40d12</code></a> Avoid reloading root certificates to improve concurrent performance (<a href="https://redirect.github.com/psf/requests/issues/6667">#6667</a>)</li> <li><a href="https://github.com/psf/requests/commit/0c030f78d24f29a459dbf39b28b4cc765e2153d7"><code>0c030f7</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6702">#6702</a> from nateprewitt/no_char_detection</li> <li><a href="https://github.com/psf/requests/commit/555b870eb19d497ddb67042645420083ec8efb02"><code>555b870</code></a> Allow character detection dependencies to be optional in post-packaging steps</li> <li><a href="https://github.com/psf/requests/commit/d6dded3f00afcf56a7e866cb0732799045301eb0"><code>d6dded3</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6700">#6700</a> from franekmagiera/update-redirect-to-invalid-uri-test</li> <li><a href="https://github.com/psf/requests/commit/bf24b7d8d17da34be720c19e5978b2d3bf94a53b"><code>bf24b7d</code></a> Use an invalid URI that will not cause httpbin to throw 500</li> <li><a href="https://github.com/psf/requests/commit/2d5f54779ad174035c5437b3b3c1146b0eaf60fe"><code>2d5f547</code></a> Pin 3.8 and 3.9 runners back to macos-13 (<a href="https://redirect.github.com/psf/requests/issues/6688">#6688</a>)</li> <li><a href="https://github.com/psf/requests/commit/f1bb07d39b74d6444e333879f8b8a3d9dd4d2311"><code>f1bb07d</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6687">#6687</a> from psf/dependabot/github_actions/github/codeql-act...</li> <li><a href="https://github.com/psf/requests/commit/60047ade64b0b882cbc94e047198818ab580911e"><code>60047ad</code></a> Bump github/codeql-action from 3.24.0 to 3.25.0</li> <li><a href="https://github.com/psf/requests/commit/31ebb8102c00f8cf8b396a6356743cca4362e07b"><code>31ebb81</code></a> Merge pull request <a href="https://redirect.github.com/psf/requests/issues/6682">#6682</a> from frenzymadness/pytest8</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.31.0...v2.32.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>
…rtions to wait for the expected resource state (#30286) ### Reason for this change Two assertions made in `integ.distributed-map.ts` are waiting on a specific resource state. The following waits for a state machine to be `ACTIVE`: ```ts testCase.assertions .awsApiCall('StepFunctions', 'describeStateMachine', { stateMachineArn: stack.stateMachine.stateMachineArn, }) .expect(ExpectedResult.objectLike({ status: 'ACTIVE' })); ``` The following wait for the state machine execution to be `SUCCEEDED`: ```ts describe.expect(ExpectedResult.objectLike({ status: 'SUCCEEDED', })); ``` In the current format, the second assertion fails because the state machine execution is still running at the time the assertion is made. This causes the integ test to fail with the following error: ``` { "executionArn": "arn:aws:states:us-east-1:123456789012:execution:StateMachine2E01A3A5-OqZg4PaGWIUA:ecfc64d5-c20e-483b-a2ec-9ef8f82b2214", "input": "{}", "inputDetails": { ... }, "name": "ecfc64d5-c20e-483b-a2ec-9ef8f82b2214", "redriveCount": 0, "redriveStatus": "NOT_REDRIVABLE", "redriveStatusReason": "Execution is RUNNING and cannot be redriven", "startDate": {}, "stateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:StateMachine2E01A3A5-OqZg4PaGWIUA", !! Expected SUCCEEDED but received RUNNING "status": "RUNNING", "traceHeader": "Root=1-664c0401-4504db7463bcd92c490e52bc;Parent=5ea37aeb46708a96;Sampled=0" } ``` As a best practice, we should always ensure that assertions based on resource state have a `waitForAssertions` call to force the assertion to wait for the specific state to occur. ### Description of changes I added a `waitForAssertions` call to each assertion in this integ test that is waiting for a specific resource state. Each `waitForAssertions` call has the following waiter options: - A total timeout of 5 minutes, after which the assertion will fail. - A 10 second interval which will be used to check if the resource is in the expected state. ### Description of how you validated changes Re-ran the integ test and it succeeded. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Reason for this change The following Aurora MySQL versions are no longer supported by RDS: - 5.7.mysql_aurora.2.07.9 - 5.7.mysql_aurora.2.07.10 - 8.0.mysql_aurora.3.01.0 - 8.0.mysql_aurora.3.01.1 - 8.0.mysql_aurora.3.02.0 - 8.0.mysql_aurora.3.02.1 - 8.0.mysql_aurora.3.02.2 - 8.0.mysql_aurora.3.02.3 See - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraMySQLReleaseNotes/AuroraMySQL.Updates.30Updates.html ### Description of changes Marked the unsupported Aurora MySQL versions as deprecated and fixed failing integ tests. I have also confirmed that these versions are not configurable via the RDS console. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…30296) ### Issue #: Closes #30254. ### Reason for this change PR #30242 added Aurora Postgres version `16.3`, which is not yet released. ### Description of changes This PR removes the yet unreleased version of Aurora Postgres version `16.3` that was added in PR #30242. Running `aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[].[EngineVersion]' --output text` via AWS CLI does not list `16.3` version yet. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ns is ignored (#30302) ### Reason for this change `EvaluateExpression` exposes a runtime property that can be used to configure the runtime language used to evaluate an expression. When the handler for this was migrated into the handler framework we hid the runtime property and didn't make it configurable. As a result, when the runtime property is specified as part of `EvaluateExpressionProps` it ends up being dropped in place of the code generated runtime. ### Description of changes Added a configurable runtime property to the generated `EvalNodejsSingletonFunctionProps` interface and set this property using runtime property on `EvaluateExpressionProps` if one was provided. Otherwise, the current node 18 default is used. ### Description of how you validated changes Unit test for codegen with eval-nodejs-provider. Integ test for default `EvaluateExpression` runtime (we already test a configurable runtime, unfortunately this was the same as the default so this bug was not caught). ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #30292 ### Reason for this change To allow ec2.Instance to specify `placementGroup`. ### Description of changes ### Description of how you validated changes - [x] integ test - [x] unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR ensures the dependency on the readers always to be created after the writer. This might not be the best solution as all the readers will not start provisioning until the writer is completed. Another solution is to build a custom resource to check if the writer has started provisioning, if yes, return success and let all the dependent readers start provisioning. But that would require a new custom resource. - [x] unit tests - [x] update integ tests - fixed the integ error `"Cannot find version 8.0.mysql_aurora.3.01.0 for aurora-mysql` for `integ.cluster-instance-id` ### Issue # (if applicable) Closes #30260 ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) N/A ### Reason for this change Adding new team member's GitHub account ### Description of changes Added my GitHub username ### Description of how you validated changes N/A ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-amplify
│ └ resources
│ └[~] resource AWS::Amplify::Branch
│ ├ properties
│ │ └ Backend: (documentation changed)
│ └ types
│ └[~] type Backend
│ └ - documentation: Describes the backend properties associated with an Amplify `Branch` .
│ + documentation: Describes the backend associated with an Amplify `Branch` .
│ This property is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
├[~] service aws-backup
│ └ resources
│ └[~] resource AWS::Backup::BackupVault
│ └ properties
│ └ BackupVaultName: (documentation changed)
├[~] service aws-bedrock
│ └ resources
│ ├[~] resource AWS::Bedrock::Agent
│ │ ├ properties
│ │ │ └ TestAliasTags: (documentation changed)
│ │ └ types
│ │ ├[~] type ActionGroupExecutor
│ │ │ ├ - documentation: Contains details about the Lambda function containing the business logic that is carried out upon invoking the action.
│ │ │ │ + documentation: Contains details about the Lambda function containing the business logic that is carried out upon invoking the action or the custom control method for handling the information elicited from the user.
│ │ │ └ properties
│ │ │ ├[+] CustomControl: string
│ │ │ └ Lambda: - string (required)
│ │ │ + string
│ │ ├[~] type AgentActionGroup
│ │ │ └ properties
│ │ │ ├ ActionGroupExecutor: (documentation changed)
│ │ │ └[+] FunctionSchema: FunctionSchema
│ │ ├[+] type Function
│ │ │ ├ documentation: Defines parameters that the agent needs to invoke from the user to complete the function. Corresponds to an action in an action group.
│ │ │ │ This data type is used in the following API operations:
│ │ │ │ - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│ │ │ │ - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│ │ │ │ - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│ │ │ │ name: Function
│ │ │ └ properties
│ │ │ ├Name: string (required)
│ │ │ ├Description: string
│ │ │ └Parameters: Map<string, ParameterDetail>
│ │ ├[+] type FunctionSchema
│ │ │ ├ documentation: Defines functions that each define parameters that the agent needs to invoke from the user. Each function represents an action in an action group.
│ │ │ │ This data type is used in the following API operations:
│ │ │ │ - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│ │ │ │ - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│ │ │ │ - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│ │ │ │ - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│ │ │ │ name: FunctionSchema
│ │ │ └ properties
│ │ │ └Functions: Array<Function> (required)
│ │ └[+] type ParameterDetail
│ │ ├ documentation: Contains details about a parameter in a function for an action group.
│ │ │ This data type is used in the following API operations:
│ │ │ - [CreateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_RequestSyntax)
│ │ │ - [CreateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_CreateAgentActionGroup.html#API_agent_CreateAgentActionGroup_ResponseSyntax)
│ │ │ - [UpdateAgentActionGroup request](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_RequestSyntax)
│ │ │ - [UpdateAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_UpdateAgentActionGroup.html#API_agent_UpdateAgentActionGroup_ResponseSyntax)
│ │ │ - [GetAgentActionGroup response](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_GetAgentActionGroup.html#API_agent_GetAgentActionGroup_ResponseSyntax)
│ │ │ name: ParameterDetail
│ │ └ properties
│ │ ├Description: string
│ │ ├Type: string (required)
│ │ └Required: boolean
│ └[+] resource AWS::Bedrock::GuardrailVersion
│ ├ name: GuardrailVersion
│ │ cloudFormationType: AWS::Bedrock::GuardrailVersion
│ │ documentation: Creates a version of the guardrail. Use this API to create a snapshot of the guardrail when you are satisfied with a configuration, or to compare the configuration with another version.
│ ├ properties
│ │ ├Description: string (immutable)
│ │ └GuardrailIdentifier: string (required, immutable)
│ └ attributes
│ ├GuardrailArn: string
│ ├GuardrailId: string
│ └Version: string
├[~] service aws-budgets
│ └ resources
│ ├[~] resource AWS::Budgets::Budget
│ │ ├ properties
│ │ │ └[+] ResourceTags: Array<ResourceTag>
│ │ └ types
│ │ └[+] type ResourceTag
│ │ ├ documentation: The tag structure that contains a tag key and value.
│ │ │ name: ResourceTag
│ │ └ properties
│ │ ├Value: string
│ │ └Key: string (required)
│ └[~] resource AWS::Budgets::BudgetsAction
│ ├ - tagInformation: undefined
│ │ + tagInformation: {"tagPropertyName":"ResourceTags","variant":"standard"}
│ ├ properties
│ │ └[+] ResourceTags: Array<ResourceTag>
│ └ types
│ └[+] type ResourceTag
│ ├ documentation: The tag structure that contains a tag key and value.
│ │ name: ResourceTag
│ └ properties
│ ├Key: string (required)
│ └Value: string (required)
├[~] service aws-cloudtrail
│ └ resources
│ ├[~] resource AWS::CloudTrail::EventDataStore
│ │ └ types
│ │ └[~] type AdvancedFieldSelector
│ │ └ properties
│ │ └ Field: (documentation changed)
│ └[~] resource AWS::CloudTrail::Trail
│ └ types
│ └[~] type AdvancedFieldSelector
│ └ properties
│ └ Field: (documentation changed)
├[~] service aws-codepipeline
│ └ resources
│ └[~] resource AWS::CodePipeline::Pipeline
│ └ types
│ ├[+] type FailureConditions
│ │ ├ name: FailureConditions
│ │ └ properties
│ │ └Result: string (required)
│ └[~] type StageDeclaration
│ └ properties
│ └[+] OnFailure: FailureConditions
├[~] service aws-datazone
│ └ resources
│ ├[+] resource AWS::DataZone::GroupProfile
│ │ ├ name: GroupProfile
│ │ │ cloudFormationType: AWS::DataZone::GroupProfile
│ │ │ documentation: Group profiles represent groups of Amazon DataZone users. Groups can be manually created, or mapped to Active Directory groups of enterprise customers. In Amazon DataZone, groups serve two purposes. First, a group can map to a team of users in the organizational chart, and thus reduce the administrative work of a Amazon DataZone project owner when there are new employees joining or leaving a team. Second, corporate administrators use Active Directory groups to manage and update user statuses and so Amazon DataZone domain administrators can use these group memberships to implement Amazon DataZone domain policies.
│ │ ├ properties
│ │ │ ├DomainIdentifier: string (required, immutable)
│ │ │ ├GroupIdentifier: string (required, immutable)
│ │ │ └Status: string
│ │ └ attributes
│ │ ├DomainId: string
│ │ ├GroupName: string
│ │ └Id: string
│ ├[+] resource AWS::DataZone::ProjectMembership
│ │ ├ name: ProjectMembership
│ │ │ cloudFormationType: AWS::DataZone::ProjectMembership
│ │ │ documentation: Definition of AWS::DataZone::ProjectMembership Resource Type
│ │ ├ properties
│ │ │ ├ProjectIdentifier: string (required, immutable)
│ │ │ ├Designation: string (required)
│ │ │ ├Member: Member (required, immutable)
│ │ │ └DomainIdentifier: string (required, immutable)
│ │ └ types
│ │ └type Member
│ │ ├ name: Member
│ │ └ properties
│ │ ├UserIdentifier: string
│ │ └GroupIdentifier: string
│ └[+] resource AWS::DataZone::UserProfile
│ ├ name: UserProfile
│ │ cloudFormationType: AWS::DataZone::UserProfile
│ │ documentation: A user profile represents Amazon DataZone users. Amazon DataZone supports both IAM roles and SSO identities to interact with the Amazon DataZone Management Console and the data portal for different purposes. Domain administrators use IAM roles to perform the initial administrative domain-related work in the Amazon DataZone Management Console, including creating new Amazon DataZone domains, configuring metadata form types, and implementing policies. Data workers use their SSO corporate identities via Identity Center to log into the Amazon DataZone Data Portal and access projects where they have memberships.
│ ├ properties
│ │ ├DomainIdentifier: string (required, immutable)
│ │ ├Status: string
│ │ ├UserIdentifier: string (required, immutable)
│ │ └UserType: string (immutable)
│ ├ attributes
│ │ ├DomainId: string
│ │ ├Type: string
│ │ ├Id: string
│ │ └Details: UserProfileDetails
│ └ types
│ ├type UserProfileDetails
│ │├ name: UserProfileDetails
│ │└ properties
│ │ ├Iam: IamUserProfileDetails
│ │ └Sso: SsoUserProfileDetails
│ ├type IamUserProfileDetails
│ │├ documentation: The details of the IAM User Profile.
│ ││ name: IamUserProfileDetails
│ │└ properties
│ │ └Arn: string
│ └type SsoUserProfileDetails
│ ├ documentation: The details of the SSO User Profile.
│ │ name: SsoUserProfileDetails
│ └ properties
│ ├Username: string
│ ├FirstName: string
│ └LastName: string
├[~] service aws-dynamodb
│ └ resources
│ ├[~] resource AWS::DynamoDB::GlobalTable
│ │ ├ properties
│ │ │ └ WriteOnDemandThroughputSettings: (documentation changed)
│ │ └ types
│ │ ├[~] type GlobalSecondaryIndex
│ │ │ └ properties
│ │ │ └ WriteOnDemandThroughputSettings: (documentation changed)
│ │ ├[~] type ReadOnDemandThroughputSettings
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: Sets the read request settings for a replica table or a replica global secondary index. You must specify this setting if you set the `BillingMode` to `PAY_PER_REQUEST` .
│ │ │ └ properties
│ │ │ └ MaxReadRequestUnits: (documentation changed)
│ │ ├[~] type ReplicaGlobalSecondaryIndexSpecification
│ │ │ └ properties
│ │ │ └ ReadOnDemandThroughputSettings: (documentation changed)
│ │ ├[~] type ReplicaSpecification
│ │ │ └ properties
│ │ │ └ ReadOnDemandThroughputSettings: (documentation changed)
│ │ └[~] type WriteOnDemandThroughputSettings
│ │ ├ - documentation: undefined
│ │ │ + documentation: Sets the write request settings for a global table or a global secondary index. You must specify this setting if you set the `BillingMode` to `PAY_PER_REQUEST` .
│ │ └ properties
│ │ └ MaxWriteRequestUnits: (documentation changed)
│ └[~] resource AWS::DynamoDB::Table
│ ├ properties
│ │ └ OnDemandThroughput: (documentation changed)
│ └ types
│ ├[~] type GlobalSecondaryIndex
│ │ └ properties
│ │ └ OnDemandThroughput: (documentation changed)
│ └[~] type OnDemandThroughput
│ ├ - documentation: undefined
│ │ + documentation: Sets the maximum number of read and write units for the specified on-demand table. If you use this property, you must specify `MaxReadRequestUnits` , `MaxWriteRequestUnits` , or both.
│ └ properties
│ ├ MaxReadRequestUnits: (documentation changed)
│ └ MaxWriteRequestUnits: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::LaunchTemplate
│ │ └ types
│ │ ├[~] type LaunchTemplateTagSpecification
│ │ │ └ properties
│ │ │ └ ResourceType: (documentation changed)
│ │ └[~] type TagSpecification
│ │ └ properties
│ │ └ ResourceType: (documentation changed)
│ └[~] resource AWS::EC2::SpotFleet
│ └ types
│ └[~] type SpotFleetRequestConfigData
│ └ properties
│ └ AllocationStrategy: (documentation changed)
├[~] service aws-ecs
│ └ resources
│ └[~] resource AWS::ECS::Service
│ ├ - documentation: The `AWS::ECS::Service` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
│ │ > The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect `ServiceConnectService` is configured. This is because AWS CloudFormation creates the replacement service first, but each `ServiceConnectService` must have a name that is unique in the namespace. > Starting April 15, 2023, AWS ; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS , or Amazon EC2 . However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
│ │ + documentation: The `AWS::ECS::Service` resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
│ │ > The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect `ServiceConnectConfiguration` property the is configured. This is because AWS CloudFormation creates the replacement service first, but each `ServiceConnectService` must have a name that is unique in the namespace. > Starting April 15, 2023, AWS ; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS , or Amazon EC2 . However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
│ └ types
│ ├[~] type ServiceConnectTlsCertificateAuthority
│ │ └ - documentation: An object that represents the AWS Private Certificate Authority certificate.
│ │ + documentation: The certificate root authority that secures your service.
│ └[~] type ServiceConnectTlsConfiguration
│ └ - documentation: An object that represents the configuration for Service Connect TLS.
│ + documentation: The key that encrypts and decrypts your resources for Service Connect TLS.
├[~] service aws-elasticache
│ └ resources
│ └[~] resource AWS::ElastiCache::ParameterGroup
│ └ attributes
│ └[+] CacheParameterGroupName: string
├[~] service aws-events
│ └ resources
│ ├[~] resource AWS::Events::Archive
│ │ └ - documentation: Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
│ │ + documentation: Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
│ │ > Archives and schema discovery are not supported for event buses encrypted using a customer managed key. EventBridge returns an error if:
│ │ >
│ │ > - You call `[CreateArchive](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_CreateArchive.html)` on an event bus set to use a customer managed key for encryption.
│ │ > - You call `[CreateDiscoverer](https://docs.aws.amazon.com/eventbridge/latest/schema-reference/v1-discoverers.html#CreateDiscoverer)` on an event bus set to use a customer managed key for encryption.
│ │ > - You call `[UpdatedEventBus](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_UpdatedEventBus.html)` to set a customer managed key on an event bus with an archives or schema discovery enabled.
│ │ >
│ │ > To enable archives or schema discovery on an event bus, choose to use an AWS owned key . For more information, see [Data encryption in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html) in the *Amazon EventBridge User Guide* .
│ ├[~] resource AWS::Events::Endpoint
│ │ └ - documentation: A global endpoint used to improve your application's availability by making it regional-fault tolerant. For more information about global endpoints, see [Making applications Regional-fault tolerant with global endpoints and event replication](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) in the *Amazon EventBridge User Guide* .
│ │ + documentation: A global endpoint used to improve your application's availability by making it regional-fault tolerant. For more information about global endpoints, see [Making applications Regional-fault tolerant with global endpoints and event replication](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-global-endpoints.html) in the **Amazon EventBridge User Guide** .
│ ├[~] resource AWS::Events::EventBus
│ │ ├ properties
│ │ │ ├[+] DeadLetterConfig: DeadLetterConfig
│ │ │ ├[+] Description: string
│ │ │ └[+] KmsKeyIdentifier: string
│ │ └ types
│ │ └[+] type DeadLetterConfig
│ │ ├ documentation: Dead Letter Queue for the event bus.
│ │ │ name: DeadLetterConfig
│ │ └ properties
│ │ └Arn: string
│ ├[~] resource AWS::Events::EventBusPolicy
│ │ └ - documentation: Running `PutPermission` permits the specified AWS account or AWS organization to put events to the specified *event bus* . Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
│ │ For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
│ │ To enable multiple AWS accounts to put events to your event bus, run `PutPermission` once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run `PutPermission` once specifying `Principal` as "*" and specifying the AWS organization ID in `Condition` , to grant permissions to all accounts in that organization.
│ │ If you grant permissions using an organization, then accounts in that organization must specify a `RoleArn` with proper permissions when they use `PutTarget` to add your account's event bus as a target. For more information, see [Sending and Receiving Events Between AWS Accounts](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html) in the *Amazon EventBridge User Guide* .
│ │ The permission policy on the event bus cannot exceed 10 KB in size.
│ │ + documentation: Running `PutPermission` permits the specified AWS account or AWS organization to put events to the specified *event bus* . Amazon EventBridge rules in your account are triggered by these events arriving to an event bus in your account.
│ │ For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
│ │ To enable multiple AWS accounts to put events to your event bus, run `PutPermission` once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run `PutPermission` once specifying `Principal` as "*" and specifying the AWS organization ID in `Condition` , to grant permissions to all accounts in that organization.
│ │ If you grant permissions using an organization, then accounts in that organization must specify a `RoleArn` with proper permissions when they use `PutTarget` to add your account's event bus as a target. For more information, see [Sending and Receiving Events Between AWS Accounts](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html) in the *Amazon EventBridge User Guide* .
│ │ The permission policy on the event bus cannot exceed 10 KB in size.
│ └[~] resource AWS::Events::Rule
│ ├ properties
│ │ ├ EventPattern: (documentation changed)
│ │ ├ State: (documentation changed)
│ │ └ Targets: (documentation changed)
│ └ types
│ └[~] type DeadLetterConfig
│ └ - documentation: A `DeadLetterConfig` object that contains information about a dead-letter queue configuration.
│ + documentation: Configuration details of the Amazon SQS queue for EventBridge to use as a dead-letter queue (DLQ).
│ For more information, see [Event retry policy and using dead-letter queues](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rule-dlq.html) in the *EventBridge User Guide* .
├[~] service aws-fms
│ └ resources
│ ├[~] resource AWS::FMS::Policy
│ │ ├ - documentation: An AWS Firewall Manager policy.
│ │ │ Firewall Manager provides the following types of policies:
│ │ │ - An AWS Shield Advanced policy, which applies Shield Advanced protection to specified accounts and resources.
│ │ │ - An AWS WAF policy (type WAFV2), which defines rule groups to run first in the corresponding AWS WAF web ACL and rule groups to run last in the web ACL.
│ │ │ - An AWS WAF Classic policy, which defines a rule group. AWS WAF Classic doesn't support rule groups in Amazon CloudFront , so, to create AWS WAF Classic policies through CloudFront , you first need to create your rule groups outside of CloudFront .
│ │ │ - A security group policy, which manages VPC security groups across your AWS organization.
│ │ │ - An AWS Network Firewall policy, which provides firewall rules to filter network traffic in specified Amazon VPCs.
│ │ │ - A DNS Firewall policy, which provides Amazon Route 53 Resolver DNS Firewall rules to filter DNS queries for specified Amazon VPCs.
│ │ │ - A third-party firewall policy, which manages a third-party firewall service.
│ │ │ Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.
│ │ │ These policies require some setup to use. For more information, see the sections on prerequisites and getting started under [AWS Firewall Manager](https://docs.aws.amazon.com/waf/latest/developerguide/fms-prereq.html) .
│ │ │ + documentation: An AWS Firewall Manager policy.
│ │ │ A Firewall Manager policy is specific to the individual policy type. If you want to enforce multiple policy types across accounts, you can create multiple policies. You can create more than one policy for each type.
│ │ │ If you add a new account to an organization that you created with AWS Organizations , Firewall Manager automatically applies the policy to the resources in that account that are within scope of the policy.
│ │ │ Policies require some setup to use. For more information, see the sections on prerequisites and getting started under [Firewall Manager prerequisites](https://docs.aws.amazon.com/waf/latest/developerguide/fms-prereq.html) .
│ │ │ Firewall Manager provides the following types of policies:
│ │ │ - *AWS WAF policy* - This policy applies AWS WAF web ACL protections to specified accounts and resources.
│ │ │ - *Shield Advanced policy* - This policy applies Shield Advanced protection to specified accounts and resources.
│ │ │ - *Security Groups policy* - This type of policy gives you control over security groups that are in use throughout your organization in AWS Organizations and lets you enforce a baseline set of rules across your organization.
│ │ │ - *Network ACL policy* - This type of policy gives you control over the network ACLs that are in use throughout your organization in AWS Organizations and lets you enforce a baseline set of first and last network ACL rules across your organization.
│ │ │ - *Network Firewall policy* - This policy applies Network Firewall protection to your organization's VPCs.
│ │ │ - *DNS Firewall policy* - This policy applies Amazon Route 53 Resolver DNS Firewall protections to your organization's VPCs.
│ │ │ - *Third-party firewall policy* - This policy applies third-party firewall protections. Third-party firewalls are available by subscription through the AWS Marketplace console at [AWS Marketplace](https://docs.aws.amazon.com/marketplace) .
│ │ │ - *Palo Alto Networks Cloud NGFW policy* - This policy applies Palo Alto Networks Cloud Next Generation Firewall (NGFW) protections and Palo Alto Networks Cloud NGFW rulestacks to your organization's VPCs.
│ │ │ - *Fortigate CNF policy* - This policy applies Fortigate Cloud Native Firewall (CNF) protections. Fortigate CNF is a cloud-centered solution that blocks Zero-Day threats and secures cloud infrastructures with industry-leading advanced threat prevention, smart web application firewalls (WAF), and API protection.
│ │ ├ properties
│ │ │ ├ ResourceType: (documentation changed)
│ │ │ └ SecurityServicePolicyData: (documentation changed)
│ │ └ types
│ │ └[~] type SecurityServicePolicyData
│ │ └ properties
│ │ └ ManagedServiceData: (documentation changed)
│ └[~] resource AWS::FMS::ResourceSet
│ └ attributes
│ └ Id: (documentation changed)
├[~] service aws-fsx
│ └ resources
│ └[~] resource AWS::FSx::FileSystem
│ └ properties
│ └ StorageCapacity: (documentation changed)
├[~] service aws-identitystore
│ └ resources
│ ├[~] resource AWS::IdentityStore::Group
│ │ └ properties
│ │ └ DisplayName: (documentation changed)
│ └[~] resource AWS::IdentityStore::GroupMembership
│ ├ properties
│ │ └ GroupId: (documentation changed)
│ └ types
│ └[~] type MemberId
│ └ properties
│ └ UserId: (documentation changed)
├[~] service aws-lambda
│ └ resources
│ └[~] resource AWS::Lambda::Version
│ └ properties
│ └[+] Policy: json
├[~] service aws-lightsail
│ └ resources
│ └[~] resource AWS::Lightsail::Instance
│ └ attributes
│ └[+] Ipv6Addresses: Array<string>
├[~] service aws-location
│ └ resources
│ └[~] resource AWS::Location::Tracker
│ └ properties
│ └ PricingPlanDataSource: (documentation changed)
├[~] service aws-mediaconnect
│ └ resources
│ ├[~] resource AWS::MediaConnect::Flow
│ │ ├ properties
│ │ │ ├[+] Maintenance: Maintenance
│ │ │ ├[+] MediaStreams: Array<MediaStream>
│ │ │ └[+] VpcInterfaces: Array<VpcInterface>
│ │ ├ attributes
│ │ │ └[+] EgressIp: string
│ │ └ types
│ │ ├[+] type Fmtp
│ │ │ ├ documentation: A set of parameters that define the media stream.
│ │ │ │ name: Fmtp
│ │ │ └ properties
│ │ │ ├ExactFramerate: string
│ │ │ ├Colorimetry: string
│ │ │ ├ScanMode: string
│ │ │ ├Tcs: string
│ │ │ ├Range: string
│ │ │ ├Par: string
│ │ │ └ChannelOrder: string
│ │ ├[+] type InputConfiguration
│ │ │ ├ documentation: The transport parameters associated with an incoming media stream.
│ │ │ │ name: InputConfiguration
│ │ │ └ properties
│ │ │ ├InputPort: integer (required)
│ │ │ └Interface: Interface (required)
│ │ ├[+] type Interface
│ │ │ ├ documentation: The VPC interface that you want to use for the media stream associated with the output.
│ │ │ │ name: Interface
│ │ │ └ properties
│ │ │ └Name: string (required)
│ │ ├[+] type Maintenance
│ │ │ ├ documentation: The maintenance setting of a flow. MediaConnect routinely performs maintenance on underlying systems for security, reliability, and operational performance. The maintenance activities include actions such as patching the operating system, updating drivers, or installing software and patches.
│ │ │ │ You can select the day and time that maintenance events occur. This is called a maintenance window and is used every time a maintenance event is required. To change the day and time, you can edit the maintenance window using `MaintenanceDay` and `MaintenanceStartHour` .
│ │ │ │ name: Maintenance
│ │ │ └ properties
│ │ │ ├MaintenanceDay: string (required)
│ │ │ └MaintenanceStartHour: string (required)
│ │ ├[+] type MediaStream
│ │ │ ├ documentation: A single track or stream of media that contains video, audio, or ancillary data. After you add a media stream to a flow, you can associate it with sources and outputs on that flow, as long as they use the CDI protocol or the ST 2110 JPEG XS protocol. Each source or output can consist of one or many media streams.
│ │ │ │ name: MediaStream
│ │ │ └ properties
│ │ │ ├MediaStreamId: integer (required)
│ │ │ ├MediaStreamType: string (required)
│ │ │ ├VideoFormat: string
│ │ │ ├MediaStreamName: string (required)
│ │ │ ├Description: string
│ │ │ ├Attributes: MediaStreamAttributes
│ │ │ ├ClockRate: integer
│ │ │ └Fmt: integer
│ │ ├[+] type MediaStreamAttributes
│ │ │ ├ documentation: Attributes that are related to the media stream.
│ │ │ │ name: MediaStreamAttributes
│ │ │ └ properties
│ │ │ ├Fmtp: Fmtp
│ │ │ └Lang: string
│ │ ├[+] type MediaStreamSourceConfiguration
│ │ │ ├ documentation: The media stream that is associated with the source, and the parameters for that association.
│ │ │ │ name: MediaStreamSourceConfiguration
│ │ │ └ properties
│ │ │ ├EncodingName: string (required)
│ │ │ ├InputConfigurations: Array<InputConfiguration>
│ │ │ └MediaStreamName: string (required)
│ │ ├[~] type Source
│ │ │ └ properties
│ │ │ ├[+] MaxSyncBuffer: integer
│ │ │ └[+] MediaStreamSourceConfigurations: Array<MediaStreamSourceConfiguration>
│ │ └[+] type VpcInterface
│ │ ├ documentation: The details of a VPC interface.
│ │ │ name: VpcInterface
│ │ └ properties
│ │ ├Name: string (required)
│ │ ├NetworkInterfaceType: string
│ │ ├RoleArn: string (required)
│ │ ├SecurityGroupIds: Array<string> (required)
│ │ ├SubnetId: string (required)
│ │ └NetworkInterfaceIds: Array<string>
│ ├[~] resource AWS::MediaConnect::FlowOutput
│ │ ├ properties
│ │ │ └[+] MediaStreamOutputConfigurations: Array<MediaStreamOutputConfiguration>
│ │ └ types
│ │ ├[+] type DestinationConfiguration
│ │ │ ├ documentation: The definition of a media stream that is associated with the output.
│ │ │ │ name: DestinationConfiguration
│ │ │ └ properties
│ │ │ ├DestinationIp: string (required)
│ │ │ ├DestinationPort: integer (required)
│ │ │ └Interface: Interface (required)
│ │ ├[+] type EncodingParameters
│ │ │ ├ documentation: A collection of parameters that determine how MediaConnect will convert the content. These fields only apply to outputs on flows that have a CDI source.
│ │ │ │ name: EncodingParameters
│ │ │ └ properties
│ │ │ ├CompressionFactor: number (required)
│ │ │ └EncoderProfile: string
│ │ ├[+] type Interface
│ │ │ ├ documentation: The VPC interface that you want to use for the media stream associated with the output.
│ │ │ │ name: Interface
│ │ │ └ properties
│ │ │ └Name: string (required)
│ │ └[+] type MediaStreamOutputConfiguration
│ │ ├ documentation: The media stream that is associated with the output, and the parameters for that association.
│ │ │ name: MediaStreamOutputConfiguration
│ │ └ properties
│ │ ├EncodingName: string (required)
│ │ ├DestinationConfigurations: Array<DestinationConfiguration>
│ │ ├MediaStreamName: string (required)
│ │ └EncodingParameters: EncodingParameters
│ └[~] resource AWS::MediaConnect::FlowVpcInterface
│ └ - documentation: The AWS::MediaConnect::FlowVpcInterface resource is a connection between your AWS Elemental MediaConnect flow and a virtual private cloud (VPC) that you created using the Amazon Virtual Private Cloud service.
│ To avoid streaming your content over the public internet, you can add up to two VPC interfaces to your flow and use those connections to transfer content between your VPC and MediaConnect.
│ You can update an existing flow to add a VPC interface. If you haven’t created the flow yet, you must create the flow with a temporary standard source by doing the following:
│ - Use CloudFormation to create a flow with a standard source that uses to the flow’s public IP address.
│ - Use CloudFormation to create a VPC interface to add to this flow. This can also be done as part of the previous step.
│ - After CloudFormation has created the flow and the VPC interface, update the source to point to the VPC interface that you created.
│ + documentation: The AWS::MediaConnect::FlowVpcInterface resource is a connection between your AWS Elemental MediaConnect flow and a virtual private cloud (VPC) that you created using the Amazon Virtual Private Cloud service.
│ To avoid streaming your content over the public internet, you can add up to two VPC interfaces to your flow and use those connections to transfer content between your VPC and MediaConnect.
│ You can update an existing flow to add a VPC interface. If you haven’t created the flow yet, you must create the flow with a temporary standard source by doing the following:
│ - Use CloudFormation to create a flow with a standard source that uses to the flow’s public IP address.
│ - Use CloudFormation to create a VPC interface to add to this flow. This can also be done as part of the previous step.
│ - After CloudFormation has created the flow and the VPC interface, update the source to point to the VPC interface that you created.
│ > The previous steps must be undone before the CloudFormation stack can be deleted. Because the source is manually updated in step 3, CloudFormation is not aware of this change. The source must be returned to a standard source before CloudFormation stack deletion.
├[~] service aws-mediatailor
│ └ resources
│ └[~] resource AWS::MediaTailor::PlaybackConfiguration
│ └ types
│ └[~] type AvailSuppression
│ └ properties
│ └[+] FillPolicy: string
├[~] service aws-mwaa
│ └ resources
│ └[~] resource AWS::MWAA::Environment
│ └ properties
│ ├[+] MaxWebservers: integer
│ └[+] MinWebservers: integer
├[~] service aws-neptune
│ └ resources
│ └[+] resource AWS::Neptune::EventSubscription
│ ├ name: EventSubscription
│ │ cloudFormationType: AWS::Neptune::EventSubscription
│ │ documentation: Creates an event notification subscription. This action requires a topic ARN (Amazon Resource Name) created by either the Neptune console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.
│ │ You can specify the type of source (SourceType) you want to be notified of, provide a list of Neptune sources (SourceIds) that triggers the events, and provide a list of event categories (EventCategories) for events you want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbinstance1, mydbinstance2 and EventCategories = Availability, Backup.
│ │ If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIdentifier = myDBInstance1, you are notified of all the db-instance events for the specified source. If you specify a SourceType but do not specify a SourceIdentifier, you receive notice of the events for that source type for all your Neptune sources. If you do not specify either the SourceType nor the SourceIdentifier, you are notified of events generated from all Neptune sources belonging to your customer account.
│ ├ properties
│ │ ├Enabled: boolean
│ │ ├EventCategories: Array<string>
│ │ ├SnsTopicArn: string (immutable)
│ │ ├SourceIds: Array<string>
│ │ └SourceType: string
│ └ attributes
│ └Id: string
├[~] service aws-personalize
│ └ resources
│ └[~] resource AWS::Personalize::Dataset
│ └ types
│ └[~] type DataSource
│ ├ - documentation: Describes the data source that contains the data to upload to a dataset.
│ │ + documentation: Describes the data source that contains the data to upload to a dataset, or the list of records to delete from Amazon Personalize.
│ └ properties
│ └ DataLocation: (documentation changed)
├[~] service aws-pipes
│ └ resources
│ └[~] resource AWS::Pipes::Pipe
│ └ types
│ ├[~] type EcsEphemeralStorage
│ │ └ - documentation: The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate . For more information, see [Fargate task storage](https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) in the *Amazon ECS User Guide for Fargate* .
│ │ > This parameter is only supported for tasks hosted on Fargate using Linux platform version `1.4.0` or later. This parameter is not supported for Windows containers on Fargate .
│ │ + documentation: The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on Fargate. For more information, see [Fargate task storage](https://docs.aws.amazon.com/AmazonECS/latest/userguide/using_data_volumes.html) in the *Amazon ECS User Guide for Fargate* .
│ │ > This parameter is only supported for tasks hosted on Fargate using Linux platform version `1.4.0` or later. This parameter is not supported for Windows containers on Fargate.
│ ├[~] type PipeSourceParameters
│ │ └ properties
│ │ └ SelfManagedKafkaParameters: (documentation changed)
│ ├[~] type PipeSourceSelfManagedKafkaParameters
│ │ └ - documentation: The parameters for using a stream as a source.
│ │ A *self managed* cluster refers to any Apache Kafka cluster not hosted by AWS . This includes both clusters you manage yourself, as well as those hosted by a third-party provider, such as [Confluent Cloud](https://docs.aws.amazon.com/https://www.confluent.io/) , [CloudKarafka](https://docs.aws.amazon.com/https://www.cloudkarafka.com/) , or [Redpanda](https://docs.aws.amazon.com/https://redpanda.com/) . For more information, see [Apache Kafka streams as a source](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-kafka.html) in the *Amazon EventBridge User Guide* .
│ │ + documentation: The parameters for using a self-managed Apache Kafka stream as a source.
│ │ A *self managed* cluster refers to any Apache Kafka cluster not hosted by AWS . This includes both clusters you manage yourself, as well as those hosted by a third-party provider, such as [Confluent Cloud](https://docs.aws.amazon.com/https://www.confluent.io/) , [CloudKarafka](https://docs.aws.amazon.com/https://www.cloudkarafka.com/) , or [Redpanda](https://docs.aws.amazon.com/https://redpanda.com/) . For more information, see [Apache Kafka streams as a source](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-kafka.html) in the *Amazon EventBridge User Guide* .
│ └[~] type PipeTargetRedshiftDataParameters
│ └ properties
│ └ SecretManagerArn: (documentation changed)
├[~] service aws-quicksight
│ └ resources
│ ├[~] resource AWS::QuickSight::DataSet
│ │ └ types
│ │ ├[~] type DataSetRefreshProperties
│ │ │ └ properties
│ │ │ └ RefreshConfiguration: - RefreshConfiguration
│ │ │ + RefreshConfiguration (required)
│ │ ├[~] type DataSetUsageConfiguration
│ │ │ └ properties
│ │ │ ├ DisableUseAsDirectQuerySource: - boolean
│ │ │ │ + boolean (default=false)
│ │ │ └ DisableUseAsImportedSource: - boolean
│ │ │ + boolean (default=false)
│ │ ├[~] type DateTimeDatasetParameterDefaultValues
│ │ │ └ - documentation: <p>List of default values defined for a given string date time parameter type. Currently only static values are supported.</p>
│ │ │ + documentation: <p>The default values of a date time parameter.</p>
│ │ ├[~] type IncrementalRefresh
│ │ │ └ properties
│ │ │ └ LookbackWindow: - LookbackWindow
│ │ │ + LookbackWindow (required)
│ │ ├[~] type LookbackWindow
│ │ │ └ properties
│ │ │ ├ ColumnName: - string
│ │ │ │ + string (required)
│ │ │ ├ Size: - number
│ │ │ │ + number (required, default=0)
│ │ │ └ SizeUnit: - string
│ │ │ + string (required)
│ │ ├[~] type RefreshConfiguration
│ │ │ └ properties
│ │ │ └ IncrementalRefresh: - IncrementalRefresh
│ │ │ + IncrementalRefresh (required)
│ │ ├[~] type TransformOperation
│ │ │ └ properties
│ │ │ ├ OverrideDatasetParameterOperation: (documentation changed)
│ │ │ └[+] UntagColumnOperation: UntagColumnOperation
│ │ └[+] type UntagColumnOperation
│ │ ├ documentation: A transform operation that removes tags associated with a column.
│ │ │ name: UntagColumnOperation
│ │ └ properties
│ │ ├ColumnName: string (required)
│ │ └TagNames: Array<string> (required)
│ ├[~] resource AWS::QuickSight::DataSource
│ │ ├ properties
│ │ │ ├ Name: - string
│ │ │ │ + string (required)
│ │ │ └ Type: - string (immutable)
│ │ │ + string (required, immutable)
│ │ └ types
│ │ ├[~] type AuroraParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type AuroraPostgreSqlParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type DatabricksParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[+] type IdentityCenterConfiguration
│ │ │ ├ documentation: The parameters for an IAM Identity Center configuration.
│ │ │ │ name: IdentityCenterConfiguration
│ │ │ └ properties
│ │ │ └EnableIdentityPropagation: boolean
│ │ ├[~] type MariaDbParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type MySqlParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type OracleParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type PostgreSqlParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type PrestoParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[+] type RedshiftIAMParameters
│ │ │ ├ documentation: <p>A structure that grants Amazon QuickSight access to your cluster and make a call to the <code>redshift:GetClusterCredentials</code> API. For more information on the <code>redshift:GetClusterCredentials</code> API, see <a href="https://docs.aws.amazon.com/redshift/latest/APIReference/API_GetClusterCredentials.html">
│ │ │ │ <code>GetClusterCredentials</code>
│ │ │ │ </a>.</p>
│ │ │ │ name: RedshiftIAMParameters
│ │ │ └ properties
│ │ │ ├RoleArn: string (required)
│ │ │ ├DatabaseUser: string
│ │ │ ├DatabaseGroups: Array<string>
│ │ │ └AutoCreateDatabaseUser: boolean (default=false)
│ │ ├[~] type RedshiftParameters
│ │ │ └ properties
│ │ │ ├[+] IAMParameters: RedshiftIAMParameters
│ │ │ ├[+] IdentityCenterConfiguration: IdentityCenterConfiguration
│ │ │ └ Port: - number
│ │ │ + number (default=0)
│ │ ├[~] type ResourcePermission
│ │ │ └ properties
│ │ │ └[+] Resource: string
│ │ ├[~] type SparkParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type SqlServerParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type SslProperties
│ │ │ └ properties
│ │ │ └ DisableSsl: - boolean
│ │ │ + boolean (default=false)
│ │ ├[~] type StarburstParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ ├[~] type TeradataParameters
│ │ │ └ properties
│ │ │ └ Port: - number (required)
│ │ │ + number (required, default=0)
│ │ └[~] type TrinoParameters
│ │ └ properties
│ │ └ Port: - number (required)
│ │ + number (required, default=0)
│ └[~] resource AWS::QuickSight::Topic
│ └ types
│ ├[~] type TopicCalculatedField
│ │ └ properties
│ │ └ DisableIndexing: (documentation changed)
│ └[~] type TopicColumn
│ └ properties
│ └ DisableIndexing: (documentation changed)
├[~] service aws-redshift
│ └ resources
│ └[~] resource AWS::Redshift::Cluster
│ └ properties
│ └[-] MasterPasswordSecretKmsKeyId: string
├[~] service aws-route53resolver
│ └ resources
│ └[~] resource AWS::Route53Resolver::FirewallRuleGroup
│ └ types
│ └[~] type FirewallRule
│ └ properties
│ └[+] FirewallDomainRedirectionAction: string
├[~] service aws-s3
│ └ resources
│ └[~] resource AWS::S3::Bucket
│ └ types
│ └[~] type DefaultRetention
│ └ - documentation: The container element for specifying the default Object Lock retention settings for new objects placed in the specified bucket.
│ > - The `DefaultRetention` settings require both a mode and a period.
│ > - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.
│ + documentation: The container element for optionally specifying the default Object Lock retention settings for new objects placed in the specified bucket.
│ > - The `DefaultRetention` settings require both a mode and a period.
│ > - The `DefaultRetention` period can be either `Days` or `Years` but you must select one. You cannot specify `Days` and `Years` at the same time.
├[~] service aws-sagemaker
│ └ resources
│ ├[~] resource AWS::SageMaker::Domain
│ │ └ types
│ │ └[~] type DefaultSpaceSettings
│ │ └ properties
│ │ ├[+] CustomFileSystemConfigs: Array<CustomFileSystemConfig>
│ │ ├[+] CustomPosixUserConfig: CustomPosixUserConfig
│ │ ├[+] JupyterLabAppSettings: JupyterLabAppSettings
│ │ └[+] SpaceStorageSettings: DefaultSpaceStorageSettings
│ └[~] resource AWS::SageMaker::Space
│ └ - documentation: Creates a space used for real time collaboration in a domain.
│ + documentation: Creates a private space or a space used for real time collaboration in a domain.
├[~] service aws-securityhub
│ └ resources
│ ├[~] resource AWS::SecurityHub::Insight
│ │ └ types
│ │ └[~] type AwsSecurityFindingFilters
│ │ └ properties
│ │ └ SeverityNormalized: (documentation changed)
│ └[+] resource AWS::SecurityHub::SecurityControl
│ ├ name: SecurityControl
│ │ cloudFormationType: AWS::SecurityHub::SecurityControl
│ │ documentation: A security control in Security Hub describes a security best practice related to a specific resource.
│ ├ properties
│ │ ├SecurityControlId: string
│ │ ├SecurityControlArn: string
│ │ ├LastUpdateReason: string
│ │ └Parameters: Map<string, ParameterConfiguration> (required)
│ └ types
│ └type ParameterConfiguration
│ ├ name: ParameterConfiguration
│ └ properties
│ └ValueType: string (required)
├[~] service aws-ssm
│ └ resources
│ └[~] resource AWS::SSM::MaintenanceWindowTask
│ ├ properties
│ │ └ ServiceRoleArn: (documentation changed)
│ └ types
│ └[~] type MaintenanceWindowRunCommandParameters
│ └ properties
│ └ ServiceRoleArn: (documentation changed)
└[~] service aws-sso
└ resources
├[+] resource AWS::SSO::Application
│ ├ name: Application
│ │ cloudFormationType: AWS::SSO::Application
│ │ documentation: Creates an application in IAM Identity Center for the given application provider.
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ ├ properties
│ │ ├Name: string (required)
│ │ ├Description: string
│ │ ├InstanceArn: string (required, immutable)
│ │ ├ApplicationProviderArn: string (required, immutable)
│ │ ├Status: string
│ │ ├PortalOptions: PortalOptionsConfiguration
│ │ └Tags: Array<tag>
│ ├ attributes
│ │ └ApplicationArn: string
│ └ types
│ ├type PortalOptionsConfiguration
│ │├ documentation: A structure that describes the options for the portal associated with an application.
│ ││ name: PortalOptionsConfiguration
│ │└ properties
│ │ ├Visibility: string
│ │ └SignInOptions: SignInOptions
│ └type SignInOptions
│ ├ documentation: A structure that describes the sign-in options for an application portal.
│ │ name: SignInOptions
│ └ properties
│ ├Origin: string (required)
│ └ApplicationUrl: string
├[+] resource AWS::SSO::ApplicationAssignment
│ ├ name: ApplicationAssignment
│ │ cloudFormationType: AWS::SSO::ApplicationAssignment
│ │ documentation: A structure that describes an assignment of a principal to an application.
│ └ properties
│ ├ApplicationArn: string (required, immutable)
│ ├PrincipalType: string (required, immutable)
│ └PrincipalId: string (required, immutable)
└[+] resource AWS::SSO::Instance
├ name: Instance
│ cloudFormationType: AWS::SSO::Instance
│ documentation: Creates an instance of IAM Identity Center for a standalone AWS account that is not managed by AWS Organizations or a member AWS account in an organization. You can create only one instance per account and across all AWS Regions .
│ The CreateInstance request is rejected if the following apply:
│ - The instance is created within the organization management account.
│ - An instance already exists in the same account.
│ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
├ properties
│ ├Name: string
│ └Tags: Array<tag>
└ attributes
├InstanceArn: string
├OwnerAccountId: string
├IdentityStoreId: string
└Status: string
```
…uct (#30141) ### Issue # (if applicable) N/A ### Reason for this change Missing property in the L2 Construct. ### Description of changes Add deleteReports property. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codebuild.CfnReportGroup.html#deletereports ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
auto-approve
pr/no-squash
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
This was referenced May 27, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG